Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/h2CQiMwF_yCoqKm7JUp85Oe6aFk.roa
File:                     h2CQiMwF_yCoqKm7JUp85Oe6aFk.roa (raw, json)
Hash identifier:          olFk5vt6buU3Pw3ID0xHuaFgR1OiGksQjs0Hr+UaNO8=
Subject key identifier:   87:60:90:88:CC:05:FF:20:A8:A8:A9:BB:25:4A:7C:E4:E7:BA:68:59
Certificate issuer:       /CN=e60064dcf719ed8999da792f6fbfc3fe9bc70898
Certificate serial:       018CCA29835F2FEAEA136F6C7805E45451C4
Authority key identifier: E6:00:64:DC:F7:19:ED:89:99:DA:79:2F:6F:BF:C3:FE:9B:C7:08:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/h2CQiMwF_yCoqKm7JUp85Oe6aFk.roa
Signing time:             Tue 02 Jan 2024 12:32:47 +0000
ROA not before:           Tue 02 Jan 2024 12:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57736
IP address blocks:        185.59.104.0/23 maxlen: 24
                          185.59.106.0/23 maxlen: 24
                          2a04:e3c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:83:5f:2f:ea:ea:13:6f:6c:78:05:e4:54:51:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e60064dcf719ed8999da792f6fbfc3fe9bc70898
        Validity
            Not Before: Jan  2 12:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87609088cc05ff20a8a8a9bb254a7ce4e7ba6859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:db:4b:b4:ad:15:7f:20:9d:87:0e:9b:00:f7:
                    7e:69:8b:8e:af:4d:b5:e2:0a:b9:6f:47:62:c1:53:
                    9b:cb:b2:3c:4e:b2:84:63:04:18:98:e1:b9:f0:d4:
                    88:45:27:00:d8:5d:1f:9e:be:82:36:f3:e9:49:01:
                    37:d3:77:38:15:b4:a2:0d:76:3e:90:22:63:97:ff:
                    ac:2c:af:e5:75:5d:69:79:40:4e:ac:ac:d7:ba:0d:
                    c0:6a:00:a3:2f:69:54:86:c6:59:ea:aa:4f:61:44:
                    6a:52:5a:13:13:fe:79:dc:49:15:44:c4:a7:bb:42:
                    88:a0:02:be:ad:1c:f6:1d:6c:7c:8c:06:ca:ae:3c:
                    7f:14:1b:d5:eb:c0:ac:00:d3:c2:42:ef:0c:0d:0d:
                    e1:07:8d:82:57:2a:31:04:1b:36:51:68:1d:d7:6a:
                    63:10:4e:26:c6:a4:a2:9c:59:d4:a7:01:75:63:73:
                    7f:8e:07:b6:1f:c7:21:93:96:1b:93:41:ce:1a:a0:
                    b4:ca:98:62:2e:7e:83:0b:2d:73:6e:84:93:14:d3:
                    d9:60:d2:24:3d:9b:13:cc:39:e2:8b:10:9f:94:fc:
                    c6:da:6b:7b:60:78:76:1d:0e:82:1a:55:bf:c6:eb:
                    cd:e2:e5:c3:94:1c:bc:e3:65:b6:5d:43:9d:55:80:
                    f1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:60:90:88:CC:05:FF:20:A8:A8:A9:BB:25:4A:7C:E4:E7:BA:68:59
            X509v3 Authority Key Identifier:
                keyid:E6:00:64:DC:F7:19:ED:89:99:DA:79:2F:6F:BF:C3:FE:9B:C7:08:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/h2CQiMwF_yCoqKm7JUp85Oe6aFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/734e0c-786e-4631-a923-e8b8fcc41e85/1/5gBk3PcZ7YmZ2nkvb7_D_pvHCJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.104.0/22
                IPv6:
                  2a04:e3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:0f:30:c8:d2:29:20:bc:e0:a1:82:da:5c:9e:ff:20:e6:2e:
         17:b5:f0:a2:a9:75:34:f5:3f:1d:37:50:5c:cb:ec:28:f5:f1:
         44:c5:90:9e:a7:55:68:8c:3e:f9:a8:a5:8f:81:5a:7d:35:0a:
         29:5f:09:2d:26:68:fa:11:ac:ca:4c:11:18:eb:8d:ed:66:7e:
         01:79:e1:28:c8:2c:cf:63:b7:7f:84:a1:e3:be:49:a9:cb:a1:
         98:83:98:df:f0:86:15:11:37:03:85:99:3d:bc:0a:e4:fb:43:
         8f:45:14:19:02:1a:34:d0:a3:91:4b:31:27:c5:48:30:97:c4:
         1a:80:7b:98:78:eb:2a:9e:c2:82:b9:bb:e4:fd:04:14:44:39:
         7e:de:60:c4:81:ba:35:20:4d:83:a8:e0:8f:77:bc:23:6f:55:
         3d:41:94:40:59:f5:d9:7e:05:de:ff:73:a6:83:c3:09:90:c3:
         12:e1:0a:39:e8:0f:84:c7:07:20:76:99:f7:0a:91:00:fa:7a:
         c3:61:5f:bf:ea:f1:a7:18:ce:f6:2a:80:24:c8:03:7f:d8:61:
         80:ad:9e:ec:f4:2b:4c:c0:f5:2c:c6:79:bc:a3:a5:f7:b9:2f:
         f6:1a:3c:86:7c:d6:f8:9f:86:06:3d:38:65:d5:a1:a6:70:12:
         30:61:53:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKYNfL+rqE29seAXkVFHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MDA2NGRjZjcxOWVkODk5OWRhNzkyZjZmYmZjM2ZlOWJj
NzA4OTgwHhcNMjQwMTAyMTIzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYwOTA4OGNjMDVmZjIwYThhOGE5YmIyNTRhN2NlNGU3YmE2ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmttLtK0VfyCdhw6bAPd+aYuOr021
4gq5b0diwVOby7I8TrKEYwQYmOG58NSIRScA2F0fnr6CNvPpSQE303c4FbSiDXY+
kCJjl/+sLK/ldV1peUBOrKzXug3AagCjL2lUhsZZ6qpPYURqUloTE/553EkVRMSn
u0KIoAK+rRz2HWx8jAbKrjx/FBvV68CsANPCQu8MDQ3hB42CVyoxBBs2UWgd12pj
EE4mxqSinFnUpwF1Y3N/jge2H8chk5Ybk0HOGqC0yphiLn6DCy1zboSTFNPZYNIk
PZsTzDniixCflPzG2mt7YHh2HQ6CGlW/xuvN4uXDlBy842W2XUOdVYDxgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdgkIjMBf8gqKipuyVKfOTnumhZMB8GA1UdIwQY
MBaAFOYAZNz3Ge2Jmdp5L2+/w/6bxwiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWdCazNQY1o3WW1aMm5rdmI3X0RfcHZIQ0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy83MzRlMGMtNzg2ZS00NjMxLWE5MjMt
ZThiOGZjYzQxZTg1LzEvaDJDUWlNd0ZfeUNvcUttN0pVcDg1T2U2YUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy83MzRlMGMtNzg2ZS00NjMxLWE5MjMtZThiOGZjYzQxZTg1
LzEvNWdCazNQY1o3WW1aMm5rdmI3X0RfcHZIQ0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTtoMA0E
AgACMAcDBQMqBOPAMA0GCSqGSIb3DQEBCwUAA4IBAQC4DzDI0ikgvOChgtpcnv8g
5i4XtfCiqXU09T8dN1Bcy+wo9fFExZCep1VojD75qKWPgVp9NQopXwktJmj6EazK
TBEY643tZn4BeeEoyCzPY7d/hKHjvkmpy6GYg5jf8IYVETcDhZk9vArk+0OPRRQZ
Aho00KORSzEnxUgwl8QagHuYeOsqnsKCubvk/QQURDl+3mDEgbo1IE2DqOCPd7wj
b1U9QZRAWfXZfgXe/3Omg8MJkMMS4Qo56A+Exwcgdpn3CpEA+nrDYV+/6vGnGM72
KoAkyAN/2GGArZ7s9CtMwPUsxnm8o6X3uS/2GjyGfNb4n4YGPThl1aGmcBIwYVNi
-----END CERTIFICATE-----