Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/H1dNmDo4S--7kiI2OEK1nJD4VCE.roa
File:                     H1dNmDo4S--7kiI2OEK1nJD4VCE.roa (raw, json)
Hash identifier:          96wxUL+mNzPnExGEwr99260iLD6dUlHZN8VlcBTFTRI=
Subject key identifier:   1F:57:4D:98:3A:38:4B:EF:BB:92:22:36:38:42:B5:9C:90:F8:54:21
Certificate issuer:       /CN=2f7a464b894841b3b940e0b357b865e393b1dd46
Certificate serial:       018CC793354FDA740FB2518BDD0BCA960E57
Authority key identifier: 2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/H1dNmDo4S--7kiI2OEK1nJD4VCE.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60672
IP address blocks:        185.137.222.0/24 maxlen: 24
                          185.137.220.0/24 maxlen: 24
                          2a0a:a500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:35:4f:da:74:0f:b2:51:8b:dd:0b:ca:96:0e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f7a464b894841b3b940e0b357b865e393b1dd46
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f574d983a384befbb9222363842b59c90f85421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:58:10:e8:56:61:88:a8:42:6d:6a:d1:18:93:
                    b1:f6:32:59:00:c7:e6:4c:f1:7a:30:e1:11:96:0b:
                    96:b4:2b:17:c9:04:82:8d:93:ca:31:5b:b2:bb:aa:
                    99:86:2f:99:79:fe:78:e8:9f:87:d0:1a:e1:4e:61:
                    7a:00:08:38:70:fe:87:24:5d:b8:df:c6:df:05:1a:
                    97:37:96:a3:32:33:15:16:51:b5:10:e6:c5:80:c7:
                    27:a5:98:d0:9e:de:90:9c:2f:4a:41:b3:c6:f5:7e:
                    7f:5d:47:e2:01:d1:b2:21:c3:15:a8:3b:b6:ce:33:
                    9e:ec:7e:4c:64:74:0b:c4:35:01:be:e4:17:28:97:
                    77:c2:96:a7:f9:79:4a:20:e2:c7:a7:5e:10:f2:e6:
                    1d:49:1f:87:c9:97:97:cf:d6:b2:83:b5:2a:59:6a:
                    b9:c8:38:a3:02:59:24:93:06:b5:96:30:3f:92:1d:
                    26:d0:e6:e9:a4:e8:06:ec:be:49:b5:64:b4:9f:49:
                    c2:39:ca:3c:e8:14:65:ff:a4:25:97:a0:d7:cd:f0:
                    33:af:39:fa:68:1b:08:10:54:53:2c:27:54:14:fe:
                    06:e2:3d:53:7f:76:85:49:4f:fd:e5:b6:2b:cb:0f:
                    45:8d:1a:88:86:18:45:08:48:46:e1:6b:57:6e:55:
                    a6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:57:4D:98:3A:38:4B:EF:BB:92:22:36:38:42:B5:9C:90:F8:54:21
            X509v3 Authority Key Identifier:
                keyid:2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/H1dNmDo4S--7kiI2OEK1nJD4VCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.220.0/24
                  185.137.222.0/24
                IPv6:
                  2a0a:a500::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:9a:f2:20:74:27:33:7f:48:e0:71:37:e6:d3:ac:b8:c5:8f:
         36:20:e2:db:72:4a:e3:c2:33:50:b7:14:e7:0c:55:1c:3f:ba:
         2f:3a:93:a3:6d:01:e9:d0:84:e3:ee:dd:34:61:f1:d1:fd:e3:
         63:9c:d5:b8:c4:e0:2d:17:ad:b3:92:27:25:7b:4a:cc:b1:e3:
         3e:a6:95:da:a6:ce:80:11:f4:b1:42:4d:1a:5b:53:be:67:6b:
         0e:d8:aa:db:1a:81:61:8d:1a:06:de:f3:c5:14:fb:90:e3:d0:
         2a:8a:1b:76:57:42:fb:46:bc:18:79:ff:c8:b7:10:4b:bb:09:
         8c:37:e6:16:3f:5a:17:e9:88:39:95:5e:ce:89:5c:d4:a0:14:
         81:32:07:a8:68:e9:11:c7:45:9a:e3:e1:a9:aa:ea:4c:2f:96:
         c0:2a:f1:17:c3:27:ff:74:cf:2d:33:cc:cb:0f:c0:4a:5c:2a:
         35:b3:37:ae:82:8d:a4:5d:1d:3f:7e:05:67:50:22:2d:0f:f4:
         8e:00:84:87:d3:7e:c3:ad:9d:5f:c3:e5:a2:21:63:a1:8c:54:
         8a:63:3a:37:f6:76:0d:72:d8:fc:bf:ae:fb:36:1b:f3:7c:c6:
         f0:7e:10:01:f5:f4:1a:da:93:1e:fe:4b:d2:88:3f:2a:6f:ab:
         18:da:5d:29
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHkzVP2nQPslGL3QvKlg5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmN2E0NjRiODk0ODQxYjNiOTQwZTBiMzU3Yjg2NWUzOTNi
MWRkNDYwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjU3NGQ5ODNhMzg0YmVmYmI5MjIyMzYzODQyYjU5YzkwZjg1NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1gQ6FZhiKhCbWrRGJOx9jJZAMfm
TPF6MOERlguWtCsXyQSCjZPKMVuyu6qZhi+Zef546J+H0BrhTmF6AAg4cP6HJF24
38bfBRqXN5ajMjMVFlG1EObFgMcnpZjQnt6QnC9KQbPG9X5/XUfiAdGyIcMVqDu2
zjOe7H5MZHQLxDUBvuQXKJd3wpan+XlKIOLHp14Q8uYdSR+HyZeXz9ayg7UqWWq5
yDijAlkkkwa1ljA/kh0m0ObppOgG7L5JtWS0n0nCOco86BRl/6Qll6DXzfAzrzn6
aBsIEFRTLCdUFP4G4j1Tf3aFSU/95bYryw9FjRqIhhhFCEhG4WtXblWmaQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFB9XTZg6OEvvu5IiNjhCtZyQ+FQhMB8GA1UdIwQY
MBaAFC96RkuJSEGzuUDgs1e4ZeOTsd1GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEt
MTAxNDRjMWJjYWZjLzEvSDFkTm1EbzRTLS03a2lJMk9FSzFuSkQ0VkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEtMTAxNDRjMWJjYWZj
LzEvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuYncAwQA
uYneMA8EAgACMAkDBwAqCqUAAAAwDQYJKoZIhvcNAQELBQADggEBAKOa8iB0JzN/
SOBxN+bTrLjFjzYg4ttySuPCM1C3FOcMVRw/ui86k6NtAenQhOPu3TRh8dH942Oc
1bjE4C0XrbOSJyV7Ssyx4z6mldqmzoAR9LFCTRpbU75naw7YqtsagWGNGgbe88UU
+5Dj0CqKG3ZXQvtGvBh5/8i3EEu7CYw35hY/WhfpiDmVXs6JXNSgFIEyB6ho6RHH
RZrj4amq6kwvlsAq8RfDJ/90zy0zzMsPwEpcKjWzN66CjaRdHT9+BWdQIi0P9I4A
hIfTfsOtnV/D5aIhY6GMVIpjOjf2dg1y2Py/rvs2G/N8xvB+EAH19Brakx7+S9KI
PypvqxjaXSk=
-----END CERTIFICATE-----