Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/aQJlm6wOm4nDYos0u-yBTnVbOqY.roa
File:                     aQJlm6wOm4nDYos0u-yBTnVbOqY.roa (raw, json)
Hash identifier:          mMwKnHwwdpVSh8vu4LIam0XX3psCJopr5iJRarbHT0I=
Subject key identifier:   69:02:65:9B:AC:0E:9B:89:C3:62:8B:34:BB:EC:81:4E:75:5B:3A:A6
Certificate issuer:       /CN=213d8735c144cf12565843b69eb40a4d1a301aa5
Certificate serial:       018CC79369E5A271B378AD2E0F5392114E6D
Authority key identifier: 21:3D:87:35:C1:44:CF:12:56:58:43:B6:9E:B4:0A:4D:1A:30:1A:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IT2HNcFEzxJWWEO2nrQKTRowGqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/aQJlm6wOm4nDYos0u-yBTnVbOqY.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206988
IP address blocks:        185.169.224.0/22 maxlen: 22
                          2a0a:6d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/IT2HNcFEzxJWWEO2nrQKTRowGqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/IT2HNcFEzxJWWEO2nrQKTRowGqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IT2HNcFEzxJWWEO2nrQKTRowGqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:69:e5:a2:71:b3:78:ad:2e:0f:53:92:11:4e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=213d8735c144cf12565843b69eb40a4d1a301aa5
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6902659bac0e9b89c3628b34bbec814e755b3aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6d:0a:f6:01:90:ec:d8:6b:f3:2b:aa:c7:65:
                    60:e9:4e:6f:c6:9d:da:05:74:d4:ff:51:d5:d5:0e:
                    9b:b2:a0:58:6d:97:e1:1c:d2:84:8d:aa:3e:ad:b7:
                    31:2e:0a:a1:d8:92:85:92:39:e6:0d:8a:15:d2:21:
                    0a:9f:f8:27:ac:a2:07:9f:01:6f:a1:1e:a9:45:ad:
                    37:72:33:6f:3a:e7:65:de:a2:f1:c2:67:1c:a0:2b:
                    c6:aa:88:23:33:b6:8c:89:3d:0c:83:c2:c4:6b:02:
                    07:40:46:59:7e:6e:6c:36:83:f4:2a:90:0f:16:bd:
                    93:f0:8f:4e:0d:e5:2f:71:e9:62:1c:5c:cc:f4:c2:
                    28:d3:f7:20:c2:e7:60:3e:c1:ad:45:33:c9:2e:75:
                    cb:af:93:7d:ff:ed:61:44:52:26:37:14:66:0f:e2:
                    22:d6:30:80:4a:ad:85:6d:f8:ec:4f:19:13:2f:92:
                    f5:df:3a:a9:dc:46:46:4e:ac:cb:b1:34:4e:b0:b7:
                    f6:b7:e0:da:55:7c:4c:9f:66:5d:a8:03:37:70:7f:
                    82:d7:e4:88:cb:e3:e5:2f:33:a5:3e:82:7b:77:ad:
                    a0:d8:e7:6d:df:eb:2e:df:d1:66:84:66:78:26:fe:
                    7d:60:5e:97:90:60:8c:f6:06:ee:f8:00:75:0e:3d:
                    e5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:02:65:9B:AC:0E:9B:89:C3:62:8B:34:BB:EC:81:4E:75:5B:3A:A6
            X509v3 Authority Key Identifier:
                keyid:21:3D:87:35:C1:44:CF:12:56:58:43:B6:9E:B4:0A:4D:1A:30:1A:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IT2HNcFEzxJWWEO2nrQKTRowGqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/aQJlm6wOm4nDYos0u-yBTnVbOqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b043af-b492-4b5b-a250-301433ebe436/1/IT2HNcFEzxJWWEO2nrQKTRowGqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.224.0/22
                IPv6:
                  2a0a:6d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:df:c2:77:b3:db:32:eb:54:39:51:64:5e:4d:b2:97:b6:50:
         f5:df:81:59:f4:a1:84:9d:8c:ec:f2:b7:7f:bc:53:50:d4:5d:
         13:fb:8b:14:86:1b:b3:a4:68:be:90:e4:ed:87:5f:b8:cb:92:
         98:5b:9a:ff:8a:02:35:0a:b7:a3:46:d1:9e:28:90:b7:e3:8d:
         c7:de:1f:49:0c:7d:11:54:80:7f:ba:f9:ef:7e:26:f9:fd:29:
         c4:57:59:77:d1:cb:d3:b9:8a:c1:24:23:83:15:73:c5:31:62:
         ac:6c:8a:b2:c0:57:48:94:e8:36:64:37:53:e7:3e:b2:e5:1a:
         e1:3e:1b:2d:6a:fc:56:9e:2c:8c:78:44:b5:54:6c:05:9e:4d:
         05:50:a6:c5:14:1c:bd:99:5a:a7:ca:02:66:72:c7:f8:81:2a:
         de:52:16:6e:d4:a7:6a:ea:65:e7:dc:9d:46:bd:39:a5:7f:2a:
         c8:d6:ec:c9:c1:5f:c9:5d:4e:cf:16:56:52:fa:c4:36:a8:d8:
         a7:67:ff:0a:16:5b:b9:46:17:17:09:b6:a1:8b:58:44:44:7a:
         be:36:6f:81:83:30:a0:e7:70:49:16:dc:af:4e:e0:37:c7:04:
         d9:72:2f:a8:d0:18:82:32:e8:3d:6e:37:95:4e:8d:37:54:26:
         73:ca:79:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk2nlonGzeK0uD1OSEU5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxM2Q4NzM1YzE0NGNmMTI1NjU4NDNiNjllYjQwYTRkMWEz
MDFhYTUwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAyNjU5YmFjMGU5Yjg5YzM2MjhiMzRiYmVjODE0ZTc1NWIzYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiG0K9gGQ7Nhr8yuqx2Vg6U5vxp3a
BXTU/1HV1Q6bsqBYbZfhHNKEjao+rbcxLgqh2JKFkjnmDYoV0iEKn/gnrKIHnwFv
oR6pRa03cjNvOudl3qLxwmccoCvGqogjM7aMiT0Mg8LEawIHQEZZfm5sNoP0KpAP
Fr2T8I9ODeUvceliHFzM9MIo0/cgwudgPsGtRTPJLnXLr5N9/+1hRFImNxRmD+Ii
1jCASq2FbfjsTxkTL5L13zqp3EZGTqzLsTROsLf2t+DaVXxMn2ZdqAM3cH+C1+SI
y+PlLzOlPoJ7d62g2Odt3+su39FmhGZ4Jv59YF6XkGCM9gbu+AB1Dj3lMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGkCZZusDpuJw2KLNLvsgU51WzqmMB8GA1UdIwQY
MBaAFCE9hzXBRM8SVlhDtp60Ck0aMBqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVQySE5jRkV6eEpXV0VPMm5yUUtUUm93R3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iMDQzYWYtYjQ5Mi00YjViLWEyNTAt
MzAxNDMzZWJlNDM2LzEvYVFKbG02d09tNG5EWW9zMHUteUJUblZiT3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iMDQzYWYtYjQ5Mi00YjViLWEyNTAtMzAxNDMzZWJlNDM2
LzEvSVQySE5jRkV6eEpXV0VPMm5yUUtUUm93R3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuangMA0E
AgACMAcDBQMqCm0AMA0GCSqGSIb3DQEBCwUAA4IBAQCp38J3s9sy61Q5UWReTbKX
tlD134FZ9KGEnYzs8rd/vFNQ1F0T+4sUhhuzpGi+kOTth1+4y5KYW5r/igI1Crej
RtGeKJC3443H3h9JDH0RVIB/uvnvfib5/SnEV1l30cvTuYrBJCODFXPFMWKsbIqy
wFdIlOg2ZDdT5z6y5RrhPhstavxWniyMeES1VGwFnk0FUKbFFBy9mVqnygJmcsf4
gSreUhZu1Kdq6mXn3J1GvTmlfyrI1uzJwV/JXU7PFlZS+sQ2qNinZ/8KFlu5RhcX
Cbahi1hERHq+Nm+BgzCg53BJFtyvTuA3xwTZci+o0BiCMug9bjeVTo03VCZzynkW
-----END CERTIFICATE-----