Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/o5Ar4uqh9OYoWnDpxwZzXQfNFZk.roa
File:                     o5Ar4uqh9OYoWnDpxwZzXQfNFZk.roa (raw, json)
Hash identifier:          m57amYZzYHtzPPhdP2RADimLDuMpXJp/UydEHVMq9Xs=
Subject key identifier:   A3:90:2B:E2:EA:A1:F4:E6:28:5A:70:E9:C7:06:73:5D:07:CD:15:99
Certificate issuer:       /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial:       018E37600BEE42BD7EEB7301361EA53154F5
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/o5Ar4uqh9OYoWnDpxwZzXQfNFZk.roa
Signing time:             Wed 13 Mar 2024 10:33:45 +0000
ROA not before:           Wed 13 Mar 2024 10:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206296
IP address blocks:        185.189.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:60:0b:ee:42:bd:7e:eb:73:01:36:1e:a5:31:54:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
        Validity
            Not Before: Mar 13 10:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3902be2eaa1f4e6285a70e9c706735d07cd1599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:6b:17:48:2c:bd:86:20:50:c7:e8:af:a5:
                    0d:2f:37:13:8f:ae:89:e6:25:cf:f4:83:a6:35:5b:
                    74:a1:c9:cf:c5:23:5a:63:6d:e0:25:05:02:46:f4:
                    52:5b:23:73:97:bb:0e:bb:51:a6:4f:47:1f:6e:6b:
                    8c:75:db:d2:b0:d6:1c:1f:c9:1a:5b:cd:53:47:52:
                    c6:4c:f5:d6:4f:14:76:f3:99:2a:01:f2:80:74:d3:
                    6b:7b:03:fc:c3:8c:95:81:02:83:a3:db:a0:29:1f:
                    0a:bc:c6:a3:cb:a0:7f:ae:68:2f:55:0f:a5:cb:0b:
                    b9:d0:bc:f5:ad:35:34:05:e5:7d:ff:80:e3:92:bb:
                    98:fc:26:c0:b9:70:8b:3f:2e:76:ff:e4:76:e0:b4:
                    e7:66:28:4e:9c:59:d6:7d:a6:ba:e4:32:b8:cd:ba:
                    69:65:e6:d5:65:b3:4f:43:63:aa:a9:ff:1a:f6:6f:
                    0c:0b:10:8c:41:80:7a:7c:2d:78:e9:08:71:94:08:
                    1e:a2:b2:5e:5a:da:31:e6:bb:9f:c2:dc:6e:46:ef:
                    21:78:a3:ea:1b:cf:34:fc:01:cc:ab:93:5e:15:a6:
                    75:3c:dd:f0:4b:30:4f:9f:88:c8:de:c3:de:64:0a:
                    0a:c4:06:b5:aa:fe:a4:f2:89:94:17:e3:1c:cb:b0:
                    28:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:90:2B:E2:EA:A1:F4:E6:28:5A:70:E9:C7:06:73:5D:07:CD:15:99
            X509v3 Authority Key Identifier:
                keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/o5Ar4uqh9OYoWnDpxwZzXQfNFZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:32:e5:fb:d4:7f:e2:9a:4a:a5:e5:66:bf:c5:d0:fa:d6:47:
         19:ef:d9:96:6e:5c:98:4f:c1:12:6f:28:42:74:ff:36:f9:9d:
         5a:b1:e6:97:f7:50:ba:00:b3:79:78:b5:45:72:fe:9e:6b:4a:
         aa:60:67:05:3d:9b:69:e5:90:dc:cd:a1:e6:21:78:f7:3d:9f:
         aa:9f:aa:a4:4b:0b:01:ae:5a:50:27:d2:6c:c1:1e:83:2e:8a:
         3d:c3:e3:6e:75:62:5c:ae:fc:6a:5f:6a:3a:6d:86:8d:5b:60:
         f4:f2:7c:c1:16:0d:28:be:09:01:f3:10:fc:c5:49:58:f4:34:
         cf:8f:e0:88:55:65:7a:9e:b7:3f:e3:55:31:ff:80:ea:85:8c:
         56:5f:24:e4:4d:00:56:ee:1e:20:85:88:83:7f:55:2c:7b:ca:
         8c:06:0d:59:43:e3:01:82:58:08:1d:eb:cc:a1:c6:63:80:e3:
         fd:4d:ce:2f:8e:68:8f:aa:7c:03:17:44:db:8d:b3:7c:66:d9:
         dd:59:ed:93:43:bc:49:91:b5:ce:55:22:d4:07:94:16:87:be:
         02:fb:cb:f4:47:82:b8:9d:10:d4:7d:70:98:21:9c:20:2b:61:
         d0:31:ab:a9:43:7a:bd:4a:31:5e:45:72:e6:59:63:8f:a6:4c:
         21:33:08:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY43YAvuQr1+63MBNh6lMVT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjhjYTgyMTQ3ZWQyMjc3YjRiY2M2OWE1Mjg1YmFlNzM1
ZjJlNDQwHhcNMjQwMzEzMTAzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzkwMmJlMmVhYTFmNGU2Mjg1YTcwZTljNzA2NzM1ZDA3Y2QxNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYlrF0gsvYYgUMfor6UNLzcTj66J
5iXP9IOmNVt0ocnPxSNaY23gJQUCRvRSWyNzl7sOu1GmT0cfbmuMddvSsNYcH8ka
W81TR1LGTPXWTxR285kqAfKAdNNrewP8w4yVgQKDo9ugKR8KvMajy6B/rmgvVQ+l
ywu50Lz1rTU0BeV9/4DjkruY/CbAuXCLPy52/+R24LTnZihOnFnWfaa65DK4zbpp
ZebVZbNPQ2Oqqf8a9m8MCxCMQYB6fC146QhxlAgeorJeWtox5rufwtxuRu8heKPq
G880/AHMq5NeFaZ1PN3wSzBPn4jI3sPeZAoKxAa1qv6k8omUF+Mcy7AoPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOQK+LqofTmKFpw6ccGc10HzRWZMB8GA1UdIwQY
MBaAFMhoyoIUftIne0vMaaUoW65zXy5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTIt
NjY4NDkwMTk2MjdlLzEvbzVBcjR1cWg5T1lvV25EcHh3WnpYUWZORlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTItNjY4NDkwMTk2Mjdl
LzEveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub0UMA0G
CSqGSIb3DQEBCwUAA4IBAQA2MuX71H/imkql5Wa/xdD61kcZ79mWblyYT8ESbyhC
dP82+Z1aseaX91C6ALN5eLVFcv6ea0qqYGcFPZtp5ZDczaHmIXj3PZ+qn6qkSwsB
rlpQJ9JswR6DLoo9w+NudWJcrvxqX2o6bYaNW2D08nzBFg0ovgkB8xD8xUlY9DTP
j+CIVWV6nrc/41Ux/4DqhYxWXyTkTQBW7h4ghYiDf1Use8qMBg1ZQ+MBglgIHevM
ocZjgOP9Tc4vjmiPqnwDF0TbjbN8ZtndWe2TQ7xJkbXOVSLUB5QWh74C+8v0R4K4
nRDUfXCYIZwgK2HQMaupQ3q9SjFeRXLmWWOPpkwhMwhh
-----END CERTIFICATE-----