Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/2v4TNX068Xo83QPqOIa37s-1pLs.roa
File:                     2v4TNX068Xo83QPqOIa37s-1pLs.roa (raw, json)
Hash identifier:          jXFhED4CLLpO4cI/Q+DRgaIzaN8GzJzoTo3ybXLe9yE=
Subject key identifier:   DA:FE:13:35:7D:3A:F1:7A:3C:DD:03:EA:38:86:B7:EE:CF:B5:A4:BB
Certificate issuer:       /CN=22ff5bcf739b0732fb1bcdb717ec717f6f1cb0e2
Certificate serial:       018CC56EDE8D73954274743AFCF3BA227C5C
Authority key identifier: 22:FF:5B:CF:73:9B:07:32:FB:1B:CD:B7:17:EC:71:7F:6F:1C:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iv9bz3ObBzL7G823F-xxf28csOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/2v4TNX068Xo83QPqOIa37s-1pLs.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61029
IP address blocks:        185.77.196.0/24 maxlen: 24
                          2a03:1980:d113::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/Iv9bz3ObBzL7G823F-xxf28csOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/Iv9bz3ObBzL7G823F-xxf28csOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iv9bz3ObBzL7G823F-xxf28csOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:de:8d:73:95:42:74:74:3a:fc:f3:ba:22:7c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22ff5bcf739b0732fb1bcdb717ec717f6f1cb0e2
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dafe13357d3af17a3cdd03ea3886b7eecfb5a4bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:21:1e:8a:74:f8:66:47:ca:f6:9a:a9:e4:b3:
                    1c:21:d4:c0:28:76:8a:fd:52:46:46:1a:b2:43:76:
                    a3:86:bc:f1:ce:3c:b8:df:5f:7a:42:d2:bd:60:9c:
                    ab:30:49:c9:d1:c6:68:3e:b9:79:99:41:7e:61:ba:
                    93:34:1a:a7:b5:1a:b9:63:50:89:24:01:ff:b3:41:
                    c8:64:95:b9:5d:07:2c:fc:b5:2d:0f:d4:03:30:60:
                    32:50:54:30:91:3b:12:2a:ac:73:36:6b:3c:b9:eb:
                    56:19:fa:70:e2:58:24:09:f6:db:31:6c:70:93:9a:
                    84:55:f5:a2:82:42:aa:53:9e:c5:1b:17:8c:40:81:
                    35:c0:f8:9a:83:9b:25:86:0a:89:a1:ea:2f:33:9d:
                    45:ec:6f:d4:64:d7:3d:ec:65:13:a5:df:34:45:13:
                    21:eb:a4:d8:a7:a0:b4:a2:66:9f:d2:ea:1d:ea:c0:
                    ef:ed:d5:2f:87:b3:12:67:c1:31:b6:37:67:b7:4d:
                    d8:7b:c7:0e:50:29:b8:b2:eb:06:29:47:13:e3:24:
                    62:51:ea:26:b6:47:30:01:bf:85:8f:a7:f9:93:50:
                    75:27:57:1a:d1:77:25:bf:12:6f:71:44:f3:59:d9:
                    94:35:2f:b4:6c:8f:57:50:c5:2d:06:42:15:76:0b:
                    b6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:FE:13:35:7D:3A:F1:7A:3C:DD:03:EA:38:86:B7:EE:CF:B5:A4:BB
            X509v3 Authority Key Identifier:
                keyid:22:FF:5B:CF:73:9B:07:32:FB:1B:CD:B7:17:EC:71:7F:6F:1C:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iv9bz3ObBzL7G823F-xxf28csOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/2v4TNX068Xo83QPqOIa37s-1pLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/Iv9bz3ObBzL7G823F-xxf28csOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.196.0/24
                IPv6:
                  2a03:1980:d113::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:26:cd:7d:3f:42:00:15:19:73:16:fc:f6:44:1b:1a:61:55:
         c3:98:f7:f0:35:89:85:25:db:c4:c6:ca:be:0a:cc:c1:40:af:
         87:40:4e:49:67:11:8e:3c:ce:f5:bc:5d:42:38:86:e2:60:f3:
         9c:8a:1f:2d:e7:3c:83:69:7f:df:72:a3:cd:f0:91:0a:e8:f1:
         aa:e4:0d:b7:3f:e4:48:04:07:66:2c:ec:2a:fd:bc:26:92:19:
         d1:ff:8a:c3:e0:51:13:c7:ca:d1:b5:2e:83:6f:6e:8a:c8:7c:
         6e:b0:09:89:00:68:ad:5b:b0:f0:b0:81:d5:df:4f:4d:46:d1:
         5e:b0:19:32:55:c7:fb:93:2f:21:1e:a6:aa:1a:e5:39:84:81:
         1e:54:2e:a8:ad:58:7d:44:99:bf:0d:53:4e:3f:3b:e4:03:ee:
         e4:a4:1b:c4:b9:cc:d3:9a:e0:83:aa:68:ee:22:35:d3:31:31:
         4f:64:3a:39:4c:ad:40:bf:0c:e1:6e:f2:73:fb:b8:3a:0e:f1:
         f6:26:6c:e0:b4:6f:b1:26:26:87:f9:a8:77:dc:cc:af:ed:b4:
         fa:22:0b:4f:59:20:2b:63:c1:94:2d:1c:5f:33:1c:f2:cd:30:
         96:f6:b0:c4:93:4a:5d:8d:4a:3d:ab:57:ac:50:da:46:4c:4b:
         99:c0:77:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbt6Nc5VCdHQ6/PO6InxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZmY1YmNmNzM5YjA3MzJmYjFiY2RiNzE3ZWM3MTdmNmYx
Y2IwZTIwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWZlMTMzNTdkM2FmMTdhM2NkZDAzZWEzODg2YjdlZWNmYjVhNGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSEeinT4ZkfK9pqp5LMcIdTAKHaK
/VJGRhqyQ3ajhrzxzjy43196QtK9YJyrMEnJ0cZoPrl5mUF+YbqTNBqntRq5Y1CJ
JAH/s0HIZJW5XQcs/LUtD9QDMGAyUFQwkTsSKqxzNms8uetWGfpw4lgkCfbbMWxw
k5qEVfWigkKqU57FGxeMQIE1wPiag5slhgqJoeovM51F7G/UZNc97GUTpd80RRMh
66TYp6C0omaf0uod6sDv7dUvh7MSZ8Extjdnt03Ye8cOUCm4susGKUcT4yRiUeom
tkcwAb+Fj6f5k1B1J1ca0XclvxJvcUTzWdmUNS+0bI9XUMUtBkIVdgu2dwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNr+EzV9OvF6PN0D6jiGt+7PtaS7MB8GA1UdIwQY
MBaAFCL/W89zmwcy+xvNtxfscX9vHLDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXY5YnozT2JCekw3RzgyM0YteHhmMjhjc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kN2JmMGYtNjkxYS00Y2VjLWI1Y2Ut
NzYwM2U1ZGQ1NzA3LzEvMnY0VE5YMDY4WG84M1FQcU9JYTM3cy0xcExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kN2JmMGYtNjkxYS00Y2VjLWI1Y2UtNzYwM2U1ZGQ1NzA3
LzEvSXY5YnozT2JCekw3RzgyM0YteHhmMjhjc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuU3EMA8E
AgACMAkDBwAqAxmA0RMwDQYJKoZIhvcNAQELBQADggEBAAkmzX0/QgAVGXMW/PZE
GxphVcOY9/A1iYUl28TGyr4KzMFAr4dATklnEY48zvW8XUI4huJg85yKHy3nPINp
f99yo83wkQro8arkDbc/5EgEB2Ys7Cr9vCaSGdH/isPgURPHytG1LoNvborIfG6w
CYkAaK1bsPCwgdXfT01G0V6wGTJVx/uTLyEepqoa5TmEgR5ULqitWH1Emb8NU04/
O+QD7uSkG8S5zNOa4IOqaO4iNdMxMU9kOjlMrUC/DOFu8nP7uDoO8fYmbOC0b7Em
Jof5qHfczK/ttPoiC09ZICtjwZQtHF8zHPLNMJb2sMSTSl2NSj2rV6xQ2kZMS5nA
d7Y=
-----END CERTIFICATE-----