Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/IAOmzsjTK2R5sVoi82JR3pfoUtM.roa
File:                     IAOmzsjTK2R5sVoi82JR3pfoUtM.roa (raw, json)
Hash identifier:          Q6b4EYtTIT4f1fAKXZXEhVSE/zOFHj2JE1ZTJeCW6fY=
Subject key identifier:   20:03:A6:CE:C8:D3:2B:64:79:B1:5A:22:F3:62:51:DE:97:E8:52:D3
Certificate issuer:       /CN=032b9d2de53710b3158e42f22889109e2c40f43b
Certificate serial:       01908305441BF8ECB96279C73B64EAD8262B
Authority key identifier: 03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/IAOmzsjTK2R5sVoi82JR3pfoUtM.roa
Signing time:             Fri 05 Jul 2024 13:11:18 +0000
ROA not before:           Fri 05 Jul 2024 13:11:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210022
IP address blocks:        185.158.21.0/24 maxlen: 24
                          185.158.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:83:05:44:1b:f8:ec:b9:62:79:c7:3b:64:ea:d8:26:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=032b9d2de53710b3158e42f22889109e2c40f43b
        Validity
            Not Before: Jul  5 13:11:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2003a6cec8d32b6479b15a22f36251de97e852d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:83:0b:c9:a9:96:14:d2:c0:81:e9:fd:1c:b4:
                    14:c4:01:ab:d2:d0:4c:52:36:78:b1:02:f0:19:a7:
                    bd:fb:77:81:b2:e7:57:87:55:ce:7c:b2:8e:cf:0e:
                    ff:79:7b:f0:03:fa:c8:e3:d5:b3:22:f6:6c:6f:40:
                    eb:d3:46:7e:c2:d7:fc:18:8c:6c:e7:c4:8a:22:a3:
                    5b:a7:3b:5f:5c:44:07:60:f9:66:62:44:d4:f2:5b:
                    7f:40:20:10:21:38:22:ac:1e:db:ca:76:ba:76:73:
                    c0:5e:14:06:61:4f:f8:96:eb:a2:87:7d:c0:12:b7:
                    b7:46:be:a5:f1:ac:f5:59:27:14:b6:db:71:7d:0f:
                    77:e6:81:7b:22:9b:3e:c3:e6:a8:86:5f:dc:ed:6a:
                    e5:74:84:1f:d9:f9:0e:e1:20:1e:a4:33:fb:42:a8:
                    bc:0c:8a:91:fe:44:0b:6f:47:69:da:e9:e8:70:64:
                    d4:bd:8e:7e:19:ee:39:3c:21:50:39:c1:ba:2c:64:
                    7a:aa:59:bf:93:88:93:56:65:bb:c9:3c:c9:5d:82:
                    de:b3:34:7b:c1:4e:63:96:8f:f2:fc:42:d4:ed:c0:
                    5a:2c:83:d1:f2:ae:1c:b4:9e:99:65:3a:48:87:03:
                    c6:af:9e:03:93:d5:f0:91:b5:48:bd:85:22:99:e2:
                    03:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:03:A6:CE:C8:D3:2B:64:79:B1:5A:22:F3:62:51:DE:97:E8:52:D3
            X509v3 Authority Key Identifier:
                keyid:03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/IAOmzsjTK2R5sVoi82JR3pfoUtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.21.0-185.158.22.255

    Signature Algorithm: sha256WithRSAEncryption
         03:6f:40:d4:58:7e:90:06:94:88:59:25:35:5b:20:fd:ce:1a:
         49:e7:98:b9:c2:b6:1e:59:b0:a4:8e:e5:2f:bb:ff:ef:f7:62:
         4f:69:f6:63:db:6d:8e:3a:ee:01:90:50:e8:cd:1e:f7:26:4c:
         d9:b6:e5:20:ea:cc:d0:a6:7a:61:e0:09:b3:20:15:5f:bb:18:
         71:a3:f2:63:65:64:c7:22:c6:79:7a:2d:b4:2d:0f:b9:9e:b5:
         fe:e0:d1:a1:c8:f8:99:9c:47:ef:fb:6b:1e:27:fe:d6:b8:de:
         f0:c2:08:c2:ea:c5:be:9c:fb:d3:a4:54:d2:a4:8d:6a:49:1f:
         70:53:6f:72:bd:32:11:90:1c:28:05:e7:14:8a:c1:e8:28:e8:
         9d:13:35:ad:3a:38:9a:d3:33:22:ff:32:16:83:29:b9:dc:2f:
         17:c0:11:86:e0:b3:1d:66:7c:c2:00:d3:fb:4b:7a:db:4b:05:
         08:b2:c8:73:52:38:20:b1:7a:f5:ad:be:15:1d:36:14:4a:70:
         65:0a:20:e8:2f:6f:b7:d3:c9:1b:4d:86:e8:3d:a4:66:ea:9a:
         ba:10:90:43:1b:d0:c0:6e:7a:e7:14:15:fe:5f:c3:34:e8:92:
         09:4e:a3:a4:41:d3:40:cb:6a:1f:4c:38:f7:c6:02:f6:78:bd:
         dc:75:cd:a1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZCDBUQb+Oy5YnnHO2Tq2CYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMmI5ZDJkZTUzNzEwYjMxNThlNDJmMjI4ODkxMDllMmM0
MGY0M2IwHhcNMjQwNzA1MTMxMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAzYTZjZWM4ZDMyYjY0NzliMTVhMjJmMzYyNTFkZTk3ZTg1MmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoMLyamWFNLAgen9HLQUxAGr0tBM
UjZ4sQLwGae9+3eBsudXh1XOfLKOzw7/eXvwA/rI49WzIvZsb0Dr00Z+wtf8GIxs
58SKIqNbpztfXEQHYPlmYkTU8lt/QCAQITgirB7byna6dnPAXhQGYU/4luuih33A
Ere3Rr6l8az1WScUtttxfQ935oF7Ips+w+aohl/c7WrldIQf2fkO4SAepDP7Qqi8
DIqR/kQLb0dp2unocGTUvY5+Ge45PCFQOcG6LGR6qlm/k4iTVmW7yTzJXYLeszR7
wU5jlo/y/ELU7cBaLIPR8q4ctJ6ZZTpIhwPGr54Dk9XwkbVIvYUimeIDwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCADps7I0ytkebFaIvNiUd6X6FLTMB8GA1UdIwQY
MBaAFAMrnS3lNxCzFY5C8iiJEJ4sQPQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODIt
NGQxOWE4ZGUwYWJhLzEvSUFPbXpzalRLMlI1c1ZvaTgySlIzcGZvVXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODItNGQxOWE4ZGUwYWJh
LzEvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5nhUD
BAC5nhYwDQYJKoZIhvcNAQELBQADggEBAANvQNRYfpAGlIhZJTVbIP3OGknnmLnC
th5ZsKSO5S+7/+/3Yk9p9mPbbY467gGQUOjNHvcmTNm25SDqzNCmemHgCbMgFV+7
GHGj8mNlZMcixnl6LbQtD7metf7g0aHI+JmcR+/7ax4n/ta43vDCCMLqxb6c+9Ok
VNKkjWpJH3BTb3K9MhGQHCgF5xSKwego6J0TNa06OJrTMyL/MhaDKbncLxfAEYbg
sx1mfMIA0/tLettLBQiyyHNSOCCxevWtvhUdNhRKcGUKIOgvb7fTyRtNhug9pGbq
mroQkEMb0MBueucUFf5fwzTokglOo6RB00DLah9MOPfGAvZ4vdx1zaE=
-----END CERTIFICATE-----