Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-SXy3u_YX9szH16xUzJLeA1T00o.roa
File:                     1-SXy3u_YX9szH16xUzJLeA1T00o.roa (raw, json)
Hash identifier:          3kcE8OIQEcV6WUTBNqp+0RYCnsZ95aaYGPM916PjVeI=
Subject key identifier:   F9:25:F2:DE:EF:D8:5F:DB:33:1F:5E:B1:53:32:4B:78:0D:53:D3:4A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E4242E9F125B9BBC9B429F4C3FD992484
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-SXy3u_YX9szH16xUzJLeA1T00o.roa
Signing time:             Fri 15 Mar 2024 13:17:45 +0000
ROA not before:           Fri 15 Mar 2024 13:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        185.199.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:42:e9:f1:25:b9:bb:c9:b4:29:f4:c3:fd:99:24:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 15 13:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f925f2deefd85fdb331f5eb153324b780d53d34a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ed:a5:a7:72:01:a3:b7:f5:48:73:4c:5d:3f:
                    60:45:3f:17:63:2e:18:7f:c1:c7:48:1a:46:31:f2:
                    8e:0a:e2:26:7f:0c:c3:0e:b7:16:86:24:e0:a1:ee:
                    26:aa:84:c9:ee:b1:ba:d6:0e:29:a7:bb:3c:09:44:
                    68:57:87:1a:24:77:eb:37:25:da:c4:bd:db:db:e8:
                    d8:36:6b:0c:80:08:4c:3e:ee:df:0f:25:0a:6d:3c:
                    96:b6:1d:a5:6f:66:0f:df:73:0b:76:0d:97:20:73:
                    9e:9c:c0:25:95:c7:e5:79:35:ff:73:99:c0:c9:ac:
                    67:5c:e2:85:08:a0:d9:3d:85:b8:0c:5a:a0:a7:34:
                    5e:84:b5:9c:8d:ea:80:63:7c:ba:53:ad:f0:8c:f4:
                    00:0e:c4:9a:36:bb:22:5f:0f:70:1c:70:8b:1f:fe:
                    59:fd:97:86:f1:fe:dc:84:68:93:5c:34:2a:1c:47:
                    a7:1b:62:93:8b:bd:e8:c5:5b:27:d2:a5:1c:85:e9:
                    87:1e:47:52:e9:b3:18:a0:d3:1d:8f:17:43:a1:2a:
                    24:ab:24:89:5f:bf:68:85:b6:e4:89:13:39:0b:05:
                    04:2e:f8:6f:13:53:2f:9c:e3:5b:37:75:71:4e:6a:
                    33:83:b1:f8:e0:ad:b1:2c:24:bf:a3:52:02:5f:13:
                    cf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:25:F2:DE:EF:D8:5F:DB:33:1F:5E:B1:53:32:4B:78:0D:53:D3:4A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-SXy3u_YX9szH16xUzJLeA1T00o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:43:65:6b:3d:24:55:8d:02:de:41:67:f6:ee:84:54:82:34:
         22:e2:80:91:2b:37:dd:e0:f1:7a:25:84:7a:ef:e0:05:2f:e9:
         7e:db:23:07:98:a9:1c:e8:a9:7e:ca:c8:f8:28:7d:3a:e7:8d:
         65:b4:2e:a9:8d:71:79:73:a8:29:cf:7b:90:7b:72:6d:01:70:
         77:f8:56:24:28:90:46:d2:08:b9:1e:b5:09:32:42:75:d7:72:
         59:2a:13:8a:fc:05:14:99:7e:91:89:1d:7a:e1:3b:0d:9c:4d:
         91:c7:25:e7:52:55:b0:10:99:f2:3a:eb:13:a0:a5:15:33:70:
         74:cc:a0:7a:71:30:85:0f:3b:77:78:03:d8:30:df:29:65:99:
         1a:c6:bf:6e:72:d7:9b:85:d6:c7:3e:2b:2f:d0:ca:35:ad:e2:
         1c:91:b2:f3:1c:31:db:be:52:67:79:f3:2b:1c:6a:4f:18:21:
         92:55:5c:96:d2:b9:ee:05:66:bc:8b:11:0e:b7:3c:33:ab:49:
         b2:ae:da:98:2b:20:45:9a:47:13:df:43:91:1c:8d:95:da:89:
         ff:8b:b5:3d:06:e9:ae:50:ea:08:b2:4c:a3:1b:c1:1f:4a:6e:
         9f:75:10:80:bd:0a:96:5e:f3:6e:b6:0b:e7:ea:f7:35:17:77:
         27:b5:be:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5CQunxJbm7ybQp9MP9mSSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzE1MTMxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTI1ZjJkZWVmZDg1ZmRiMzMxZjVlYjE1MzMyNGI3ODBkNTNkMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse2lp3IBo7f1SHNMXT9gRT8XYy4Y
f8HHSBpGMfKOCuImfwzDDrcWhiTgoe4mqoTJ7rG61g4pp7s8CURoV4caJHfrNyXa
xL3b2+jYNmsMgAhMPu7fDyUKbTyWth2lb2YP33MLdg2XIHOenMAllcfleTX/c5nA
yaxnXOKFCKDZPYW4DFqgpzRehLWcjeqAY3y6U63wjPQADsSaNrsiXw9wHHCLH/5Z
/ZeG8f7chGiTXDQqHEenG2KTi73oxVsn0qUchemHHkdS6bMYoNMdjxdDoSokqySJ
X79ohbbkiRM5CwUELvhvE1MvnONbN3VxTmozg7H44K2xLCS/o1ICXxPPtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkl8t7v2F/bMx9esVMyS3gNU9NKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMS1TWHkzdV9ZWDlzekgxNnhVekpMZUExVDAwby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFi
Yy8xL1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnHNjAN
BgkqhkiG9w0BAQsFAAOCAQEAE0Nlaz0kVY0C3kFn9u6EVII0IuKAkSs33eDxeiWE
eu/gBS/pftsjB5ipHOipfsrI+Ch9OueNZbQuqY1xeXOoKc97kHtybQFwd/hWJCiQ
RtIIuR61CTJCdddyWSoTivwFFJl+kYkdeuE7DZxNkccl51JVsBCZ8jrrE6ClFTNw
dMygenEwhQ87d3gD2DDfKWWZGsa/bnLXm4XWxz4rL9DKNa3iHJGy8xwx275SZ3nz
KxxqTxghklVcltK57gVmvIsRDrc8M6tJsq7amCsgRZpHE99DkRyNldqJ/4u1PQbp
rlDqCLJMoxvBH0pun3UQgL0Kll7zbrYL5+r3NRd3J7W+3Q==
-----END CERTIFICATE-----