Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2nZHBqDOcWH0FxTz6wytxPMMy-k.roa
File:                     2nZHBqDOcWH0FxTz6wytxPMMy-k.roa (raw, json)
Hash identifier:          6jeJMGt7qZxg4m0sMUJ06aE+yRVgYV55UKTs+4iwduA=
Subject key identifier:   DA:76:47:06:A0:CE:71:61:F4:17:14:F3:EB:0C:AD:C4:F3:0C:CB:E9
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018D74BB1F3FAE235097C70FDF4F23AA3698
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2nZHBqDOcWH0FxTz6wytxPMMy-k.roa
Signing time:             Sun 04 Feb 2024 15:27:16 +0000
ROA not before:           Sun 04 Feb 2024 15:27:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        185.220.248.0/24 maxlen: 24
                          185.234.22.0/24 maxlen: 24
                          185.238.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:74:bb:1f:3f:ae:23:50:97:c7:0f:df:4f:23:aa:36:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb  4 15:27:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da764706a0ce7161f41714f3eb0cadc4f30ccbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:96:73:69:60:0d:d3:f1:0a:50:f8:00:ef:44:
                    dc:46:af:a6:7e:a6:cd:13:78:b4:2e:63:25:00:7b:
                    7a:62:31:16:a3:d6:29:fd:d5:21:31:d8:55:54:80:
                    95:7a:50:15:28:76:68:9e:b3:1c:fc:a4:64:a7:f0:
                    3c:b0:af:af:e9:99:d1:c2:f8:04:df:8a:3b:92:fd:
                    8a:20:14:7f:ec:f9:12:28:d5:63:e9:af:91:65:1e:
                    2c:50:0b:cd:c6:b5:90:60:70:f5:9e:2d:eb:5f:08:
                    55:5d:13:47:bf:28:4f:0b:90:16:dd:ff:32:62:7c:
                    52:9f:a4:c3:61:b4:b7:ec:cf:80:77:68:64:9d:72:
                    27:8a:4c:0f:d4:a3:15:a8:1a:c7:28:fa:12:b5:1f:
                    88:45:c1:0b:08:d8:55:0a:cb:e4:84:f1:4c:05:ae:
                    bd:c4:7c:e2:67:dd:71:e7:b0:80:ee:b5:ac:74:b1:
                    eb:8f:fc:2f:65:c3:3e:55:6a:e5:a5:af:fd:c3:13:
                    b5:62:14:63:09:99:0e:90:28:dd:86:e9:d2:46:44:
                    1a:c7:d3:d5:ef:26:b9:a4:ad:9a:be:28:e2:b8:56:
                    17:79:02:ec:aa:44:26:17:37:32:eb:04:cb:2f:e1:
                    5d:50:0d:e9:7f:07:29:5b:92:da:f4:b1:a0:a7:83:
                    29:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:76:47:06:A0:CE:71:61:F4:17:14:F3:EB:0C:AD:C4:F3:0C:CB:E9
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2nZHBqDOcWH0FxTz6wytxPMMy-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.248.0/24
                  185.234.22.0/24
                  185.238.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:cb:95:9e:44:50:3a:6e:35:f9:73:7b:78:e6:37:f5:c6:b0:
         d4:70:1f:68:d8:36:89:63:75:78:97:bf:a2:59:65:b7:67:20:
         68:9a:2c:cb:5b:8e:e0:93:80:58:0f:b4:d4:2b:b9:44:b0:e5:
         36:91:9c:e5:1c:ed:86:72:02:bd:35:24:5e:f2:42:db:02:7f:
         d8:25:c1:dc:ea:ef:37:6d:74:36:45:9b:c8:2e:3c:0f:9a:37:
         2e:f3:78:95:a0:ee:1e:a3:ef:35:6f:bd:2b:92:09:21:e7:57:
         c3:0f:26:fd:49:8f:21:08:4c:62:18:8d:39:f4:b7:b4:c6:e4:
         12:a3:0e:25:1f:62:a2:d9:ad:84:ce:e3:41:11:b8:8c:41:9c:
         df:b2:3a:ab:3f:2f:9f:2e:37:2a:4e:66:8a:e0:14:61:4b:9d:
         26:0e:16:4e:ba:bc:7f:84:26:0d:dd:b3:6f:94:1f:5d:0a:36:
         ab:b0:c6:02:54:88:86:e5:c8:88:ad:ef:8a:66:14:b6:4a:16:
         27:25:8e:39:9d:15:17:41:b4:b8:11:16:cd:e6:72:71:c5:1b:
         a2:18:5f:d9:dd:98:2e:2e:dc:03:c3:6c:01:b9:b6:bb:70:ef:
         21:92:f2:85:b9:c0:c1:c4:c1:55:39:8f:bf:a8:89:81:3c:5b:
         f0:46:9b:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY10ux8/riNQl8cP308jqjaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjA0MTUyNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc2NDcwNmEwY2U3MTYxZjQxNzE0ZjNlYjBjYWRjNGYzMGNjYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpZzaWAN0/EKUPgA70TcRq+mfqbN
E3i0LmMlAHt6YjEWo9Yp/dUhMdhVVICVelAVKHZonrMc/KRkp/A8sK+v6ZnRwvgE
34o7kv2KIBR/7PkSKNVj6a+RZR4sUAvNxrWQYHD1ni3rXwhVXRNHvyhPC5AW3f8y
YnxSn6TDYbS37M+Ad2hknXInikwP1KMVqBrHKPoStR+IRcELCNhVCsvkhPFMBa69
xHziZ91x57CA7rWsdLHrj/wvZcM+VWrlpa/9wxO1YhRjCZkOkCjdhunSRkQax9PV
7ya5pK2avijiuFYXeQLsqkQmFzcy6wTLL+FdUA3pfwcpW5La9LGgp4MppwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNp2RwagznFh9BcU8+sMrcTzDMvpMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMm5aSEJxRE9jV0gwRnhUejZ3eXR4UE1NeS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudz4AwQA
ueoWAwQAue7kMA0GCSqGSIb3DQEBCwUAA4IBAQALy5WeRFA6bjX5c3t45jf1xrDU
cB9o2DaJY3V4l7+iWWW3ZyBomizLW47gk4BYD7TUK7lEsOU2kZzlHO2GcgK9NSRe
8kLbAn/YJcHc6u83bXQ2RZvILjwPmjcu83iVoO4eo+81b70rkgkh51fDDyb9SY8h
CExiGI059Le0xuQSow4lH2Ki2a2EzuNBEbiMQZzfsjqrPy+fLjcqTmaK4BRhS50m
DhZOurx/hCYN3bNvlB9dCjarsMYCVIiG5ciIre+KZhS2ShYnJY45nRUXQbS4ERbN
5nJxxRuiGF/Z3ZguLtwDw2wBuba7cO8hkvKFucDBxMFVOY+/qImBPFvwRptc
-----END CERTIFICATE-----