Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ZH1uXew7zKMSWEFAVbYybcT6S-o.roa
File:                     ZH1uXew7zKMSWEFAVbYybcT6S-o.roa (raw, json)
Hash identifier:          NlHEyiRhRCEFIzexo0wHHFPObn/eEAxc7vHjXbgkme8=
Subject key identifier:   64:7D:6E:5D:EC:3B:CC:A3:12:58:41:40:55:B6:32:6D:C4:FA:4B:EA
Certificate issuer:       /CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
Certificate serial:       018FE2932E7ADB8756EEC9B2FA02FB9A201F
Authority key identifier: 2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ZH1uXew7zKMSWEFAVbYybcT6S-o.roa
Signing time:             Tue 04 Jun 2024 09:27:27 +0000
ROA not before:           Tue 04 Jun 2024 09:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201015
IP address blocks:        185.111.66.0/23 maxlen: 23
                          185.111.66.0/24 maxlen: 24
                          185.111.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:93:2e:7a:db:87:56:ee:c9:b2:fa:02:fb:9a:20:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
        Validity
            Not Before: Jun  4 09:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=647d6e5dec3bcca31258414055b6326dc4fa4bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7c:78:53:d4:0b:14:af:c5:03:83:d7:9e:bc:
                    14:41:16:85:49:ff:1c:9b:06:4d:3c:da:89:1e:e5:
                    01:4f:da:2d:12:14:c5:eb:d8:87:a8:b1:8a:19:ac:
                    a9:eb:ad:f0:c2:22:5a:69:29:c8:ab:50:27:54:6d:
                    d9:47:06:56:37:cd:bd:a4:1f:81:3c:05:45:8f:72:
                    f2:d7:92:f0:8a:64:e2:be:10:25:e4:c7:9d:e4:48:
                    91:25:23:e7:ed:2c:47:4e:20:68:07:b0:f0:bc:3a:
                    88:8f:2d:e1:5b:88:a2:dc:fc:46:26:d9:9d:71:d8:
                    9d:75:d4:40:75:6c:2c:91:ac:17:96:6d:88:a2:33:
                    54:37:67:95:fc:d2:29:24:53:0f:ba:b2:5d:80:94:
                    31:14:07:76:8e:94:20:83:bc:89:e6:50:2a:2d:0f:
                    4c:ce:86:ef:67:3d:66:87:6f:a4:4f:a1:45:6a:f1:
                    b1:9b:1c:68:05:c6:c8:16:ca:0d:2c:f1:e3:0b:f4:
                    2a:b3:7a:07:23:f2:03:83:ce:2f:af:9c:ad:03:3b:
                    4a:e5:46:7b:ec:42:6a:65:44:d5:f6:af:25:e2:7b:
                    32:8e:30:3f:c8:1f:f4:cd:0e:5a:48:9c:91:73:b9:
                    70:2a:22:ad:7a:bf:e1:35:0e:92:e0:90:00:6c:c9:
                    f6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7D:6E:5D:EC:3B:CC:A3:12:58:41:40:55:B6:32:6D:C4:FA:4B:EA
            X509v3 Authority Key Identifier:
                keyid:2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ZH1uXew7zKMSWEFAVbYybcT6S-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:d6:09:5e:fb:e9:8c:1d:4e:78:c1:3f:75:b2:54:bf:52:eb:
         03:2d:25:52:7c:17:5e:9e:5d:c8:d5:76:0b:db:da:a4:3f:8e:
         bd:1c:88:33:3e:c9:dc:49:a0:03:41:b4:b6:1c:86:96:c2:ab:
         29:48:32:9c:99:52:0c:d7:e0:af:e9:ed:c9:50:04:6e:58:f9:
         4b:72:c6:d9:46:92:fd:d5:c3:78:8f:35:96:62:0c:2e:0d:b3:
         99:e3:7c:18:1a:55:80:94:48:2e:da:31:94:86:42:d2:f1:de:
         9a:81:8d:37:a9:a2:d3:c1:91:07:9a:1e:c2:64:00:86:c8:5b:
         a9:10:3f:b8:66:d6:c1:4d:e9:7b:bd:4a:97:36:1d:e0:45:79:
         39:33:82:75:d5:28:95:da:a7:7e:62:39:69:74:01:60:25:62:
         28:77:96:97:f5:2a:77:49:ff:b4:2b:a3:7c:c1:ff:d7:24:16:
         e5:6b:a8:05:2a:b8:f5:15:88:66:c2:89:84:84:f7:9a:4d:4c:
         9a:67:74:31:1c:d4:2d:f3:10:b3:73:bf:a1:b3:3f:ef:9b:b7:
         0d:23:7a:17:c6:f3:57:0a:0f:14:73:e7:3b:cc:6c:88:ad:f9:
         ba:99:30:a5:64:c0:80:73:61:16:d6:41:50:84:5c:f4:e1:24:
         cb:ac:19:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/iky5624dW7smy+gL7miAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiN2FiNjU2OWRlNzhkM2M0YTA4MmZkZTZkZDFkNmEzZjBk
NTA5YzIwHhcNMjQwNjA0MDkyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDdkNmU1ZGVjM2JjY2EzMTI1ODQxNDA1NWI2MzI2ZGM0ZmE0YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3x4U9QLFK/FA4PXnrwUQRaFSf8c
mwZNPNqJHuUBT9otEhTF69iHqLGKGayp663wwiJaaSnIq1AnVG3ZRwZWN829pB+B
PAVFj3Ly15LwimTivhAl5Med5EiRJSPn7SxHTiBoB7DwvDqIjy3hW4ii3PxGJtmd
cdidddRAdWwskawXlm2IojNUN2eV/NIpJFMPurJdgJQxFAd2jpQgg7yJ5lAqLQ9M
zobvZz1mh2+kT6FFavGxmxxoBcbIFsoNLPHjC/Qqs3oHI/IDg84vr5ytAztK5UZ7
7EJqZUTV9q8l4nsyjjA/yB/0zQ5aSJyRc7lwKiKter/hNQ6S4JAAbMn29wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGR9bl3sO8yjElhBQFW2Mm3E+kvqMB8GA1UdIwQY
MBaAFCt6tlad5408Sggv3m3R1qPw1QnCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0Yzgt
M2ZjOTY1OTRiNGM1LzEvWkgxdVhldzd6S01TV0VGQVZiWXliY1Q2Uy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0YzgtM2ZjOTY1OTRiNGM1
LzEvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW9CMA0G
CSqGSIb3DQEBCwUAA4IBAQBV1gle++mMHU54wT91slS/UusDLSVSfBdenl3I1XYL
29qkP469HIgzPsncSaADQbS2HIaWwqspSDKcmVIM1+Cv6e3JUARuWPlLcsbZRpL9
1cN4jzWWYgwuDbOZ43wYGlWAlEgu2jGUhkLS8d6agY03qaLTwZEHmh7CZACGyFup
ED+4ZtbBTel7vUqXNh3gRXk5M4J11SiV2qd+YjlpdAFgJWIod5aX9Sp3Sf+0K6N8
wf/XJBbla6gFKrj1FYhmwomEhPeaTUyaZ3QxHNQt8xCzc7+hsz/vm7cNI3oXxvNX
Cg8Uc+c7zGyIrfm6mTClZMCAc2EW1kFQhFz04STLrBkZ
-----END CERTIFICATE-----