Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/O6qCbdbzdFNwzilLYtqArToC1eg.roa
File:                     O6qCbdbzdFNwzilLYtqArToC1eg.roa (raw, json)
Hash identifier:          E22rSN05A7nB3xd0pV3h+thb0uAUsXas9Nl2yB61PGI=
Subject key identifier:   3B:AA:82:6D:D6:F3:74:53:70:CE:29:4B:62:DA:80:AD:3A:02:D5:E8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAA1DF619D2228897B8E075BD75F0
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/O6qCbdbzdFNwzilLYtqArToC1eg.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205135
IP address blocks:        185.229.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:aa:1d:f6:19:d2:22:88:97:b8:e0:75:bd:75:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3baa826dd6f3745370ce294b62da80ad3a02d5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5e:cd:f3:cd:cb:8d:9a:11:46:d4:6c:6a:cc:
                    ac:4a:57:18:04:8e:31:de:e8:ef:7a:d6:be:c1:df:
                    96:4e:79:8a:c9:ae:20:dc:0e:bf:9d:7f:84:16:74:
                    63:79:6f:3b:2f:d3:a5:e2:cc:cc:0a:72:85:76:46:
                    2f:89:be:a3:36:7d:92:9b:a9:db:e0:1e:b7:54:b6:
                    fd:0a:8a:e7:9f:cc:d9:cb:0b:30:0f:ca:54:2f:d0:
                    1c:5a:09:2c:7b:55:a6:68:d3:9b:21:8f:c6:d7:25:
                    e5:ae:65:fa:e8:b2:f3:d1:8d:df:7d:86:79:63:48:
                    c4:fd:c0:48:fa:55:88:3d:3d:78:20:4e:48:e9:4e:
                    23:f5:44:27:47:e2:ff:78:5f:a1:d2:a8:79:5f:65:
                    0b:df:78:b8:8c:6d:15:ee:b2:17:f0:c5:4b:4e:00:
                    2d:35:22:2a:85:e5:bc:80:1e:d1:3c:4f:c4:1a:43:
                    d0:a9:20:d9:c0:0c:7e:69:c4:0e:c3:7c:94:4d:9d:
                    06:41:c4:21:2e:f7:1c:30:38:0a:3c:63:87:9e:80:
                    f6:1f:6d:c4:d9:9e:28:4e:e8:df:1a:6e:f1:ee:b5:
                    18:c4:d6:ad:2f:9d:be:f5:5f:5b:6a:72:0f:c7:1d:
                    b3:0e:a3:f0:ad:b4:f2:05:75:9d:d5:b1:66:e8:ac:
                    ff:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AA:82:6D:D6:F3:74:53:70:CE:29:4B:62:DA:80:AD:3A:02:D5:E8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/O6qCbdbzdFNwzilLYtqArToC1eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:36:ca:c0:a9:a0:18:19:46:dc:30:f7:d0:19:eb:f6:e6:6d:
         7b:34:8b:56:ef:54:42:e2:cf:e5:b8:e3:64:bd:9a:92:43:a6:
         02:0a:46:db:8e:2e:69:50:a8:4a:a8:8d:b3:e8:0d:da:5f:1e:
         c6:6f:f0:a6:1f:d7:43:9f:17:94:5e:08:21:69:98:d8:61:3e:
         37:b4:85:03:28:aa:29:9a:25:c7:bc:f1:77:2d:b2:56:0a:33:
         a9:53:4a:6c:ec:0a:59:19:d7:52:82:b2:bc:d6:18:d5:3d:21:
         3e:1a:5d:4a:41:f1:eb:55:e8:77:23:82:c7:ae:8e:8a:55:8c:
         04:fe:ee:65:37:3f:83:fe:6a:1b:76:82:80:26:e1:40:10:66:
         92:6e:b7:c1:b8:66:58:01:b6:a2:5d:2a:5d:ce:b1:45:dc:68:
         a9:80:7a:18:7e:ea:69:31:e4:10:27:1b:c4:cb:19:f3:54:e3:
         02:98:ab:8b:fb:0c:ba:70:91:ec:37:85:90:27:6a:8b:15:3f:
         b6:4d:09:d9:f3:ed:be:0d:4c:ad:40:d3:93:1d:4d:ef:ad:27:
         ef:00:57:13:64:11:eb:66:a7:0f:d3:9b:5e:cc:3c:4b:c8:30:
         77:b7:d3:74:5f:03:0a:b0:6f:57:63:91:c9:58:f9:64:d6:fa:
         a7:79:b9:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36od9hnSIoiXuOB1vXXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmFhODI2ZGQ2ZjM3NDUzNzBjZTI5NGI2MmRhODBhZDNhMDJkNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF7N883LjZoRRtRsasysSlcYBI4x
3ujveta+wd+WTnmKya4g3A6/nX+EFnRjeW87L9Ol4szMCnKFdkYvib6jNn2Sm6nb
4B63VLb9Cornn8zZywswD8pUL9AcWgkse1WmaNObIY/G1yXlrmX66LLz0Y3ffYZ5
Y0jE/cBI+lWIPT14IE5I6U4j9UQnR+L/eF+h0qh5X2UL33i4jG0V7rIX8MVLTgAt
NSIqheW8gB7RPE/EGkPQqSDZwAx+acQOw3yUTZ0GQcQhLvccMDgKPGOHnoD2H23E
2Z4oTujfGm7x7rUYxNatL52+9V9banIPxx2zDqPwrbTyBXWd1bFm6Kz/5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuqgm3W83RTcM4pS2LagK06AtXoMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTzZxQ2JkYnpkRk53emlsTFl0cUFyVG9DMWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueVDMA0G
CSqGSIb3DQEBCwUAA4IBAQA7NsrAqaAYGUbcMPfQGev25m17NItW71RC4s/luONk
vZqSQ6YCCkbbji5pUKhKqI2z6A3aXx7Gb/CmH9dDnxeUXgghaZjYYT43tIUDKKop
miXHvPF3LbJWCjOpU0ps7ApZGddSgrK81hjVPSE+Gl1KQfHrVeh3I4LHro6KVYwE
/u5lNz+D/mobdoKAJuFAEGaSbrfBuGZYAbaiXSpdzrFF3GipgHoYfuppMeQQJxvE
yxnzVOMCmKuL+wy6cJHsN4WQJ2qLFT+2TQnZ8+2+DUytQNOTHU3vrSfvAFcTZBHr
ZqcP05tezDxLyDB3t9N0XwMKsG9XY5HJWPlk1vqnebnx
-----END CERTIFICATE-----