Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/zz6hQsCG2cvEBb2RuNcp0-caskA.roa
File:                     zz6hQsCG2cvEBb2RuNcp0-caskA.roa (raw, json)
Hash identifier:          EjWCj9M94ED0JCC1drja09XU1oyQHp5UL4bJLE/zuUM=
Subject key identifier:   CF:3E:A1:42:C0:86:D9:CB:C4:05:BD:91:B8:D7:29:D3:E7:1A:B2:40
Certificate issuer:       /CN=d63343f7cc6c237da3f8b81138c051d8f93c9c4d
Certificate serial:       018CC5DC42F347D2D97413CA7742F280A05D
Authority key identifier: D6:33:43:F7:CC:6C:23:7D:A3:F8:B8:11:38:C0:51:D8:F9:3C:9C:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1jND98xsI32j-LgROMBR2Pk8nE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/zz6hQsCG2cvEBb2RuNcp0-caskA.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209379
IP address blocks:        185.203.200.0/22 maxlen: 22
                          2a0a:edc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/1jND98xsI32j-LgROMBR2Pk8nE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/1jND98xsI32j-LgROMBR2Pk8nE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1jND98xsI32j-LgROMBR2Pk8nE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:42:f3:47:d2:d9:74:13:ca:77:42:f2:80:a0:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d63343f7cc6c237da3f8b81138c051d8f93c9c4d
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf3ea142c086d9cbc405bd91b8d729d3e71ab240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:87:0b:90:e1:0e:00:90:54:36:50:2b:90:40:
                    63:56:ad:67:86:fe:94:83:e6:69:b2:b4:1b:0b:85:
                    c5:12:a5:fc:83:66:2c:72:dc:c9:f5:82:7a:93:83:
                    f2:96:a0:5c:06:03:43:c3:2c:c6:52:59:e9:0b:e7:
                    e3:1a:e9:9d:cf:f7:80:4b:1c:ab:60:e0:82:a4:5f:
                    3d:85:24:ef:00:d5:a8:1a:49:eb:2d:19:6c:cf:d2:
                    35:e5:3e:3a:b6:66:81:e6:ce:58:fc:e1:ff:87:0f:
                    36:4f:6d:8c:96:b8:a0:f6:68:b6:8b:e1:74:6b:d8:
                    6d:9c:9b:83:a0:da:3c:98:cc:6f:9d:a7:35:a4:a0:
                    c5:e6:f4:9c:85:fe:8c:11:39:34:51:8d:f9:14:dd:
                    76:b8:dd:e3:c1:cb:d9:bc:84:45:88:60:67:99:af:
                    c7:1a:e0:09:5e:39:cf:1b:84:89:44:dd:c1:6c:f7:
                    d7:68:7e:89:05:19:e4:80:a5:4c:ca:d0:9f:a5:63:
                    9e:1d:f4:a7:f4:d3:da:46:e7:f0:b5:0e:bf:49:f6:
                    d3:bb:32:0b:3c:f8:4e:4d:b6:b5:bd:66:43:e0:2c:
                    99:93:23:82:a6:a5:b9:b6:c1:78:f4:ac:af:eb:c0:
                    32:0c:d7:48:4e:fc:99:69:c8:ad:fb:35:eb:1d:81:
                    58:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3E:A1:42:C0:86:D9:CB:C4:05:BD:91:B8:D7:29:D3:E7:1A:B2:40
            X509v3 Authority Key Identifier:
                keyid:D6:33:43:F7:CC:6C:23:7D:A3:F8:B8:11:38:C0:51:D8:F9:3C:9C:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1jND98xsI32j-LgROMBR2Pk8nE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/zz6hQsCG2cvEBb2RuNcp0-caskA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/8eb581-9c74-48e1-821a-53180eec56fb/1/1jND98xsI32j-LgROMBR2Pk8nE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.200.0/22
                IPv6:
                  2a0a:edc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:06:40:5e:8a:25:b1:9b:6d:42:26:08:8a:61:82:b3:a6:89:
         ad:db:40:b5:e8:9e:d6:41:e6:2f:8d:13:8b:9d:8f:5f:78:d7:
         e0:e6:41:54:aa:0f:d3:74:27:f4:d7:e9:9d:f0:e2:83:c5:27:
         7f:33:84:d4:4e:a7:e7:e7:02:eb:41:2b:ad:40:0a:d2:85:07:
         cf:af:93:77:45:f8:e6:0c:c1:2f:db:3f:2a:b0:13:3a:5d:e3:
         59:72:f5:96:f1:f5:8d:a9:9e:84:b8:4c:4f:1f:f4:ac:1a:82:
         e5:a3:31:69:0c:0f:8a:77:fc:81:e7:95:b1:c7:37:6e:6f:3a:
         e4:f8:76:e9:bf:10:db:be:4b:6c:1d:b0:08:9d:f2:9c:01:72:
         f0:87:88:46:ae:c7:a2:f3:53:a2:c1:a2:ec:77:a9:6c:b7:86:
         41:a9:86:53:30:f6:e6:72:64:06:d2:b6:d8:44:6b:2b:bc:0c:
         66:05:a6:f4:2b:53:c9:f7:d2:9f:4a:15:a6:bc:ab:67:ac:c9:
         00:aa:73:8d:58:43:78:a8:83:3c:f6:f4:6a:94:23:b9:af:39:
         04:7c:ba:98:ab:a7:b8:58:35:20:4e:ff:37:ca:74:09:8b:48:
         ad:9e:39:01:76:ee:3c:dd:57:ec:2c:6a:dd:13:5a:03:1c:41:
         40:79:a6:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3ELzR9LZdBPKd0LygKBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MzM0M2Y3Y2M2YzIzN2RhM2Y4YjgxMTM4YzA1MWQ4Zjkz
YzljNGQwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNlYTE0MmMwODZkOWNiYzQwNWJkOTFiOGQ3MjlkM2U3MWFiMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4cLkOEOAJBUNlArkEBjVq1nhv6U
g+ZpsrQbC4XFEqX8g2YsctzJ9YJ6k4PylqBcBgNDwyzGUlnpC+fjGumdz/eASxyr
YOCCpF89hSTvANWoGknrLRlsz9I15T46tmaB5s5Y/OH/hw82T22Mlrig9mi2i+F0
a9htnJuDoNo8mMxvnac1pKDF5vSchf6METk0UY35FN12uN3jwcvZvIRFiGBnma/H
GuAJXjnPG4SJRN3BbPfXaH6JBRnkgKVMytCfpWOeHfSn9NPaRufwtQ6/SfbTuzIL
PPhOTba1vWZD4CyZkyOCpqW5tsF49Kyv68AyDNdITvyZacit+zXrHYFYhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM8+oULAhtnLxAW9kbjXKdPnGrJAMB8GA1UdIwQY
MBaAFNYzQ/fMbCN9o/i4ETjAUdj5PJxNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWpORDk4eHNJMzJqLUxnUk9NQlIyUGs4bkUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS84ZWI1ODEtOWM3NC00OGUxLTgyMWEt
NTMxODBlZWM1NmZiLzEveno2aFFzQ0cyY3ZFQmIyUnVOY3AwLWNhc2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS84ZWI1ODEtOWM3NC00OGUxLTgyMWEtNTMxODBlZWM1NmZi
LzEvMWpORDk4eHNJMzJqLUxnUk9NQlIyUGs4bkUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucvIMA0E
AgACMAcDBQAqCu3AMA0GCSqGSIb3DQEBCwUAA4IBAQAHBkBeiiWxm21CJgiKYYKz
pomt20C16J7WQeYvjROLnY9feNfg5kFUqg/TdCf01+md8OKDxSd/M4TUTqfn5wLr
QSutQArShQfPr5N3RfjmDMEv2z8qsBM6XeNZcvWW8fWNqZ6EuExPH/SsGoLlozFp
DA+Kd/yB55Wxxzdubzrk+HbpvxDbvktsHbAInfKcAXLwh4hGrsei81OiwaLsd6ls
t4ZBqYZTMPbmcmQG0rbYRGsrvAxmBab0K1PJ99KfShWmvKtnrMkAqnONWEN4qIM8
9vRqlCO5rzkEfLqYq6e4WDUgTv83ynQJi0itnjkBdu483VfsLGrdE1oDHEFAeabU
-----END CERTIFICATE-----