Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/erthnaKdfK3asFHtYUwoIEOYZr0.roa
File:                     erthnaKdfK3asFHtYUwoIEOYZr0.roa (raw, json)
Hash identifier:          R/1FtEfZ2rK2ctVV3U+qA8ircCkWQqVvh3GWUlTcS98=
Subject key identifier:   7A:BB:61:9D:A2:9D:7C:AD:DA:B0:51:ED:61:4C:28:20:43:98:66:BD
Certificate issuer:       /CN=de6c6035042cc532516ebc1968f41bfff4b8537e
Certificate serial:       018CC5006F9F58E1B6B58315BF2BF444B289
Authority key identifier: DE:6C:60:35:04:2C:C5:32:51:6E:BC:19:68:F4:1B:FF:F4:B8:53:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3mxgNQQsxTJRbrwZaPQb__S4U34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/erthnaKdfK3asFHtYUwoIEOYZr0.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212020
IP address blocks:        185.232.96.0/24 maxlen: 24
                          2a10:d280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/3mxgNQQsxTJRbrwZaPQb__S4U34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/3mxgNQQsxTJRbrwZaPQb__S4U34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3mxgNQQsxTJRbrwZaPQb__S4U34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6f:9f:58:e1:b6:b5:83:15:bf:2b:f4:44:b2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de6c6035042cc532516ebc1968f41bfff4b8537e
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7abb619da29d7caddab051ed614c2820439866bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f5:39:b5:44:03:07:06:24:e3:68:b3:b5:1c:
                    bd:9f:b7:b5:ff:ac:48:79:c5:6f:5c:7f:45:2a:cb:
                    22:00:3e:28:13:e4:cf:48:44:03:67:70:0e:62:1e:
                    14:20:cd:29:b8:e6:b6:0d:d1:0e:65:66:93:5d:76:
                    f8:f3:a9:c4:81:0d:0f:1c:1b:b4:d4:f0:c3:86:c7:
                    21:de:0f:24:bc:54:ee:ca:34:46:ba:9b:f3:b9:9f:
                    29:1c:ab:24:e1:f3:37:b8:d9:f5:9f:45:35:d9:b8:
                    9b:26:32:2a:df:8e:b2:22:54:cf:3a:8f:30:e2:4d:
                    2c:dc:97:f0:34:9b:3c:f5:46:87:05:fd:92:9b:5f:
                    c1:75:f2:e7:ba:5e:57:5a:bc:96:85:a4:65:50:88:
                    50:c0:d9:74:a0:d7:66:3c:7c:2f:56:30:fe:9b:af:
                    c7:a7:bf:2e:80:a9:85:98:1b:14:64:cf:3b:1e:03:
                    f2:cf:97:d7:32:46:af:79:48:b1:74:19:d2:0f:45:
                    e4:b1:51:64:e3:a0:fe:9e:a9:7c:4e:8f:0f:18:cc:
                    e7:ba:fe:44:2a:d5:f7:46:bd:f0:28:a7:f0:b9:31:
                    d6:98:5f:ef:ce:32:d5:50:e8:f7:8f:41:75:42:c7:
                    ab:37:55:be:8a:15:30:56:48:46:be:59:f9:f0:ef:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:BB:61:9D:A2:9D:7C:AD:DA:B0:51:ED:61:4C:28:20:43:98:66:BD
            X509v3 Authority Key Identifier:
                keyid:DE:6C:60:35:04:2C:C5:32:51:6E:BC:19:68:F4:1B:FF:F4:B8:53:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3mxgNQQsxTJRbrwZaPQb__S4U34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/erthnaKdfK3asFHtYUwoIEOYZr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c2bb4d-8483-47ce-bb0a-f5f490d2c163/1/3mxgNQQsxTJRbrwZaPQb__S4U34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.96.0/24
                IPv6:
                  2a10:d280::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:e5:99:e6:45:4c:a1:64:87:6f:14:f7:c3:a0:18:3b:a1:7c:
         ee:ee:bd:39:4b:ed:bf:d3:2d:02:e6:dd:3a:0d:ab:57:b0:d9:
         82:71:05:09:7e:4e:45:b6:44:42:63:0e:cf:ac:d2:98:4e:a4:
         2b:d9:f9:e1:ef:7b:42:1c:1c:47:71:a6:9a:53:72:8c:02:67:
         5c:c0:0c:75:22:76:52:46:14:b3:94:3a:17:26:bd:ab:a6:60:
         b6:3b:e3:f1:31:ad:62:3d:68:5e:1f:83:07:cb:f5:f0:7e:10:
         ef:2d:6a:95:49:fc:70:95:a1:29:21:f1:22:37:db:39:34:e5:
         45:0a:ff:6d:86:05:28:eb:a4:60:b4:04:35:b7:b1:4e:0f:df:
         cd:dc:71:bb:77:bb:bf:4c:2d:a4:31:0d:bd:8b:f7:44:1e:26:
         a3:cb:6b:16:3d:f4:5c:fb:4a:9a:38:2a:9b:a3:bc:20:0c:56:
         f7:c3:3f:5d:9b:4b:f5:0b:5c:f8:31:34:36:f3:d6:ad:22:2b:
         d4:c5:0e:d1:0a:ce:03:30:a3:de:64:64:bd:26:a6:d9:ef:66:
         46:90:27:d9:45:f9:11:63:87:27:5d:07:99:99:7b:36:46:18:
         1f:97:fc:e3:98:86:3d:3a:3d:44:32:12:59:10:78:89:ce:c4:
         e5:c6:54:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAG+fWOG2tYMVvyv0RLKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNmM2MDM1MDQyY2M1MzI1MTZlYmMxOTY4ZjQxYmZmZjRi
ODUzN2UwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWJiNjE5ZGEyOWQ3Y2FkZGFiMDUxZWQ2MTRjMjgyMDQzOTg2NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/U5tUQDBwYk42iztRy9n7e1/6xI
ecVvXH9FKssiAD4oE+TPSEQDZ3AOYh4UIM0puOa2DdEOZWaTXXb486nEgQ0PHBu0
1PDDhsch3g8kvFTuyjRGupvzuZ8pHKsk4fM3uNn1n0U12bibJjIq346yIlTPOo8w
4k0s3JfwNJs89UaHBf2Sm1/BdfLnul5XWryWhaRlUIhQwNl0oNdmPHwvVjD+m6/H
p78ugKmFmBsUZM87HgPyz5fXMkaveUixdBnSD0XksVFk46D+nql8To8PGMznuv5E
KtX3Rr3wKKfwuTHWmF/vzjLVUOj3j0F1QserN1W+ihUwVkhGvln58O+nywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHq7YZ2inXyt2rBR7WFMKCBDmGa9MB8GA1UdIwQY
MBaAFN5sYDUELMUyUW68GWj0G//0uFN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM214Z05RUXN4VEpSYnJ3WmFQUWJfX1M0VTM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9jMmJiNGQtODQ4My00N2NlLWJiMGEt
ZjVmNDkwZDJjMTYzLzEvZXJ0aG5hS2RmSzNhc0ZIdFlVd29JRU9ZWnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9jMmJiNGQtODQ4My00N2NlLWJiMGEtZjVmNDkwZDJjMTYz
LzEvM214Z05RUXN4VEpSYnJ3WmFQUWJfX1M0VTM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuehgMA0E
AgACMAcDBQMqENKAMA0GCSqGSIb3DQEBCwUAA4IBAQBh5ZnmRUyhZIdvFPfDoBg7
oXzu7r05S+2/0y0C5t06DatXsNmCcQUJfk5FtkRCYw7PrNKYTqQr2fnh73tCHBxH
caaaU3KMAmdcwAx1InZSRhSzlDoXJr2rpmC2O+PxMa1iPWheH4MHy/XwfhDvLWqV
SfxwlaEpIfEiN9s5NOVFCv9thgUo66RgtAQ1t7FOD9/N3HG7d7u/TC2kMQ29i/dE
Hiajy2sWPfRc+0qaOCqbo7wgDFb3wz9dm0v1C1z4MTQ289atIivUxQ7RCs4DMKPe
ZGS9JqbZ72ZGkCfZRfkRY4cnXQeZmXs2Rhgfl/zjmIY9Oj1EMhJZEHiJzsTlxlTm
-----END CERTIFICATE-----