Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Prbwp-XrLvi7aw70wySZ6YkLY50.roa
File:                     Prbwp-XrLvi7aw70wySZ6YkLY50.roa (raw, json)
Hash identifier:          NnyZFqk/Iy/5P/ZCebV5FQQNjetOUGqwlTMsd446Nt8=
Subject key identifier:   3E:B6:F0:A7:E5:EB:2E:F8:BB:6B:0E:F4:C3:24:99:E9:89:0B:63:9D
Certificate issuer:       /CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
Certificate serial:       018CC80155CAC92B798737F3DEAEAF1DFE24
Authority key identifier: 67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Prbwp-XrLvi7aw70wySZ6YkLY50.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60465
IP address blocks:        185.30.104.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:ca:c9:2b:79:87:37:f3:de:ae:af:1d:fe:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3eb6f0a7e5eb2ef8bb6b0ef4c32499e9890b639d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4b:25:85:1e:33:e7:fb:b0:66:e2:c5:60:58:
                    17:e2:75:66:4d:8a:c5:6d:d9:76:aa:06:91:58:e3:
                    2e:3f:28:89:85:81:1e:e9:9f:06:61:b9:3b:88:03:
                    5a:ce:b8:58:cb:4d:1b:3b:26:5b:29:cc:7c:75:8b:
                    89:5c:c5:6e:57:c5:b0:c0:f8:7b:49:ad:39:99:b0:
                    cd:a4:5b:6e:58:c4:74:71:47:f5:05:99:15:1c:47:
                    e3:b7:2d:69:5c:67:34:a0:94:0c:5a:9a:d7:cc:da:
                    d3:32:76:81:51:5d:81:f2:43:ae:f9:60:c8:fc:f0:
                    99:bc:ec:7c:04:aa:79:65:4f:96:d8:ef:7e:cf:a6:
                    de:2a:92:af:2b:6f:f9:3d:a2:d7:65:82:dd:33:79:
                    19:c6:1f:2f:65:9a:4e:da:6f:88:39:a4:b5:20:55:
                    81:85:30:e3:5e:1f:7b:4c:03:f0:5e:c5:92:59:c4:
                    27:9e:f9:b6:79:dd:c5:7a:c2:9e:da:3b:90:38:43:
                    06:81:67:12:55:da:dc:8a:b2:eb:12:b7:ad:72:1b:
                    95:0a:54:61:c3:e0:20:d2:a7:0d:17:ef:69:84:61:
                    34:a5:fe:d8:5b:14:ec:8c:53:b0:f3:c9:7f:59:f9:
                    c2:55:03:73:ee:51:ce:f5:0f:6a:ff:77:b4:1d:77:
                    2c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B6:F0:A7:E5:EB:2E:F8:BB:6B:0E:F4:C3:24:99:E9:89:0B:63:9D
            X509v3 Authority Key Identifier:
                keyid:67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Prbwp-XrLvi7aw70wySZ6YkLY50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:15:97:63:ce:d6:a8:b1:d7:60:c2:a9:ec:38:65:2c:ee:91:
         ec:1b:aa:86:0d:8f:61:96:02:1a:31:ec:8c:3b:1b:b2:8d:b5:
         d3:d3:36:65:31:bc:bc:c4:8d:1a:44:0b:2f:60:1d:c8:a1:a4:
         92:18:f4:f1:61:c1:e3:3b:36:5a:2f:31:c6:55:63:27:99:b2:
         9d:0a:c3:79:be:d3:19:65:bd:2e:fb:9e:ce:60:ff:8a:cb:63:
         36:10:2d:3f:84:9e:55:b7:e6:c4:ec:2e:ac:6e:f9:95:0b:96:
         5a:dd:ff:93:a4:59:e2:6a:35:5e:bf:47:20:d1:5c:7e:ac:95:
         19:1e:b5:a0:87:6c:fe:d7:9f:26:32:dd:29:96:fb:b6:42:70:
         89:a8:41:24:87:5b:ae:c9:1e:ac:0d:d2:04:80:20:e2:c6:a4:
         a5:ed:5e:aa:65:d5:d9:db:7b:26:a6:ab:bd:26:e8:db:07:9d:
         cf:67:4f:51:a8:d9:88:0e:dd:1f:7e:7e:8b:58:c8:cf:c5:87:
         cb:c4:32:36:f5:49:51:9b:5a:5d:6d:06:ba:ca:9f:e4:15:3f:
         40:e6:bd:6c:5f:bc:63:cc:de:4c:88:c1:90:4e:53:86:d0:fc:
         e5:47:cd:c3:1b:f8:eb:83:c2:e9:3b:6b:8c:3a:e5:62:dd:b0:
         fb:28:42:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVXKySt5hzfz3q6vHf4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YWY5MDE0YjBkZWRkMmMwNDg0MGFlMzg1YjUzMzlmNmM2
NzkwZjUwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI2ZjBhN2U1ZWIyZWY4YmI2YjBlZjRjMzI0OTllOTg5MGI2MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUslhR4z5/uwZuLFYFgX4nVmTYrF
bdl2qgaRWOMuPyiJhYEe6Z8GYbk7iANazrhYy00bOyZbKcx8dYuJXMVuV8WwwPh7
Sa05mbDNpFtuWMR0cUf1BZkVHEfjty1pXGc0oJQMWprXzNrTMnaBUV2B8kOu+WDI
/PCZvOx8BKp5ZU+W2O9+z6beKpKvK2/5PaLXZYLdM3kZxh8vZZpO2m+IOaS1IFWB
hTDjXh97TAPwXsWSWcQnnvm2ed3FesKe2juQOEMGgWcSVdrcirLrEretchuVClRh
w+Ag0qcNF+9phGE0pf7YWxTsjFOw88l/WfnCVQNz7lHO9Q9q/3e0HXcsuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD628Kfl6y74u2sO9MMkmemJC2OdMB8GA1UdIwQY
MBaAFGevkBSw3t0sBIQK44W1M59sZ5D1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAt
NWU3NThlODFlZmY2LzEvUHJid3AtWHJMdmk3YXc3MHd5U1o2WWtMWTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAtNWU3NThlODFlZmY2
LzEvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuR5oMA0G
CSqGSIb3DQEBCwUAA4IBAQAPFZdjztaosddgwqnsOGUs7pHsG6qGDY9hlgIaMeyM
OxuyjbXT0zZlMby8xI0aRAsvYB3IoaSSGPTxYcHjOzZaLzHGVWMnmbKdCsN5vtMZ
Zb0u+57OYP+Ky2M2EC0/hJ5Vt+bE7C6sbvmVC5Za3f+TpFniajVev0cg0Vx+rJUZ
HrWgh2z+158mMt0plvu2QnCJqEEkh1uuyR6sDdIEgCDixqSl7V6qZdXZ23smpqu9
JujbB53PZ09RqNmIDt0ffn6LWMjPxYfLxDI29UlRm1pdbQa6yp/kFT9A5r1sX7xj
zN5MiMGQTlOG0PzlR83DG/jrg8LpO2uMOuVi3bD7KEIl
-----END CERTIFICATE-----