Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/0u7IQmxGFL205ACcmMdSQ6312_w.roa
File:                     0u7IQmxGFL205ACcmMdSQ6312_w.roa (raw, json)
Hash identifier:          dmvXyMvWYHEFQvRtTpHj1B1I44TlffGNBwbTqOs0BA4=
Subject key identifier:   D2:EE:C8:42:6C:46:14:BD:B4:E4:00:9C:98:C7:52:43:AD:F5:DB:FC
Certificate issuer:       /CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
Certificate serial:       018CCA2A335410180CBF43A612112424AD20
Authority key identifier: 2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/0u7IQmxGFL205ACcmMdSQ6312_w.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201015
IP address blocks:        185.111.66.0/24 maxlen: 24
                          185.111.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:33:54:10:18:0c:bf:43:a6:12:11:24:24:ad:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2eec8426c4614bdb4e4009c98c75243adf5dbfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:05:4a:18:b2:08:92:22:63:ea:06:18:de:51:
                    a9:38:c3:21:3e:a6:da:ce:33:13:40:0e:5a:ac:e8:
                    51:98:99:7f:2d:c4:33:e1:7d:85:70:28:71:02:bb:
                    d2:1c:a1:22:e6:01:7d:f6:7b:08:3f:1c:2b:f5:1a:
                    56:49:53:17:c5:ad:06:99:2e:0e:85:36:e0:46:b0:
                    99:1b:01:75:d5:7e:7d:41:56:8b:ee:d4:73:8c:01:
                    14:14:0a:0c:3a:45:19:4f:2a:bd:6d:cd:9c:3a:74:
                    1e:22:20:d9:c0:c2:f7:5f:9b:de:ac:35:86:84:57:
                    9b:63:39:b7:8c:d7:52:5c:2f:0b:ff:5a:3f:0d:77:
                    df:95:27:49:f2:01:07:77:72:00:b0:d4:a9:b1:b7:
                    db:de:e7:46:6b:fa:09:0e:9e:48:ff:18:24:e8:79:
                    b7:85:78:0a:de:af:f2:a6:ed:48:18:e7:39:cc:4d:
                    e3:4e:64:f8:0f:9a:58:78:ea:ad:75:88:ed:d2:44:
                    44:d7:7e:ca:cb:71:f4:58:bb:e1:7f:14:0b:a4:25:
                    85:fd:d4:68:cf:76:5d:fc:f4:1d:ba:79:6c:2e:fa:
                    f9:19:05:e2:09:e6:2d:ec:27:8d:5a:2f:b6:68:2d:
                    26:4a:b3:63:8a:dd:ff:f8:f5:12:1c:51:3e:5f:b8:
                    e0:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:EE:C8:42:6C:46:14:BD:B4:E4:00:9C:98:C7:52:43:AD:F5:DB:FC
            X509v3 Authority Key Identifier:
                keyid:2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/0u7IQmxGFL205ACcmMdSQ6312_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:1f:ff:03:2d:5d:71:01:a8:74:29:00:f9:8a:ca:32:f7:b2:
         1b:15:46:ce:98:ff:ed:7e:be:9e:53:ca:33:78:5b:39:17:79:
         0c:25:df:cf:4d:5c:79:88:93:ff:df:84:b6:24:62:19:7d:d7:
         c8:5b:c4:e2:dc:48:f4:30:97:7f:6c:1b:31:fa:93:29:7f:52:
         14:4b:f0:d3:f3:c8:e0:dd:37:2e:f1:bf:87:3e:22:c7:ee:15:
         d9:04:50:f0:98:65:ae:36:8e:a4:81:d2:81:22:b6:b0:7d:5f:
         3c:5a:cb:82:3b:da:dc:fe:b9:0a:aa:95:90:a5:1a:29:2f:5b:
         77:a7:41:c4:a7:d3:7c:cb:2d:8c:63:4d:83:cf:ce:ca:83:52:
         81:1d:cd:7c:78:4c:98:bc:9d:0d:23:25:1b:b3:8f:c1:b3:83:
         d6:63:05:c0:fb:b1:a8:41:7e:a6:7f:f5:78:db:df:1a:36:62:
         b8:50:00:f1:3d:7b:2b:1b:87:db:67:a6:14:5f:ba:9e:3d:2d:
         df:69:0a:94:a6:94:a5:02:d5:2c:05:59:80:05:3c:ed:e9:10:
         20:c5:d0:67:5b:c9:fc:76:20:1f:76:ea:f5:f1:25:8d:09:ec:
         61:10:4c:e2:7b:8a:94:15:8c:4a:8c:cc:b0:31:ef:ac:d6:9d:
         b9:b2:93:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjNUEBgMv0OmEhEkJK0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiN2FiNjU2OWRlNzhkM2M0YTA4MmZkZTZkZDFkNmEzZjBk
NTA5YzIwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmVlYzg0MjZjNDYxNGJkYjRlNDAwOWM5OGM3NTI0M2FkZjVkYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwVKGLIIkiJj6gYY3lGpOMMhPqba
zjMTQA5arOhRmJl/LcQz4X2FcChxArvSHKEi5gF99nsIPxwr9RpWSVMXxa0GmS4O
hTbgRrCZGwF11X59QVaL7tRzjAEUFAoMOkUZTyq9bc2cOnQeIiDZwML3X5verDWG
hFebYzm3jNdSXC8L/1o/DXfflSdJ8gEHd3IAsNSpsbfb3udGa/oJDp5I/xgk6Hm3
hXgK3q/ypu1IGOc5zE3jTmT4D5pYeOqtdYjt0kRE137Ky3H0WLvhfxQLpCWF/dRo
z3Zd/PQdunlsLvr5GQXiCeYt7CeNWi+2aC0mSrNjit3/+PUSHFE+X7jgMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLuyEJsRhS9tOQAnJjHUkOt9dv8MB8GA1UdIwQY
MBaAFCt6tlad5408Sggv3m3R1qPw1QnCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0Yzgt
M2ZjOTY1OTRiNGM1LzEvMHU3SVFteEdGTDIwNUFDY21NZFNRNjMxMl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0YzgtM2ZjOTY1OTRiNGM1
LzEvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW9CMA0G
CSqGSIb3DQEBCwUAA4IBAQB0H/8DLV1xAah0KQD5isoy97IbFUbOmP/tfr6eU8oz
eFs5F3kMJd/PTVx5iJP/34S2JGIZfdfIW8Ti3Ej0MJd/bBsx+pMpf1IUS/DT88jg
3Tcu8b+HPiLH7hXZBFDwmGWuNo6kgdKBIrawfV88WsuCO9rc/rkKqpWQpRopL1t3
p0HEp9N8yy2MY02Dz87Kg1KBHc18eEyYvJ0NIyUbs4/Bs4PWYwXA+7GoQX6mf/V4
298aNmK4UADxPXsrG4fbZ6YUX7qePS3faQqUppSlAtUsBVmABTzt6RAgxdBnW8n8
diAfdur18SWNCexhEEzie4qUFYxKjMywMe+s1p25spMH
-----END CERTIFICATE-----