Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/0L2OYrO-uXcW58XziOWZyf58yI8.roa
File:                     0L2OYrO-uXcW58XziOWZyf58yI8.roa (raw, json)
Hash identifier:          IE68Kc7rUBnajE1ESNYxj6dG+AY5R9OKM2SWZNocFqo=
Subject key identifier:   D0:BD:8E:62:B3:BE:B9:77:16:E7:C5:F3:88:E5:99:C9:FE:7C:C8:8F
Certificate issuer:       /CN=5b066db8ae1655fc3d8a4aa99ebbd93a3fe0e3e4
Certificate serial:       018CC8DEF3282E552084DD85D446C44C4361
Authority key identifier: 5B:06:6D:B8:AE:16:55:FC:3D:8A:4A:A9:9E:BB:D9:3A:3F:E0:E3:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/0L2OYrO-uXcW58XziOWZyf58yI8.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25264
IP address blocks:        185.105.186.0/24 maxlen: 24
                          185.105.185.0/24 maxlen: 24
                          185.105.184.0/24 maxlen: 24
                          185.105.184.0/22 maxlen: 22
                          185.105.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f3:28:2e:55:20:84:dd:85:d4:46:c4:4c:43:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b066db8ae1655fc3d8a4aa99ebbd93a3fe0e3e4
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0bd8e62b3beb97716e7c5f388e599c9fe7cc88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b6:3f:a4:7a:35:a3:4b:ac:6f:38:de:40:66:
                    97:0b:da:a8:6f:64:e6:fb:88:31:66:70:84:bd:1e:
                    33:30:25:57:26:87:3d:54:57:31:c9:c0:03:0f:77:
                    c7:b5:b8:7b:07:44:b1:d5:80:73:c4:23:f3:aa:36:
                    4d:27:bf:3a:a8:1f:59:1b:6f:fd:21:a7:f3:8e:49:
                    bf:59:e8:61:58:f0:ec:4e:e8:bd:bd:b6:68:e0:dd:
                    d2:b4:e8:e1:56:a9:03:aa:fa:42:89:c7:96:db:f4:
                    d1:1e:b4:ff:fb:b3:df:59:e8:a4:62:20:c5:16:05:
                    3f:d4:fb:8c:d3:a5:ce:e1:86:b2:f1:e4:78:bd:58:
                    db:ef:3c:36:99:bb:cc:98:f0:03:4b:8a:e6:50:af:
                    9a:dc:ba:e3:79:bd:7e:f2:f2:7f:c1:bf:a6:01:72:
                    c9:1a:09:25:18:96:cd:24:5c:81:57:16:0b:df:5e:
                    31:73:8d:4d:6f:95:9c:b0:c9:2e:c0:79:59:a6:bf:
                    d7:ab:2f:19:21:88:16:65:a5:f3:45:c2:07:c1:f7:
                    b9:fa:48:bb:85:5f:5f:7f:6e:48:c4:19:86:50:c5:
                    e6:c9:cc:8a:ee:3a:a8:c9:db:95:91:0c:dd:eb:32:
                    dd:52:45:fb:ab:09:3c:b6:f2:53:79:8c:bd:8b:f5:
                    8b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:BD:8E:62:B3:BE:B9:77:16:E7:C5:F3:88:E5:99:C9:FE:7C:C8:8F
            X509v3 Authority Key Identifier:
                keyid:5B:06:6D:B8:AE:16:55:FC:3D:8A:4A:A9:9E:BB:D9:3A:3F:E0:E3:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/0L2OYrO-uXcW58XziOWZyf58yI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0ff9e5-fbbe-4b3b-b938-9ceaa1b7a116/1/WwZtuK4WVfw9ikqpnrvZOj_g4-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:34:89:4e:12:14:42:86:95:d0:7f:db:06:ca:b3:79:57:41:
         5c:3b:29:47:fa:7a:88:e5:c6:92:54:fc:93:78:e8:39:85:c1:
         0b:05:58:49:f4:05:30:69:63:cc:1d:93:56:81:02:e6:99:2e:
         8a:7c:02:28:f5:69:8d:02:23:be:a6:bb:bc:c4:61:f4:0d:53:
         da:d2:18:e9:b2:6e:7f:ec:c6:b2:89:11:89:3d:a4:34:40:3d:
         35:45:3f:32:03:b1:76:26:74:b6:22:ee:f5:57:c4:d7:42:fd:
         4c:0b:1b:63:87:61:07:54:ab:0f:de:16:4e:4a:e7:8e:58:a4:
         2d:7c:8c:1d:e8:53:8a:cf:9f:7d:2a:eb:c6:86:9b:47:30:d7:
         37:0c:a7:51:d5:b1:74:f1:0f:d8:c1:9d:9f:88:a1:21:c2:cb:
         f5:4b:04:54:99:d9:3e:8a:9a:c9:c6:8d:56:aa:d7:bc:76:13:
         ea:05:52:d1:7e:0c:9c:74:e8:b2:97:bb:d3:2e:66:db:f3:4f:
         ea:0c:94:3b:bd:fa:db:25:ca:c1:c7:4b:2c:d1:e4:32:f3:32:
         71:cc:03:1e:ef:17:99:db:2a:d2:47:aa:64:6b:43:54:89:f4:
         7f:50:33:7d:4d:ff:25:29:50:57:e3:f1:56:9a:c5:5d:74:74:
         f5:1d:54:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vMoLlUghN2F1EbETENhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDY2ZGI4YWUxNjU1ZmMzZDhhNGFhOTllYmJkOTNhM2Zl
MGUzZTQwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGJkOGU2MmIzYmViOTc3MTZlN2M1ZjM4OGU1OTljOWZlN2NjODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLY/pHo1o0usbzjeQGaXC9qob2Tm
+4gxZnCEvR4zMCVXJoc9VFcxycADD3fHtbh7B0Sx1YBzxCPzqjZNJ786qB9ZG2/9
Iafzjkm/WehhWPDsTui9vbZo4N3StOjhVqkDqvpCiceW2/TRHrT/+7PfWeikYiDF
FgU/1PuM06XO4Yay8eR4vVjb7zw2mbvMmPADS4rmUK+a3Lrjeb1+8vJ/wb+mAXLJ
GgklGJbNJFyBVxYL314xc41Nb5WcsMkuwHlZpr/Xqy8ZIYgWZaXzRcIHwfe5+ki7
hV9ff25IxBmGUMXmycyK7jqoyduVkQzd6zLdUkX7qwk8tvJTeYy9i/WLXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNC9jmKzvrl3FufF84jlmcn+fMiPMB8GA1UdIwQY
MBaAFFsGbbiuFlX8PYpKqZ672To/4OPkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3dadHVLNFdWZnc5aWtxcG5ydlpPal9nNC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wZmY5ZTUtZmJiZS00YjNiLWI5Mzgt
OWNlYWExYjdhMTE2LzEvMEwyT1lyTy11WGNXNThYemlPV1p5ZjU4eUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wZmY5ZTUtZmJiZS00YjNiLWI5MzgtOWNlYWExYjdhMTE2
LzEvV3dadHVLNFdWZnc5aWtxcG5ydlpPal9nNC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWm4MA0G
CSqGSIb3DQEBCwUAA4IBAQA4NIlOEhRChpXQf9sGyrN5V0FcOylH+nqI5caSVPyT
eOg5hcELBVhJ9AUwaWPMHZNWgQLmmS6KfAIo9WmNAiO+pru8xGH0DVPa0hjpsm5/
7MayiRGJPaQ0QD01RT8yA7F2JnS2Iu71V8TXQv1MCxtjh2EHVKsP3hZOSueOWKQt
fIwd6FOKz599KuvGhptHMNc3DKdR1bF08Q/YwZ2fiKEhwsv1SwRUmdk+iprJxo1W
qte8dhPqBVLRfgycdOiyl7vTLmbb80/qDJQ7vfrbJcrBx0ss0eQy8zJxzAMe7xeZ
2yrSR6pka0NUifR/UDN9Tf8lKVBX4/FWmsVddHT1HVTf
-----END CERTIFICATE-----