Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/b0nIRToXgBPb0YIHM6WWl5OeP20.roa
File:                     b0nIRToXgBPb0YIHM6WWl5OeP20.roa (raw, json)
Hash identifier:          EdheXZF1H7vIdx/QmejPVNWQI+ipQ3+6twnXn8IkeUY=
Subject key identifier:   6F:49:C8:45:3A:17:80:13:DB:D1:82:07:33:A5:96:97:93:9E:3F:6D
Certificate issuer:       /CN=908c573c2d83c7d8fd2a3cf9a7f536f92925a3bd
Certificate serial:       018CC348B9127EDE65092A0E94FE442BE550
Authority key identifier: 90:8C:57:3C:2D:83:C7:D8:FD:2A:3C:F9:A7:F5:36:F9:29:25:A3:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/b0nIRToXgBPb0YIHM6WWl5OeP20.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205543
IP address blocks:        185.214.236.0/22 maxlen: 24
                          2a0b:af40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b9:12:7e:de:65:09:2a:0e:94:fe:44:2b:e5:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=908c573c2d83c7d8fd2a3cf9a7f536f92925a3bd
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f49c8453a178013dbd1820733a59697939e3f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:18:a2:47:5f:12:13:2c:fc:b0:43:47:12:0a:
                    11:07:27:f0:78:5b:60:01:2e:a9:f7:f5:af:af:eb:
                    92:39:71:42:e6:90:fe:ad:94:38:50:2d:26:19:9d:
                    85:39:12:23:79:fb:78:fa:a7:6d:f8:a2:36:df:a4:
                    c8:d1:39:1f:89:77:ab:da:fc:2f:73:94:70:5a:db:
                    1d:d3:fe:20:77:9c:90:a1:7d:c6:f5:67:6e:04:5d:
                    68:17:f7:0a:af:39:d0:c7:5e:85:79:f1:b0:85:b1:
                    27:22:97:7f:10:3f:b9:15:8c:57:86:1d:97:af:62:
                    13:3e:6e:d8:ff:72:46:48:7c:ab:a9:56:55:76:44:
                    c4:d8:e5:91:ec:d2:90:24:d7:66:62:cc:50:6b:9d:
                    17:55:31:29:73:a6:10:ee:98:b2:1b:18:fe:07:5f:
                    43:da:06:99:d1:26:fb:06:f0:95:0c:e7:ef:83:72:
                    50:e5:ed:d3:50:82:12:fb:1b:b7:d2:c7:c1:31:a8:
                    0c:2e:af:bb:4b:b3:79:e4:e0:5b:fa:64:1f:2b:3a:
                    8c:bb:ff:cb:9a:42:a7:7f:a3:d9:64:32:9c:7c:f8:
                    cf:3f:1e:b3:2d:58:e9:58:4e:8a:2d:94:51:08:e7:
                    c3:41:d7:fc:6f:e5:a2:ce:71:c1:af:06:8f:78:06:
                    9e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:49:C8:45:3A:17:80:13:DB:D1:82:07:33:A5:96:97:93:9E:3F:6D
            X509v3 Authority Key Identifier:
                keyid:90:8C:57:3C:2D:83:C7:D8:FD:2A:3C:F9:A7:F5:36:F9:29:25:A3:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/b0nIRToXgBPb0YIHM6WWl5OeP20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/83c416-7d9d-447a-add1-4e85bfd7d058/1/kIxXPC2Dx9j9Kjz5p_U2-Sklo70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.236.0/22
                IPv6:
                  2a0b:af40::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:08:48:b1:81:aa:fd:0e:90:f4:28:c5:b4:88:67:47:a3:9d:
         00:eb:63:be:c1:36:51:8a:d2:09:de:c6:4d:23:5b:08:07:74:
         5c:c4:1d:ac:ee:57:37:ef:1e:71:d4:f4:d4:20:d1:c6:fa:49:
         ba:1c:86:f3:6b:92:23:6e:c4:06:eb:17:9e:ff:0a:98:c5:3b:
         72:ff:6e:dd:1b:40:85:5b:4a:e7:f3:0c:0a:b9:a1:29:68:7c:
         7f:2d:90:53:0e:db:37:fd:59:ea:fd:b1:d6:13:96:cb:92:ad:
         3a:29:b3:b0:0c:4e:45:9f:b2:66:21:7f:fb:f6:1c:74:b5:3d:
         48:1d:20:fa:ec:d2:bd:79:14:0c:f4:91:6f:0f:c5:78:6e:4b:
         72:c6:68:a3:b0:09:13:51:7e:97:c6:c0:13:ea:14:a3:f0:44:
         c2:20:86:01:0b:1e:57:3d:6b:bd:92:cd:b1:f7:aa:d9:ea:32:
         eb:08:17:ae:6a:dd:4c:d2:b6:38:ba:9a:2f:e3:a5:b4:23:e3:
         80:f2:7c:46:d2:09:8c:b5:b8:dc:19:82:61:87:16:ef:42:d6:
         af:72:6c:19:8a:b8:90:ff:1c:3f:73:3f:a7:c4:eb:eb:7b:a2:
         74:32:9a:b9:3c:9d:50:81:f6:63:6a:ad:66:68:6e:69:f0:6c:
         84:de:d1:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSLkSft5lCSoOlP5EK+VQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOGM1NzNjMmQ4M2M3ZDhmZDJhM2NmOWE3ZjUzNmY5Mjky
NWEzYmQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQ5Yzg0NTNhMTc4MDEzZGJkMTgyMDczM2E1OTY5NzkzOWUzZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRiiR18SEyz8sENHEgoRByfweFtg
AS6p9/Wvr+uSOXFC5pD+rZQ4UC0mGZ2FORIjeft4+qdt+KI236TI0TkfiXer2vwv
c5RwWtsd0/4gd5yQoX3G9WduBF1oF/cKrznQx16FefGwhbEnIpd/ED+5FYxXhh2X
r2ITPm7Y/3JGSHyrqVZVdkTE2OWR7NKQJNdmYsxQa50XVTEpc6YQ7piyGxj+B19D
2gaZ0Sb7BvCVDOfvg3JQ5e3TUIIS+xu30sfBMagMLq+7S7N55OBb+mQfKzqMu//L
mkKnf6PZZDKcfPjPPx6zLVjpWE6KLZRRCOfDQdf8b+WiznHBrwaPeAae9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG9JyEU6F4AT29GCBzOllpeTnj9tMB8GA1UdIwQY
MBaAFJCMVzwtg8fY/So8+af1NvkpJaO9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0l4WFBDMkR4OWo5S2p6NXBfVTItU2tsbzcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84M2M0MTYtN2Q5ZC00NDdhLWFkZDEt
NGU4NWJmZDdkMDU4LzEvYjBuSVJUb1hnQlBiMFlJSE02V1dsNU9lUDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84M2M0MTYtN2Q5ZC00NDdhLWFkZDEtNGU4NWJmZDdkMDU4
LzEva0l4WFBDMkR4OWo5S2p6NXBfVTItU2tsbzcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudbsMA0E
AgACMAcDBQMqC69AMA0GCSqGSIb3DQEBCwUAA4IBAQBxCEixgar9DpD0KMW0iGdH
o50A62O+wTZRitIJ3sZNI1sIB3RcxB2s7lc37x5x1PTUINHG+km6HIbza5IjbsQG
6xee/wqYxTty/27dG0CFW0rn8wwKuaEpaHx/LZBTDts3/Vnq/bHWE5bLkq06KbOw
DE5Fn7JmIX/79hx0tT1IHSD67NK9eRQM9JFvD8V4bktyxmijsAkTUX6XxsAT6hSj
8ETCIIYBCx5XPWu9ks2x96rZ6jLrCBeuat1M0rY4upov46W0I+OA8nxG0gmMtbjc
GYJhhxbvQtavcmwZiriQ/xw/cz+nxOvre6J0Mpq5PJ1QgfZjaq1maG5p8GyE3tE4
-----END CERTIFICATE-----