Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/P7yjJY2c0Qo_x2pTkNjt0Wa_6fc.roa
File:                     P7yjJY2c0Qo_x2pTkNjt0Wa_6fc.roa (raw, json)
Hash identifier:          F/zEfbVBSXur+ofqZXUnnoDM2Y7mf9T68PSTvXWAy0M=
Subject key identifier:   3F:BC:A3:25:8D:9C:D1:0A:3F:C7:6A:53:90:D8:ED:D1:66:BF:E9:F7
Certificate issuer:       /CN=af002d6bb85a986bc88dbcd933209454e5b5e082
Certificate serial:       018CC801FBA111599307F72EAF53CCF9F8B9
Authority key identifier: AF:00:2D:6B:B8:5A:98:6B:C8:8D:BC:D9:33:20:94:54:E5:B5:E0:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwAta7hamGvIjbzZMyCUVOW14II.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/P7yjJY2c0Qo_x2pTkNjt0Wa_6fc.roa
Signing time:             Tue 02 Jan 2024 02:30:22 +0000
ROA not before:           Tue 02 Jan 2024 02:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204383
IP address blocks:        185.250.172.0/22 maxlen: 22
                          2a0c:fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/rwAta7hamGvIjbzZMyCUVOW14II.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/rwAta7hamGvIjbzZMyCUVOW14II.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwAta7hamGvIjbzZMyCUVOW14II.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:fb:a1:11:59:93:07:f7:2e:af:53:cc:f9:f8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af002d6bb85a986bc88dbcd933209454e5b5e082
        Validity
            Not Before: Jan  2 02:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fbca3258d9cd10a3fc76a5390d8edd166bfe9f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:47:11:12:d3:bb:83:0d:8c:26:ce:82:f6:
                    dd:af:4a:6e:ed:92:93:ce:19:08:b8:38:fd:7a:2f:
                    d0:db:b0:83:4e:2a:ce:4b:25:75:1a:73:4c:3f:41:
                    5c:25:fc:94:7b:79:24:cc:e2:35:6b:3a:f8:4f:ff:
                    a0:d1:49:1c:96:c9:58:1e:c3:47:65:8c:8c:b3:32:
                    71:dc:ad:7b:6c:78:16:2b:06:84:88:ec:2d:e4:4c:
                    3e:2e:f8:05:18:8b:7e:cb:e1:bc:0c:cb:51:cc:5f:
                    6d:9d:e6:04:c6:39:53:40:58:b1:c0:a6:62:f3:cc:
                    29:70:07:5f:48:d1:78:00:ea:89:75:bb:bf:f9:4f:
                    8f:9d:f9:4c:90:b0:b7:8b:4b:71:a4:02:09:ec:3d:
                    53:42:68:eb:b8:28:f7:bb:5a:3f:fd:d6:47:d3:d1:
                    4b:28:a8:c9:cd:17:cb:32:16:e7:c4:3e:e2:0a:de:
                    2f:aa:1a:ca:e4:e1:ff:d2:25:96:84:84:5d:e5:8f:
                    d9:02:a7:59:e2:29:7c:2a:e9:e0:75:d4:70:44:b9:
                    87:d6:b5:79:a7:ce:ab:e8:6f:50:ab:a7:b9:d1:d7:
                    92:5d:3d:95:18:d1:42:26:28:47:2a:bc:0a:cc:0c:
                    00:c1:c3:9a:42:7b:db:f9:61:57:1f:1d:c2:e9:97:
                    93:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BC:A3:25:8D:9C:D1:0A:3F:C7:6A:53:90:D8:ED:D1:66:BF:E9:F7
            X509v3 Authority Key Identifier:
                keyid:AF:00:2D:6B:B8:5A:98:6B:C8:8D:BC:D9:33:20:94:54:E5:B5:E0:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwAta7hamGvIjbzZMyCUVOW14II.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/P7yjJY2c0Qo_x2pTkNjt0Wa_6fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a2eda2-e885-4640-9c84-d6ef8e914307/1/rwAta7hamGvIjbzZMyCUVOW14II.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.172.0/22
                IPv6:
                  2a0c:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c7:93:86:96:57:71:56:2f:c4:ef:b0:bc:70:c8:c9:0b:d0:f3:
         78:00:b2:61:a7:f3:66:f4:dc:57:ae:da:62:29:18:d3:1f:67:
         bd:12:1a:5c:bf:b0:25:04:0f:a2:82:6a:5d:11:7e:ec:eb:03:
         da:22:5d:d9:09:1c:ec:2d:a6:cb:21:c8:b7:29:c1:41:13:2d:
         9b:54:94:dc:2c:12:ca:fa:47:22:8c:07:7a:4c:87:39:97:a9:
         5c:23:a4:b3:be:6e:af:f6:ce:f1:ef:42:b6:f0:97:b0:62:8f:
         5b:74:41:d7:70:06:d2:15:3e:50:7a:e2:10:4e:49:40:2c:fa:
         1a:6d:35:48:31:2d:73:73:96:d5:41:fb:ad:e5:1f:8f:cd:87:
         1d:8c:a6:41:5e:cf:69:f2:3c:81:12:2c:6b:22:c4:7f:b7:2c:
         7a:c7:9b:bb:9d:38:4f:a4:86:ec:16:8b:dc:86:d0:e2:7a:9e:
         75:36:8b:d4:76:e3:45:e8:8c:79:9c:1d:17:4d:07:7c:ed:1c:
         34:a2:4f:f4:7c:1a:90:62:4e:e8:bc:da:97:b7:b5:9e:c4:c6:
         3a:8a:b6:0d:c2:a8:77:8b:4b:c7:1f:a1:a2:a4:2b:a6:bd:49:
         5b:64:d5:3a:33:bb:dd:84:34:35:a4:a9:c3:20:55:52:3a:6a:
         c6:62:40:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAfuhEVmTB/cur1PM+fi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDAyZDZiYjg1YTk4NmJjODhkYmNkOTMzMjA5NDU0ZTVi
NWUwODIwHhcNMjQwMTAyMDIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJjYTMyNThkOWNkMTBhM2ZjNzZhNTM5MGQ4ZWRkMTY2YmZlOWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhNHERLTu4MNjCbOgvbdr0pu7ZKT
zhkIuDj9ei/Q27CDTirOSyV1GnNMP0FcJfyUe3kkzOI1azr4T/+g0UkclslYHsNH
ZYyMszJx3K17bHgWKwaEiOwt5Ew+LvgFGIt+y+G8DMtRzF9tneYExjlTQFixwKZi
88wpcAdfSNF4AOqJdbu/+U+PnflMkLC3i0txpAIJ7D1TQmjruCj3u1o//dZH09FL
KKjJzRfLMhbnxD7iCt4vqhrK5OH/0iWWhIRd5Y/ZAqdZ4il8KungddRwRLmH1rV5
p86r6G9Qq6e50deSXT2VGNFCJihHKrwKzAwAwcOaQnvb+WFXHx3C6ZeTRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD+8oyWNnNEKP8dqU5DY7dFmv+n3MB8GA1UdIwQY
MBaAFK8ALWu4WphryI282TMglFTlteCCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndBdGE3aGFtR3ZJamJ6Wk15Q1VWT1cxNElJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9hMmVkYTItZTg4NS00NjQwLTljODQt
ZDZlZjhlOTE0MzA3LzEvUDd5akpZMmMwUW9feDJwVGtOanQwV2FfNmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9hMmVkYTItZTg4NS00NjQwLTljODQtZDZlZjhlOTE0MzA3
LzEvcndBdGE3aGFtR3ZJamJ6Wk15Q1VWT1cxNElJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufqsMA0E
AgACMAcDBQMqDA/AMA0GCSqGSIb3DQEBCwUAA4IBAQDHk4aWV3FWL8TvsLxwyMkL
0PN4ALJhp/Nm9NxXrtpiKRjTH2e9Ehpcv7AlBA+igmpdEX7s6wPaIl3ZCRzsLabL
Ici3KcFBEy2bVJTcLBLK+kcijAd6TIc5l6lcI6Szvm6v9s7x70K28JewYo9bdEHX
cAbSFT5QeuIQTklALPoabTVIMS1zc5bVQfut5R+PzYcdjKZBXs9p8jyBEixrIsR/
tyx6x5u7nThPpIbsFovchtDiep51NovUduNF6Ix5nB0XTQd87Rw0ok/0fBqQYk7o
vNqXt7WexMY6irYNwqh3i0vHH6GipCumvUlbZNU6M7vdhDQ1pKnDIFVSOmrGYkBU
-----END CERTIFICATE-----