Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/2hLbt7YtpznkBNzZ9Kq1vAql3EY.roa
File:                     2hLbt7YtpznkBNzZ9Kq1vAql3EY.roa (raw, json)
Hash identifier:          T3ueAI5AErcETC8XLrafzs7+hkvpcAQn+3BHps5EFrk=
Subject key identifier:   DA:12:DB:B7:B6:2D:A7:39:E4:04:DC:D9:F4:AA:B5:BC:0A:A5:DC:46
Certificate issuer:       /CN=46815ca15d72a5a696f8bcdf486f5801966772bb
Certificate serial:       018CC870FF6772EEA3B7C6B0C27210ACAE29
Authority key identifier: 46:81:5C:A1:5D:72:A5:A6:96:F8:BC:DF:48:6F:58:01:96:67:72:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RoFcoV1ypaaW-LzfSG9YAZZncrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/2hLbt7YtpznkBNzZ9Kq1vAql3EY.roa
Signing time:             Tue 02 Jan 2024 04:31:37 +0000
ROA not before:           Tue 02 Jan 2024 04:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207213
IP address blocks:        185.160.196.0/24 maxlen: 24
                          185.160.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/RoFcoV1ypaaW-LzfSG9YAZZncrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/RoFcoV1ypaaW-LzfSG9YAZZncrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RoFcoV1ypaaW-LzfSG9YAZZncrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ff:67:72:ee:a3:b7:c6:b0:c2:72:10:ac:ae:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46815ca15d72a5a696f8bcdf486f5801966772bb
        Validity
            Not Before: Jan  2 04:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da12dbb7b62da739e404dcd9f4aab5bc0aa5dc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4a:01:56:0e:1d:1b:11:1a:fa:81:44:00:54:
                    c5:5a:53:83:ce:29:1d:01:bf:a8:3e:10:4f:3a:1b:
                    25:4b:c4:8b:d1:54:85:87:b6:80:79:29:24:35:fe:
                    62:e2:29:33:15:9c:5a:b2:c9:62:ce:44:11:e9:e3:
                    6f:f5:a3:cf:d4:0f:f6:ae:1a:66:70:c6:44:3c:05:
                    c9:4f:11:2a:41:37:3d:8e:bc:f8:52:e8:1d:d9:56:
                    50:e6:95:4f:5e:7a:a9:e6:4d:4e:d5:c4:3c:aa:63:
                    d5:3e:cd:66:8e:6e:5b:f4:97:62:40:54:3e:dc:3a:
                    4d:9c:0d:a6:3d:43:d0:fd:af:c3:7b:5d:10:57:8c:
                    da:25:eb:4b:b4:0e:fe:2a:77:bd:1b:fb:24:39:b9:
                    db:e0:c0:6a:38:74:f3:9e:c2:61:6c:65:01:7d:b6:
                    bf:fc:c8:d3:03:87:3d:fd:07:c8:da:e6:9c:9f:19:
                    b0:47:0d:38:d7:43:f2:79:a6:5b:6f:7b:c5:62:a4:
                    ef:ca:4e:b3:b7:b3:6e:4a:68:9b:35:56:79:41:7e:
                    e6:f4:e1:ce:43:22:e5:ed:85:94:25:1b:61:f5:d4:
                    0c:a7:d9:23:33:70:77:e5:52:0a:38:7e:a1:61:79:
                    2d:9b:fc:2f:6b:8b:a6:4f:7f:78:d6:74:64:b0:04:
                    4c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:12:DB:B7:B6:2D:A7:39:E4:04:DC:D9:F4:AA:B5:BC:0A:A5:DC:46
            X509v3 Authority Key Identifier:
                keyid:46:81:5C:A1:5D:72:A5:A6:96:F8:BC:DF:48:6F:58:01:96:67:72:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RoFcoV1ypaaW-LzfSG9YAZZncrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/2hLbt7YtpznkBNzZ9Kq1vAql3EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/66bd4b-1e56-4b46-8bab-d38a7660b51e/1/RoFcoV1ypaaW-LzfSG9YAZZncrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:cd:6e:0a:e6:aa:a6:5f:e6:7a:31:f9:56:53:3b:5f:9f:e9:
         a4:8f:9f:ed:45:01:26:19:b3:2b:9f:97:66:01:bb:bb:95:17:
         ba:f2:c0:5b:bb:3b:3d:83:72:34:b2:c4:5b:b4:29:b9:e4:4b:
         8b:e7:0d:f7:ef:d1:e5:ea:4c:c6:1d:79:6a:e0:8f:45:8a:bb:
         f1:81:b1:88:60:f3:c2:da:d5:fc:c8:b6:85:30:8f:fa:bf:93:
         43:d3:2b:4d:a7:0a:db:ed:d6:cc:0c:b7:b9:a6:15:fd:d4:97:
         90:d7:91:44:03:8f:18:79:d2:18:ed:1f:56:62:eb:c3:69:a0:
         55:d2:7f:25:f9:60:48:3e:00:1c:e6:cd:97:1a:d6:3a:48:66:
         1c:4c:41:f3:25:36:69:1d:d0:8c:92:2c:d1:10:1d:31:f3:04:
         20:fd:f3:15:b0:1b:17:32:8a:d7:76:27:4d:3a:e2:99:9c:57:
         3c:35:4e:fd:e6:19:09:ee:4c:cd:d4:51:fd:7d:e6:1a:06:fe:
         1a:4e:c6:35:94:7d:01:bf:3a:a3:e7:e6:2c:d6:b3:90:91:31:
         19:ed:e1:29:74:fd:c8:88:7d:f5:43:c1:d5:0d:0f:fb:54:1d:
         2c:46:37:d1:6b:c5:3c:2e:a4:3f:f9:29:08:eb:11:8e:1b:7d:
         54:cd:68:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcP9ncu6jt8awwnIQrK4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ODE1Y2ExNWQ3MmE1YTY5NmY4YmNkZjQ4NmY1ODAxOTY2
NzcyYmIwHhcNMjQwMTAyMDQzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEyZGJiN2I2MmRhNzM5ZTQwNGRjZDlmNGFhYjViYzBhYTVkYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EoBVg4dGxEa+oFEAFTFWlODzikd
Ab+oPhBPOhslS8SL0VSFh7aAeSkkNf5i4ikzFZxasslizkQR6eNv9aPP1A/2rhpm
cMZEPAXJTxEqQTc9jrz4Uugd2VZQ5pVPXnqp5k1O1cQ8qmPVPs1mjm5b9JdiQFQ+
3DpNnA2mPUPQ/a/De10QV4zaJetLtA7+Kne9G/skObnb4MBqOHTznsJhbGUBfba/
/MjTA4c9/QfI2uacnxmwRw0410PyeaZbb3vFYqTvyk6zt7NuSmibNVZ5QX7m9OHO
QyLl7YWUJRth9dQMp9kjM3B35VIKOH6hYXktm/wva4umT3941nRksARMCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoS27e2Lac55ATc2fSqtbwKpdxGMB8GA1UdIwQY
MBaAFEaBXKFdcqWmlvi830hvWAGWZ3K7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm9GY29WMXlwYWFXLUx6ZlNHOVlBWlpuY3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC82NmJkNGItMWU1Ni00YjQ2LThiYWIt
ZDM4YTc2NjBiNTFlLzEvMmhMYnQ3WXRwem5rQk56WjlLcTF2QXFsM0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC82NmJkNGItMWU1Ni00YjQ2LThiYWItZDM4YTc2NjBiNTFl
LzEvUm9GY29WMXlwYWFXLUx6ZlNHOVlBWlpuY3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaDEMA0G
CSqGSIb3DQEBCwUAA4IBAQAxzW4K5qqmX+Z6MflWUztfn+mkj5/tRQEmGbMrn5dm
Abu7lRe68sBbuzs9g3I0ssRbtCm55EuL5w3379Hl6kzGHXlq4I9FirvxgbGIYPPC
2tX8yLaFMI/6v5ND0ytNpwrb7dbMDLe5phX91JeQ15FEA48YedIY7R9WYuvDaaBV
0n8l+WBIPgAc5s2XGtY6SGYcTEHzJTZpHdCMkizREB0x8wQg/fMVsBsXMorXdidN
OuKZnFc8NU795hkJ7kzN1FH9feYaBv4aTsY1lH0Bvzqj5+Ys1rOQkTEZ7eEpdP3I
iH31Q8HVDQ/7VB0sRjfRa8U8LqQ/+SkI6xGOG31UzWhZ
-----END CERTIFICATE-----