Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/9ZXiXYjHcuwmbRifgqMWdl8LJo0.roa
File:                     9ZXiXYjHcuwmbRifgqMWdl8LJo0.roa (raw, json)
Hash identifier:          dBeIQsk63xyg+AUcI36Lu6oeCKPyDrb/EkLmtvtWw1s=
Subject key identifier:   F5:95:E2:5D:88:C7:72:EC:26:6D:18:9F:82:A3:16:76:5F:0B:26:8D
Certificate issuer:       /CN=6f108bd5addfabf151d9079e3d3d341269666fa7
Certificate serial:       018EA885166F95B005E2D8937E1300579A55
Authority key identifier: 6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/9ZXiXYjHcuwmbRifgqMWdl8LJo0.roa
Signing time:             Thu 04 Apr 2024 09:51:17 +0000
ROA not before:           Thu 04 Apr 2024 09:51:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199533
IP address blocks:        185.144.115.0/24 maxlen: 24
                          2a0f:ac80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:85:16:6f:95:b0:05:e2:d8:93:7e:13:00:57:9a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f108bd5addfabf151d9079e3d3d341269666fa7
        Validity
            Not Before: Apr  4 09:51:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f595e25d88c772ec266d189f82a316765f0b268d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:92:2a:91:0b:a9:11:99:00:e6:2a:51:36:06:
                    75:88:2a:bf:72:fa:fe:63:72:d6:da:f7:c3:79:05:
                    41:24:ce:7e:59:1e:6e:04:10:9f:d1:b9:cf:68:c1:
                    bc:b7:f3:cd:be:61:56:4c:65:d8:41:2e:c5:ce:1b:
                    ba:b0:12:be:3a:2b:4a:ec:15:31:29:b5:53:ee:23:
                    11:ef:8a:e8:2a:8b:66:7b:5c:b5:84:6e:72:64:7b:
                    6c:10:de:c8:b5:31:49:62:1c:0f:d0:3d:c0:4b:54:
                    1f:08:6c:90:7b:23:d3:ae:d1:55:c8:63:54:64:e1:
                    d9:00:16:3e:de:78:cf:83:58:66:68:cb:f9:6d:34:
                    a8:06:96:7f:2f:3c:d0:d1:69:c9:b3:49:83:8a:12:
                    26:71:5a:f4:75:b3:8a:22:b8:21:bd:8f:8b:f7:1f:
                    c9:38:e2:62:ce:95:a1:39:78:2f:ec:86:70:4c:a4:
                    7d:c1:77:a1:c5:66:c7:f1:25:28:65:c0:39:04:79:
                    b1:f8:15:47:9e:05:13:50:e6:ef:63:3c:2a:8b:e0:
                    fd:c0:ac:7b:ee:38:c6:d4:f3:c7:ba:05:a1:6b:86:
                    e8:08:4a:37:f7:da:56:97:89:5a:fc:e4:11:59:a3:
                    16:a7:31:4b:16:75:17:28:58:ff:5f:3e:62:45:a6:
                    af:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:95:E2:5D:88:C7:72:EC:26:6D:18:9F:82:A3:16:76:5F:0B:26:8D
            X509v3 Authority Key Identifier:
                keyid:6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/9ZXiXYjHcuwmbRifgqMWdl8LJo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.115.0/24
                IPv6:
                  2a0f:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:ed:14:cc:9e:a8:8d:22:30:73:6d:d3:a0:ad:4b:8e:be:a7:
         68:25:80:31:e9:cf:6d:c2:56:f5:02:6a:85:62:fd:33:ca:fa:
         75:2b:e1:d3:5d:05:d0:5a:69:f2:3f:da:40:bf:d9:5a:40:e6:
         47:96:33:af:e0:6b:ab:2e:46:17:31:fc:3f:bf:e7:bd:fc:5f:
         de:7a:d6:75:3a:9a:70:76:06:d7:4d:ba:15:6b:12:42:68:cc:
         68:f3:0e:6d:f4:db:56:e5:ee:41:6e:97:2d:a1:f4:cd:5e:1f:
         21:bf:f0:ae:8d:d0:1b:6d:47:f9:5c:c4:2e:66:3f:fe:5e:6f:
         62:c9:d0:c7:9c:5c:d8:ab:00:d5:98:c6:93:76:27:d0:20:74:
         2d:13:cc:0a:05:7e:18:77:57:bc:48:48:54:a0:cf:26:af:73:
         56:20:f6:b8:e6:6b:be:fd:c0:4e:b7:86:29:a9:e3:ec:fd:80:
         11:46:c5:a8:be:19:6c:d6:04:ab:e9:2b:58:2b:6e:d1:3c:cf:
         b3:1a:0d:47:71:0d:f7:46:d7:1e:9d:df:21:26:f4:19:f6:40:
         0d:2c:3b:39:d9:95:77:cd:48:33:af:ed:08:db:fa:21:de:3e:
         4c:38:34:1f:a9:ca:de:77:a1:ea:37:3c:ff:85:40:55:d1:0a:
         d7:4f:03:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6ohRZvlbAF4tiTfhMAV5pVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMTA4YmQ1YWRkZmFiZjE1MWQ5MDc5ZTNkM2QzNDEyNjk2
NjZmYTcwHhcNMjQwNDA0MDk1MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTk1ZTI1ZDg4Yzc3MmVjMjY2ZDE4OWY4MmEzMTY3NjVmMGIyNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopIqkQupEZkA5ipRNgZ1iCq/cvr+
Y3LW2vfDeQVBJM5+WR5uBBCf0bnPaMG8t/PNvmFWTGXYQS7Fzhu6sBK+OitK7BUx
KbVT7iMR74roKotme1y1hG5yZHtsEN7ItTFJYhwP0D3AS1QfCGyQeyPTrtFVyGNU
ZOHZABY+3njPg1hmaMv5bTSoBpZ/LzzQ0WnJs0mDihImcVr0dbOKIrghvY+L9x/J
OOJizpWhOXgv7IZwTKR9wXehxWbH8SUoZcA5BHmx+BVHngUTUObvYzwqi+D9wKx7
7jjG1PPHugWha4boCEo399pWl4la/OQRWaMWpzFLFnUXKFj/Xz5iRaavaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPWV4l2Ix3LsJm0Yn4KjFnZfCyaNMB8GA1UdIwQY
MBaAFG8Qi9Wt36vxUdkHnj09NBJpZm+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4Nzgt
MDk3YjRkNmQ4MWU0LzEvOVpYaVhZakhjdXdtYlJpZmdxTVdkbDhMSm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4NzgtMDk3YjRkNmQ4MWU0
LzEvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZBzMA0E
AgACMAcDBQMqD6yAMA0GCSqGSIb3DQEBCwUAA4IBAQA07RTMnqiNIjBzbdOgrUuO
vqdoJYAx6c9twlb1AmqFYv0zyvp1K+HTXQXQWmnyP9pAv9laQOZHljOv4GurLkYX
Mfw/v+e9/F/eetZ1OppwdgbXTboVaxJCaMxo8w5t9NtW5e5BbpctofTNXh8hv/Cu
jdAbbUf5XMQuZj/+Xm9iydDHnFzYqwDVmMaTdifQIHQtE8wKBX4Yd1e8SEhUoM8m
r3NWIPa45mu+/cBOt4YpqePs/YARRsWovhls1gSr6StYK27RPM+zGg1HcQ33Rtce
nd8hJvQZ9kANLDs52ZV3zUgzr+0I2/oh3j5MODQfqcred6HqNzz/hUBV0QrXTwOV
-----END CERTIFICATE-----