Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/gwXTY0LJ22_8yhfOOeJP7JMePkA.roa
File:                     gwXTY0LJ22_8yhfOOeJP7JMePkA.roa (raw, json)
Hash identifier:          C8Ad/tS32eCjtx+fJLVbrf6IcLPHhfeHNWH2HlHojI4=
Subject key identifier:   83:05:D3:63:42:C9:DB:6F:FC:CA:17:CE:39:E2:4F:EC:93:1E:3E:40
Certificate issuer:       /CN=b7a670e51c96419fc52028b12e45655ef914ddbb
Certificate serial:       0194C8D05EA56F5AFA05946193BA9D63F368
Authority key identifier: B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/gwXTY0LJ22_8yhfOOeJP7JMePkA.roa
Signing time:             Sun 02 Feb 2025 22:38:06 +0000
ROA not before:           Sun 02 Feb 2025 22:38:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59914
IP address blocks:        185.66.224.0/23 maxlen: 23
                          185.66.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c8:d0:5e:a5:6f:5a:fa:05:94:61:93:ba:9d:63:f3:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7a670e51c96419fc52028b12e45655ef914ddbb
        Validity
            Not Before: Feb  2 22:38:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8305d36342c9db6ffcca17ce39e24fec931e3e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:aa:34:1a:79:91:ed:f1:24:21:a0:54:98:ed:
                    39:6b:31:38:28:69:a4:3b:52:5d:45:8e:a9:67:18:
                    19:bf:0c:e1:e8:41:80:ea:0a:32:c5:8f:d7:e2:f7:
                    c4:fc:1b:b6:0e:d2:18:c1:d9:13:a8:ff:fd:90:6e:
                    d0:01:bb:0b:98:71:8d:a2:d7:96:9b:46:a8:1f:a7:
                    ca:7b:1b:f3:27:3e:60:7f:1a:cc:a7:21:74:45:6c:
                    6f:c5:50:ba:6c:cf:a2:5f:ee:78:53:71:da:0b:0a:
                    df:03:2b:bf:87:53:0b:6e:68:4a:4e:95:7a:42:1a:
                    fc:dd:35:42:f2:fb:36:66:a3:82:83:ef:8d:1d:c4:
                    8c:b1:42:0f:f0:c8:c2:f2:b5:06:02:37:02:6b:08:
                    6c:0a:fe:f8:85:f8:dc:69:bd:4a:5c:1e:36:c5:ac:
                    d4:51:a2:c8:7f:9f:46:d8:b2:c1:27:45:8a:ea:73:
                    5f:36:5e:e4:ed:20:18:82:78:27:a4:ca:93:96:a7:
                    93:68:73:e9:01:4b:00:f4:93:75:c5:a3:c6:80:29:
                    9a:49:2e:3f:78:54:60:9d:e7:eb:fd:ca:c9:b5:2d:
                    e5:42:57:a8:04:58:ab:ca:c3:eb:35:af:c1:f5:4d:
                    b7:c2:16:46:da:e9:d6:99:19:ca:29:d8:d8:e5:ad:
                    3e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:05:D3:63:42:C9:DB:6F:FC:CA:17:CE:39:E2:4F:EC:93:1E:3E:40
            X509v3 Authority Key Identifier:
                keyid:B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/gwXTY0LJ22_8yhfOOeJP7JMePkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:96:f9:4e:9c:52:e0:9d:f1:3a:97:8f:67:56:1b:ff:f2:0e:
         75:bd:5c:bc:b7:8b:7b:06:5d:b2:4b:9f:39:d3:04:09:fa:25:
         96:d2:2e:49:44:d0:b8:bc:05:b1:04:34:bc:3d:b0:b8:71:42:
         bc:03:97:ad:11:d4:d5:c5:64:ee:93:f8:cf:35:8f:ac:26:19:
         68:6f:97:7e:d4:6b:8c:54:cb:48:fd:c9:2c:91:6c:64:1e:3e:
         d4:98:90:76:4b:e0:9d:cf:8a:35:a0:a7:0a:6b:97:56:c6:9d:
         b0:3e:ec:84:ca:6a:5c:e9:1f:bf:30:b0:ad:f7:b0:7d:2e:20:
         05:35:53:81:5f:e6:ca:a7:44:c3:00:ea:be:52:0d:e4:ad:3f:
         e1:29:17:9b:fe:bc:54:7d:61:16:18:f5:2c:66:95:35:6f:f1:
         d0:82:8a:86:9c:a1:5b:2e:1c:8e:97:d6:6b:f4:9e:97:25:36:
         9e:f3:8a:fc:e8:3a:50:e8:fe:18:63:7b:33:be:0e:74:e4:03:
         28:57:4c:d6:65:80:b2:76:69:4d:c7:c7:c7:50:ac:2f:42:48:
         cc:62:31:1d:fb:be:73:e9:ff:f4:8e:4d:5e:5b:b6:ec:9a:72:
         c5:b8:80:47:62:41:77:27:bf:b2:11:eb:a3:ea:c2:bb:39:fc:
         60:91:17:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTI0F6lb1r6BZRhk7qdY/NoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YTY3MGU1MWM5NjQxOWZjNTIwMjhiMTJlNDU2NTVlZjkx
NGRkYmIwHhcNMjUwMjAyMjIzODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA1ZDM2MzQyYzlkYjZmZmNjYTE3Y2UzOWUyNGZlYzkzMWUzZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuao0GnmR7fEkIaBUmO05azE4KGmk
O1JdRY6pZxgZvwzh6EGA6goyxY/X4vfE/Bu2DtIYwdkTqP/9kG7QAbsLmHGNoteW
m0aoH6fKexvzJz5gfxrMpyF0RWxvxVC6bM+iX+54U3HaCwrfAyu/h1MLbmhKTpV6
Qhr83TVC8vs2ZqOCg++NHcSMsUIP8MjC8rUGAjcCawhsCv74hfjcab1KXB42xazU
UaLIf59G2LLBJ0WK6nNfNl7k7SAYgngnpMqTlqeTaHPpAUsA9JN1xaPGgCmaSS4/
eFRgnefr/crJtS3lQleoBFirysPrNa/B9U23whZG2unWmRnKKdjY5a0+GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMF02NCydtv/MoXzjniT+yTHj5AMB8GA1UdIwQY
MBaAFLemcOUclkGfxSAosS5FZV75FN27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWIt
MTMyOTM3ZDM5Y2VhLzEvZ3dYVFkwTEoyMl84eWhmT09lSlA3Sk1lUGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWItMTMyOTM3ZDM5Y2Vh
LzEvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuULgMA0G
CSqGSIb3DQEBCwUAA4IBAQAmlvlOnFLgnfE6l49nVhv/8g51vVy8t4t7Bl2yS585
0wQJ+iWW0i5JRNC4vAWxBDS8PbC4cUK8A5etEdTVxWTuk/jPNY+sJhlob5d+1GuM
VMtI/ckskWxkHj7UmJB2S+Cdz4o1oKcKa5dWxp2wPuyEympc6R+/MLCt97B9LiAF
NVOBX+bKp0TDAOq+Ug3krT/hKReb/rxUfWEWGPUsZpU1b/HQgoqGnKFbLhyOl9Zr
9J6XJTae84r86DpQ6P4YY3szvg505AMoV0zWZYCydmlNx8fHUKwvQkjMYjEd+75z
6f/0jk1eW7bsmnLFuIBHYkF3J7+yEeuj6sK7OfxgkRdg
-----END CERTIFICATE-----