Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/bOZT7nC0lQDiWVEALxMEze_2Cm4.roa
File:                     bOZT7nC0lQDiWVEALxMEze_2Cm4.roa (raw, json)
Hash identifier:          UByv5Om/vUn7BtjHNpptyUlhqgzfE1/NjjIqW87MHDQ=
Subject key identifier:   6C:E6:53:EE:70:B4:95:00:E2:59:51:00:2F:13:04:CD:EF:F6:0A:6E
Certificate issuer:       /CN=2f9cc6a3f4c2381930ba8d1af0d95abec09681e4
Certificate serial:       018CC501403FE9C8031DAD995F30BCE5378D
Authority key identifier: 2F:9C:C6:A3:F4:C2:38:19:30:BA:8D:1A:F0:D9:5A:BE:C0:96:81:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5zGo_TCOBkwuo0a8NlavsCWgeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/bOZT7nC0lQDiWVEALxMEze_2Cm4.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62416
IP address blocks:        185.32.188.0/22 maxlen: 24
                          185.222.8.0/22 maxlen: 24
                          2a00:c560::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/L5zGo_TCOBkwuo0a8NlavsCWgeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/L5zGo_TCOBkwuo0a8NlavsCWgeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5zGo_TCOBkwuo0a8NlavsCWgeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:40:3f:e9:c8:03:1d:ad:99:5f:30:bc:e5:37:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f9cc6a3f4c2381930ba8d1af0d95abec09681e4
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce653ee70b49500e25951002f1304cdeff60a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:d5:b8:09:c3:28:6f:13:a0:38:76:e6:8c:
                    9f:e5:20:98:2f:75:9a:f3:2b:d2:44:a2:9c:52:50:
                    d8:78:ad:ff:f7:ec:36:01:10:bf:d2:39:80:3b:2d:
                    84:dd:65:89:18:59:ed:b7:b1:33:26:41:78:14:b6:
                    2e:41:9b:db:0b:b4:d8:29:b3:6f:7f:07:b8:5c:39:
                    24:94:4a:a4:96:a2:f0:3a:13:62:cf:4b:18:a1:de:
                    81:c6:db:3f:5e:58:97:44:de:c3:60:2a:65:2b:10:
                    10:09:22:99:fa:c3:56:38:16:6e:3b:7f:46:5e:a9:
                    a3:fc:f8:ec:69:9a:7e:20:c3:5d:7a:87:f7:a2:b9:
                    80:a2:e5:35:e7:00:56:6e:1c:fd:43:23:9e:16:5a:
                    8f:e9:0a:fe:72:ec:24:72:85:0c:3c:48:3e:71:57:
                    61:fa:41:d1:d6:8b:92:75:68:46:3f:e3:f9:b8:ad:
                    e5:27:d5:fc:70:fa:1f:bc:f4:e4:a7:41:5c:de:61:
                    86:9d:09:34:b5:cc:2b:67:c2:f9:9e:20:40:1b:bb:
                    a8:50:02:72:5a:3f:ba:2e:e7:34:1e:c4:b3:36:61:
                    79:31:f5:45:32:b9:94:67:bc:56:64:b3:34:55:7f:
                    91:07:33:4d:6b:23:00:90:dd:48:26:c7:b1:b9:80:
                    8e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E6:53:EE:70:B4:95:00:E2:59:51:00:2F:13:04:CD:EF:F6:0A:6E
            X509v3 Authority Key Identifier:
                keyid:2F:9C:C6:A3:F4:C2:38:19:30:BA:8D:1A:F0:D9:5A:BE:C0:96:81:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5zGo_TCOBkwuo0a8NlavsCWgeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/bOZT7nC0lQDiWVEALxMEze_2Cm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/424dcb-1221-4e42-ba0e-a4dc5559d449/1/L5zGo_TCOBkwuo0a8NlavsCWgeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.188.0/22
                  185.222.8.0/22
                IPv6:
                  2a00:c560::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:77:52:59:4a:c4:b5:01:e1:3b:14:10:61:50:55:c2:e4:09:
         08:14:31:2f:91:a8:c4:99:70:03:ca:72:ab:20:b9:1c:b4:9c:
         01:e6:d4:e7:e7:48:55:14:ea:8a:55:2b:24:21:66:57:dd:bc:
         e3:1a:09:6a:45:38:de:aa:25:db:12:9d:8f:f4:f1:80:2e:82:
         fb:68:19:23:45:be:f7:8f:8b:26:f4:fc:8c:a4:a9:84:5d:a9:
         8c:46:6b:2b:e6:20:b4:b8:cd:af:30:eb:26:96:a2:34:ea:bf:
         85:85:81:68:d7:53:3a:6d:d8:e8:98:fb:1a:a0:fa:c1:f5:ac:
         5b:44:5b:4d:06:3b:bf:81:36:64:36:2a:d3:0d:7f:c9:61:78:
         cc:6b:26:c9:0c:d9:a3:c7:bb:83:8a:b0:e5:11:e8:0e:00:dd:
         5b:07:60:0b:27:e3:cb:9a:0c:67:19:7b:9b:9c:3f:12:1d:36:
         24:27:52:22:e7:43:78:60:9a:63:b5:c6:92:c1:dc:f6:42:c7:
         f2:e9:0a:70:b5:b5:a8:81:df:09:3f:f3:c3:96:14:84:9d:fe:
         74:26:67:c9:51:85:01:84:d6:c7:cf:5f:eb:7b:bc:75:b4:d4:
         7c:25:d4:63:a1:14:a2:7e:30:e6:87:08:d4:98:e0:c2:70:e9:
         97:e0:d4:3c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAUA/6cgDHa2ZXzC85TeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOWNjNmEzZjRjMjM4MTkzMGJhOGQxYWYwZDk1YWJlYzA5
NjgxZTQwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2U2NTNlZTcwYjQ5NTAwZTI1OTUxMDAyZjEzMDRjZGVmZjYwYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ/VuAnDKG8ToDh25oyf5SCYL3Wa
8yvSRKKcUlDYeK3/9+w2ARC/0jmAOy2E3WWJGFntt7EzJkF4FLYuQZvbC7TYKbNv
fwe4XDkklEqklqLwOhNiz0sYod6Bxts/XliXRN7DYCplKxAQCSKZ+sNWOBZuO39G
Xqmj/PjsaZp+IMNdeof3ormAouU15wBWbhz9QyOeFlqP6Qr+cuwkcoUMPEg+cVdh
+kHR1ouSdWhGP+P5uK3lJ9X8cPofvPTkp0Fc3mGGnQk0tcwrZ8L5niBAG7uoUAJy
Wj+6Luc0HsSzNmF5MfVFMrmUZ7xWZLM0VX+RBzNNayMAkN1IJsexuYCOOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGzmU+5wtJUA4llRAC8TBM3v9gpuMB8GA1UdIwQY
MBaAFC+cxqP0wjgZMLqNGvDZWr7AloHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDV6R29fVENPQmt3dW8wYThObGF2c0NXZ2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80MjRkY2ItMTIyMS00ZTQyLWJhMGUt
YTRkYzU1NTlkNDQ5LzEvYk9aVDduQzBsUURpV1ZFQUx4TUV6ZV8yQ200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80MjRkY2ItMTIyMS00ZTQyLWJhMGUtYTRkYzU1NTlkNDQ5
LzEvTDV6R29fVENPQmt3dW8wYThObGF2c0NXZ2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSC8AwQC
ud4IMA0EAgACMAcDBQMqAMVgMA0GCSqGSIb3DQEBCwUAA4IBAQAtd1JZSsS1AeE7
FBBhUFXC5AkIFDEvkajEmXADynKrILkctJwB5tTn50hVFOqKVSskIWZX3bzjGglq
RTjeqiXbEp2P9PGALoL7aBkjRb73j4sm9PyMpKmEXamMRmsr5iC0uM2vMOsmlqI0
6r+FhYFo11M6bdjomPsaoPrB9axbRFtNBju/gTZkNirTDX/JYXjMaybJDNmjx7uD
irDlEegOAN1bB2ALJ+PLmgxnGXubnD8SHTYkJ1Ii50N4YJpjtcaSwdz2Qsfy6Qpw
tbWogd8JP/PDlhSEnf50JmfJUYUBhNbHz1/re7x1tNR8JdRjoRSifjDmhwjUmODC
cOmX4NQ8
-----END CERTIFICATE-----