Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/_4rK3YJSIVmYu7Zsp-R-UmMbzXc.roa
File:                     _4rK3YJSIVmYu7Zsp-R-UmMbzXc.roa (raw, json)
Hash identifier:          f5L3PNxAWNJ6yYu02b7AgdVbzC7Eq4AY7J5SKieKE4s=
Subject key identifier:   FF:8A:CA:DD:82:52:21:59:98:BB:B6:6C:A7:E4:7E:52:63:1B:CD:77
Certificate issuer:       /CN=6c05cf9c327b2fc877be8b561822b065e09690c2
Certificate serial:       0191BCDF16D83F7F857AD2DE79D8ECAB6CE9
Authority key identifier: 6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/_4rK3YJSIVmYu7Zsp-R-UmMbzXc.roa
Signing time:             Wed 04 Sep 2024 11:50:22 +0000
ROA not before:           Wed 04 Sep 2024 11:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58323
IP address blocks:        185.245.56.0/23 maxlen: 23
                          194.93.68.0/22 maxlen: 22
                          2a0d:140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:df:16:d8:3f:7f:85:7a:d2:de:79:d8:ec:ab:6c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c05cf9c327b2fc877be8b561822b065e09690c2
        Validity
            Not Before: Sep  4 11:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff8acadd8252215998bbb66ca7e47e52631bcd77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:71:4b:cb:e5:a2:fe:ff:ce:b7:0e:b8:dc:c5:
                    0e:46:65:a6:31:ac:ed:c9:cc:90:a6:d1:b5:74:71:
                    77:4c:04:a4:ba:ef:c1:45:ec:8e:dd:c5:09:97:7f:
                    2c:38:8b:b6:03:5d:42:ff:98:5c:76:1f:dc:66:2a:
                    c8:4c:dd:0c:51:5a:ec:d4:b5:cb:f2:47:79:02:93:
                    ef:e9:d8:c5:24:f4:82:1c:d7:77:48:6d:15:27:c6:
                    40:52:66:02:e0:d0:86:86:d8:0e:05:9a:f9:c8:99:
                    79:8e:9e:d1:93:dc:99:bc:7e:1c:71:2d:3b:db:1d:
                    cb:f8:7a:31:b7:d6:d8:aa:0b:c0:7c:38:ec:95:68:
                    34:77:37:9a:54:df:d0:f7:d2:fe:07:17:04:44:3d:
                    18:c5:61:5d:88:2c:6f:cd:7e:14:a9:56:3a:1c:46:
                    3d:b6:51:1f:a8:d4:07:b8:ad:62:cf:43:5e:3f:61:
                    be:98:95:80:e3:99:7b:08:83:bb:22:e2:f6:d9:f3:
                    a9:8f:24:b8:63:73:54:7c:df:39:d3:5e:6e:1f:e0:
                    86:01:31:0f:e2:88:e3:f9:f2:72:30:01:26:ff:3e:
                    f1:c3:76:a9:9e:43:1f:3c:d5:2a:3b:34:81:0d:f6:
                    5d:a4:fd:fc:51:9b:81:ac:14:6d:bd:72:c7:50:78:
                    e5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8A:CA:DD:82:52:21:59:98:BB:B6:6C:A7:E4:7E:52:63:1B:CD:77
            X509v3 Authority Key Identifier:
                keyid:6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/_4rK3YJSIVmYu7Zsp-R-UmMbzXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.56.0/23
                  194.93.68.0/22
                IPv6:
                  2a0d:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:a2:55:02:7c:5d:69:65:b7:7b:15:29:ce:a5:ab:24:84:9c:
         3f:89:39:6e:f6:ff:24:22:d2:40:b9:aa:7a:eb:59:62:53:98:
         ae:94:75:4b:db:28:83:db:2f:b0:2c:15:bf:45:74:fa:af:31:
         33:10:7d:a1:d4:e7:31:65:98:80:9e:c6:be:d1:ec:ad:0e:9b:
         20:74:fe:6e:95:9f:51:61:cf:b5:54:3e:88:1e:79:24:15:81:
         17:4d:f5:eb:d3:a1:2a:78:dc:98:74:6c:ee:2f:9c:cd:69:b3:
         9a:fe:36:46:11:c5:1f:5a:42:9e:ff:2d:2c:c4:32:ec:a3:cb:
         46:29:d0:04:79:4e:1f:6f:98:65:c5:6a:04:af:cb:b4:d0:af:
         68:12:b6:7f:ba:69:b0:89:12:07:23:24:4c:75:d8:9a:af:cd:
         2e:9d:b2:91:ea:51:99:a8:32:84:d4:91:74:b0:28:c6:b7:e7:
         64:3b:1c:d6:2f:1e:e2:34:e5:17:8e:43:78:1f:94:7d:43:f9:
         31:33:1d:c7:dd:89:02:9a:bf:51:2c:39:9e:f9:2b:2a:f6:c4:
         84:5f:57:f1:4c:9e:f6:4d:d6:05:e6:f5:dd:81:2d:24:14:ab:
         36:a3:d1:4f:a3:31:be:47:cf:19:18:6a:95:52:17:e3:81:78:
         36:f1:86:cf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZG83xbYP3+FetLeedjsq2zpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDVjZjljMzI3YjJmYzg3N2JlOGI1NjE4MjJiMDY1ZTA5
NjkwYzIwHhcNMjQwOTA0MTE1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhhY2FkZDgyNTIyMTU5OThiYmI2NmNhN2U0N2U1MjYzMWJjZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknFLy+Wi/v/Otw643MUORmWmMazt
ycyQptG1dHF3TASkuu/BReyO3cUJl38sOIu2A11C/5hcdh/cZirITN0MUVrs1LXL
8kd5ApPv6djFJPSCHNd3SG0VJ8ZAUmYC4NCGhtgOBZr5yJl5jp7Rk9yZvH4ccS07
2x3L+Hoxt9bYqgvAfDjslWg0dzeaVN/Q99L+BxcERD0YxWFdiCxvzX4UqVY6HEY9
tlEfqNQHuK1iz0NeP2G+mJWA45l7CIO7IuL22fOpjyS4Y3NUfN85015uH+CGATEP
4ojj+fJyMAEm/z7xw3apnkMfPNUqOzSBDfZdpP38UZuBrBRtvXLHUHjlDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP+Kyt2CUiFZmLu2bKfkflJjG813MB8GA1UdIwQY
MBaAFGwFz5wyey/Id76LVhgisGXglpDCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQt
OWE2MTgzMTg2OWFlLzEvXzRySzNZSlNJVm1ZdTdac3AtUi1VbU1ielhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQtOWE2MTgzMTg2OWFl
LzEvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBufU4AwQC
wl1EMA0EAgACMAcDBQMqDQFAMA0GCSqGSIb3DQEBCwUAA4IBAQA7olUCfF1pZbd7
FSnOpaskhJw/iTlu9v8kItJAuap661liU5iulHVL2yiD2y+wLBW/RXT6rzEzEH2h
1OcxZZiAnsa+0eytDpsgdP5ulZ9RYc+1VD6IHnkkFYEXTfXr06EqeNyYdGzuL5zN
abOa/jZGEcUfWkKe/y0sxDLso8tGKdAEeU4fb5hlxWoEr8u00K9oErZ/ummwiRIH
IyRMddiar80unbKR6lGZqDKE1JF0sCjGt+dkOxzWLx7iNOUXjkN4H5R9Q/kxMx3H
3YkCmr9RLDme+Ssq9sSEX1fxTJ72TdYF5vXdgS0kFKs2o9FPozG+R88ZGGqVUhfj
gXg28YbP
-----END CERTIFICATE-----