Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/B9kCKLve220RgGYWIPMQU1GSH7k.roa
File:                     B9kCKLve220RgGYWIPMQU1GSH7k.roa (raw, json)
Hash identifier:          NC64InLjOaEox8muiCqvp9FIx79WowbwgNFu4/VsCtk=
Subject key identifier:   07:D9:02:28:BB:DE:DB:6D:11:80:66:16:20:F3:10:53:51:92:1F:B9
Certificate issuer:       /CN=6f060474088606ec4ee8eed7c41b6943f89a09bd
Certificate serial:       018CC3B6A4EBFE8167402BEDAFA35E388C2A
Authority key identifier: 6F:06:04:74:08:86:06:EC:4E:E8:EE:D7:C4:1B:69:43:F8:9A:09:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/B9kCKLve220RgGYWIPMQU1GSH7k.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212038
IP address blocks:        185.218.197.0/24 maxlen: 24
                          2a10:c780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a4:eb:fe:81:67:40:2b:ed:af:a3:5e:38:8c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f060474088606ec4ee8eed7c41b6943f89a09bd
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d90228bbdedb6d1180661620f3105351921fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:3b:c4:65:d9:b3:02:10:9a:d0:bf:6e:53:36:
                    ed:78:c7:30:c3:22:3b:85:53:01:62:80:6f:28:ba:
                    c0:33:86:e5:23:b9:ae:19:e7:40:65:a5:e0:7c:64:
                    f5:5a:62:f5:b8:37:59:7d:51:3a:de:99:00:11:a3:
                    2e:22:9e:ff:3d:8c:83:93:56:c8:f5:6d:8b:61:1a:
                    41:19:04:55:ca:1f:2d:2d:ac:fe:09:fd:27:24:27:
                    a0:f4:b5:73:35:ef:50:5e:b3:ce:4c:73:94:90:bb:
                    e3:b1:52:62:8a:22:8e:35:4d:05:3a:b5:af:15:3c:
                    ca:0e:f7:c9:f7:92:a0:92:d7:d0:d4:ed:29:32:d4:
                    86:0f:0e:7c:1c:b9:8f:85:f3:70:d9:6d:41:1c:9c:
                    bf:b5:51:57:0d:c7:68:e7:f1:eb:76:3d:81:9d:93:
                    9b:af:80:ca:ad:36:ed:97:d3:13:f2:59:98:13:5b:
                    77:1b:df:14:54:d7:8d:9a:d3:65:7a:c2:ab:14:be:
                    1d:97:4a:2a:84:11:b1:3c:78:44:65:8c:9c:e0:68:
                    80:22:41:73:ea:af:91:b1:bf:4f:03:db:ca:1a:75:
                    80:0f:26:ea:b5:3d:ed:d0:d3:09:d3:aa:89:d2:2e:
                    5a:de:a7:4e:00:5c:f4:5e:8e:f0:a3:7a:f1:59:82:
                    6f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D9:02:28:BB:DE:DB:6D:11:80:66:16:20:F3:10:53:51:92:1F:B9
            X509v3 Authority Key Identifier:
                keyid:6F:06:04:74:08:86:06:EC:4E:E8:EE:D7:C4:1B:69:43:F8:9A:09:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/B9kCKLve220RgGYWIPMQU1GSH7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2bfa6b-baa8-4c8c-9bc6-7aa6eb012190/1/bwYEdAiGBuxO6O7XxBtpQ_iaCb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.197.0/24
                IPv6:
                  2a10:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:83:36:31:16:07:d4:87:7f:56:74:f4:68:7b:9a:91:a9:d8:
         fe:79:05:48:ee:89:a1:48:2f:8f:67:70:29:a6:31:7a:81:e7:
         d7:38:7a:06:77:d8:d6:84:74:7c:38:a0:1a:0e:a1:c3:70:9f:
         7c:7b:8a:62:fb:9b:ab:9c:31:0e:b0:5e:bc:64:36:a7:b6:b1:
         17:70:27:9f:a0:ea:13:c7:68:d2:dd:91:71:41:28:fd:34:eb:
         6f:a4:ed:06:6e:c4:77:1b:37:b2:7f:87:ed:39:18:74:a3:e7:
         9c:ac:44:b8:58:31:96:c7:04:88:d4:55:b2:5a:64:20:73:32:
         a6:1e:76:f1:34:d1:82:fd:98:72:3a:b3:9a:56:4e:7f:cb:4e:
         4c:86:a2:89:bc:28:40:6a:67:e7:ae:c5:03:30:27:f7:b3:11:
         2f:e7:2f:7f:ab:ac:ed:e7:ee:68:12:8c:2e:a0:7a:a8:4a:1a:
         3d:92:13:19:b4:49:6f:46:5b:a7:4f:e1:5d:3e:79:8f:7a:53:
         71:1f:ff:b5:ef:02:fb:f7:c8:6e:a2:96:19:18:03:f2:f2:5a:
         c8:ab:3d:a2:d4:b0:d5:fb:6f:29:44:83:25:75:50:eb:c8:b8:
         1f:d4:f6:6b:da:f2:d9:5d:49:48:97:21:94:d7:8b:05:37:ab:
         e8:94:8c:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtqTr/oFnQCvtr6NeOIwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMDYwNDc0MDg4NjA2ZWM0ZWU4ZWVkN2M0MWI2OTQzZjg5
YTA5YmQwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Q5MDIyOGJiZGVkYjZkMTE4MDY2MTYyMGYzMTA1MzUxOTIxZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zvEZdmzAhCa0L9uUzbteMcwwyI7
hVMBYoBvKLrAM4blI7muGedAZaXgfGT1WmL1uDdZfVE63pkAEaMuIp7/PYyDk1bI
9W2LYRpBGQRVyh8tLaz+Cf0nJCeg9LVzNe9QXrPOTHOUkLvjsVJiiiKONU0FOrWv
FTzKDvfJ95KgktfQ1O0pMtSGDw58HLmPhfNw2W1BHJy/tVFXDcdo5/Hrdj2BnZOb
r4DKrTbtl9MT8lmYE1t3G98UVNeNmtNlesKrFL4dl0oqhBGxPHhEZYyc4GiAIkFz
6q+Rsb9PA9vKGnWADybqtT3t0NMJ06qJ0i5a3qdOAFz0Xo7wo3rxWYJvhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAfZAii73tttEYBmFiDzEFNRkh+5MB8GA1UdIwQY
MBaAFG8GBHQIhgbsTuju18QbaUP4mgm9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndZRWRBaUdCdXhPNk83WHhCdHBRX2lhQ2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yYmZhNmItYmFhOC00YzhjLTliYzYt
N2FhNmViMDEyMTkwLzEvQjlrQ0tMdmUyMjBSZ0dZV0lQTVFVMUdTSDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yYmZhNmItYmFhOC00YzhjLTliYzYtN2FhNmViMDEyMTkw
LzEvYndZRWRBaUdCdXhPNk83WHhCdHBRX2lhQ2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudrFMA0E
AgACMAcDBQMqEMeAMA0GCSqGSIb3DQEBCwUAA4IBAQAUgzYxFgfUh39WdPRoe5qR
qdj+eQVI7omhSC+PZ3AppjF6gefXOHoGd9jWhHR8OKAaDqHDcJ98e4pi+5urnDEO
sF68ZDantrEXcCefoOoTx2jS3ZFxQSj9NOtvpO0GbsR3Gzeyf4ftORh0o+ecrES4
WDGWxwSI1FWyWmQgczKmHnbxNNGC/ZhyOrOaVk5/y05MhqKJvChAamfnrsUDMCf3
sxEv5y9/q6zt5+5oEowuoHqoSho9khMZtElvRlunT+FdPnmPelNxH/+17wL798hu
opYZGAPy8lrIqz2i1LDV+28pRIMldVDryLgf1PZr2vLZXUlIlyGU14sFN6volIz+
-----END CERTIFICATE-----