Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7sUJoiLyAJliNX4DodcQ6CpOuqs.roa
File:                     7sUJoiLyAJliNX4DodcQ6CpOuqs.roa (raw, json)
Hash identifier:          jEO6IiF/arqMw0uzIkf7ObELVWqfRk0W6aaQwdQPsRA=
Subject key identifier:   EE:C5:09:A2:22:F2:00:99:62:35:7E:03:A1:D7:10:E8:2A:4E:BA:AB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CD03ED770A9800B0E3146E339E10597A8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7sUJoiLyAJliNX4DodcQ6CpOuqs.roa
Signing time:             Wed 03 Jan 2024 16:53:48 +0000
ROA not before:           Wed 03 Jan 2024 16:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        185.238.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d0:3e:d7:70:a9:80:0b:0e:31:46:e3:39:e1:05:97:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  3 16:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eec509a222f2009962357e03a1d710e82a4ebaab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d5:5f:da:9c:34:f3:96:50:74:63:4f:a7:1d:
                    b9:50:1b:f9:b1:81:75:09:ed:1d:b8:75:be:ed:90:
                    ac:a3:65:04:a6:bb:64:3c:bc:5f:b8:05:e0:f5:d5:
                    0c:b1:e9:7d:9e:99:39:fc:81:7d:21:fb:35:32:6f:
                    67:d0:89:94:04:49:d6:15:5a:b2:f2:90:72:70:fc:
                    5d:59:84:ab:bb:c0:54:f9:de:05:6e:d4:ce:5d:ba:
                    26:da:04:e1:f6:e2:b7:60:1c:d6:b3:92:a4:c3:12:
                    ef:b7:4f:e2:d4:33:ad:0b:60:61:c9:8e:7c:43:5e:
                    35:19:0b:86:41:ce:9c:f4:a8:7e:8b:28:44:54:4f:
                    43:a2:d3:56:78:ed:a7:b6:a5:df:2d:22:08:1a:83:
                    6e:2e:9d:9a:1b:30:b5:53:9f:73:60:fa:0b:99:eb:
                    de:ba:9c:32:8b:b1:21:e6:cc:6c:ff:62:ab:46:a5:
                    6e:ae:27:98:2d:23:45:1d:96:2c:aa:1d:dc:b3:a0:
                    64:9f:8f:09:89:1b:b3:d4:9c:38:9c:27:9c:dd:d8:
                    fd:93:be:d1:46:41:fe:79:2e:70:15:59:93:cb:39:
                    32:f5:20:de:66:29:ca:a4:d6:4e:85:f3:59:75:58:
                    f6:75:40:be:52:b8:17:f1:0b:cc:51:69:12:ee:35:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C5:09:A2:22:F2:00:99:62:35:7E:03:A1:D7:10:E8:2A:4E:BA:AB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7sUJoiLyAJliNX4DodcQ6CpOuqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:46:3e:92:e8:44:cd:e5:c8:83:cd:14:b1:f3:59:37:30:0e:
         1d:73:0f:33:bb:09:97:9e:4a:e5:be:ec:d1:93:64:24:f6:07:
         0b:9e:d7:ab:72:99:40:3a:25:13:8e:11:22:8a:f9:a7:b3:6b:
         57:0b:a5:da:73:a9:8d:6a:28:f8:ee:d1:c1:19:ab:e0:12:7e:
         7a:6b:b0:11:0e:1c:5d:57:54:1d:af:af:b8:a0:e3:7b:29:2e:
         cd:99:e9:b5:4b:64:50:b8:1c:a3:0a:08:e8:e9:aa:ff:2b:90:
         18:28:7e:30:4f:f4:03:fc:dc:24:cd:9c:4a:9f:2d:78:65:bb:
         b1:86:38:d5:df:65:37:1c:65:f7:eb:44:76:bd:f2:0f:3d:95:
         1c:5e:ec:5c:4b:24:09:6c:e7:1e:39:f4:f9:89:66:08:01:08:
         85:d3:e6:6e:ed:46:b2:b1:36:63:6c:d2:3e:1b:39:49:bb:fb:
         93:ad:72:80:17:68:32:64:0e:55:55:52:85:97:2a:7f:4b:be:
         1c:23:de:03:8a:79:ee:74:cf:e3:29:cb:e0:24:b5:10:0f:0a:
         09:b3:54:9e:a2:34:e1:42:51:37:ae:b1:e9:e6:3c:e7:d1:15:
         f0:40:12:16:ae:c0:90:98:fc:d1:c9:e7:74:99:02:55:2f:01:
         9c:dd:50:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzQPtdwqYALDjFG4znhBZeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAzMTY1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWM1MDlhMjIyZjIwMDk5NjIzNTdlMDNhMWQ3MTBlODJhNGViYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Vf2pw085ZQdGNPpx25UBv5sYF1
Ce0duHW+7ZCso2UEprtkPLxfuAXg9dUMsel9npk5/IF9Ifs1Mm9n0ImUBEnWFVqy
8pBycPxdWYSru8BU+d4FbtTOXbom2gTh9uK3YBzWs5KkwxLvt0/i1DOtC2BhyY58
Q141GQuGQc6c9Kh+iyhEVE9DotNWeO2ntqXfLSIIGoNuLp2aGzC1U59zYPoLmeve
upwyi7Eh5sxs/2KrRqVurieYLSNFHZYsqh3cs6Bkn48JiRuz1Jw4nCec3dj9k77R
RkH+eS5wFVmTyzky9SDeZinKpNZOhfNZdVj2dUC+UrgX8QvMUWkS7jUizQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7FCaIi8gCZYjV+A6HXEOgqTrqrMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvN3NVSm9pTHlBSmxpTlg0RG9kY1E2Q3BPdXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue7lMA0G
CSqGSIb3DQEBCwUAA4IBAQAqRj6S6ETN5ciDzRSx81k3MA4dcw8zuwmXnkrlvuzR
k2Qk9gcLntercplAOiUTjhEiivmns2tXC6Xac6mNaij47tHBGavgEn56a7ARDhxd
V1Qdr6+4oON7KS7Nmem1S2RQuByjCgjo6ar/K5AYKH4wT/QD/NwkzZxKny14Zbux
hjjV32U3HGX360R2vfIPPZUcXuxcSyQJbOceOfT5iWYIAQiF0+Zu7UaysTZjbNI+
GzlJu/uTrXKAF2gyZA5VVVKFlyp/S74cI94DinnudM/jKcvgJLUQDwoJs1SeojTh
QlE3rrHp5jzn0RXwQBIWrsCQmPzRyed0mQJVLwGc3VDZ
-----END CERTIFICATE-----