Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/aFYztHttvTMbdhYQ2dSqa61ZZlA.roa
File:                     aFYztHttvTMbdhYQ2dSqa61ZZlA.roa (raw, json)
Hash identifier:          vW3Mmu9e6bEFMGev75D2LsGpUB5Ty8CLNuV1FW5fAx4=
Subject key identifier:   68:56:33:B4:7B:6D:BD:33:1B:76:16:10:D9:D4:AA:6B:AD:59:66:50
Certificate issuer:       /CN=e373bcd3255a0dad5f4a350d11dc891fa0be0437
Certificate serial:       018CC5DD3EEC35EF61568A6B287F9F087662
Authority key identifier: E3:73:BC:D3:25:5A:0D:AD:5F:4A:35:0D:11:DC:89:1F:A0:BE:04:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43O80yVaDa1fSjUNEdyJH6C-BDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/aFYztHttvTMbdhYQ2dSqa61ZZlA.roa
Signing time:             Mon 01 Jan 2024 16:31:00 +0000
ROA not before:           Mon 01 Jan 2024 16:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205311
IP address blocks:        185.219.108.0/22 maxlen: 23
                          2a0b:e540::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/43O80yVaDa1fSjUNEdyJH6C-BDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/43O80yVaDa1fSjUNEdyJH6C-BDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43O80yVaDa1fSjUNEdyJH6C-BDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:3e:ec:35:ef:61:56:8a:6b:28:7f:9f:08:76:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e373bcd3255a0dad5f4a350d11dc891fa0be0437
        Validity
            Not Before: Jan  1 16:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=685633b47b6dbd331b761610d9d4aa6bad596650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8d:2a:0f:f6:5f:a9:79:7a:9e:0e:88:ed:3b:
                    3e:49:d5:1b:91:9f:05:a6:8b:e1:34:78:c3:8e:91:
                    12:85:6b:d9:9a:5f:8b:89:9e:97:ff:31:21:e2:99:
                    f3:1e:ca:63:3c:74:d8:35:87:cd:15:92:f5:8a:06:
                    b2:3d:e5:8a:30:83:9f:de:de:7f:78:68:02:54:ac:
                    49:39:b7:49:99:6f:9d:e4:85:7b:fb:f9:4e:1d:9e:
                    a5:7e:89:3b:f5:8c:9e:3a:8b:f0:45:24:5b:53:28:
                    08:cb:57:6d:ea:ee:37:3c:7a:72:29:00:62:3c:19:
                    1b:43:c3:55:28:17:43:7e:9b:1c:28:41:4a:05:09:
                    4e:53:80:09:49:47:39:dd:ae:32:e0:c2:b8:8a:04:
                    64:f6:72:59:3d:78:75:50:74:01:d4:5e:4a:2a:a7:
                    64:6f:df:15:bb:89:21:52:02:82:d3:d8:43:9b:d1:
                    bf:4f:da:b9:c4:ae:97:53:94:33:a7:e4:79:84:79:
                    cb:c9:44:39:bb:8c:cf:71:4f:e5:02:ff:43:2c:59:
                    2d:fb:68:bf:05:a6:b4:e3:9a:42:f5:47:f8:b2:30:
                    45:72:a1:64:51:6d:3b:5a:e1:e3:40:0a:a8:7c:65:
                    95:50:f4:d7:ce:cf:63:7a:b3:1f:61:29:54:93:2b:
                    ae:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:56:33:B4:7B:6D:BD:33:1B:76:16:10:D9:D4:AA:6B:AD:59:66:50
            X509v3 Authority Key Identifier:
                keyid:E3:73:BC:D3:25:5A:0D:AD:5F:4A:35:0D:11:DC:89:1F:A0:BE:04:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43O80yVaDa1fSjUNEdyJH6C-BDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/aFYztHttvTMbdhYQ2dSqa61ZZlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d20dbc-2ab4-43fb-80a2-04e7b1a8ce18/1/43O80yVaDa1fSjUNEdyJH6C-BDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.108.0/22
                IPv6:
                  2a0b:e540::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:8b:59:b8:51:26:2f:aa:72:a6:99:83:a3:e4:f4:54:06:f4:
         c0:04:40:39:cc:2b:5b:64:a0:c3:24:85:a2:27:51:64:58:c1:
         75:fa:1e:f9:dc:06:00:2f:36:8b:65:4f:58:f8:e1:db:d9:16:
         98:4f:c0:ad:5c:7b:59:62:42:83:f3:78:2d:9b:28:20:fb:1b:
         d6:ab:37:57:2a:b4:5a:c3:0c:5f:3e:13:66:ce:47:60:61:a6:
         9d:ba:5e:bf:37:a6:e2:99:a3:d0:db:be:d0:48:6b:f9:f8:d2:
         64:5b:a5:ff:69:f4:6a:00:47:e5:e8:45:38:92:93:f3:12:8b:
         cf:1f:d8:5f:3b:d0:5f:9a:ea:98:9f:38:10:ba:9d:41:b6:01:
         5c:0c:8b:d0:44:06:ee:33:c5:ab:99:31:1c:85:6b:36:ca:ca:
         dd:8d:2e:1a:00:f8:99:2a:b2:2e:15:64:80:48:f1:38:2e:b7:
         e7:03:9c:6d:d2:0a:f4:a1:d5:f7:e0:2d:f1:0e:90:90:93:9f:
         6c:a9:38:6a:66:a1:5c:9f:96:ac:7a:5d:bd:54:3f:d6:04:03:
         0e:b7:9a:fe:6b:c2:6e:a9:5e:7c:38:30:65:15:85:a6:8e:fe:
         47:cc:35:c7:c4:ff:b5:14:18:40:8d:4b:66:5e:b9:a1:b1:80:
         72:c3:29:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3T7sNe9hVoprKH+fCHZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNzNiY2QzMjU1YTBkYWQ1ZjRhMzUwZDExZGM4OTFmYTBi
ZTA0MzcwHhcNMjQwMTAxMTYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU2MzNiNDdiNmRiZDMzMWI3NjE2MTBkOWQ0YWE2YmFkNTk2NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgo0qD/ZfqXl6ng6I7Ts+SdUbkZ8F
povhNHjDjpEShWvZml+LiZ6X/zEh4pnzHspjPHTYNYfNFZL1igayPeWKMIOf3t5/
eGgCVKxJObdJmW+d5IV7+/lOHZ6lfok79YyeOovwRSRbUygIy1dt6u43PHpyKQBi
PBkbQ8NVKBdDfpscKEFKBQlOU4AJSUc53a4y4MK4igRk9nJZPXh1UHQB1F5KKqdk
b98Vu4khUgKC09hDm9G/T9q5xK6XU5Qzp+R5hHnLyUQ5u4zPcU/lAv9DLFkt+2i/
Baa045pC9Uf4sjBFcqFkUW07WuHjQAqofGWVUPTXzs9jerMfYSlUkyuulwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGhWM7R7bb0zG3YWENnUqmutWWZQMB8GA1UdIwQY
MBaAFONzvNMlWg2tX0o1DRHciR+gvgQ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNPODB5VmFEYTFmU2pVTkVkeUpINkMtQkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kMjBkYmMtMmFiNC00M2ZiLTgwYTIt
MDRlN2IxYThjZTE4LzEvYUZZenRIdHR2VE1iZGhZUTJkU3FhNjFaWmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kMjBkYmMtMmFiNC00M2ZiLTgwYTItMDRlN2IxYThjZTE4
LzEvNDNPODB5VmFEYTFmU2pVTkVkeUpINkMtQkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudtsMA0E
AgACMAcDBQMqC+VAMA0GCSqGSIb3DQEBCwUAA4IBAQBPi1m4USYvqnKmmYOj5PRU
BvTABEA5zCtbZKDDJIWiJ1FkWMF1+h753AYALzaLZU9Y+OHb2RaYT8CtXHtZYkKD
83gtmygg+xvWqzdXKrRawwxfPhNmzkdgYaadul6/N6bimaPQ277QSGv5+NJkW6X/
afRqAEfl6EU4kpPzEovPH9hfO9BfmuqYnzgQup1BtgFcDIvQRAbuM8WrmTEchWs2
ysrdjS4aAPiZKrIuFWSASPE4LrfnA5xt0gr0odX34C3xDpCQk59sqThqZqFcn5as
el29VD/WBAMOt5r+a8JuqV58ODBlFYWmjv5HzDXHxP+1FBhAjUtmXrmhsYBywymU
-----END CERTIFICATE-----