Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/n7CohpgT9tKFwXYpG-MwPe_YfTg.roa
File:                     n7CohpgT9tKFwXYpG-MwPe_YfTg.roa (raw, json)
Hash identifier:          K4BJgCy0BclsNiwbEu4G9O0u/79whwJv8WBopKVv6sk=
Subject key identifier:   9F:B0:A8:86:98:13:F6:D2:85:C1:76:29:1B:E3:30:3D:EF:D8:7D:38
Certificate issuer:       /CN=96d7ba651403d18dddb7a74b20ddc21deb94220e
Certificate serial:       018CC2DB18DE6844413F76043EA8DA1CF73B
Authority key identifier: 96:D7:BA:65:14:03:D1:8D:DD:B7:A7:4B:20:DD:C2:1D:EB:94:22:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/n7CohpgT9tKFwXYpG-MwPe_YfTg.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29684
IP address blocks:        185.205.24.0/22 maxlen: 24
                          185.205.24.0/24 maxlen: 24
                          185.205.25.0/24 maxlen: 24
                          185.205.26.0/24 maxlen: 24
                          185.205.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:18:de:68:44:41:3f:76:04:3e:a8:da:1c:f7:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96d7ba651403d18dddb7a74b20ddc21deb94220e
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fb0a8869813f6d285c176291be3303defd87d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:33:2b:14:1f:04:4b:51:df:e9:7c:44:ae:54:
                    67:81:01:84:07:fa:c1:9c:da:44:0e:34:a9:23:9b:
                    f9:a7:6e:4b:19:d0:be:e8:e0:b8:8a:71:43:83:71:
                    97:01:fe:c5:f7:a9:83:43:6c:3f:dc:53:93:2c:9c:
                    4f:8f:30:36:b9:cb:ff:5d:81:1a:4f:3d:2e:6b:d0:
                    88:35:b8:7b:c9:61:53:c2:63:bf:b6:ac:31:cd:8d:
                    dc:cf:76:f9:80:b3:bc:ba:8b:41:9f:1c:a1:38:18:
                    33:4e:35:0b:33:cf:e6:38:c5:fa:6a:fb:73:8d:58:
                    09:1d:25:45:dc:be:5d:53:31:f3:69:bd:7f:f0:9b:
                    93:2d:90:37:5b:54:22:86:64:e2:fc:eb:f8:95:20:
                    37:5f:cf:5b:12:7f:4d:ed:70:5f:4e:8c:a2:f6:bf:
                    01:0e:8b:a1:25:50:c7:db:ac:07:39:53:42:f7:6b:
                    5e:35:99:8d:29:1d:7a:96:4a:c2:53:3b:cd:35:cf:
                    58:93:bb:39:2d:ee:c7:f8:fc:a9:a1:84:3f:e5:ad:
                    1d:34:0a:62:f3:61:21:bb:f1:0a:3d:11:f1:5f:cf:
                    cb:98:c0:19:6c:50:7d:bf:44:2f:6e:58:0e:e0:1b:
                    51:5c:f2:9c:38:b8:68:0e:86:ce:ae:3a:91:56:68:
                    49:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B0:A8:86:98:13:F6:D2:85:C1:76:29:1B:E3:30:3D:EF:D8:7D:38
            X509v3 Authority Key Identifier:
                keyid:96:D7:BA:65:14:03:D1:8D:DD:B7:A7:4B:20:DD:C2:1D:EB:94:22:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/n7CohpgT9tKFwXYpG-MwPe_YfTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/0d33c9-6a84-4ce3-81b0-418af90acb8a/1/lte6ZRQD0Y3dt6dLIN3CHeuUIg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:15:39:6d:1d:41:04:c2:4b:b2:8c:ec:fc:c3:8c:bc:ce:7d:
         7d:13:0b:37:e1:a0:41:d6:ff:ec:5d:38:12:18:8c:9f:87:eb:
         a7:de:6c:3f:d8:22:f3:68:8d:fb:8c:72:2a:59:88:0d:0e:42:
         e4:09:58:c1:6f:0f:8f:3d:04:3f:77:70:56:73:0b:52:f7:c5:
         93:26:f9:c9:46:5a:0a:cf:30:35:c9:ec:de:9d:54:be:fe:e9:
         04:2d:7a:91:ca:83:2a:b7:6c:2f:21:77:d3:75:0f:82:4a:ff:
         49:00:96:62:b3:4c:fc:ac:0b:31:68:88:1b:3a:cf:80:2e:bf:
         7c:21:49:5f:27:57:d2:e4:31:dc:42:e4:a2:4e:50:cb:b2:d7:
         89:f8:da:76:a9:26:ae:8a:7a:03:c0:f5:21:1b:7c:62:b5:15:
         c6:3b:d0:58:0e:f5:c0:a3:a5:08:d2:37:7d:a0:39:18:df:f1:
         f7:ff:cf:2e:e0:2e:66:f8:01:8d:40:dc:76:96:43:a2:9b:e8:
         c1:a9:09:69:ce:2f:7d:0a:72:72:ef:e1:79:61:bd:8c:c4:a8:
         43:6b:8e:c5:80:ef:ff:61:71:22:d5:42:50:00:e5:6a:b4:81:
         35:f3:fb:58:c3:e4:f6:cb:99:46:8b:35:ef:f9:18:64:05:ed:
         6e:22:58:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xjeaERBP3YEPqjaHPc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZDdiYTY1MTQwM2QxOGRkZGI3YTc0YjIwZGRjMjFkZWI5
NDIyMGUwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmIwYTg4Njk4MTNmNmQyODVjMTc2MjkxYmUzMzAzZGVmZDg3ZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDMrFB8ES1Hf6XxErlRngQGEB/rB
nNpEDjSpI5v5p25LGdC+6OC4inFDg3GXAf7F96mDQ2w/3FOTLJxPjzA2ucv/XYEa
Tz0ua9CINbh7yWFTwmO/tqwxzY3cz3b5gLO8uotBnxyhOBgzTjULM8/mOMX6avtz
jVgJHSVF3L5dUzHzab1/8JuTLZA3W1QihmTi/Ov4lSA3X89bEn9N7XBfToyi9r8B
DouhJVDH26wHOVNC92teNZmNKR16lkrCUzvNNc9Yk7s5Le7H+PypoYQ/5a0dNApi
82Ehu/EKPRHxX8/LmMAZbFB9v0QvblgO4BtRXPKcOLhoDobOrjqRVmhJ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+wqIaYE/bShcF2KRvjMD3v2H04MB8GA1UdIwQY
MBaAFJbXumUUA9GN3benSyDdwh3rlCIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHRlNlpSUUQwWTNkdDZkTElOM0NIZXVVSWc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8wZDMzYzktNmE4NC00Y2UzLTgxYjAt
NDE4YWY5MGFjYjhhLzEvbjdDb2hwZ1Q5dEtGd1hZcEctTXdQZV9ZZlRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8wZDMzYzktNmE4NC00Y2UzLTgxYjAtNDE4YWY5MGFjYjhh
LzEvbHRlNlpSUUQwWTNkdDZkTElOM0NIZXVVSWc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc0YMA0G
CSqGSIb3DQEBCwUAA4IBAQAdFTltHUEEwkuyjOz8w4y8zn19Ews34aBB1v/sXTgS
GIyfh+un3mw/2CLzaI37jHIqWYgNDkLkCVjBbw+PPQQ/d3BWcwtS98WTJvnJRloK
zzA1yezenVS+/ukELXqRyoMqt2wvIXfTdQ+CSv9JAJZis0z8rAsxaIgbOs+ALr98
IUlfJ1fS5DHcQuSiTlDLsteJ+Np2qSauinoDwPUhG3xitRXGO9BYDvXAo6UI0jd9
oDkY3/H3/88u4C5m+AGNQNx2lkOim+jBqQlpzi99CnJy7+F5Yb2MxKhDa47FgO//
YXEi1UJQAOVqtIE18/tYw+T2y5lGizXv+RhkBe1uIlgw
-----END CERTIFICATE-----