Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/8v1nXt4dVR9J0FKdRUKlv_VZvzQ.roa
File:                     8v1nXt4dVR9J0FKdRUKlv_VZvzQ.roa (raw, json)
Hash identifier:          sewwdkF8529VZjQgg9QpkP6t2kFTBrX/b0hJNV9eKUs=
Subject key identifier:   F2:FD:67:5E:DE:1D:55:1F:49:D0:52:9D:45:42:A5:BF:F5:59:BF:34
Certificate issuer:       /CN=6c05cf9c327b2fc877be8b561822b065e09690c2
Certificate serial:       018CC9BCF928A9A86F3F7B82EC1524D5A395
Authority key identifier: 6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/8v1nXt4dVR9J0FKdRUKlv_VZvzQ.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209014
IP address blocks:        194.93.68.0/22 maxlen: 24
                          185.245.56.0/23 maxlen: 24
                          2a0d:140::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f9:28:a9:a8:6f:3f:7b:82:ec:15:24:d5:a3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c05cf9c327b2fc877be8b561822b065e09690c2
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2fd675ede1d551f49d0529d4542a5bff559bf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:bb:03:14:7b:3c:28:5d:dd:b2:ae:4e:36:0c:
                    1b:ff:7c:fb:59:e3:33:6c:30:50:9a:b9:d9:e5:ab:
                    95:97:e1:3e:fe:c8:f1:eb:71:2f:ed:29:db:a9:a1:
                    42:48:ba:a8:06:a6:d4:69:02:6f:03:e1:85:c8:62:
                    f6:6a:78:f6:1c:9f:03:2b:ac:69:5e:88:06:70:ed:
                    46:bd:4a:dc:68:50:16:34:38:da:47:b1:5b:0d:8b:
                    8b:5c:48:a3:88:18:be:0a:3f:20:d7:a1:b5:06:60:
                    f5:90:8b:47:33:00:a8:7b:cc:8a:ce:e1:fd:71:9d:
                    e9:9e:19:2d:76:00:dd:4d:0d:20:fe:44:d4:0a:fb:
                    bf:a9:ea:a0:f2:4c:f9:3e:c3:3b:d0:e1:3c:86:d3:
                    87:63:52:81:7d:87:77:f1:cf:9a:33:78:bd:1b:39:
                    52:17:5a:af:18:ce:5c:c0:ae:f4:ad:5c:08:35:e9:
                    ed:ec:0c:78:13:94:1f:f6:13:37:c4:f9:92:c8:22:
                    2a:7a:8e:d7:d4:53:7d:df:b6:67:1f:2e:3e:2d:ad:
                    f6:5d:e6:8f:b4:ef:d4:89:18:5e:2b:31:a5:4d:f7:
                    d7:7b:f7:28:53:1b:c0:94:c0:f6:b6:85:5e:21:a2:
                    e4:80:15:90:11:d9:53:59:c2:e1:82:89:fa:a2:ec:
                    f3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:FD:67:5E:DE:1D:55:1F:49:D0:52:9D:45:42:A5:BF:F5:59:BF:34
            X509v3 Authority Key Identifier:
                keyid:6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/8v1nXt4dVR9J0FKdRUKlv_VZvzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.56.0/23
                  194.93.68.0/22
                IPv6:
                  2a0d:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:a6:57:cd:1b:17:5d:ed:3e:99:68:38:39:f9:d1:5f:49:1c:
         1e:b3:6f:0b:b6:50:a5:a3:97:2f:47:4d:3c:14:66:e6:cc:72:
         81:6f:5a:0f:77:b9:fb:a5:bd:5e:f4:f2:ef:3e:a2:e9:2b:b5:
         52:fa:cd:48:da:62:af:6e:40:fe:76:b6:50:31:fe:16:36:9b:
         2a:c5:b9:6f:b5:c1:50:12:0f:c9:23:59:29:6d:74:91:30:60:
         de:67:bb:72:98:ca:e5:d1:6f:cd:b8:2b:7f:a7:08:2f:52:61:
         1d:e6:7a:26:38:d6:ea:ce:f2:cc:f0:7d:84:9c:ae:34:27:19:
         24:56:85:3f:29:1b:08:f0:2d:bd:50:fb:f5:f1:67:77:77:ec:
         a7:3e:2c:eb:61:f4:90:1d:e1:37:7e:90:0b:29:f7:e4:97:6c:
         09:91:ea:a6:2d:e7:34:b6:95:11:1d:bf:22:80:00:8c:32:1b:
         a2:d3:ef:f7:aa:f2:32:59:fb:62:87:28:d3:36:33:d2:d5:8c:
         71:31:4a:0d:00:15:97:d7:19:e7:5e:ff:3b:68:ef:e8:1d:65:
         f0:58:a3:32:6a:f4:09:5f:54:2d:60:91:c3:b3:dd:14:d7:63:
         62:e1:5e:63:20:04:ec:d9:28:27:12:b6:4b:b2:0d:7f:89:0f:
         cb:ad:bc:e9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvPkoqahvP3uC7BUk1aOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDVjZjljMzI3YjJmYzg3N2JlOGI1NjE4MjJiMDY1ZTA5
NjkwYzIwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmZkNjc1ZWRlMWQ1NTFmNDlkMDUyOWQ0NTQyYTViZmY1NTliZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bsDFHs8KF3dsq5ONgwb/3z7WeMz
bDBQmrnZ5auVl+E+/sjx63Ev7SnbqaFCSLqoBqbUaQJvA+GFyGL2anj2HJ8DK6xp
XogGcO1GvUrcaFAWNDjaR7FbDYuLXEijiBi+Cj8g16G1BmD1kItHMwCoe8yKzuH9
cZ3pnhktdgDdTQ0g/kTUCvu/qeqg8kz5PsM70OE8htOHY1KBfYd38c+aM3i9GzlS
F1qvGM5cwK70rVwINent7Ax4E5Qf9hM3xPmSyCIqeo7X1FN937ZnHy4+La32XeaP
tO/UiRheKzGlTffXe/coUxvAlMD2toVeIaLkgBWQEdlTWcLhgon6ouzzfQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPL9Z17eHVUfSdBSnUVCpb/1Wb80MB8GA1UdIwQY
MBaAFGwFz5wyey/Id76LVhgisGXglpDCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQt
OWE2MTgzMTg2OWFlLzEvOHYxblh0NGRWUjlKMEZLZFJVS2x2X1ZadnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQtOWE2MTgzMTg2OWFl
LzEvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBufU4AwQC
wl1EMA0EAgACMAcDBQMqDQFAMA0GCSqGSIb3DQEBCwUAA4IBAQBtplfNGxdd7T6Z
aDg5+dFfSRwes28LtlClo5cvR008FGbmzHKBb1oPd7n7pb1e9PLvPqLpK7VS+s1I
2mKvbkD+drZQMf4WNpsqxblvtcFQEg/JI1kpbXSRMGDeZ7tymMrl0W/NuCt/pwgv
UmEd5nomONbqzvLM8H2EnK40JxkkVoU/KRsI8C29UPv18Wd3d+ynPizrYfSQHeE3
fpALKffkl2wJkeqmLec0tpURHb8igACMMhui0+/3qvIyWftihyjTNjPS1YxxMUoN
ABWX1xnnXv87aO/oHWXwWKMyavQJX1QtYJHDs90U12Ni4V5jIATs2SgnErZLsg1/
iQ/Lrbzp
-----END CERTIFICATE-----