Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/1gXtebejYABrUXmrqhVtJ7IBAZ4.roa
File:                     1gXtebejYABrUXmrqhVtJ7IBAZ4.roa (raw, json)
Hash identifier:          IRukJVcZrexqXcoZoTvVZxGGyNHyxaxtY0CG6uM47e8=
Subject key identifier:   D6:05:ED:79:B7:A3:60:00:6B:51:79:AB:AA:15:6D:27:B2:01:01:9E
Certificate issuer:       /CN=472694d8a399a3a66f442ec72295c754acbbad41
Certificate serial:       018FC3D67488DEB4249B2B0152A11D185062
Authority key identifier: 47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/1gXtebejYABrUXmrqhVtJ7IBAZ4.roa
Signing time:             Wed 29 May 2024 10:12:42 +0000
ROA not before:           Wed 29 May 2024 10:12:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205967
IP address blocks:        185.83.233.0/24 maxlen: 24
                          2a03:6e60:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c3:d6:74:88:de:b4:24:9b:2b:01:52:a1:1d:18:50:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=472694d8a399a3a66f442ec72295c754acbbad41
        Validity
            Not Before: May 29 10:12:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d605ed79b7a360006b5179abaa156d27b201019e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e6:ae:b3:4d:d4:9b:d1:f1:b2:be:44:f3:75:
                    6c:a9:c7:e1:d6:d2:4d:35:e2:b3:ef:b2:03:87:1f:
                    45:d8:f6:c7:a9:9c:48:ec:0e:4a:1a:6d:c3:c4:4b:
                    43:bb:d1:69:5a:82:01:c9:28:b4:2b:d7:de:14:aa:
                    86:0f:11:95:b3:bd:a5:16:68:9f:80:ba:b4:f2:5b:
                    0d:b4:cf:c5:c5:62:30:f9:9e:b8:99:20:b6:43:7d:
                    3d:bb:e0:7c:c6:2e:0b:e4:44:1a:82:f0:e8:6a:7d:
                    7b:db:5a:ba:6f:16:ce:bd:e6:da:29:db:45:6d:79:
                    4c:66:a0:f4:50:b7:dc:41:80:ab:4b:a5:b9:b2:b1:
                    bb:5d:33:bd:c3:d9:0d:2d:89:47:88:0c:32:83:4e:
                    b8:a7:c6:b5:db:b5:79:c2:87:a0:f5:b9:e5:70:e9:
                    f2:99:2a:08:2d:97:12:84:50:5b:aa:44:81:84:85:
                    9e:ce:99:e6:8b:eb:9e:37:1a:40:1c:8c:eb:5e:cc:
                    77:4a:97:be:7a:a7:65:1b:2a:cc:eb:f6:e7:bd:e9:
                    98:33:ec:fc:3e:bc:13:7f:1f:9e:b1:c2:a7:3e:ef:
                    d8:fa:6f:56:6a:7b:7b:21:65:69:2e:31:ae:2a:d1:
                    2f:51:5e:3b:5e:e3:42:48:fb:0e:4a:5c:51:ab:b3:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:05:ED:79:B7:A3:60:00:6B:51:79:AB:AA:15:6D:27:B2:01:01:9E
            X509v3 Authority Key Identifier:
                keyid:47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/1gXtebejYABrUXmrqhVtJ7IBAZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.233.0/24
                IPv6:
                  2a03:6e60:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:45:58:88:ee:c0:05:fd:8b:5a:fb:78:7b:67:44:20:ab:f7:
         7e:d5:bd:eb:dc:4b:58:14:52:bb:b7:49:63:09:97:de:a0:b7:
         ff:05:55:78:78:e3:d8:79:a8:8a:4b:ba:46:60:0e:f0:2f:13:
         2e:4b:ab:41:ea:2b:17:ee:15:4b:ff:9a:a5:60:f7:eb:6b:a7:
         01:89:52:ea:81:73:c0:b1:47:f5:7c:9e:d8:c9:19:3d:56:46:
         12:45:6a:59:5c:e6:88:40:dd:ed:86:93:4e:54:aa:2a:45:c7:
         bb:ab:ee:c5:1b:fd:71:65:e7:2c:f5:1d:7d:a0:2a:6a:7d:d9:
         68:05:0b:fb:76:13:99:52:68:f6:99:49:f0:3b:8a:73:0c:c7:
         2a:37:a7:21:b6:f0:e1:03:f1:51:97:bd:85:3d:0f:70:23:b7:
         76:7b:98:60:4d:c6:db:ed:96:dc:ce:93:8e:70:54:7c:1d:79:
         89:c5:7c:8e:4c:38:03:27:bf:ca:b5:97:7c:d3:7a:ab:1f:3d:
         9a:f8:21:b1:7b:d2:fd:a3:48:ff:ab:66:a2:4a:86:2e:cb:fe:
         ac:a4:d2:92:b5:16:85:00:cf:eb:38:62:66:74:7c:35:b2:4a:
         3e:e3:d2:62:4a:81:eb:b4:ed:fe:3c:3c:84:65:02:93:99:eb:
         81:05:a5:7d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY/D1nSI3rQkmysBUqEdGFBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjY5NGQ4YTM5OWEzYTY2ZjQ0MmVjNzIyOTVjNzU0YWNi
YmFkNDEwHhcNMjQwNTI5MTAxMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA1ZWQ3OWI3YTM2MDAwNmI1MTc5YWJhYTE1NmQyN2IyMDEwMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuaus03Um9Hxsr5E83Vsqcfh1tJN
NeKz77IDhx9F2PbHqZxI7A5KGm3DxEtDu9FpWoIBySi0K9feFKqGDxGVs72lFmif
gLq08lsNtM/FxWIw+Z64mSC2Q309u+B8xi4L5EQagvDoan1721q6bxbOvebaKdtF
bXlMZqD0ULfcQYCrS6W5srG7XTO9w9kNLYlHiAwyg064p8a127V5woeg9bnlcOny
mSoILZcShFBbqkSBhIWezpnmi+ueNxpAHIzrXsx3Spe+eqdlGyrM6/bnvemYM+z8
PrwTfx+escKnPu/Y+m9Want7IWVpLjGuKtEvUV47XuNCSPsOSlxRq7PVLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNYF7Xm3o2AAa1F5q6oVbSeyAQGeMB8GA1UdIwQY
MBaAFEcmlNijmaOmb0QuxyKVx1Ssu61BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEt
MDYzYTA4ODFhNmQyLzEvMWdYdGViZWpZQUJyVVhtcnFoVnRKN0lCQVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEtMDYzYTA4ODFhNmQy
LzEvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuVPpMA8E
AgACMAkDBwAqA25gAAEwDQYJKoZIhvcNAQELBQADggEBAG5FWIjuwAX9i1r7eHtn
RCCr937VvevcS1gUUru3SWMJl96gt/8FVXh449h5qIpLukZgDvAvEy5Lq0HqKxfu
FUv/mqVg9+trpwGJUuqBc8CxR/V8ntjJGT1WRhJFallc5ohA3e2Gk05UqipFx7ur
7sUb/XFl5yz1HX2gKmp92WgFC/t2E5lSaPaZSfA7inMMxyo3pyG28OED8VGXvYU9
D3Ajt3Z7mGBNxtvtltzOk45wVHwdeYnFfI5MOAMnv8q1l3zTeqsfPZr4IbF70v2j
SP+rZqJKhi7L/qyk0pK1FoUAz+s4YmZ0fDWySj7j0mJKgeu07f48PIRlApOZ64EF
pX0=
-----END CERTIFICATE-----