Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BPd2H8vdrdNb98eut4j7ZSb4ArQ.roa
File:                     BPd2H8vdrdNb98eut4j7ZSb4ArQ.roa (raw, json)
Hash identifier:          nsA59i87CnYGJhMJgwxriLQaw1tPYMUVt2VHMLcnv5s=
Subject key identifier:   04:F7:76:1F:CB:DD:AD:D3:5B:F7:C7:AE:B7:88:FB:65:26:F8:02:B4
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80294A8169EE43142DA5CE7831A8579
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BPd2H8vdrdNb98eut4j7ZSb4ArQ.roa
Signing time:             Tue 02 Jan 2024 02:31:01 +0000
ROA not before:           Tue 02 Jan 2024 02:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        185.209.39.0/24 maxlen: 24
                          185.209.72.0/24 maxlen: 24
                          185.214.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:94:a8:16:9e:e4:31:42:da:5c:e7:83:1a:85:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04f7761fcbddadd35bf7c7aeb788fb6526f802b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:74:96:44:1f:9f:04:9c:b7:19:8e:11:83:30:
                    9e:31:61:72:eb:00:d1:ed:4a:5c:03:b5:c6:ae:55:
                    5e:d4:ce:20:0c:68:73:95:69:df:4a:f3:4c:b8:12:
                    aa:15:41:57:cb:68:eb:da:87:7b:04:d8:12:12:30:
                    b1:e2:44:3d:41:02:f5:d2:08:f4:1c:f7:24:76:36:
                    4f:70:59:68:71:69:7c:00:6d:f1:70:9b:46:83:92:
                    fa:11:ed:7f:cb:f7:ca:14:4b:ce:3e:0f:22:2e:4d:
                    ea:85:b9:cc:41:49:f3:9e:28:a9:71:dd:29:b3:3d:
                    46:f5:80:4a:6d:18:62:93:a8:3c:19:c1:f0:2c:27:
                    c6:50:c0:1d:90:2e:5e:dc:ba:ea:49:02:db:39:7d:
                    32:6a:7e:65:27:50:8a:f5:47:bb:d6:8a:79:8d:d1:
                    05:6b:5a:94:d8:18:34:b3:26:e5:80:06:b9:c2:c8:
                    6d:e8:05:40:e4:c4:71:2f:56:9f:6f:01:73:83:f9:
                    43:65:e2:db:1b:e9:b8:cd:a7:be:e1:54:5d:ac:b9:
                    07:aa:95:e7:c6:ae:f5:8d:93:0b:db:6f:67:ef:cb:
                    63:16:c0:01:ef:88:ae:cc:34:28:8d:10:68:e5:fb:
                    9d:c2:11:f6:71:e9:1a:db:cc:09:25:b2:da:d7:77:
                    42:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:F7:76:1F:CB:DD:AD:D3:5B:F7:C7:AE:B7:88:FB:65:26:F8:02:B4
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BPd2H8vdrdNb98eut4j7ZSb4ArQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.39.0/24
                  185.209.72.0/24
                  185.214.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:1b:74:8a:0d:fb:d1:d4:1a:a9:34:7b:3e:8a:8b:da:ad:3d:
         e3:e7:ca:8a:b1:3c:ac:b3:f9:0b:04:6b:03:d9:32:e7:df:b6:
         49:78:c5:62:35:05:60:f5:60:0b:16:07:ed:88:a7:f7:ad:f6:
         1c:6f:6c:53:40:ca:96:51:95:d6:53:98:23:77:c9:18:71:30:
         99:9a:2b:b1:e9:28:b5:8a:ac:46:7a:ef:a3:7d:cc:a8:b0:fa:
         33:ba:44:ea:38:4e:57:dd:0c:72:87:73:4f:8f:fb:d9:f1:82:
         e6:e4:3a:6a:32:fd:f3:74:5f:e9:6e:12:4f:6f:5c:d8:79:55:
         c8:00:4b:f0:49:d8:16:f9:f2:16:fa:e9:0c:63:75:15:c8:f4:
         2d:c0:73:a9:9a:00:e1:45:cd:10:79:52:81:9d:83:26:fb:dc:
         57:ab:bf:29:51:ff:07:a8:6b:a1:0f:e9:22:93:b2:b3:e0:b3:
         63:0c:cf:08:02:7f:08:68:68:36:dd:17:53:ac:52:fd:83:8f:
         78:27:55:d9:4c:e5:db:fb:8e:27:41:43:36:12:74:cd:f5:c1:
         3f:c8:45:28:2c:68:69:75:56:c8:59:ee:9a:ca:ac:6c:0d:48:
         a5:52:21:89:b4:f7:25:bf:bf:be:a6:e1:5c:c1:1c:9a:2e:07:
         5a:36:34:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIApSoFp7kMULaXOeDGoV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGY3NzYxZmNiZGRhZGQzNWJmN2M3YWViNzg4ZmI2NTI2ZjgwMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnSWRB+fBJy3GY4RgzCeMWFy6wDR
7UpcA7XGrlVe1M4gDGhzlWnfSvNMuBKqFUFXy2jr2od7BNgSEjCx4kQ9QQL10gj0
HPckdjZPcFlocWl8AG3xcJtGg5L6Ee1/y/fKFEvOPg8iLk3qhbnMQUnzniipcd0p
sz1G9YBKbRhik6g8GcHwLCfGUMAdkC5e3LrqSQLbOX0yan5lJ1CK9Ue71op5jdEF
a1qU2Bg0syblgAa5wsht6AVA5MRxL1afbwFzg/lDZeLbG+m4zae+4VRdrLkHqpXn
xq71jZML229n78tjFsAB74iuzDQojRBo5fudwhH2ceka28wJJbLa13dCQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAT3dh/L3a3TW/fHrreI+2Um+AK0MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQlBkMkg4dmRyZE5iOThldXQ0ajdaU2I0QXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudEnAwQA
udFIAwQAudZsMA0GCSqGSIb3DQEBCwUAA4IBAQA3G3SKDfvR1BqpNHs+iovarT3j
58qKsTyss/kLBGsD2TLn37ZJeMViNQVg9WALFgftiKf3rfYcb2xTQMqWUZXWU5gj
d8kYcTCZmiux6Si1iqxGeu+jfcyosPozukTqOE5X3Qxyh3NPj/vZ8YLm5DpqMv3z
dF/pbhJPb1zYeVXIAEvwSdgW+fIW+ukMY3UVyPQtwHOpmgDhRc0QeVKBnYMm+9xX
q78pUf8HqGuhD+kik7Kz4LNjDM8IAn8IaGg23RdTrFL9g494J1XZTOXb+44nQUM2
EnTN9cE/yEUoLGhpdVbIWe6ayqxsDUilUiGJtPclv7++puFcwRyaLgdaNjRK
-----END CERTIFICATE-----