Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/97a0_QOV2ptgZASjwMLnpTUxYts.roa
File:                     97a0_QOV2ptgZASjwMLnpTUxYts.roa (raw, json)
Hash identifier:          0YB6BLWDN6ScupxazT2I1AtY+Zzf0wX2olnpNa/Kdvk=
Subject key identifier:   F7:B6:B4:FD:03:95:DA:9B:60:64:04:A3:C0:C2:E7:A5:35:31:62:DB
Certificate issuer:       /CN=69a125e2926d39ac8699822bc57a6580f5f517e9
Certificate serial:       018CC79515941782D5774C326ADCD43306A4
Authority key identifier: 69:A1:25:E2:92:6D:39:AC:86:99:82:2B:C5:7A:65:80:F5:F5:17:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaEl4pJtOayGmYIrxXplgPX1F-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/97a0_QOV2ptgZASjwMLnpTUxYts.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202788
IP address blocks:        185.154.187.0/24 maxlen: 24
                          185.154.185.0/24 maxlen: 24
                          185.154.186.0/24 maxlen: 24
                          185.154.184.0/24 maxlen: 24
                          185.154.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/aaEl4pJtOayGmYIrxXplgPX1F-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/aaEl4pJtOayGmYIrxXplgPX1F-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aaEl4pJtOayGmYIrxXplgPX1F-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:15:94:17:82:d5:77:4c:32:6a:dc:d4:33:06:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a125e2926d39ac8699822bc57a6580f5f517e9
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b6b4fd0395da9b606404a3c0c2e7a5353162db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2d:03:be:b2:15:a8:22:cb:a2:be:5c:4e:15:
                    5e:b4:9c:fc:e9:02:5e:66:0e:12:95:ed:e3:43:24:
                    a8:6c:4d:b8:b2:63:ad:8e:44:60:9e:14:59:26:82:
                    e5:05:25:6d:1a:65:c9:5b:c4:51:c9:72:16:e6:09:
                    87:78:0b:3a:ed:11:25:24:66:bd:69:6f:11:84:42:
                    18:e4:05:39:9a:3f:f2:ac:63:76:39:e9:a9:b8:15:
                    6c:08:b7:76:30:e7:76:d1:4a:ae:73:51:54:91:b9:
                    ec:08:39:78:8a:fc:ce:97:58:3c:c9:a2:95:d0:de:
                    c6:e1:31:94:71:7c:84:8b:51:2d:5f:e0:27:6c:ce:
                    ba:51:a2:65:a7:af:fe:72:ca:c7:c5:38:33:c2:85:
                    fb:1a:27:91:d3:5b:41:e8:4c:8f:68:a5:2e:40:73:
                    d4:b6:25:d8:60:cd:78:a4:8a:7a:c2:f3:2f:d1:a7:
                    2d:ad:f7:f9:9f:de:fc:62:18:77:60:07:58:fa:02:
                    73:e6:df:32:18:35:b4:e7:ec:b2:04:00:2c:62:3f:
                    40:76:05:9e:9d:e5:5c:63:81:cb:87:fd:f0:57:67:
                    de:dc:12:b3:1b:55:a7:87:7d:42:08:1b:b6:43:54:
                    a5:08:ba:78:b3:51:31:0b:3e:71:9d:4e:79:6f:9c:
                    12:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B6:B4:FD:03:95:DA:9B:60:64:04:A3:C0:C2:E7:A5:35:31:62:DB
            X509v3 Authority Key Identifier:
                keyid:69:A1:25:E2:92:6D:39:AC:86:99:82:2B:C5:7A:65:80:F5:F5:17:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaEl4pJtOayGmYIrxXplgPX1F-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/97a0_QOV2ptgZASjwMLnpTUxYts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/7abb06-97e7-4fa5-ac7d-7b567c6185f9/1/aaEl4pJtOayGmYIrxXplgPX1F-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:98:f5:56:da:8c:22:df:ad:d6:d8:68:75:43:cd:2d:26:f0:
         1c:dd:e7:cb:8f:0d:5d:0f:b2:1d:ca:e2:3c:f0:59:89:1a:cf:
         1f:c4:0a:15:78:ae:b9:d8:38:5a:78:8e:b7:ac:d5:64:39:a4:
         1d:a9:d9:5a:6c:15:eb:8a:8f:16:b8:d1:e8:8c:8f:13:9d:ef:
         cb:81:89:c0:e6:65:f5:81:18:d4:53:95:a0:a3:4d:b1:47:8e:
         31:1e:27:44:b3:36:18:07:ff:3a:d9:c8:fe:75:a9:e3:fb:5e:
         5b:e5:07:46:b8:15:ac:fb:c0:5b:04:7b:ad:cb:c3:c2:08:04:
         de:c4:09:c1:c1:09:d4:82:ba:72:36:19:09:3e:94:95:f3:ae:
         86:56:26:b6:95:5a:fb:21:dd:18:33:0d:30:15:3e:3f:dd:51:
         f1:83:8a:61:f6:ed:4c:c8:0f:46:60:80:97:34:a3:30:26:d4:
         a3:b5:64:7e:8c:12:54:67:96:77:c9:a6:47:45:7d:04:71:53:
         74:25:5b:a3:0a:9c:70:d1:4b:c0:52:09:d5:23:57:09:7e:0c:
         b9:e9:b2:46:a4:41:23:ac:c2:10:bf:ac:ad:56:a7:65:4d:38:
         7f:de:a4:02:82:0a:e4:76:f3:0b:f4:2c:00:56:cc:10:1a:81:
         34:f1:ff:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRWUF4LVd0wyatzUMwakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTEyNWUyOTI2ZDM5YWM4Njk5ODIyYmM1N2E2NTgwZjVm
NTE3ZTkwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I2YjRmZDAzOTVkYTliNjA2NDA0YTNjMGMyZTdhNTM1MzE2MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4C0DvrIVqCLLor5cThVetJz86QJe
Zg4Sle3jQySobE24smOtjkRgnhRZJoLlBSVtGmXJW8RRyXIW5gmHeAs67RElJGa9
aW8RhEIY5AU5mj/yrGN2OempuBVsCLd2MOd20Uquc1FUkbnsCDl4ivzOl1g8yaKV
0N7G4TGUcXyEi1EtX+AnbM66UaJlp6/+csrHxTgzwoX7GieR01tB6EyPaKUuQHPU
tiXYYM14pIp6wvMv0actrff5n978Yhh3YAdY+gJz5t8yGDW05+yyBAAsYj9AdgWe
neVcY4HLh/3wV2fe3BKzG1Wnh31CCBu2Q1SlCLp4s1ExCz5xnU55b5wSnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe2tP0DldqbYGQEo8DC56U1MWLbMB8GA1UdIwQY
MBaAFGmhJeKSbTmshpmCK8V6ZYD19RfpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFFbDRwSnRPYXlHbVlJcnhYcGxnUFgxRi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83YWJiMDYtOTdlNy00ZmE1LWFjN2Qt
N2I1NjdjNjE4NWY5LzEvOTdhMF9RT1YycHRnWkFTandNTG5wVFV4WXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83YWJiMDYtOTdlNy00ZmE1LWFjN2QtN2I1NjdjNjE4NWY5
LzEvYWFFbDRwSnRPYXlHbVlJcnhYcGxnUFgxRi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZq4MA0G
CSqGSIb3DQEBCwUAA4IBAQALmPVW2owi363W2Gh1Q80tJvAc3efLjw1dD7IdyuI8
8FmJGs8fxAoVeK652DhaeI63rNVkOaQdqdlabBXrio8WuNHojI8Tne/LgYnA5mX1
gRjUU5Wgo02xR44xHidEszYYB/862cj+danj+15b5QdGuBWs+8BbBHuty8PCCATe
xAnBwQnUgrpyNhkJPpSV866GVia2lVr7Id0YMw0wFT4/3VHxg4ph9u1MyA9GYICX
NKMwJtSjtWR+jBJUZ5Z3yaZHRX0EcVN0JVujCpxw0UvAUgnVI1cJfgy56bJGpEEj
rMIQv6ytVqdlTTh/3qQCggrkdvML9CwAVswQGoE08f9G
-----END CERTIFICATE-----