Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/cMSFLLLaamx9cnBXhVEAZD7TEJM.roa
File:                     cMSFLLLaamx9cnBXhVEAZD7TEJM.roa (raw, json)
Hash identifier:          y6L4d8NAxr2/u2C/sUkHPfi9+JO/aR3nDyamPkfmAiI=
Subject key identifier:   70:C4:85:2C:B2:DA:6A:6C:7D:72:70:57:85:51:00:64:3E:D3:10:93
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       018CCA997199B746A7A2F3C13BFA8DA2204D
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/cMSFLLLaamx9cnBXhVEAZD7TEJM.roa
Signing time:             Tue 02 Jan 2024 14:35:02 +0000
ROA not before:           Tue 02 Jan 2024 14:35:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.179.91.0/24 maxlen: 24
                          185.151.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:71:99:b7:46:a7:a2:f3:c1:3b:fa:8d:a2:20:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Jan  2 14:35:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70c4852cb2da6a6c7d727057855100643ed31093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b7:2b:aa:c2:9a:c5:1b:8e:56:17:04:af:b4:
                    73:9b:84:29:c1:34:e4:8e:bb:78:c4:3b:99:66:4d:
                    88:58:fa:1f:41:39:a7:c8:ef:36:86:fa:0b:f3:4d:
                    24:5b:77:4f:71:c6:0e:48:86:f2:a1:2e:5c:4e:11:
                    0c:d6:5c:81:54:0c:6a:92:8b:52:c4:89:7e:46:de:
                    ff:fb:be:99:fa:63:26:e3:97:80:b0:c7:44:3b:cf:
                    7e:8b:d8:c1:ed:81:25:85:c0:6e:29:cf:ea:68:50:
                    ba:c1:70:57:c0:2f:05:84:98:a8:56:fd:b4:ee:63:
                    15:5a:d1:82:41:3a:4d:23:35:c2:21:28:01:98:d1:
                    4c:3a:d2:a2:b2:3a:7f:3b:80:ba:77:58:d6:df:a3:
                    71:63:32:5e:35:65:54:49:ad:04:a8:52:79:49:98:
                    41:9b:eb:b3:fb:b1:39:ca:45:de:b0:21:64:1b:15:
                    94:4a:a0:7c:51:f1:8b:8b:6f:16:05:df:db:38:64:
                    6c:9e:90:a7:84:77:71:5f:1d:41:7a:ff:be:90:bc:
                    21:3e:45:d4:d4:4e:22:6d:89:77:9e:7a:8b:65:de:
                    00:35:c1:95:b6:86:0b:f9:09:d7:11:a6:a9:f8:68:
                    de:b0:73:6d:d0:5c:04:e6:dd:5e:71:7b:fa:f6:e5:
                    9b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C4:85:2C:B2:DA:6A:6C:7D:72:70:57:85:51:00:64:3E:D3:10:93
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/cMSFLLLaamx9cnBXhVEAZD7TEJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24
                  185.179.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c0:ad:60:98:f8:4f:a2:c4:04:83:a6:5d:8b:59:2c:05:37:
         37:3e:f7:b9:cd:c5:e3:1c:28:fb:c1:ec:f5:e2:4b:25:09:e8:
         38:34:66:b5:0e:42:62:44:51:2b:43:88:2c:9c:81:2c:34:85:
         75:5e:73:ae:e6:c4:2a:bf:90:54:b8:28:29:82:eb:f9:7f:2e:
         bd:8f:2c:84:96:3f:5e:88:58:e4:61:ea:b8:ab:96:96:95:db:
         d9:91:d5:11:c9:ca:aa:62:5b:66:1b:8b:2f:87:3a:6a:01:73:
         20:40:1a:94:0e:26:7e:d2:94:91:64:d9:ad:f3:2d:cc:e8:4d:
         42:6b:2e:33:b8:b9:6d:49:9d:f7:6c:1a:77:c9:c7:60:c1:fe:
         88:cc:b8:41:86:6a:48:ae:93:fc:14:6d:52:f8:18:26:15:fe:
         6c:8a:40:cb:15:0b:2e:ca:bc:24:be:ad:ce:97:a1:e7:7b:32:
         a0:d7:eb:c3:0e:59:12:45:72:2c:f1:1c:b5:69:2b:fa:85:56:
         0d:cb:c2:d7:2d:0b:32:1a:9e:d3:e5:d6:fd:63:eb:09:d2:49:
         b9:ed:d4:fb:e4:46:a0:f1:35:5c:3d:0f:1c:99:7f:b0:95:cf:
         80:81:77:09:9c:19:c4:9a:ac:21:86:24:ef:e6:06:dd:92:04:
         9b:c9:d8:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmXGZt0anovPBO/qNoiBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjQwMTAyMTQzNTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM0ODUyY2IyZGE2YTZjN2Q3MjcwNTc4NTUxMDA2NDNlZDMxMDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7crqsKaxRuOVhcEr7Rzm4QpwTTk
jrt4xDuZZk2IWPofQTmnyO82hvoL800kW3dPccYOSIbyoS5cThEM1lyBVAxqkotS
xIl+Rt7/+76Z+mMm45eAsMdEO89+i9jB7YElhcBuKc/qaFC6wXBXwC8FhJioVv20
7mMVWtGCQTpNIzXCISgBmNFMOtKisjp/O4C6d1jW36NxYzJeNWVUSa0EqFJ5SZhB
m+uz+7E5ykXesCFkGxWUSqB8UfGLi28WBd/bOGRsnpCnhHdxXx1Bev++kLwhPkXU
1E4ibYl3nnqLZd4ANcGVtoYL+QnXEaap+GjesHNt0FwE5t1ecXv69uWbuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHDEhSyy2mpsfXJwV4VRAGQ+0xCTMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvY01TRkxMTGFhbXg5Y25CWGhWRUFaRDdURUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZeSAwQA
ubNbMA0GCSqGSIb3DQEBCwUAA4IBAQCFwK1gmPhPosQEg6Zdi1ksBTc3Pve5zcXj
HCj7wez14kslCeg4NGa1DkJiRFErQ4gsnIEsNIV1XnOu5sQqv5BUuCgpguv5fy69
jyyElj9eiFjkYeq4q5aWldvZkdURycqqYltmG4svhzpqAXMgQBqUDiZ+0pSRZNmt
8y3M6E1Cay4zuLltSZ33bBp3ycdgwf6IzLhBhmpIrpP8FG1S+BgmFf5sikDLFQsu
yrwkvq3Ol6HnezKg1+vDDlkSRXIs8Ry1aSv6hVYNy8LXLQsyGp7T5db9Y+sJ0km5
7dT75Eag8TVcPQ8cmX+wlc+AgXcJnBnEmqwhhiTv5gbdkgSbydjR
-----END CERTIFICATE-----