Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/72mO4eJJGqfk_X0nVMiVWF_TePc.roa
File:                     72mO4eJJGqfk_X0nVMiVWF_TePc.roa (raw, json)
Hash identifier:          8FQKypL0zTBtIeOvea1mSQ3dkTswK+DvrDXlIEy14ic=
Subject key identifier:   EF:69:8E:E1:E2:49:1A:A7:E4:FD:7D:27:54:C8:95:58:5F:D3:78:F7
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029FCFE5E5F6BB59920317B81439DA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/72mO4eJJGqfk_X0nVMiVWF_TePc.roa
Signing time:             Tue 02 Jan 2024 02:31:04 +0000
ROA not before:           Tue 02 Jan 2024 02:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        185.218.103.0/24 maxlen: 24
                          185.194.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9f:cf:e5:e5:f6:bb:59:92:03:17:b8:14:39:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef698ee1e2491aa7e4fd7d2754c895585fd378f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:03:b2:af:05:ad:a9:7c:ed:05:a6:e7:d4:0b:
                    2b:97:8c:81:35:9d:d0:a7:70:0a:3c:f4:82:b7:05:
                    e8:5f:a4:18:88:6d:a0:cc:bd:5f:86:13:4f:ff:e0:
                    5d:93:07:e4:5d:89:db:a7:57:1f:fc:54:d7:01:52:
                    cf:12:c9:8f:32:00:7a:9e:d5:9f:c9:18:8a:7f:68:
                    24:c0:9f:7f:6b:ac:eb:53:f7:e1:46:7e:4e:66:3f:
                    3c:cd:91:be:45:39:75:3c:80:55:0e:94:53:ed:48:
                    ae:05:38:f6:36:8f:94:4e:bc:84:c9:78:ca:e5:9b:
                    f5:ef:f3:9b:fa:0f:a7:77:d5:93:f3:e6:c4:89:1f:
                    94:c4:9c:b1:a0:73:89:36:fc:2c:f8:d5:75:1e:68:
                    84:8f:cb:ea:05:ae:43:92:ec:48:f4:8c:6c:b3:b3:
                    fa:dd:7b:51:2f:b5:a7:a5:d2:f5:f7:16:a4:b8:64:
                    0b:f7:a0:03:b0:19:8e:9d:73:94:17:a1:69:37:80:
                    2d:98:bf:6c:69:1a:52:47:2b:a2:d6:94:4d:e5:cd:
                    15:91:e5:ad:cb:82:5d:13:50:5e:13:a6:78:6e:5c:
                    c4:af:30:2f:fd:0f:0a:9a:57:a6:0f:54:8e:3f:bf:
                    fa:e6:1c:3b:e3:42:e4:4b:a7:a1:04:70:8d:1f:82:
                    39:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:69:8E:E1:E2:49:1A:A7:E4:FD:7D:27:54:C8:95:58:5F:D3:78:F7
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/72mO4eJJGqfk_X0nVMiVWF_TePc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.31.0/24
                  185.218.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:bb:90:8d:6c:32:2b:45:7b:a1:03:15:f1:69:d4:60:49:45:
         46:d3:ed:cf:27:c9:13:a3:7f:66:d3:e8:0d:6c:19:5b:58:12:
         69:60:e0:f0:18:97:a2:66:01:1f:d1:90:ce:09:64:b2:02:45:
         9b:d6:24:4d:eb:46:9e:17:6c:15:8d:3f:8d:b8:59:5a:2d:da:
         6f:7c:6d:b5:12:4d:56:3c:c7:35:f3:c2:e8:c0:77:dc:42:58:
         db:5b:ce:5e:e4:10:9d:b2:de:d6:9e:37:e0:63:22:de:e6:20:
         44:33:9c:3a:48:90:87:39:a6:3e:44:a2:ae:84:98:c0:f3:e6:
         52:04:ed:74:7d:39:87:49:44:7c:75:4f:aa:ce:84:7c:0b:8a:
         b6:91:ed:1d:fe:93:e4:bc:28:c6:53:49:f5:eb:02:34:b1:1d:
         f6:9e:bb:86:0b:2e:b4:d4:ac:00:cb:e7:c2:72:f2:60:b5:e3:
         93:23:d0:33:f7:80:d8:ae:b6:c1:af:34:c3:37:f7:41:51:36:
         4e:42:42:f3:92:5c:43:02:4e:19:3c:ee:76:a2:5d:da:82:b6:
         52:a5:81:8d:2f:de:3b:1a:be:41:eb:af:da:35:83:f0:96:eb:
         40:70:77:e2:e5:6e:68:f1:6f:2e:65:89:bc:cc:7e:b8:3a:7e:
         fb:34:5f:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAp/P5eX2u1mSAxe4FDnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY5OGVlMWUyNDkxYWE3ZTRmZDdkMjc1NGM4OTU1ODVmZDM3OGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQOyrwWtqXztBabn1Asrl4yBNZ3Q
p3AKPPSCtwXoX6QYiG2gzL1fhhNP/+BdkwfkXYnbp1cf/FTXAVLPEsmPMgB6ntWf
yRiKf2gkwJ9/a6zrU/fhRn5OZj88zZG+RTl1PIBVDpRT7UiuBTj2No+UTryEyXjK
5Zv17/Ob+g+nd9WT8+bEiR+UxJyxoHOJNvws+NV1HmiEj8vqBa5DkuxI9Ixss7P6
3XtRL7WnpdL19xakuGQL96ADsBmOnXOUF6FpN4AtmL9saRpSRyui1pRN5c0VkeWt
y4JdE1BeE6Z4blzErzAv/Q8KmlemD1SOP7/65hw740LkS6ehBHCNH4I5yQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO9pjuHiSRqn5P19J1TIlVhf03j3MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNzJtTzRlSkpHcWZrX1gwblZNaVZXRl9UZVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucIfAwQA
udpnMA0GCSqGSIb3DQEBCwUAA4IBAQCsu5CNbDIrRXuhAxXxadRgSUVG0+3PJ8kT
o39m0+gNbBlbWBJpYODwGJeiZgEf0ZDOCWSyAkWb1iRN60aeF2wVjT+NuFlaLdpv
fG21Ek1WPMc188LowHfcQljbW85e5BCdst7WnjfgYyLe5iBEM5w6SJCHOaY+RKKu
hJjA8+ZSBO10fTmHSUR8dU+qzoR8C4q2ke0d/pPkvCjGU0n16wI0sR32nruGCy60
1KwAy+fCcvJgteOTI9Az94DYrrbBrzTDN/dBUTZOQkLzklxDAk4ZPO52ol3agrZS
pYGNL947Gr5B66/aNYPwlutAcHfi5W5o8W8uZYm8zH64On77NF9k
-----END CERTIFICATE-----