Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CbIg4-_jnABtpq_oZpNBWJT5zmA.roa
File:                     CbIg4-_jnABtpq_oZpNBWJT5zmA.roa (raw, json)
Hash identifier:          wG2qimj4cgDQm7YrOcRux2oG7LcFuzZXKErDdI75OY0=
Subject key identifier:   09:B2:20:E3:EF:E3:9C:00:6D:A6:AF:E8:66:93:41:58:94:F9:CE:60
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0190A147C98960CEF4AE6C0CC3EC69338256
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CbIg4-_jnABtpq_oZpNBWJT5zmA.roa
Signing time:             Thu 11 Jul 2024 10:12:34 +0000
ROA not before:           Thu 11 Jul 2024 10:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        185.209.39.0/24 maxlen: 24
                          185.209.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:47:c9:89:60:ce:f4:ae:6c:0c:c3:ec:69:33:82:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 11 10:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09b220e3efe39c006da6afe86693415894f9ce60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b2:5c:b6:79:05:65:04:38:e9:59:5a:13:a6:
                    d6:13:9f:d9:fb:61:ef:1b:b4:a7:58:cd:1a:01:03:
                    17:b2:ef:40:05:78:c9:76:94:2d:97:e3:78:2a:a4:
                    24:6e:af:4b:fa:29:c6:15:b0:b8:26:cb:a7:f4:db:
                    27:22:5c:74:d0:2e:0a:7d:fd:16:02:30:51:78:9f:
                    7b:11:07:4e:30:a7:20:49:1e:84:a4:1d:10:2e:5e:
                    6b:e3:5f:ad:3d:ee:89:5c:53:48:7c:50:e6:e5:bb:
                    3e:ae:90:ca:27:d1:f9:73:2f:2a:b2:15:73:83:de:
                    60:76:af:13:eb:c0:96:04:46:25:61:98:9d:99:96:
                    60:26:cb:31:6f:c1:15:83:6b:e1:35:e5:eb:fa:8a:
                    ee:a0:8e:29:14:90:bd:98:00:c8:3a:0d:96:3f:9b:
                    03:10:b3:03:ea:ba:5b:ef:7d:5e:62:98:e7:e7:c2:
                    88:7e:fb:ea:0a:8b:7b:6c:63:8b:c0:d7:16:a9:bd:
                    99:a2:87:6e:9d:de:15:21:76:66:5f:60:5b:14:5c:
                    94:dc:df:cc:e7:08:f4:6a:fb:e6:29:ae:24:0b:cf:
                    0d:fc:db:0c:bc:94:0d:56:b2:35:e5:be:1b:f6:26:
                    05:b8:a1:e9:da:d5:d7:02:3d:01:e9:89:c3:69:83:
                    93:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B2:20:E3:EF:E3:9C:00:6D:A6:AF:E8:66:93:41:58:94:F9:CE:60
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CbIg4-_jnABtpq_oZpNBWJT5zmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.39.0/24
                  185.209.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:8d:f8:07:1e:08:0f:ed:40:62:ec:70:09:73:29:30:f3:8d:
         f2:2c:f8:00:75:c3:bd:cd:63:07:d1:61:65:b7:af:22:e7:63:
         90:f7:bd:0d:de:16:17:77:23:c7:53:94:4e:ae:bf:cb:8c:0a:
         7d:d0:fc:4c:57:fd:0b:a0:74:a2:c6:19:06:5a:bb:d9:ce:25:
         ba:84:d2:c3:1a:09:17:1f:d4:dd:54:3b:6c:55:e0:3e:2e:db:
         49:16:8f:56:d4:b7:42:f0:93:42:f3:ad:97:60:3d:b9:64:8b:
         26:eb:b4:43:eb:c4:d8:66:b1:46:d6:e7:29:90:b8:24:6b:97:
         51:9b:dc:93:4f:24:4d:aa:39:a3:e2:c6:f1:83:fb:6c:f4:5c:
         34:f2:3e:3f:a2:fd:71:06:5c:7a:c2:4a:ca:69:9c:25:53:3c:
         97:5e:46:91:7d:0a:74:88:38:f4:e4:7d:1d:d9:01:10:83:1f:
         58:3c:14:03:61:cd:29:72:11:08:52:4f:f0:17:9e:d0:d0:3f:
         80:35:0c:8a:3a:2e:0c:e9:5b:d9:3e:ef:af:c8:39:23:e4:d0:
         c0:81:60:86:a7:80:31:33:75:05:f8:da:e3:df:98:56:10:05:
         5e:db:5c:28:52:c9:60:60:7d:a0:bb:fb:54:1d:32:f8:fe:a3:
         37:fc:1e:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZChR8mJYM70rmwMw+xpM4JWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNzExMTAxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWIyMjBlM2VmZTM5YzAwNmRhNmFmZTg2NjkzNDE1ODk0ZjljZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrJctnkFZQQ46VlaE6bWE5/Z+2Hv
G7SnWM0aAQMXsu9ABXjJdpQtl+N4KqQkbq9L+inGFbC4Jsun9NsnIlx00C4Kff0W
AjBReJ97EQdOMKcgSR6EpB0QLl5r41+tPe6JXFNIfFDm5bs+rpDKJ9H5cy8qshVz
g95gdq8T68CWBEYlYZidmZZgJssxb8EVg2vhNeXr+oruoI4pFJC9mADIOg2WP5sD
ELMD6rpb731eYpjn58KIfvvqCot7bGOLwNcWqb2Zoodund4VIXZmX2BbFFyU3N/M
5wj0avvmKa4kC88N/NsMvJQNVrI15b4b9iYFuKHp2tXXAj0B6YnDaYOTKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAmyIOPv45wAbaav6GaTQViU+c5gMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQ2JJZzQtX2puQUJ0cHFfb1pwTkJXSlQ1em1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudEnAwQA
udFIMA0GCSqGSIb3DQEBCwUAA4IBAQAfjfgHHggP7UBi7HAJcykw843yLPgAdcO9
zWMH0WFlt68i52OQ970N3hYXdyPHU5ROrr/LjAp90PxMV/0LoHSixhkGWrvZziW6
hNLDGgkXH9TdVDtsVeA+LttJFo9W1LdC8JNC862XYD25ZIsm67RD68TYZrFG1ucp
kLgka5dRm9yTTyRNqjmj4sbxg/ts9Fw08j4/ov1xBlx6wkrKaZwlUzyXXkaRfQp0
iDj05H0d2QEQgx9YPBQDYc0pchEIUk/wF57Q0D+ANQyKOi4M6VvZPu+vyDkj5NDA
gWCGp4AxM3UF+Nrj35hWEAVe21woUslgYH2gu/tUHTL4/qM3/B4+
-----END CERTIFICATE-----