Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-qv6TdAh2IXjlHW-yxfcCKMjj4M.roa
File:                     1-qv6TdAh2IXjlHW-yxfcCKMjj4M.roa (raw, json)
Hash identifier:          ITife9FdnAdIJ7qmFwN3vjzUvzxQEEmRyLGXxUfAUmQ=
Subject key identifier:   FA:AB:FA:4D:D0:21:D8:85:E3:94:75:BE:CB:17:DC:08:A3:23:8F:83
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E9E718DC904ED431FD21FA6F9E004F49C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-qv6TdAh2IXjlHW-yxfcCKMjj4M.roa
Signing time:             Tue 02 Apr 2024 10:53:45 +0000
ROA not before:           Tue 02 Apr 2024 10:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        185.126.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:71:8d:c9:04:ed:43:1f:d2:1f:a6:f9:e0:04:f4:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr  2 10:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faabfa4dd021d885e39475becb17dc08a3238f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:62:9b:3e:54:10:a9:ba:d2:48:89:5c:e6:69:
                    a3:95:88:14:cf:30:b9:dc:40:cd:c3:36:b6:09:92:
                    1f:d1:54:32:e3:79:3c:a9:a9:67:bc:96:b3:92:ba:
                    ed:76:e1:3a:41:20:e7:83:ec:18:3b:2e:68:8e:79:
                    1d:c9:60:89:4a:b0:e7:eb:80:81:4b:dd:68:26:fe:
                    07:56:bd:53:8c:48:33:a7:d1:a7:84:06:09:0c:45:
                    17:35:fb:5e:67:b7:5f:d3:3a:50:5e:ac:46:6a:8d:
                    42:ba:20:c0:80:3e:f3:6e:c8:c8:df:c6:7c:af:42:
                    11:0c:dc:ae:a7:8b:5b:a3:21:da:83:9b:96:e8:f5:
                    ce:ee:f2:9b:32:2b:32:41:b6:03:83:86:82:03:41:
                    05:f7:c3:9e:7a:0a:7c:30:b9:3d:90:0d:d0:1d:c1:
                    b8:62:06:c1:78:c5:0a:d9:aa:29:cb:a0:a7:1d:cf:
                    46:b4:7d:f8:9c:90:8b:1c:97:d6:ab:4e:7a:c7:ff:
                    aa:eb:08:9b:da:0b:c5:6c:a4:e4:15:14:0a:71:86:
                    f8:1c:55:65:ef:b3:51:3c:ac:b7:dd:cf:26:15:84:
                    b7:b0:b1:1a:7a:c7:1f:4b:c8:72:96:f5:bd:23:d3:
                    93:0d:15:01:e0:13:35:49:70:f1:a4:3b:09:9d:67:
                    45:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AB:FA:4D:D0:21:D8:85:E3:94:75:BE:CB:17:DC:08:A3:23:8F:83
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-qv6TdAh2IXjlHW-yxfcCKMjj4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:80:c9:94:28:c5:1f:27:81:72:4a:f5:cc:40:44:c8:17:15:
         e9:97:5a:31:6f:db:0c:cd:82:e2:02:56:b9:ca:ef:53:7c:91:
         c3:8f:20:16:2f:e7:27:e7:1f:2b:1c:60:fb:8e:9f:d8:c6:bb:
         2a:f0:fb:cc:36:c7:2e:28:bd:76:2c:45:9b:e9:51:76:a4:88:
         7a:f9:a0:e4:be:ce:48:38:5b:fc:a4:80:f9:2f:07:3f:73:93:
         58:9d:16:9a:64:2a:66:90:67:81:f0:51:ff:96:09:27:03:8f:
         33:fb:18:9d:08:2c:f8:62:3f:e7:f5:0d:25:68:27:2f:09:24:
         22:36:5a:54:4e:15:8f:b2:3e:61:25:ae:8c:2a:0e:fd:2e:47:
         87:35:07:3a:89:ab:de:77:0e:5b:e3:68:42:3a:c8:3d:d1:af:
         71:3f:2c:35:a3:dd:87:b1:3d:90:90:29:17:e4:df:85:82:70:
         a5:7e:61:82:91:c3:da:6c:22:6f:87:51:7c:2c:a2:ed:7d:a1:
         31:a4:aa:91:1a:c1:26:d9:60:11:df:86:69:2e:60:94:4e:02:
         37:f1:b6:0f:40:1b:22:10:57:6f:1b:ca:1d:c1:3c:8b:8d:61:
         fa:82:72:eb:0c:e4:b5:65:51:e4:1d:21:3e:bb:09:df:8b:7d:
         75:8c:c6:83
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6ecY3JBO1DH9IfpvngBPScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDAyMTA1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFiZmE0ZGQwMjFkODg1ZTM5NDc1YmVjYjE3ZGMwOGEzMjM4ZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GKbPlQQqbrSSIlc5mmjlYgUzzC5
3EDNwza2CZIf0VQy43k8qalnvJazkrrtduE6QSDng+wYOy5ojnkdyWCJSrDn64CB
S91oJv4HVr1TjEgzp9GnhAYJDEUXNfteZ7df0zpQXqxGao1CuiDAgD7zbsjI38Z8
r0IRDNyup4tboyHag5uW6PXO7vKbMisyQbYDg4aCA0EF98Oeegp8MLk9kA3QHcG4
YgbBeMUK2aopy6CnHc9GtH34nJCLHJfWq056x/+q6wib2gvFbKTkFRQKcYb4HFVl
77NRPKy33c8mFYS3sLEaescfS8hylvW9I9OTDRUB4BM1SXDxpDsJnWdFLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqr+k3QIdiF45R1vssX3AijI4+DMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMS1xdjZUZEFoMklYamxIVy15eGZjQ0tNamo0TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFi
Yy8xL1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl+UjAN
BgkqhkiG9w0BAQsFAAOCAQEAOoDJlCjFHyeBckr1zEBEyBcV6ZdaMW/bDM2C4gJW
ucrvU3yRw48gFi/nJ+cfKxxg+46f2Ma7KvD7zDbHLii9dixFm+lRdqSIevmg5L7O
SDhb/KSA+S8HP3OTWJ0WmmQqZpBngfBR/5YJJwOPM/sYnQgs+GI/5/UNJWgnLwkk
IjZaVE4Vj7I+YSWujCoO/S5HhzUHOomr3ncOW+NoQjrIPdGvcT8sNaPdh7E9kJAp
F+TfhYJwpX5hgpHD2mwib4dRfCyi7X2hMaSqkRrBJtlgEd+GaS5glE4CN/G2D0Ab
IhBXbxvKHcE8i41h+oJy6wzktWVR5B0hPrsJ34t9dYzGgw==
-----END CERTIFICATE-----