Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/R66tp2YspSa0WKGVVBRpgjOOMSc.roa
File:                     R66tp2YspSa0WKGVVBRpgjOOMSc.roa (raw, json)
Hash identifier:          vAJd7pQTatYNcNboScZHezKRexmDJyWedTR7sHg29G0=
Subject key identifier:   47:AE:AD:A7:66:2C:A5:26:B4:58:A1:95:54:14:69:82:33:8E:31:27
Certificate issuer:       /CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
Certificate serial:       0194266ACD10C70905C537B78A2A21A69DB8
Authority key identifier: 70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/R66tp2YspSa0WKGVVBRpgjOOMSc.roa
Signing time:             Thu 02 Jan 2025 09:48:41 +0000
ROA not before:           Thu 02 Jan 2025 09:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210676
IP address blocks:        185.87.168.0/24 maxlen: 24
                          185.87.169.0/24 maxlen: 24
                          185.87.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 21:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:cd:10:c7:09:05:c5:37:b7:8a:2a:21:a6:9d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
        Validity
            Not Before: Jan  2 09:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47aeada7662ca526b458a19554146982338e3127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:45:9e:cb:8b:4f:1a:c9:1e:24:60:74:14:4c:
                    ff:b8:2f:37:df:01:3e:27:ae:5f:a6:f5:25:5a:62:
                    3b:16:84:74:84:06:d3:17:aa:92:e1:ad:26:d5:5b:
                    07:0a:01:9f:7f:ed:e1:e6:9d:88:b0:11:dc:fb:90:
                    53:f7:62:b3:d4:d9:fb:39:f7:2c:cb:69:bd:a8:17:
                    34:8f:52:5c:97:5b:57:4b:f5:51:99:6d:3c:23:a8:
                    4f:00:69:18:9d:81:5b:14:fc:c0:37:c2:e1:fa:19:
                    09:7b:f3:7f:03:7a:a2:d2:56:28:dd:11:21:20:d3:
                    9a:ea:cd:af:ad:a0:fe:77:42:d4:0c:7e:3f:6c:37:
                    ab:7a:00:3a:08:4a:1e:0b:b7:e1:e3:b8:6c:22:d7:
                    0d:2b:d5:54:e9:ce:c8:f9:2b:95:a0:25:4b:e8:15:
                    54:b4:9d:73:50:b4:69:e6:00:1b:bc:27:8e:41:d8:
                    bc:8c:1d:5e:24:75:f2:68:9c:b6:61:a6:3f:da:46:
                    86:86:24:11:58:10:eb:ae:52:d4:7b:4e:d7:5a:f1:
                    64:2c:33:b8:0b:3f:ec:95:12:45:20:a3:57:fb:6d:
                    04:b0:04:dc:b1:a4:06:90:82:9b:76:84:f5:de:3f:
                    2a:cd:ad:11:4b:1b:8e:5f:57:42:6a:73:9e:50:3d:
                    7a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:AE:AD:A7:66:2C:A5:26:B4:58:A1:95:54:14:69:82:33:8E:31:27
            X509v3 Authority Key Identifier:
                keyid:70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/R66tp2YspSa0WKGVVBRpgjOOMSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.168.0-185.87.170.255

    Signature Algorithm: sha256WithRSAEncryption
         09:44:d4:45:76:df:c9:3e:53:03:e6:b7:42:e3:bf:56:0e:bd:
         2e:39:74:ff:45:a4:dd:bb:57:aa:e0:40:40:63:2d:65:41:5f:
         f1:2c:c2:51:52:0a:de:ea:99:01:4a:1c:29:1e:7a:8f:99:8f:
         c8:c0:47:75:f3:f3:0c:61:16:4f:4c:3c:97:6c:1c:ad:fb:97:
         06:63:3d:fa:2b:5f:21:ff:ed:5c:dc:b3:8c:76:77:67:7c:7f:
         3a:ab:2c:35:8d:b0:0a:e9:56:5b:6c:4e:c7:36:79:ec:73:dd:
         d1:7e:db:42:a1:d3:e4:2f:37:2b:7b:34:36:0e:48:a0:e8:64:
         a7:88:89:23:96:41:2b:44:2b:64:cc:55:8d:e1:2b:9c:91:5c:
         a7:18:fa:dd:a6:89:bf:03:59:7c:82:17:86:49:ac:ea:7b:42:
         04:50:84:c6:d7:70:43:6c:69:4d:96:fc:42:0d:ae:cd:3d:60:
         af:4e:27:61:91:fd:69:8c:20:7a:9c:6e:0b:cc:15:b8:62:d7:
         7e:c4:d6:59:47:85:26:bf:76:01:00:a3:b4:c5:f9:7e:72:e2:
         5a:26:af:38:32:26:3f:83:43:54:c4:ff:dd:46:7d:a2:58:af:
         c0:ba:5a:8d:75:8e:13:97:96:c8:06:f3:ab:18:84:b3:40:16:
         1a:04:5f:ea
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmas0QxwkFxTe3iiohpp24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmI3ZmVhOGFkMzUxMTFjYTY4N2E5Y2QwMGE0OWY5YTRm
MDQ1OWIwHhcNMjUwMTAyMDk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2FlYWRhNzY2MmNhNTI2YjQ1OGExOTU1NDE0Njk4MjMzOGUzMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkWey4tPGskeJGB0FEz/uC833wE+
J65fpvUlWmI7FoR0hAbTF6qS4a0m1VsHCgGff+3h5p2IsBHc+5BT92Kz1Nn7Ofcs
y2m9qBc0j1Jcl1tXS/VRmW08I6hPAGkYnYFbFPzAN8Lh+hkJe/N/A3qi0lYo3REh
INOa6s2vraD+d0LUDH4/bDeregA6CEoeC7fh47hsItcNK9VU6c7I+SuVoCVL6BVU
tJ1zULRp5gAbvCeOQdi8jB1eJHXyaJy2YaY/2kaGhiQRWBDrrlLUe07XWvFkLDO4
Cz/slRJFIKNX+20EsATcsaQGkIKbdoT13j8qza0RSxuOX1dCanOeUD16QwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEeuradmLKUmtFihlVQUaYIzjjEnMB8GA1UdIwQY
MBaAFHBrf+qK01ERymh6nNAKSfmk8EWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4Mjct
MjYwYzM3N2EzMTRhLzEvUjY2dHAyWXNwU2EwV0tHVlZCUnBnak9PTVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4MjctMjYwYzM3N2EzMTRh
LzEvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5V6gD
BAC5V6owDQYJKoZIhvcNAQELBQADggEBAAlE1EV238k+UwPmt0Ljv1YOvS45dP9F
pN27V6rgQEBjLWVBX/EswlFSCt7qmQFKHCkeeo+Zj8jAR3Xz8wxhFk9MPJdsHK37
lwZjPforXyH/7Vzcs4x2d2d8fzqrLDWNsArpVltsTsc2eexz3dF+20Kh0+QvNyt7
NDYOSKDoZKeIiSOWQStEK2TMVY3hK5yRXKcY+t2mib8DWXyCF4ZJrOp7QgRQhMbX
cENsaU2W/EINrs09YK9OJ2GR/WmMIHqcbgvMFbhi137E1llHhSa/dgEAo7TF+X5y
4lomrzgyJj+DQ1TE/91GfaJYr8C6Wo11jhOXlsgG86sYhLNAFhoEX+o=
-----END CERTIFICATE-----