Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/0NUMWy_NR9r5aMfnYJoau7vLeoY.roa
File:                     0NUMWy_NR9r5aMfnYJoau7vLeoY.roa (raw, json)
Hash identifier:          FJP/9zLYhLfa1of3o49um6b82q4o42A/6rPboeHAUgs=
Subject key identifier:   D0:D5:0C:5B:2F:CD:47:DA:F9:68:C7:E7:60:9A:1A:BB:BB:CB:7A:86
Certificate issuer:       /CN=8b21ffade930bd1fd2e1788cff407d9d34134e17
Certificate serial:       018CC7273798706EF3844B0FDD9A7FF565AE
Authority key identifier: 8B:21:FF:AD:E9:30:BD:1F:D2:E1:78:8C:FF:40:7D:9D:34:13:4E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iyH_rekwvR_S4XiM_0B9nTQTThc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/0NUMWy_NR9r5aMfnYJoau7vLeoY.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204782
IP address blocks:        185.240.96.0/22 maxlen: 22
                          2a0c:7a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/iyH_rekwvR_S4XiM_0B9nTQTThc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/iyH_rekwvR_S4XiM_0B9nTQTThc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iyH_rekwvR_S4XiM_0B9nTQTThc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:37:98:70:6e:f3:84:4b:0f:dd:9a:7f:f5:65:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b21ffade930bd1fd2e1788cff407d9d34134e17
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0d50c5b2fcd47daf968c7e7609a1abbbbcb7a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:aa:b6:21:15:37:81:39:07:87:64:9b:0f:79:
                    c6:3e:ff:c2:d1:ac:ea:6b:8d:ca:b1:e7:68:0b:a5:
                    e9:03:4e:86:67:8a:ec:8e:11:b2:29:2d:ff:09:5f:
                    25:c7:d7:31:a1:74:4f:60:3f:3f:3d:e6:ab:3b:9f:
                    4c:28:8e:fc:50:71:45:5f:33:02:42:65:67:2b:64:
                    65:b4:5f:3c:bc:65:cc:d2:bb:2b:4e:f9:00:59:3c:
                    a4:7d:c4:4a:22:17:d1:4f:2f:a9:be:b5:b1:4d:47:
                    29:e5:5a:e3:c0:2c:96:c7:e8:0e:9b:f5:d4:77:b6:
                    30:a5:e2:77:0d:51:e7:aa:b7:de:9d:80:23:4b:e7:
                    c6:5a:36:24:68:92:53:fb:f0:e2:15:f9:c0:6f:be:
                    b4:b2:e0:b0:77:d1:c8:58:bf:0f:67:98:49:1d:6b:
                    62:d0:08:29:b3:7f:2e:e0:55:0a:bb:a8:a3:95:cd:
                    be:b0:87:be:ca:45:99:a3:ac:41:cd:03:7b:ce:de:
                    2a:89:6f:92:db:d4:3a:ea:2b:1f:09:1c:1e:a3:43:
                    23:11:1e:42:92:f4:f2:9e:fd:f8:21:14:30:95:1e:
                    e3:4a:6e:fc:1c:95:a7:28:6d:7b:15:3c:e8:a0:c1:
                    eb:38:db:50:d9:65:82:32:c0:13:cb:9c:13:0b:ff:
                    1e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D5:0C:5B:2F:CD:47:DA:F9:68:C7:E7:60:9A:1A:BB:BB:CB:7A:86
            X509v3 Authority Key Identifier:
                keyid:8B:21:FF:AD:E9:30:BD:1F:D2:E1:78:8C:FF:40:7D:9D:34:13:4E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iyH_rekwvR_S4XiM_0B9nTQTThc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/0NUMWy_NR9r5aMfnYJoau7vLeoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ce0eb-3aba-4b36-b7c4-425c51d7888b/1/iyH_rekwvR_S4XiM_0B9nTQTThc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.96.0/22
                IPv6:
                  2a0c:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:48:70:77:6c:29:54:ff:85:94:21:cb:97:46:76:5a:a5:b8:
         41:82:09:47:25:5a:da:a9:37:2b:e0:e7:c6:5f:b8:70:86:86:
         3c:8b:32:3b:3f:20:a0:96:69:7b:b6:e1:e5:e4:ac:04:a6:93:
         67:7a:33:92:d5:94:c2:48:0b:f3:0e:27:0d:b1:6e:6e:32:16:
         7d:da:62:31:75:2c:9b:be:74:b4:0b:b9:fb:86:6f:72:fa:17:
         78:da:97:fb:75:1f:a2:02:83:23:59:a6:ba:5d:f2:c2:5b:66:
         9d:b6:3a:cd:7b:5a:15:a0:d9:2b:49:ad:16:8f:ec:47:3a:c2:
         f7:a8:6b:0e:bc:ca:20:c4:f0:4c:bc:97:23:3a:2a:10:d1:70:
         f3:40:a9:75:5e:bb:2d:b5:6e:25:98:31:ad:3a:f0:b5:9c:05:
         71:44:66:ad:7c:62:a5:a5:07:e9:3c:a6:83:c0:09:85:64:d9:
         52:b8:36:1b:f1:d5:e1:70:35:2e:61:e3:72:98:14:e1:6d:84:
         eb:6f:0a:bf:39:ee:f9:f7:98:9c:9c:b7:5b:26:cd:34:76:f4:
         c7:6b:f6:6b:bf:c1:12:13:35:0b:23:9b:02:c9:1c:07:b9:37:
         32:3e:5b:cd:68:00:1c:09:3f:2c:f1:c0:7b:52:8b:3d:53:0c:
         84:76:11:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJzeYcG7zhEsP3Zp/9WWuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMjFmZmFkZTkzMGJkMWZkMmUxNzg4Y2ZmNDA3ZDlkMzQx
MzRlMTcwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQ1MGM1YjJmY2Q0N2RhZjk2OGM3ZTc2MDlhMWFiYmJiY2I3YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6q2IRU3gTkHh2SbD3nGPv/C0azq
a43KsedoC6XpA06GZ4rsjhGyKS3/CV8lx9cxoXRPYD8/PearO59MKI78UHFFXzMC
QmVnK2RltF88vGXM0rsrTvkAWTykfcRKIhfRTy+pvrWxTUcp5VrjwCyWx+gOm/XU
d7YwpeJ3DVHnqrfenYAjS+fGWjYkaJJT+/DiFfnAb760suCwd9HIWL8PZ5hJHWti
0Agps38u4FUKu6ijlc2+sIe+ykWZo6xBzQN7zt4qiW+S29Q66isfCRweo0MjER5C
kvTynv34IRQwlR7jSm78HJWnKG17FTzooMHrONtQ2WWCMsATy5wTC/8eFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNDVDFsvzUfa+WjH52CaGru7y3qGMB8GA1UdIwQY
MBaAFIsh/63pML0f0uF4jP9AfZ00E04XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXlIX3Jla3d2Ul9TNFhpTV8wQjluVFFUVGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85Y2UwZWItM2FiYS00YjM2LWI3YzQt
NDI1YzUxZDc4ODhiLzEvME5VTVd5X05SOXI1YU1mbllKb2F1N3ZMZW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85Y2UwZWItM2FiYS00YjM2LWI3YzQtNDI1YzUxZDc4ODhi
LzEvaXlIX3Jla3d2Ul9TNFhpTV8wQjluVFFUVGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufBgMA0E
AgACMAcDBQMqDHqAMA0GCSqGSIb3DQEBCwUAA4IBAQAOSHB3bClU/4WUIcuXRnZa
pbhBgglHJVraqTcr4OfGX7hwhoY8izI7PyCglml7tuHl5KwEppNnejOS1ZTCSAvz
DicNsW5uMhZ92mIxdSybvnS0C7n7hm9y+hd42pf7dR+iAoMjWaa6XfLCW2adtjrN
e1oVoNkrSa0Wj+xHOsL3qGsOvMogxPBMvJcjOioQ0XDzQKl1XrsttW4lmDGtOvC1
nAVxRGatfGKlpQfpPKaDwAmFZNlSuDYb8dXhcDUuYeNymBThbYTrbwq/Oe7595ic
nLdbJs00dvTHa/Zrv8ESEzULI5sCyRwHuTcyPlvNaAAcCT8s8cB7Uos9UwyEdhER
-----END CERTIFICATE-----