Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2s6waty-s4B28B3ETvK2JlQGulY.roa
File:                     2s6waty-s4B28B3ETvK2JlQGulY.roa (raw, json)
Hash identifier:          n7tm8BwUWfE00j/Cg3aEJULLdH1Hxz1MjCagf0/3jqU=
Subject key identifier:   DA:CE:B0:6A:DC:BE:B3:80:76:F0:1D:C4:4E:F2:B6:26:54:06:BA:56
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD2C28C95AF1DAB4F396B2F8EF0E7
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2s6waty-s4B28B3ETvK2JlQGulY.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205888
IP address blocks:        185.202.188.0/22 maxlen: 24
                          79.142.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d2:c2:8c:95:af:1d:ab:4f:39:6b:2f:8e:f0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daceb06adcbeb38076f01dc44ef2b6265406ba56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1a:b9:b4:7a:b1:72:c8:38:17:6c:61:f8:aa:
                    c0:0e:b8:2e:a8:a9:f2:1a:0b:dc:d4:ad:f5:b5:17:
                    24:16:fc:fe:54:67:75:08:a1:ec:b1:92:22:16:87:
                    00:9b:ae:10:3f:59:78:e6:b7:78:8b:c6:0e:da:40:
                    2d:b9:43:29:5d:ff:0a:18:8e:4d:35:74:f5:de:df:
                    00:e1:29:5d:cd:6a:08:b9:76:1d:76:4e:fd:cf:de:
                    d7:47:b6:0a:a0:97:0a:97:c2:48:eb:5a:f4:2d:19:
                    9e:af:2d:82:be:f0:a6:cc:80:d7:9f:5b:8d:08:f7:
                    20:62:fa:b2:e6:56:27:fa:7d:ad:fb:3b:91:49:3c:
                    d5:04:65:7c:69:74:a1:8d:53:3a:79:97:9d:84:98:
                    95:bd:df:e5:d5:79:03:54:c8:ff:19:c6:d9:1f:3d:
                    a5:e3:24:40:4a:fa:84:55:7e:2e:a3:3e:02:05:bb:
                    39:f4:63:fb:da:dd:34:49:9c:6f:e9:4e:f4:71:b4:
                    f7:ad:17:36:3b:ce:5d:70:75:31:72:42:12:32:6c:
                    6d:9d:50:8a:92:ce:52:6b:85:eb:cf:c1:3c:c2:27:
                    6e:0e:43:ff:37:10:c0:9a:14:0c:5f:76:8a:af:da:
                    f8:38:38:da:22:82:44:e8:c0:bd:b5:df:29:89:45:
                    6a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CE:B0:6A:DC:BE:B3:80:76:F0:1D:C4:4E:F2:B6:26:54:06:BA:56
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2s6waty-s4B28B3ETvK2JlQGulY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.184.0/22
                  185.202.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:6a:10:22:09:f5:29:3e:fa:65:51:57:8f:cb:00:ec:24:4a:
         ad:cc:b9:61:43:74:d2:58:fd:2e:df:3d:e5:89:de:a7:6d:47:
         70:98:a6:68:03:6a:3a:5c:5c:9d:10:6a:8e:25:1a:af:87:48:
         e6:84:d1:a8:08:aa:23:ab:4d:0f:09:f5:14:09:3a:87:66:ec:
         c1:30:4e:dd:9f:cf:20:5e:d6:1c:45:98:0c:b1:f9:c7:5d:7d:
         a2:e3:18:b5:a4:c8:13:f9:31:9b:89:88:e7:5d:bf:52:aa:25:
         55:ea:bf:9e:fb:8c:6d:cb:98:c7:82:26:af:1b:71:d1:ff:f0:
         78:62:f7:5c:bc:0e:4b:23:e5:48:de:97:f4:c3:8d:96:7a:e2:
         bf:ac:c8:97:e8:bf:7d:36:fc:75:96:17:64:98:53:88:87:61:
         6c:b5:bf:84:2f:4b:68:73:34:6f:43:7f:0e:4d:49:89:9d:00:
         bb:c9:63:cc:25:4f:04:46:d5:fb:dd:9d:1e:61:05:84:c7:11:
         71:4f:41:2d:16:40:ea:77:d6:ec:51:06:a7:dd:73:da:38:ac:
         2b:75:ea:f9:5c:72:26:b8:93:69:f1:71:c8:73:b5:70:de:8d:
         84:4b:3a:e9:0c:04:c1:c7:ae:5f:47:aa:f5:58:68:3d:ed:9a:
         75:70:12:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tLCjJWvHatPOWsvjvDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNlYjA2YWRjYmViMzgwNzZmMDFkYzQ0ZWYyYjYyNjU0MDZiYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBq5tHqxcsg4F2xh+KrADrguqKny
Ggvc1K31tRckFvz+VGd1CKHssZIiFocAm64QP1l45rd4i8YO2kAtuUMpXf8KGI5N
NXT13t8A4SldzWoIuXYddk79z97XR7YKoJcKl8JI61r0LRmery2CvvCmzIDXn1uN
CPcgYvqy5lYn+n2t+zuRSTzVBGV8aXShjVM6eZedhJiVvd/l1XkDVMj/GcbZHz2l
4yRASvqEVX4uoz4CBbs59GP72t00SZxv6U70cbT3rRc2O85dcHUxckISMmxtnVCK
ks5Sa4Xrz8E8widuDkP/NxDAmhQMX3aKr9r4ODjaIoJE6MC9td8piUVq9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNrOsGrcvrOAdvAdxE7ytiZUBrpWMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvMnM2d2F0eS1zNEIyOEIzRVR2SzJKbFFHdWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCT464AwQC
ucq8MA0GCSqGSIb3DQEBCwUAA4IBAQBNahAiCfUpPvplUVePywDsJEqtzLlhQ3TS
WP0u3z3lid6nbUdwmKZoA2o6XFydEGqOJRqvh0jmhNGoCKojq00PCfUUCTqHZuzB
ME7dn88gXtYcRZgMsfnHXX2i4xi1pMgT+TGbiYjnXb9SqiVV6r+e+4xty5jHgiav
G3HR//B4YvdcvA5LI+VI3pf0w42WeuK/rMiX6L99Nvx1lhdkmFOIh2Fstb+EL0to
czRvQ38OTUmJnQC7yWPMJU8ERtX73Z0eYQWExxFxT0EtFkDqd9bsUQan3XPaOKwr
der5XHImuJNp8XHIc7Vw3o2ESzrpDATBx65fR6r1WGg97Zp1cBJ4
-----END CERTIFICATE-----