Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/2t9qCD4e9nen2iiiW2n6geeH1dI.roa
File:                     2t9qCD4e9nen2iiiW2n6geeH1dI.roa (raw, json)
Hash identifier:          PgkP7SIDRQoB0N6rU5Tu0uWQZF8PaL+3aIwY1eLt7/g=
Subject key identifier:   DA:DF:6A:08:3E:1E:F6:77:A7:DA:28:A2:5B:69:FA:81:E7:87:D5:D2
Certificate issuer:       /CN=a64fa64bb3c2de4788306312c652de749ec93517
Certificate serial:       018CC3B6C9300047A981B904B6DFB6DEA727
Authority key identifier: A6:4F:A6:4B:B3:C2:DE:47:88:30:63:12:C6:52:DE:74:9E:C9:35:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/2t9qCD4e9nen2iiiW2n6geeH1dI.roa
Signing time:             Mon 01 Jan 2024 06:29:45 +0000
ROA not before:           Mon 01 Jan 2024 06:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204695
IP address blocks:        185.242.100.0/22 maxlen: 22
                          185.242.100.0/24 maxlen: 24
                          185.242.103.0/24 maxlen: 24
                          185.242.102.0/24 maxlen: 24
                          185.242.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c9:30:00:47:a9:81:b9:04:b6:df:b6:de:a7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a64fa64bb3c2de4788306312c652de749ec93517
        Validity
            Not Before: Jan  1 06:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dadf6a083e1ef677a7da28a25b69fa81e787d5d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8a:8b:a7:f4:8f:f4:8f:d8:3b:33:87:50:e0:
                    8e:47:62:27:b8:33:a2:78:3c:75:60:61:80:56:87:
                    db:ae:f8:3c:94:34:c3:09:4a:3c:b5:7b:ab:1b:a8:
                    a5:cd:fc:ee:72:61:7b:27:c8:6b:d2:de:60:75:21:
                    bb:da:5d:e8:e8:3e:87:44:ac:9e:39:e4:ef:4e:2a:
                    cd:f1:a9:ae:65:a6:19:b2:b9:b9:92:2b:6f:2a:cd:
                    e2:e8:6e:fa:ec:92:ce:35:ef:49:94:c5:07:6f:14:
                    39:ce:62:01:59:2a:e7:10:09:f4:9a:db:20:e6:e3:
                    d4:16:b6:ae:46:8e:7f:96:32:c4:e2:79:ca:55:2c:
                    3c:25:99:5b:5b:06:e8:41:2e:d3:66:c5:03:0c:d0:
                    e1:75:3b:e1:c9:35:a7:5a:65:9d:07:38:ca:88:73:
                    a3:9e:e2:d0:c7:8f:a4:0d:f4:80:72:c2:a8:29:02:
                    c0:c4:f4:d7:a5:49:1b:e3:1e:bf:29:30:0c:d7:f4:
                    27:6d:9e:dd:0f:7d:95:93:cc:cc:44:0f:6f:d7:a7:
                    57:91:3e:f8:f2:9e:63:3f:08:88:5a:56:4e:13:ab:
                    62:80:4e:65:62:05:f5:4c:e0:9c:03:85:1f:27:38:
                    42:82:73:be:04:f3:83:4a:62:41:c6:19:e4:eb:13:
                    88:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DF:6A:08:3E:1E:F6:77:A7:DA:28:A2:5B:69:FA:81:E7:87:D5:D2
            X509v3 Authority Key Identifier:
                keyid:A6:4F:A6:4B:B3:C2:DE:47:88:30:63:12:C6:52:DE:74:9E:C9:35:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/2t9qCD4e9nen2iiiW2n6geeH1dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:d8:ce:d1:0d:83:e9:b8:c2:53:c6:7a:b2:45:f4:de:af:9b:
         a0:33:3b:e4:6a:92:68:14:24:1b:8a:fd:a3:d1:ae:3b:74:ad:
         d4:0a:bd:5d:29:f9:78:09:ed:75:31:07:d2:ca:17:7a:6f:17:
         0b:a7:a3:77:2d:b0:4a:fe:53:51:6a:b3:f6:6f:63:f3:4b:40:
         2c:c2:4b:01:f3:03:79:e4:e3:9c:7d:78:3d:02:fa:c7:0e:fd:
         98:a5:d9:c0:34:42:bf:8d:91:41:08:c9:47:19:57:55:30:b3:
         10:b5:bc:55:60:b1:4a:f7:07:97:b0:0e:7e:b9:db:e7:06:b1:
         0d:89:55:6e:1a:53:5f:a1:38:82:cd:23:1b:d6:25:f9:51:73:
         86:ae:26:33:0b:79:f7:56:1b:7d:cc:2e:b7:9b:b1:eb:2f:ac:
         58:11:b4:25:7c:cc:af:0c:06:5b:d2:58:98:63:1b:4c:a6:54:
         7e:f9:99:b5:e9:81:f0:f9:20:86:1e:d7:df:aa:07:ca:36:96:
         e9:94:c8:36:26:b9:3e:26:ff:ae:b5:4f:3e:f2:df:f0:29:a5:
         fe:2c:5f:c5:8c:ea:51:f6:65:29:fd:de:b8:d3:a8:3d:75:08:
         2f:47:e4:5c:72:93:8a:a0:ad:1f:fd:b8:b8:3c:67:ea:37:0e:
         02:28:1f:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtskwAEepgbkEtt+23qcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NGZhNjRiYjNjMmRlNDc4ODMwNjMxMmM2NTJkZTc0OWVj
OTM1MTcwHhcNMjQwMTAxMDYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRmNmEwODNlMWVmNjc3YTdkYTI4YTI1YjY5ZmE4MWU3ODdkNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YqLp/SP9I/YOzOHUOCOR2InuDOi
eDx1YGGAVofbrvg8lDTDCUo8tXurG6ilzfzucmF7J8hr0t5gdSG72l3o6D6HRKye
OeTvTirN8amuZaYZsrm5kitvKs3i6G767JLONe9JlMUHbxQ5zmIBWSrnEAn0mtsg
5uPUFrauRo5/ljLE4nnKVSw8JZlbWwboQS7TZsUDDNDhdTvhyTWnWmWdBzjKiHOj
nuLQx4+kDfSAcsKoKQLAxPTXpUkb4x6/KTAM1/QnbZ7dD32Vk8zMRA9v16dXkT74
8p5jPwiIWlZOE6tigE5lYgX1TOCcA4UfJzhCgnO+BPODSmJBxhnk6xOIMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrfagg+HvZ3p9oooltp+oHnh9XSMB8GA1UdIwQY
MBaAFKZPpkuzwt5HiDBjEsZS3nSeyTUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGstbVM3UEMza2VJTUdNU3hsTGVkSjdKTlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80MjdkYjItYzYxMy00ZTg0LWIzOGMt
OTA1NjliYzZjYTU0LzEvMnQ5cUNENGU5bmVuMmlpaVcybjZnZWVIMWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80MjdkYjItYzYxMy00ZTg0LWIzOGMtOTA1NjliYzZjYTU0
LzEvcGstbVM3UEMza2VJTUdNU3hsTGVkSjdKTlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufJkMA0G
CSqGSIb3DQEBCwUAA4IBAQBs2M7RDYPpuMJTxnqyRfTer5ugMzvkapJoFCQbiv2j
0a47dK3UCr1dKfl4Ce11MQfSyhd6bxcLp6N3LbBK/lNRarP2b2PzS0AswksB8wN5
5OOcfXg9AvrHDv2YpdnANEK/jZFBCMlHGVdVMLMQtbxVYLFK9weXsA5+udvnBrEN
iVVuGlNfoTiCzSMb1iX5UXOGriYzC3n3Vht9zC63m7HrL6xYEbQlfMyvDAZb0liY
YxtMplR++Zm16YHw+SCGHtffqgfKNpbplMg2Jrk+Jv+utU8+8t/wKaX+LF/FjOpR
9mUp/d6406g9dQgvR+RccpOKoK0f/bi4PGfqNw4CKB/T
-----END CERTIFICATE-----