Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/Z67sXkRHohx_d29NqqJ0nnlpeJg.roa
File:                     Z67sXkRHohx_d29NqqJ0nnlpeJg.roa (raw, json)
Hash identifier:          r402gZgxE2e3zNySMM3u+I4BEEgEr56HYrJX+jf+UBA=
Subject key identifier:   67:AE:EC:5E:44:47:A2:1C:7F:77:6F:4D:AA:A2:74:9E:79:69:78:98
Certificate issuer:       /CN=b025bac132e479a28df33573dd1096a9b7b78d32
Certificate serial:       018CC6B851B951A1C6615E051C4306722812
Authority key identifier: B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/Z67sXkRHohx_d29NqqJ0nnlpeJg.roa
Signing time:             Mon 01 Jan 2024 20:30:17 +0000
ROA not before:           Mon 01 Jan 2024 20:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203489
IP address blocks:        185.132.68.0/22 maxlen: 22
                          185.214.0.0/22 maxlen: 22
                          2a0b:91c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:51:b9:51:a1:c6:61:5e:05:1c:43:06:72:28:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b025bac132e479a28df33573dd1096a9b7b78d32
        Validity
            Not Before: Jan  1 20:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67aeec5e4447a21c7f776f4daaa2749e79697898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:35:34:a0:4b:6c:4e:e4:7f:41:61:58:a7:c1:
                    34:d1:b0:81:dd:a9:69:11:dd:d3:e0:31:95:eb:fd:
                    eb:01:9d:f2:40:ec:8e:57:a9:a4:56:49:32:b7:03:
                    ac:b2:4f:ed:e9:97:e9:71:a1:b5:d1:ae:cf:ca:a6:
                    2b:02:3b:c3:c5:fe:54:b2:bd:c1:ca:52:0c:7a:af:
                    bb:e2:ed:ff:3d:a7:06:36:ea:34:67:af:5a:db:64:
                    8a:e7:12:10:78:d6:5d:5f:72:a5:9d:75:3c:38:ed:
                    75:ca:d0:13:02:5c:d7:da:a2:40:57:2c:5b:23:7e:
                    fa:08:9d:8b:02:9f:bb:aa:f7:2a:16:63:76:cb:b4:
                    8f:3a:5a:6e:06:e8:f5:5c:55:5c:32:94:41:42:01:
                    58:ab:ce:a5:b7:eb:bb:c0:ec:2c:91:76:9f:69:54:
                    d7:47:f7:03:79:10:fd:11:f6:fd:4f:b0:98:89:71:
                    79:18:49:43:bb:95:cb:2a:6e:1d:80:e4:a2:cb:26:
                    1f:2b:0f:8f:86:e3:9c:3c:d5:88:59:b0:6d:8e:ed:
                    62:6c:e5:95:d6:49:39:ab:3e:6b:8a:b2:ac:e8:29:
                    d0:fa:7c:34:c5:90:69:19:23:7b:e9:28:58:d6:e3:
                    d7:b1:96:48:40:41:39:55:9b:8c:8c:8f:24:09:d7:
                    10:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:AE:EC:5E:44:47:A2:1C:7F:77:6F:4D:AA:A2:74:9E:79:69:78:98
            X509v3 Authority Key Identifier:
                keyid:B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/Z67sXkRHohx_d29NqqJ0nnlpeJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.68.0/22
                  185.214.0.0/22
                IPv6:
                  2a0b:91c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:6e:e7:9f:d7:ea:43:a8:7a:96:5c:1f:99:4a:95:82:4a:90:
         da:fe:47:76:b9:60:e1:5b:17:ae:da:d7:20:ab:e8:6a:4e:ef:
         6e:d0:9d:9b:3a:44:a6:81:52:03:1c:f8:07:c8:a3:cf:64:74:
         81:23:b3:1f:7f:66:e2:90:97:55:4b:f7:ec:ed:0c:15:13:90:
         49:1c:50:d8:f2:19:85:57:a1:d9:c6:84:0a:eb:1f:29:43:3d:
         8c:65:06:9f:ea:1c:2c:f7:8e:43:4b:44:52:f3:f4:bc:53:ff:
         12:3f:87:26:e2:76:27:0a:40:2f:10:7e:ed:fe:23:a2:8c:6c:
         3a:6f:b6:66:ab:12:5a:32:42:27:ac:83:f9:57:d1:3f:67:78:
         ed:da:04:8c:99:04:98:cd:bd:1e:e9:7d:06:7b:36:83:19:7f:
         ad:fa:25:5f:73:6e:47:fd:01:a8:52:6a:10:0a:e8:2f:e5:00:
         55:6f:4f:f1:6a:57:62:ec:24:71:fb:06:06:bf:6e:fe:34:7e:
         b7:15:54:02:ad:37:88:f7:2c:68:40:bb:fd:9c:e5:53:0f:57:
         d3:ab:0d:b8:22:b8:13:5f:66:57:5c:67:f3:5e:0b:ef:80:99:
         4b:39:11:17:d6:86:fa:82:21:f6:0c:de:26:c7:03:e4:b5:4c:
         b5:4a:f6:cb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuFG5UaHGYV4FHEMGcigSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjViYWMxMzJlNDc5YTI4ZGYzMzU3M2RkMTA5NmE5Yjdi
NzhkMzIwHhcNMjQwMTAxMjAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2FlZWM1ZTQ0NDdhMjFjN2Y3NzZmNGRhYWEyNzQ5ZTc5Njk3ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTU0oEtsTuR/QWFYp8E00bCB3alp
Ed3T4DGV6/3rAZ3yQOyOV6mkVkkytwOssk/t6ZfpcaG10a7PyqYrAjvDxf5Usr3B
ylIMeq+74u3/PacGNuo0Z69a22SK5xIQeNZdX3KlnXU8OO11ytATAlzX2qJAVyxb
I376CJ2LAp+7qvcqFmN2y7SPOlpuBuj1XFVcMpRBQgFYq86lt+u7wOwskXafaVTX
R/cDeRD9Efb9T7CYiXF5GElDu5XLKm4dgOSiyyYfKw+PhuOcPNWIWbBtju1ibOWV
1kk5qz5rirKs6CnQ+nw0xZBpGSN76ShY1uPXsZZIQEE5VZuMjI8kCdcQqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGeu7F5ER6Icf3dvTaqidJ55aXiYMB8GA1UdIwQY
MBaAFLAlusEy5HmijfM1c90Qlqm3t40yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQt
N2M4ZjNmZWNkYjJjLzEvWjY3c1hrUkhvaHhfZDI5TnFxSjBubmxwZUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQtN2M4ZjNmZWNkYjJj
LzEvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYREAwQC
udYAMA0EAgACMAcDBQMqC5HAMA0GCSqGSIb3DQEBCwUAA4IBAQAubuef1+pDqHqW
XB+ZSpWCSpDa/kd2uWDhWxeu2tcgq+hqTu9u0J2bOkSmgVIDHPgHyKPPZHSBI7Mf
f2bikJdVS/fs7QwVE5BJHFDY8hmFV6HZxoQK6x8pQz2MZQaf6hws945DS0RS8/S8
U/8SP4cm4nYnCkAvEH7t/iOijGw6b7ZmqxJaMkInrIP5V9E/Z3jt2gSMmQSYzb0e
6X0GezaDGX+t+iVfc25H/QGoUmoQCugv5QBVb0/xaldi7CRx+wYGv27+NH63FVQC
rTeI9yxoQLv9nOVTD1fTqw24IrgTX2ZXXGfzXgvvgJlLOREX1ob6giH2DN4mxwPk
tUy1SvbL
-----END CERTIFICATE-----