Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/_2AlipzAwKoSB0JJJdOdZARd2q0.roa
File:                     _2AlipzAwKoSB0JJJdOdZARd2q0.roa (raw, json)
Hash identifier:          YD/KfUC99imirNkGezI8+89vmxLVgeEMrdP9a+Uz5kI=
Subject key identifier:   FF:60:25:8A:9C:C0:C0:AA:12:07:42:49:25:D3:9D:64:04:5D:DA:AD
Certificate issuer:       /CN=6c1ce5315a43d5661cdcdcc1b9d7daacfa6990f7
Certificate serial:       018CC50018670748A00EECA3A940CD6B01FB
Authority key identifier: 6C:1C:E5:31:5A:43:D5:66:1C:DC:DC:C1:B9:D7:DA:AC:FA:69:90:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBzlMVpD1WYc3NzBudfarPppkPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/_2AlipzAwKoSB0JJJdOdZARd2q0.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198551
IP address blocks:        185.200.145.0/24 maxlen: 24
                          185.200.144.0/22 maxlen: 22
                          185.200.144.0/24 maxlen: 24
                          185.200.147.0/24 maxlen: 24
                          185.200.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/bBzlMVpD1WYc3NzBudfarPppkPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/bBzlMVpD1WYc3NzBudfarPppkPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBzlMVpD1WYc3NzBudfarPppkPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:18:67:07:48:a0:0e:ec:a3:a9:40:cd:6b:01:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1ce5315a43d5661cdcdcc1b9d7daacfa6990f7
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff60258a9cc0c0aa1207424925d39d64045ddaad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:dd:fb:7c:9a:e4:a1:73:67:a0:96:f2:27:31:
                    9e:da:13:9d:be:18:ad:b4:24:32:5e:ac:a2:fb:ec:
                    23:b0:2c:bd:3c:3f:af:92:c2:b9:24:fa:31:48:03:
                    33:82:80:0d:60:de:86:6f:8b:61:d6:b3:64:5f:32:
                    e2:62:80:b6:ef:2c:7e:7e:2d:ac:06:b2:3e:bf:1f:
                    bb:08:56:7f:00:0d:e7:47:d7:ce:fa:66:08:8a:01:
                    d0:a7:f8:ad:26:fa:95:6a:58:38:f5:fd:d1:3b:ec:
                    45:b4:11:bc:79:f6:e3:82:15:3f:fe:8f:8b:2b:96:
                    0d:d7:fa:82:0b:7d:0a:16:64:85:30:1e:5a:52:42:
                    b8:61:57:62:6c:66:00:62:32:c0:9a:fd:a7:93:c1:
                    e8:72:a5:f8:02:54:bf:74:e4:7b:64:b7:d8:fd:2f:
                    1b:89:c9:79:ee:6b:de:4b:6e:3f:7a:e6:5d:b8:35:
                    0f:ca:ee:1d:c7:2b:ed:1f:0d:aa:f3:28:e1:df:0a:
                    f9:27:62:c2:d2:3e:79:a9:34:5a:fa:a0:6e:f9:85:
                    48:3e:c0:c2:7e:71:af:2f:bc:75:bb:e0:d0:d0:ff:
                    90:00:56:d0:43:9b:e9:04:c8:7f:93:d2:7d:88:c6:
                    15:e8:61:a1:e7:ea:03:4b:d7:5d:49:50:fa:16:3c:
                    33:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:60:25:8A:9C:C0:C0:AA:12:07:42:49:25:D3:9D:64:04:5D:DA:AD
            X509v3 Authority Key Identifier:
                keyid:6C:1C:E5:31:5A:43:D5:66:1C:DC:DC:C1:B9:D7:DA:AC:FA:69:90:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBzlMVpD1WYc3NzBudfarPppkPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/_2AlipzAwKoSB0JJJdOdZARd2q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/bb520c-cd0d-48d8-96a8-0fbe7bd76ffb/1/bBzlMVpD1WYc3NzBudfarPppkPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:37:6b:50:65:58:17:25:39:ec:33:83:9f:5e:29:bb:6c:79:
         7a:64:d1:16:c9:d3:b9:80:f9:9e:b9:2e:25:c5:1d:91:98:db:
         55:33:db:57:ed:e7:0e:23:f2:7b:44:13:f0:18:22:80:eb:fe:
         60:7e:96:7b:16:5d:a4:2b:23:b0:d3:27:0f:96:b2:d1:fe:5d:
         3f:98:bc:45:f6:b8:ee:8a:8b:cc:9a:fd:73:60:6a:e8:e7:28:
         4d:eb:de:0b:a7:b2:a3:da:a9:a7:96:dc:ec:2c:8a:88:93:d0:
         7d:ab:7c:bb:9e:56:e6:e3:2a:ea:3c:07:a3:e8:da:33:24:28:
         47:e1:ca:ad:2e:e8:42:63:34:09:4b:2d:e9:ab:dc:19:2b:1b:
         1b:91:31:98:d9:fc:8b:36:15:5b:84:e3:24:b7:29:3a:21:2f:
         b9:c8:2c:c1:11:9c:b3:ef:b8:bd:9f:f4:5f:f7:11:ec:b6:06:
         20:9a:7b:4f:38:1a:13:e7:04:f2:25:70:02:3d:b6:9a:63:99:
         c1:f8:b5:bc:59:e4:02:4a:11:ad:f5:c1:55:14:42:81:cb:4f:
         0b:7b:86:8d:c7:35:20:d0:7f:1d:79:53:1e:bd:42:b6:45:a4:
         5d:e7:16:41:83:f0:cd:81:52:5d:dd:36:4a:8a:8c:e5:fa:3d:
         e2:f1:02:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABhnB0igDuyjqUDNawH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWNlNTMxNWE0M2Q1NjYxY2RjZGNjMWI5ZDdkYWFjZmE2
OTkwZjcwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjYwMjU4YTljYzBjMGFhMTIwNzQyNDkyNWQzOWQ2NDA0NWRkYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd37fJrkoXNnoJbyJzGe2hOdvhit
tCQyXqyi++wjsCy9PD+vksK5JPoxSAMzgoANYN6Gb4th1rNkXzLiYoC27yx+fi2s
BrI+vx+7CFZ/AA3nR9fO+mYIigHQp/itJvqValg49f3RO+xFtBG8efbjghU//o+L
K5YN1/qCC30KFmSFMB5aUkK4YVdibGYAYjLAmv2nk8HocqX4AlS/dOR7ZLfY/S8b
icl57mveS24/euZduDUPyu4dxyvtHw2q8yjh3wr5J2LC0j55qTRa+qBu+YVIPsDC
fnGvL7x1u+DQ0P+QAFbQQ5vpBMh/k9J9iMYV6GGh5+oDS9ddSVD6FjwzZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9gJYqcwMCqEgdCSSXTnWQEXdqtMB8GA1UdIwQY
MBaAFGwc5TFaQ9VmHNzcwbnX2qz6aZD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ6bE1WcEQxV1ljM056QnVkZmFyUHBwa1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9iYjUyMGMtY2QwZC00OGQ4LTk2YTgt
MGZiZTdiZDc2ZmZiLzEvXzJBbGlwekF3S29TQjBKSkpkT2RaQVJkMnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9iYjUyMGMtY2QwZC00OGQ4LTk2YTgtMGZiZTdiZDc2ZmZi
LzEvYkJ6bE1WcEQxV1ljM056QnVkZmFyUHBwa1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuciQMA0G
CSqGSIb3DQEBCwUAA4IBAQBWN2tQZVgXJTnsM4OfXim7bHl6ZNEWydO5gPmeuS4l
xR2RmNtVM9tX7ecOI/J7RBPwGCKA6/5gfpZ7Fl2kKyOw0ycPlrLR/l0/mLxF9rju
iovMmv1zYGro5yhN694Lp7Kj2qmnltzsLIqIk9B9q3y7nlbm4yrqPAej6NozJChH
4cqtLuhCYzQJSy3pq9wZKxsbkTGY2fyLNhVbhOMktyk6IS+5yCzBEZyz77i9n/Rf
9xHstgYgmntPOBoT5wTyJXACPbaaY5nB+LW8WeQCShGt9cFVFEKBy08Le4aNxzUg
0H8deVMevUK2RaRd5xZBg/DNgVJd3TZKiozl+j3i8QIe
-----END CERTIFICATE-----