Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/lwOTX2_KYkQLlPIhnCQV7dS98Vk.roa
File:                     lwOTX2_KYkQLlPIhnCQV7dS98Vk.roa (raw, json)
Hash identifier:          0rKUDa8Jwe0Chwcry2HnVPh6vIHyEP3lgV6QV0WPz9s=
Subject key identifier:   97:03:93:5F:6F:CA:62:44:0B:94:F2:21:9C:24:15:ED:D4:BD:F1:59
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       01918F6C916BDAB48364F9D9C29672759AAA
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/lwOTX2_KYkQLlPIhnCQV7dS98Vk.roa
Signing time:             Mon 26 Aug 2024 16:02:22 +0000
ROA not before:           Mon 26 Aug 2024 16:02:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.183.244.0/23 maxlen: 24
                          185.183.246.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:6c:91:6b:da:b4:83:64:f9:d9:c2:96:72:75:9a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: Aug 26 16:02:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9703935f6fca62440b94f2219c2415edd4bdf159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:86:1e:c1:17:a4:92:40:49:f2:d4:b6:c8:4a:
                    73:1b:4e:e1:bc:9e:7d:04:54:aa:aa:d0:68:e4:fb:
                    74:bf:4a:0b:c1:1f:0f:ea:8c:35:8a:40:d4:ae:61:
                    2a:e0:d5:00:26:4a:de:d8:95:2b:6b:6a:08:5f:7e:
                    b6:f4:89:d4:67:e8:2c:8a:65:63:64:f5:58:9f:e9:
                    24:12:54:b2:ec:85:b8:5a:96:ae:b0:7c:cb:ca:1b:
                    b9:08:b2:4b:e7:cc:5b:dd:f2:eb:e3:2c:a4:ef:b1:
                    2c:93:63:aa:0c:16:93:8d:c4:58:46:3e:7a:f5:d6:
                    96:ee:91:93:db:ff:bb:65:e2:fd:72:4f:39:fd:3e:
                    6d:bc:06:bb:ec:87:f3:a3:37:b2:f4:44:9c:67:fe:
                    07:ed:70:d9:d5:cb:c9:4a:4e:d9:6d:f6:d3:0c:d6:
                    03:ee:a7:a1:26:82:17:87:ee:cf:d8:44:ff:93:90:
                    5a:8a:55:19:9b:62:a3:7a:a6:0c:00:a8:d0:34:c0:
                    9f:b8:ce:0c:79:28:60:7d:94:60:97:9b:b5:4c:c2:
                    80:a5:d8:af:a1:aa:1d:e0:10:68:cc:f5:2d:57:8b:
                    37:81:f1:3f:fb:dc:d8:fc:3e:51:dd:0a:8f:63:14:
                    94:8f:6e:e4:ba:b1:1e:60:6f:2c:f8:85:5b:b9:2e:
                    54:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:03:93:5F:6F:CA:62:44:0B:94:F2:21:9C:24:15:ED:D4:BD:F1:59
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/lwOTX2_KYkQLlPIhnCQV7dS98Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:b7:cf:7e:33:cd:ee:27:25:0b:80:bf:bd:5e:5e:ab:97:80:
         2b:bb:65:53:46:4c:6c:4f:95:ba:bc:ad:01:6e:c3:be:09:d6:
         87:e8:6b:6b:bb:f2:37:6f:8e:77:90:7a:56:78:c2:bc:7a:a4:
         a3:39:96:5c:1a:48:d3:f0:74:26:2d:b7:f8:67:90:ab:5c:b7:
         00:fd:8c:ca:65:7e:28:bc:2a:52:c9:99:3a:82:71:12:a1:80:
         67:ee:4f:94:a0:45:dc:f6:47:69:75:ce:cc:fc:7e:2a:e3:07:
         86:5b:79:d6:82:ec:d0:bd:a5:78:00:de:4d:3c:26:82:1f:a9:
         da:f8:c0:eb:52:db:1b:bb:ff:30:57:c4:d9:da:89:0e:32:05:
         4f:d9:5c:37:37:22:61:de:0e:33:5a:1b:e9:b3:ca:a5:33:ef:
         06:52:1b:76:23:c8:38:98:da:8e:91:4b:fe:ca:66:0d:d5:c2:
         1d:b4:56:c2:f0:59:b4:fc:33:f4:e4:59:2f:dd:03:74:5d:10:
         1c:97:82:71:c2:4e:74:e6:3c:d4:9a:31:ad:8b:70:43:ee:86:
         b0:24:24:3c:d9:f7:09:fe:cf:9f:8e:82:98:b7:25:56:49:4b:
         6c:23:cc:08:ee:e8:4e:17:e1:87:54:91:08:63:9c:e4:24:64:
         fe:88:7d:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGPbJFr2rSDZPnZwpZydZqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjQwODI2MTYwMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzAzOTM1ZjZmY2E2MjQ0MGI5NGYyMjE5YzI0MTVlZGQ0YmRmMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14YewRekkkBJ8tS2yEpzG07hvJ59
BFSqqtBo5Pt0v0oLwR8P6ow1ikDUrmEq4NUAJkre2JUra2oIX3629InUZ+gsimVj
ZPVYn+kkElSy7IW4WpausHzLyhu5CLJL58xb3fLr4yyk77Esk2OqDBaTjcRYRj56
9daW7pGT2/+7ZeL9ck85/T5tvAa77Ifzozey9EScZ/4H7XDZ1cvJSk7ZbfbTDNYD
7qehJoIXh+7P2ET/k5BailUZm2KjeqYMAKjQNMCfuM4MeShgfZRgl5u1TMKApdiv
oaod4BBozPUtV4s3gfE/+9zY/D5R3QqPYxSUj27kurEeYG8s+IVbuS5UpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcDk19vymJEC5TyIZwkFe3UvfFZMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvbHdPVFgyX0tZa1FMbFBJaG5DUVY3ZFM5OFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubf0MA0G
CSqGSIb3DQEBCwUAA4IBAQAKt89+M83uJyULgL+9Xl6rl4Aru2VTRkxsT5W6vK0B
bsO+CdaH6Gtru/I3b453kHpWeMK8eqSjOZZcGkjT8HQmLbf4Z5CrXLcA/YzKZX4o
vCpSyZk6gnESoYBn7k+UoEXc9kdpdc7M/H4q4weGW3nWguzQvaV4AN5NPCaCH6na
+MDrUtsbu/8wV8TZ2okOMgVP2Vw3NyJh3g4zWhvps8qlM+8GUht2I8g4mNqOkUv+
ymYN1cIdtFbC8Fm0/DP05Fkv3QN0XRAcl4Jxwk505jzUmjGti3BD7oawJCQ82fcJ
/s+fjoKYtyVWSUtsI8wI7uhOF+GHVJEIY5zkJGT+iH2v
-----END CERTIFICATE-----