Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/SYSEJwG8XMCuzrDvGtlQoKvq7bw.roa
File:                     SYSEJwG8XMCuzrDvGtlQoKvq7bw.roa (raw, json)
Hash identifier:          D0IndZ3E2reuvz5y05lKAXGz9Qd0jZ943C7+1cgdCHA=
Subject key identifier:   49:84:84:27:01:BC:5C:C0:AE:CE:B0:EF:1A:D9:50:A0:AB:EA:ED:BC
Certificate issuer:       /CN=344c0836dd5c73b0775904eaa3b7e87a4a0c0cf5
Certificate serial:       018CC500E86452CE84B94E760689C7F8EAFE
Authority key identifier: 34:4C:08:36:DD:5C:73:B0:77:59:04:EA:A3:B7:E8:7A:4A:0C:0C:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEwINt1cc7B3WQTqo7foekoMDPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/SYSEJwG8XMCuzrDvGtlQoKvq7bw.roa
Signing time:             Mon 01 Jan 2024 12:30:20 +0000
ROA not before:           Mon 01 Jan 2024 12:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201568
IP address blocks:        185.60.68.0/22 maxlen: 22
                          185.60.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/NEwINt1cc7B3WQTqo7foekoMDPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/NEwINt1cc7B3WQTqo7foekoMDPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEwINt1cc7B3WQTqo7foekoMDPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e8:64:52:ce:84:b9:4e:76:06:89:c7:f8:ea:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344c0836dd5c73b0775904eaa3b7e87a4a0c0cf5
        Validity
            Not Before: Jan  1 12:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4984842701bc5cc0aeceb0ef1ad950a0abeaedbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7f:13:65:74:a7:d2:bc:a3:98:5b:c9:ba:51:
                    b0:e7:a0:dc:2b:d0:b6:14:8b:53:40:cb:d8:9a:08:
                    c0:80:9d:3d:d4:90:d9:9a:07:eb:ea:41:58:dc:51:
                    81:f2:bf:da:3c:43:78:14:e3:17:46:c5:15:e4:f3:
                    a5:21:e4:47:a8:eb:8c:73:a5:ce:d7:be:8b:2a:ab:
                    a4:7e:80:4e:6e:6c:18:95:5f:11:17:62:f3:d2:bc:
                    4a:c8:f6:a1:e0:98:dc:13:16:ae:81:d5:c6:ce:cf:
                    23:07:52:18:4d:a4:e4:b1:e5:ea:99:7b:ab:58:95:
                    7a:e5:8e:15:38:60:67:24:81:4a:f3:ce:fc:5d:9b:
                    31:a7:98:a4:69:60:38:f1:ee:20:73:6f:fa:61:61:
                    a0:e4:98:ed:57:bc:2c:40:77:c7:2f:43:15:46:9d:
                    96:65:ae:44:ac:97:ec:7e:ec:36:49:db:ca:65:bd:
                    02:a6:d9:f8:2a:d9:81:d9:0f:be:f8:46:58:b1:e2:
                    5f:86:d8:35:8d:c8:68:e9:88:fa:b5:0b:3c:cd:9c:
                    e9:6c:9b:54:4f:1b:63:0e:f9:5e:6b:d6:c2:a8:84:
                    7a:6a:80:f5:9e:73:6b:6a:74:04:6d:c7:b8:7b:b0:
                    79:4f:87:34:00:01:3b:d2:10:5e:fa:5c:4e:85:31:
                    c9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:84:84:27:01:BC:5C:C0:AE:CE:B0:EF:1A:D9:50:A0:AB:EA:ED:BC
            X509v3 Authority Key Identifier:
                keyid:34:4C:08:36:DD:5C:73:B0:77:59:04:EA:A3:B7:E8:7A:4A:0C:0C:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEwINt1cc7B3WQTqo7foekoMDPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/SYSEJwG8XMCuzrDvGtlQoKvq7bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/NEwINt1cc7B3WQTqo7foekoMDPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:78:26:d7:d2:c3:07:01:90:a4:c8:cd:88:85:54:36:c1:af:
         2d:87:02:e4:af:05:ac:ff:b5:17:6a:08:eb:75:ce:7c:74:5a:
         7b:d3:f5:0a:be:dc:65:37:da:e1:cc:2b:3e:c3:e5:4b:e2:31:
         4c:d6:40:20:3a:97:c4:1e:c7:2a:f7:aa:92:ef:77:a4:61:ea:
         ed:66:84:05:a4:dc:ff:4d:04:f3:da:a8:ff:a3:a1:2b:14:2b:
         f8:f7:4b:94:4b:1b:94:9f:d7:e8:95:2b:c5:f4:1f:7b:86:dc:
         be:af:84:22:85:7d:de:c9:3c:42:ab:98:e4:d3:80:4e:3f:8e:
         c8:85:0a:e0:ee:63:85:62:44:aa:ce:eb:77:03:d4:21:96:74:
         85:10:d3:d4:5b:3b:70:05:09:f1:40:1a:60:ff:eb:f7:ff:75:
         d4:70:1e:4f:dc:ca:2b:d8:18:d6:02:d9:9e:77:2a:5e:8e:93:
         f2:36:d1:3f:2b:0d:dc:7c:4a:1f:72:9a:b2:0b:e4:27:a2:40:
         15:ff:0f:73:dd:1e:3d:ce:bd:e7:8a:cc:5f:9b:d9:1b:9d:e3:
         9c:f8:44:97:4c:00:ee:b2:2b:35:a2:80:c0:b5:ce:f5:79:18:
         fe:08:c4:35:9a:e3:a3:4a:ea:68:88:f9:b6:43:ff:8c:2b:9e:
         a1:e9:87:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOhkUs6EuU52BonH+Or+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NGMwODM2ZGQ1YzczYjA3NzU5MDRlYWEzYjdlODdhNGEw
YzBjZjUwHhcNMjQwMTAxMTIzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTg0ODQyNzAxYmM1Y2MwYWVjZWIwZWYxYWQ5NTBhMGFiZWFlZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln8TZXSn0ryjmFvJulGw56DcK9C2
FItTQMvYmgjAgJ091JDZmgfr6kFY3FGB8r/aPEN4FOMXRsUV5POlIeRHqOuMc6XO
176LKqukfoBObmwYlV8RF2Lz0rxKyPah4JjcExaugdXGzs8jB1IYTaTkseXqmXur
WJV65Y4VOGBnJIFK8878XZsxp5ikaWA48e4gc2/6YWGg5JjtV7wsQHfHL0MVRp2W
Za5ErJfsfuw2SdvKZb0Cptn4KtmB2Q+++EZYseJfhtg1jcho6Yj6tQs8zZzpbJtU
TxtjDvlea9bCqIR6aoD1nnNranQEbce4e7B5T4c0AAE70hBe+lxOhTHJsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmEhCcBvFzArs6w7xrZUKCr6u28MB8GA1UdIwQY
MBaAFDRMCDbdXHOwd1kE6qO36HpKDAz1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkV3SU50MWNjN0IzV1FUcW83Zm9la29NRFBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8wMTBkYzMtNGNlZi00NGUzLWFlOTIt
MTllMTM0NzEyZTkyLzEvU1lTRUp3RzhYTUN1enJEdkd0bFFvS3ZxN2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8wMTBkYzMtNGNlZi00NGUzLWFlOTItMTllMTM0NzEyZTky
LzEvTkV3SU50MWNjN0IzV1FUcW83Zm9la29NRFBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTxEMA0G
CSqGSIb3DQEBCwUAA4IBAQAPeCbX0sMHAZCkyM2IhVQ2wa8thwLkrwWs/7UXagjr
dc58dFp70/UKvtxlN9rhzCs+w+VL4jFM1kAgOpfEHscq96qS73ekYertZoQFpNz/
TQTz2qj/o6ErFCv490uUSxuUn9folSvF9B97hty+r4QihX3eyTxCq5jk04BOP47I
hQrg7mOFYkSqzut3A9QhlnSFENPUWztwBQnxQBpg/+v3/3XUcB5P3Mor2BjWAtme
dypejpPyNtE/Kw3cfEofcpqyC+QnokAV/w9z3R49zr3nisxfm9kbneOc+ESXTADu
sis1ooDAtc71eRj+CMQ1muOjSupoiPm2Q/+MK56h6Ye6
-----END CERTIFICATE-----