Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9ZK_u0x79YMbnNO92UA8slDYd7Q.roa
File:                     9ZK_u0x79YMbnNO92UA8slDYd7Q.roa (raw, json)
Hash identifier:          KTlKz8GnTqO/gSqQfSnEmhsYzH80o+WJiPK5QPX1BZ4=
Subject key identifier:   F5:92:BF:BB:4C:7B:F5:83:1B:9C:D3:BD:D9:40:3C:B2:50:D8:77:B4
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029E8A9EFFC269B06770167FA7220C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9ZK_u0x79YMbnNO92UA8slDYd7Q.roa
Signing time:             Tue 02 Jan 2024 02:31:04 +0000
ROA not before:           Tue 02 Jan 2024 02:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        185.255.124.0/24 maxlen: 24
                          185.223.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9e:8a:9e:ff:c2:69:b0:67:70:16:7f:a7:22:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f592bfbb4c7bf5831b9cd3bdd9403cb250d877b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:d8:94:3b:f1:80:e4:6d:43:28:76:a9:19:
                    40:c9:a8:05:d5:be:97:4b:b1:cd:20:82:6b:a7:02:
                    a7:27:c9:93:d5:83:23:d9:9b:89:46:d2:9b:c6:a0:
                    04:17:2b:ed:0d:a3:61:7e:ef:35:5f:1f:7e:fb:e5:
                    01:fd:fd:56:89:b1:5b:4c:d6:b4:23:8a:cd:bd:d1:
                    59:b6:5a:cc:4a:4b:e7:b1:38:33:cb:d6:f7:53:b9:
                    29:da:7f:7d:20:5b:a5:7d:9d:48:9c:aa:06:a9:9d:
                    b9:dc:8f:6b:57:b5:b3:47:a3:af:8f:35:43:77:a8:
                    20:51:26:0e:9a:4d:d9:4c:6b:3c:12:3f:eb:12:fc:
                    8d:c4:42:fb:b4:27:8b:b4:29:b8:89:4a:32:be:c4:
                    f8:e6:85:39:1c:11:78:dd:3a:33:8a:6c:8a:c8:64:
                    38:59:e3:4d:4a:ca:a3:bf:b9:b7:ce:0d:f8:f9:ea:
                    f2:f6:7a:fb:ed:b4:13:ee:b3:23:5b:48:cd:e7:f3:
                    82:fd:83:c7:df:ba:36:4f:51:39:9f:1e:2a:48:7f:
                    28:10:1f:f3:10:6b:2a:99:1a:a6:3e:04:9c:f0:f2:
                    11:12:12:d3:6a:de:3b:3b:61:5e:11:5e:a3:65:71:
                    e6:16:4d:bc:b4:1a:96:54:ad:13:49:a8:4d:97:ab:
                    15:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:92:BF:BB:4C:7B:F5:83:1B:9C:D3:BD:D9:40:3C:B2:50:D8:77:B4
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9ZK_u0x79YMbnNO92UA8slDYd7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.152.0/24
                  185.255.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:96:aa:58:3d:2d:69:de:a5:1f:eb:3e:16:3e:a1:3c:b2:ea:
         05:db:c6:d8:32:ae:24:b8:32:59:f0:63:a8:a6:89:79:fa:93:
         ad:dd:49:74:2d:23:26:f8:b6:64:89:d7:1e:06:2d:d3:04:bb:
         f7:98:5c:62:f0:a1:f9:7f:b5:b0:6b:46:50:36:3d:19:f4:a1:
         a6:63:b6:d7:e3:08:88:a8:9c:d2:51:fd:93:5c:17:7d:d9:27:
         83:e1:84:11:06:59:5a:41:ea:90:b5:d8:7b:84:6b:bb:1d:39:
         6e:85:e6:7d:c9:68:ba:b9:44:ee:34:8f:41:e8:f6:e5:bc:23:
         dd:c0:1e:b4:06:5c:82:3b:77:af:15:e4:a9:9f:7a:8a:7c:82:
         cc:43:05:b1:61:7e:74:54:ac:3b:7d:35:fc:60:bf:59:68:82:
         cc:a5:bf:9f:4c:48:5a:63:8d:f5:82:73:b6:94:21:5d:a0:88:
         2d:f3:1e:83:0a:b4:58:4d:a8:11:77:13:09:4c:87:98:52:d3:
         42:11:8a:31:15:4e:6c:50:3a:a7:17:c1:eb:0e:ce:15:73:6f:
         65:c1:ea:e4:19:b8:fe:80:d9:e7:27:f6:49:cd:5b:5d:63:fb:
         cf:ec:77:f8:61:ae:d3:ec:8c:c9:77:4d:4a:ba:4c:da:1e:c6:
         b7:d9:6d:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAp6Knv/CabBncBZ/pyIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTkyYmZiYjRjN2JmNTgzMWI5Y2QzYmRkOTQwM2NiMjUwZDg3N2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDDYlDvxgORtQyh2qRlAyagF1b6X
S7HNIIJrpwKnJ8mT1YMj2ZuJRtKbxqAEFyvtDaNhfu81Xx9+++UB/f1WibFbTNa0
I4rNvdFZtlrMSkvnsTgzy9b3U7kp2n99IFulfZ1InKoGqZ253I9rV7WzR6OvjzVD
d6ggUSYOmk3ZTGs8Ej/rEvyNxEL7tCeLtCm4iUoyvsT45oU5HBF43TozimyKyGQ4
WeNNSsqjv7m3zg34+ery9nr77bQT7rMjW0jN5/OC/YPH37o2T1E5nx4qSH8oEB/z
EGsqmRqmPgSc8PIREhLTat47O2FeEV6jZXHmFk28tBqWVK0TSahNl6sV/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPWSv7tMe/WDG5zTvdlAPLJQ2He0MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOVpLX3UweDc5WU1ibk5POTJVQThzbERZZDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud+YAwQA
uf98MA0GCSqGSIb3DQEBCwUAA4IBAQColqpYPS1p3qUf6z4WPqE8suoF28bYMq4k
uDJZ8GOopol5+pOt3Ul0LSMm+LZkidceBi3TBLv3mFxi8KH5f7Wwa0ZQNj0Z9KGm
Y7bX4wiIqJzSUf2TXBd92SeD4YQRBllaQeqQtdh7hGu7HTluheZ9yWi6uUTuNI9B
6PblvCPdwB60BlyCO3evFeSpn3qKfILMQwWxYX50VKw7fTX8YL9ZaILMpb+fTEha
Y431gnO2lCFdoIgt8x6DCrRYTagRdxMJTIeYUtNCEYoxFU5sUDqnF8HrDs4Vc29l
werkGbj+gNnnJ/ZJzVtdY/vP7Hf4Ya7T7IzJd01KukzaHsa32W1i
-----END CERTIFICATE-----