Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/zUDpMoUENJRnQuWywPmLnxm_ARc.roa
File:                     zUDpMoUENJRnQuWywPmLnxm_ARc.roa (raw, json)
Hash identifier:          gpv2HNX4sL7HtqvCE+pWJlCYulUtu7U+IHwQnGcjVFw=
Subject key identifier:   CD:40:E9:32:85:04:34:94:67:42:E5:B2:C0:F9:8B:9F:19:BF:01:17
Certificate issuer:       /CN=a22e61b1ddc81dc4f338a689febd8dfddb44bf44
Certificate serial:       018CC8DF277FFA626EEDA0DF21C9805FC34D
Authority key identifier: A2:2E:61:B1:DD:C8:1D:C4:F3:38:A6:89:FE:BD:8D:FD:DB:44:BF:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/zUDpMoUENJRnQuWywPmLnxm_ARc.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204203
IP address blocks:        185.217.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:27:7f:fa:62:6e:ed:a0:df:21:c9:80:5f:c3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a22e61b1ddc81dc4f338a689febd8dfddb44bf44
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd40e932850434946742e5b2c0f98b9f19bf0117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bd:a2:68:f3:14:e2:b5:fa:de:70:58:0d:74:
                    e8:3a:10:ab:a3:9c:cf:b7:2a:ef:6c:27:8c:7d:f2:
                    06:20:0b:25:51:b2:ca:51:98:3a:02:3e:65:04:98:
                    27:9a:b0:36:b3:9e:f1:a0:86:a9:d2:7d:48:2f:38:
                    d3:b9:b5:ff:a8:b2:a3:23:95:df:a6:7d:ca:43:01:
                    7b:ed:2c:16:22:09:ae:6c:a0:e2:2e:ef:ee:57:32:
                    ac:0b:05:1c:71:16:e6:28:99:e4:2a:e1:76:0f:64:
                    4e:f3:62:5f:9f:af:cb:7b:72:56:92:29:55:d6:84:
                    b9:cd:fa:8f:08:85:fd:8b:50:a6:9f:b3:00:c1:b6:
                    50:01:0d:36:c4:50:b2:fa:95:05:2b:15:fb:0d:f5:
                    90:08:fc:55:cd:f3:a6:af:70:69:55:53:64:94:a3:
                    65:35:ad:d9:a1:ac:a7:b1:be:6f:88:7b:5c:ee:4e:
                    80:c0:89:0d:32:b6:fa:21:63:bb:c3:52:31:ff:73:
                    f6:9a:26:b0:92:00:63:75:a5:c1:e4:92:62:7a:14:
                    7a:11:02:85:81:ff:90:84:ce:b9:04:16:c7:66:79:
                    04:27:f9:b8:b3:67:89:3b:67:59:df:fe:c2:91:47:
                    89:ba:e6:b0:d7:f7:3e:33:f6:7d:87:21:f0:f4:7f:
                    78:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:40:E9:32:85:04:34:94:67:42:E5:B2:C0:F9:8B:9F:19:BF:01:17
            X509v3 Authority Key Identifier:
                keyid:A2:2E:61:B1:DD:C8:1D:C4:F3:38:A6:89:FE:BD:8D:FD:DB:44:BF:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/zUDpMoUENJRnQuWywPmLnxm_ARc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d93edd-a807-45a5-8719-7baba2973746/1/oi5hsd3IHcTzOKaJ_r2N_dtEv0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ac:24:32:dd:0c:7a:d1:c2:f2:08:ae:3e:d8:5b:1a:89:4a:
         b2:bf:f8:60:bf:08:9d:67:55:e8:fa:a9:04:42:91:93:b4:38:
         6c:3d:77:96:3e:c0:db:25:09:e6:89:cd:cc:49:a7:10:5c:f4:
         97:eb:68:37:df:de:28:2d:c7:48:66:9e:ca:d5:e1:ee:8a:c4:
         2d:58:65:6b:2c:7e:79:ec:fe:40:15:3a:54:17:ae:91:13:4a:
         f1:d6:38:a7:39:0b:31:f4:e6:ac:e2:bc:3b:21:1a:b4:c4:a1:
         d7:71:2b:73:7c:c2:93:e5:7c:a3:25:38:f9:fd:fc:d2:e3:ec:
         4c:1a:72:78:26:f1:e0:63:01:0a:2d:24:d0:c1:e9:9d:6f:7b:
         4c:46:1d:5a:d5:8d:8b:f4:27:b6:dd:37:a2:a4:ad:5c:5e:90:
         6c:e7:e2:ba:ab:91:06:7a:cf:2c:4f:29:d3:51:08:d6:c6:aa:
         c6:c7:df:29:06:85:b8:34:c3:18:55:53:f4:b5:ef:0f:5e:bc:
         54:44:5d:94:23:9e:bf:b0:cd:b3:35:af:43:fd:0c:2d:ed:39:
         fa:b2:73:07:a6:02:af:09:d2:43:fc:ae:35:b9:83:d6:44:5f:
         5d:f4:f3:d0:82:33:33:a3:df:f4:7d:20:b0:38:21:39:71:2d:
         cd:9f:4e:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yd/+mJu7aDfIcmAX8NNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMmU2MWIxZGRjODFkYzRmMzM4YTY4OWZlYmQ4ZGZkZGI0
NGJmNDQwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQwZTkzMjg1MDQzNDk0Njc0MmU1YjJjMGY5OGI5ZjE5YmYwMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsL2iaPMU4rX63nBYDXToOhCro5zP
tyrvbCeMffIGIAslUbLKUZg6Aj5lBJgnmrA2s57xoIap0n1ILzjTubX/qLKjI5Xf
pn3KQwF77SwWIgmubKDiLu/uVzKsCwUccRbmKJnkKuF2D2RO82Jfn6/Le3JWkilV
1oS5zfqPCIX9i1Cmn7MAwbZQAQ02xFCy+pUFKxX7DfWQCPxVzfOmr3BpVVNklKNl
Na3Zoaynsb5viHtc7k6AwIkNMrb6IWO7w1Ix/3P2miawkgBjdaXB5JJiehR6EQKF
gf+QhM65BBbHZnkEJ/m4s2eJO2dZ3/7CkUeJuuaw1/c+M/Z9hyHw9H94swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1A6TKFBDSUZ0LlssD5i58ZvwEXMB8GA1UdIwQY
MBaAFKIuYbHdyB3E8zimif69jf3bRL9EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2k1aHNkM0lIY1R6T0thSl9yMk5fZHRFdjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9kOTNlZGQtYTgwNy00NWE1LTg3MTkt
N2JhYmEyOTczNzQ2LzEvelVEcE1vVUVOSlJuUXVXeXdQbUxueG1fQVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9kOTNlZGQtYTgwNy00NWE1LTg3MTktN2JhYmEyOTczNzQ2
LzEvb2k1aHNkM0lIY1R6T0thSl9yMk5fZHRFdjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudkGMA0G
CSqGSIb3DQEBCwUAA4IBAQAkrCQy3Qx60cLyCK4+2FsaiUqyv/hgvwidZ1Xo+qkE
QpGTtDhsPXeWPsDbJQnmic3MSacQXPSX62g3394oLcdIZp7K1eHuisQtWGVrLH55
7P5AFTpUF66RE0rx1jinOQsx9Oas4rw7IRq0xKHXcStzfMKT5XyjJTj5/fzS4+xM
GnJ4JvHgYwEKLSTQwemdb3tMRh1a1Y2L9Ce23TeipK1cXpBs5+K6q5EGes8sTynT
UQjWxqrGx98pBoW4NMMYVVP0te8PXrxURF2UI56/sM2zNa9D/Qwt7Tn6snMHpgKv
CdJD/K41uYPWRF9d9PPQgjMzo9/0fSCwOCE5cS3Nn06q
-----END CERTIFICATE-----