Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/06AoKiANfk2OcNcKhAbJ8-wS_lc.roa
File:                     06AoKiANfk2OcNcKhAbJ8-wS_lc.roa (raw, json)
Hash identifier:          O5fLtuz0EMEoKtlzHOx0QxH/wnLA1vpFojlVK1Ne5bs=
Subject key identifier:   D3:A0:28:2A:20:0D:7E:4D:8E:70:D7:0A:84:06:C9:F3:EC:12:FE:57
Certificate issuer:       /CN=a366f35bac61a0abf71d18d6b1063d5c933a24ab
Certificate serial:       018CC5000674AEAD20EA8BA8BA7E9DE95147
Authority key identifier: A3:66:F3:5B:AC:61:A0:AB:F7:1D:18:D6:B1:06:3D:5C:93:3A:24:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/06AoKiANfk2OcNcKhAbJ8-wS_lc.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201535
IP address blocks:        185.71.164.0/22 maxlen: 22
                          2a05:34c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:06:74:ae:ad:20:ea:8b:a8:ba:7e:9d:e9:51:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a366f35bac61a0abf71d18d6b1063d5c933a24ab
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3a0282a200d7e4d8e70d70a8406c9f3ec12fe57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e8:fc:bd:7f:92:39:4e:04:f1:30:a7:ad:65:
                    8d:86:d0:6b:02:46:8e:c7:84:99:bf:21:5f:3a:a8:
                    3b:55:62:f3:af:d3:99:ae:cd:44:69:dc:a7:f1:71:
                    31:54:4c:94:92:66:8a:29:d8:c8:7c:31:62:bf:2e:
                    3e:8a:73:a0:f3:5c:ad:69:da:24:94:f4:91:14:04:
                    94:48:b3:32:6e:9f:c1:a8:bd:78:e4:6f:71:ab:cf:
                    45:8b:60:fe:fd:0e:7a:7a:1c:36:6d:4d:1c:b4:3c:
                    ea:5a:87:a8:d4:b0:d3:81:8b:e3:37:16:41:95:72:
                    56:95:48:48:9d:dc:29:90:33:bf:2e:23:3d:66:d6:
                    7f:0a:44:8c:12:50:aa:b8:38:af:d8:1f:d6:4c:bc:
                    28:14:1f:38:d3:43:ec:26:22:ca:f2:0f:99:91:a7:
                    ed:c6:cc:38:6c:3f:db:25:f3:f2:a4:ef:f7:87:2e:
                    67:9f:56:38:06:74:de:5e:5f:5b:64:e4:9e:45:12:
                    6f:0a:46:41:53:98:2a:06:79:70:ef:70:e6:c2:22:
                    cd:69:75:de:77:8c:29:6d:c4:a1:16:1c:f5:fa:df:
                    3a:9a:b6:2b:06:8c:03:f7:3e:c7:7b:3f:1b:9c:94:
                    4c:9c:6e:44:f5:b0:5a:17:91:b7:5e:ed:85:76:5f:
                    62:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A0:28:2A:20:0D:7E:4D:8E:70:D7:0A:84:06:C9:F3:EC:12:FE:57
            X509v3 Authority Key Identifier:
                keyid:A3:66:F3:5B:AC:61:A0:AB:F7:1D:18:D6:B1:06:3D:5C:93:3A:24:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2bzW6xhoKv3HRjWsQY9XJM6JKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/06AoKiANfk2OcNcKhAbJ8-wS_lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4cf814-79b5-4786-ac51-3190795e863b/1/o2bzW6xhoKv3HRjWsQY9XJM6JKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.164.0/22
                IPv6:
                  2a05:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:1c:71:2e:67:c1:6d:c9:84:34:a7:aa:e9:08:10:64:62:55:
         eb:f6:67:4e:63:9a:56:00:70:49:da:8b:cf:0e:72:1a:b1:5d:
         cb:d9:e6:1b:fb:bf:bd:cb:39:3c:00:d2:58:22:bf:8f:bd:ca:
         c2:8e:e7:1c:0c:46:37:63:ec:5d:6f:52:d0:55:79:ea:9c:ad:
         d7:83:a3:0e:b5:01:6f:3f:ef:41:c0:34:23:ac:72:46:f3:92:
         3a:9e:08:3c:65:4a:dc:2b:ed:ef:09:62:7a:86:7d:74:15:e1:
         a4:76:ca:d1:81:59:ab:8d:68:69:92:47:07:37:57:52:96:43:
         52:00:a0:19:6b:91:17:34:c3:62:07:8f:c9:73:63:57:c6:0b:
         fa:1a:55:9a:5d:03:36:b7:d3:b1:91:60:9d:9d:ed:a2:43:61:
         8b:9e:e4:ca:18:9a:a7:a9:a1:0d:68:aa:a6:88:8a:ce:8e:69:
         24:67:0c:20:0b:b5:9c:b1:fc:e4:dc:66:ef:e3:23:a2:cd:81:
         31:15:2b:92:68:89:e6:96:82:b2:fe:fd:e5:a7:2b:9f:bb:8d:
         67:8f:73:dc:52:66:ca:18:93:19:2f:06:ab:f4:01:c0:23:13:
         66:c3:b3:46:aa:a6:fb:24:a9:5d:93:60:1d:75:7f:24:b0:b7:
         b0:8e:9b:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAAZ0rq0g6ououn6d6VFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjZmMzViYWM2MWEwYWJmNzFkMThkNmIxMDYzZDVjOTMz
YTI0YWIwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2EwMjgyYTIwMGQ3ZTRkOGU3MGQ3MGE4NDA2YzlmM2VjMTJmZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+j8vX+SOU4E8TCnrWWNhtBrAkaO
x4SZvyFfOqg7VWLzr9OZrs1Eadyn8XExVEyUkmaKKdjIfDFivy4+inOg81ytadok
lPSRFASUSLMybp/BqL145G9xq89Fi2D+/Q56ehw2bU0ctDzqWoeo1LDTgYvjNxZB
lXJWlUhIndwpkDO/LiM9ZtZ/CkSMElCquDiv2B/WTLwoFB8400PsJiLK8g+Zkaft
xsw4bD/bJfPypO/3hy5nn1Y4BnTeXl9bZOSeRRJvCkZBU5gqBnlw73DmwiLNaXXe
d4wpbcShFhz1+t86mrYrBowD9z7Hez8bnJRMnG5E9bBaF5G3Xu2Fdl9iFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNOgKCogDX5NjnDXCoQGyfPsEv5XMB8GA1UdIwQY
MBaAFKNm81usYaCr9x0Y1rEGPVyTOiSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJielc2eGhvS3YzSFJqV3NRWTlYSk02SktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC80Y2Y4MTQtNzliNS00Nzg2LWFjNTEt
MzE5MDc5NWU4NjNiLzEvMDZBb0tpQU5mazJPY05jS2hBYko4LXdTX2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC80Y2Y4MTQtNzliNS00Nzg2LWFjNTEtMzE5MDc5NWU4NjNi
LzEvbzJielc2eGhvS3YzSFJqV3NRWTlYSk02SktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUekMA0E
AgACMAcDBQMqBTTAMA0GCSqGSIb3DQEBCwUAA4IBAQCjHHEuZ8FtyYQ0p6rpCBBk
YlXr9mdOY5pWAHBJ2ovPDnIasV3L2eYb+7+9yzk8ANJYIr+PvcrCjuccDEY3Y+xd
b1LQVXnqnK3Xg6MOtQFvP+9BwDQjrHJG85I6ngg8ZUrcK+3vCWJ6hn10FeGkdsrR
gVmrjWhpkkcHN1dSlkNSAKAZa5EXNMNiB4/Jc2NXxgv6GlWaXQM2t9OxkWCdne2i
Q2GLnuTKGJqnqaENaKqmiIrOjmkkZwwgC7Wcsfzk3Gbv4yOizYExFSuSaInmloKy
/v3lpyufu41nj3PcUmbKGJMZLwar9AHAIxNmw7NGqqb7JKldk2AddX8ksLewjpu8
-----END CERTIFICATE-----