Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/B6q6tcoMHdDIDL068dYWo31SW7Y.roa
File:                     B6q6tcoMHdDIDL068dYWo31SW7Y.roa (raw, json)
Hash identifier:          UNvbuYZ8x4u4xeTc214tl7c/y3zIi8hNlmIk6vhqMq8=
Subject key identifier:   07:AA:BA:B5:CA:0C:1D:D0:C8:0C:BD:3A:F1:D6:16:A3:7D:52:5B:B6
Certificate issuer:       /CN=4d2f4d108ac184bd1b532ff88fc6644ade16da75
Certificate serial:       018CC5DC7C12EF976E4D0B59B745D7A4D8AE
Authority key identifier: 4D:2F:4D:10:8A:C1:84:BD:1B:53:2F:F8:8F:C6:64:4A:DE:16:DA:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/B6q6tcoMHdDIDL068dYWo31SW7Y.roa
Signing time:             Mon 01 Jan 2024 16:30:10 +0000
ROA not before:           Mon 01 Jan 2024 16:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209529
IP address blocks:        185.228.220.0/24 maxlen: 24
                          185.228.221.0/24 maxlen: 24
                          185.228.222.0/24 maxlen: 24
                          185.228.220.0/22 maxlen: 22
                          185.228.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7c:12:ef:97:6e:4d:0b:59:b7:45:d7:a4:d8:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d2f4d108ac184bd1b532ff88fc6644ade16da75
        Validity
            Not Before: Jan  1 16:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07aabab5ca0c1dd0c80cbd3af1d616a37d525bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b9:19:21:0b:f4:4f:8a:96:13:32:a0:af:82:
                    c3:9f:bd:39:c4:57:3b:60:0d:11:f0:24:c9:79:07:
                    1e:b2:10:53:2f:51:c3:63:50:6a:25:00:dd:a2:3b:
                    4c:e0:42:4a:b6:85:55:33:2f:02:89:47:1c:cb:4d:
                    79:80:27:2a:3a:70:ab:08:40:3b:c9:79:66:5b:9a:
                    26:46:60:07:5e:b1:7d:18:75:b7:ae:c7:b1:42:8e:
                    64:e2:f7:bc:59:1e:ea:e1:67:96:f4:4a:b4:e1:51:
                    bc:57:3a:f5:6b:4f:f4:b4:f3:4f:35:5a:70:a6:2e:
                    b1:d5:19:f7:94:19:3f:1f:f5:15:af:33:5f:3d:65:
                    d9:5c:d0:24:b2:8d:e8:81:5e:44:2b:ef:db:df:99:
                    fd:3c:cf:cd:f1:5f:8b:8d:9d:1b:bb:cf:cf:46:35:
                    c3:d1:18:e6:f1:6c:79:d8:99:ea:8a:aa:c9:4a:c0:
                    2f:f0:54:82:11:e1:65:70:36:ea:46:49:b9:f0:5a:
                    72:97:f8:5f:b4:8b:e4:61:ef:f0:71:df:b2:99:c6:
                    c7:65:57:63:34:fb:a3:cb:00:1d:d4:da:bd:39:a9:
                    70:51:0d:19:8e:98:25:9b:ca:ad:41:e9:25:71:4a:
                    b0:09:bf:c1:79:78:2a:ff:41:4e:96:9b:5e:ae:93:
                    33:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:AA:BA:B5:CA:0C:1D:D0:C8:0C:BD:3A:F1:D6:16:A3:7D:52:5B:B6
            X509v3 Authority Key Identifier:
                keyid:4D:2F:4D:10:8A:C1:84:BD:1B:53:2F:F8:8F:C6:64:4A:DE:16:DA:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/B6q6tcoMHdDIDL068dYWo31SW7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/59bc0c-14f4-4bc4-80e4-b630853e9493/1/TS9NEIrBhL0bUy_4j8ZkSt4W2nU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:10:1b:b4:1c:d7:74:60:9e:e8:4a:ea:be:87:8c:f4:37:04:
         1a:98:a0:a1:dc:04:86:ce:42:a2:9d:05:c3:a3:0c:ea:60:70:
         5c:02:08:5d:7d:ad:35:7f:f9:e1:9b:58:1e:c8:57:d6:61:38:
         c8:07:da:68:6c:7b:b6:d5:d5:fe:24:be:40:0d:63:b8:14:17:
         f6:0d:9c:d2:ac:ed:03:dc:fd:a4:e7:19:b2:d4:5c:2a:62:a1:
         47:7e:70:71:cf:99:12:2a:99:cd:7f:df:7c:47:42:4f:76:d5:
         66:9b:74:15:f8:c0:1b:b8:5d:0d:76:d6:7b:75:06:f1:78:c1:
         f6:c8:1e:69:ef:d7:74:b8:a3:08:1f:f8:d1:4e:c0:a4:54:90:
         bb:68:2c:ea:77:94:6e:c3:f8:f3:84:10:d6:14:51:02:52:69:
         fe:5e:d4:71:51:5b:18:9e:37:15:d4:ab:72:ea:34:3b:33:0b:
         60:22:12:48:0d:ac:2d:88:d1:3e:c2:08:cf:3c:0e:dc:49:7f:
         d5:1c:88:bd:46:ef:87:a2:89:0c:9a:3d:36:8c:d5:f2:45:db:
         a1:68:a6:bf:0b:42:c7:ab:f9:de:ee:d1:b5:cf:80:25:a6:e2:
         42:5b:6f:02:73:0f:b0:2a:4f:e2:1f:c5:7f:87:4c:94:95:6a:
         44:23:9d:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3HwS75duTQtZt0XXpNiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMmY0ZDEwOGFjMTg0YmQxYjUzMmZmODhmYzY2NDRhZGUx
NmRhNzUwHhcNMjQwMTAxMTYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2FhYmFiNWNhMGMxZGQwYzgwY2JkM2FmMWQ2MTZhMzdkNTI1YmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrkZIQv0T4qWEzKgr4LDn705xFc7
YA0R8CTJeQceshBTL1HDY1BqJQDdojtM4EJKtoVVMy8CiUccy015gCcqOnCrCEA7
yXlmW5omRmAHXrF9GHW3rsexQo5k4ve8WR7q4WeW9Eq04VG8Vzr1a0/0tPNPNVpw
pi6x1Rn3lBk/H/UVrzNfPWXZXNAkso3ogV5EK+/b35n9PM/N8V+LjZ0bu8/PRjXD
0Rjm8Wx52JnqiqrJSsAv8FSCEeFlcDbqRkm58Fpyl/hftIvkYe/wcd+ymcbHZVdj
NPujywAd1Nq9OalwUQ0Zjpglm8qtQeklcUqwCb/BeXgq/0FOlpterpMzAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAequrXKDB3QyAy9OvHWFqN9Ulu2MB8GA1UdIwQY
MBaAFE0vTRCKwYS9G1Mv+I/GZEreFtp1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFM5TkVJckJoTDBiVXlfNGo4WmtTdDRXMm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS81OWJjMGMtMTRmNC00YmM0LTgwZTQt
YjYzMDg1M2U5NDkzLzEvQjZxNnRjb01IZERJREwwNjhkWVdvMzFTVzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS81OWJjMGMtMTRmNC00YmM0LTgwZTQtYjYzMDg1M2U5NDkz
LzEvVFM5TkVJckJoTDBiVXlfNGo4WmtTdDRXMm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueTcMA0G
CSqGSIb3DQEBCwUAA4IBAQA3EBu0HNd0YJ7oSuq+h4z0NwQamKCh3ASGzkKinQXD
owzqYHBcAghdfa01f/nhm1geyFfWYTjIB9pobHu21dX+JL5ADWO4FBf2DZzSrO0D
3P2k5xmy1FwqYqFHfnBxz5kSKpnNf998R0JPdtVmm3QV+MAbuF0NdtZ7dQbxeMH2
yB5p79d0uKMIH/jRTsCkVJC7aCzqd5Ruw/jzhBDWFFECUmn+XtRxUVsYnjcV1Kty
6jQ7MwtgIhJIDawtiNE+wgjPPA7cSX/VHIi9Ru+HookMmj02jNXyRduhaKa/C0LH
q/ne7tG1z4AlpuJCW28Ccw+wKk/iH8V/h0yUlWpEI52c
-----END CERTIFICATE-----