Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5jXTARGzv9Qd2bt77zn-gzUbQ8.roa
File:                     D5jXTARGzv9Qd2bt77zn-gzUbQ8.roa (raw, json)
Hash identifier:          ewiPX3rjdJrebvxDY9CIE3JHMtcZ9Ap0z4JCHxTfD4Y=
Subject key identifier:   0F:98:D7:4C:04:46:CE:FF:50:77:66:ED:EF:BC:E7:FA:0C:D4:6D:0F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E0FEFDB999B231C41AF51A9F3949F2DDD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5jXTARGzv9Qd2bt77zn-gzUbQ8.roa
Signing time:             Tue 05 Mar 2024 18:46:01 +0000
ROA not before:           Tue 05 Mar 2024 18:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54252
IP address blocks:        185.226.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0f:ef:db:99:9b:23:1c:41:af:51:a9:f3:94:9f:2d:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  5 18:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f98d74c0446ceff507766edefbce7fa0cd46d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:88:ba:64:a9:76:b8:d8:2d:26:df:bc:9f:25:
                    9f:1e:30:fd:8b:8e:13:ba:29:94:ad:47:e2:91:48:
                    7d:28:0d:5b:74:9b:e3:b2:74:e7:19:44:6a:7a:9e:
                    54:f4:32:e7:d0:d4:0c:44:b4:23:04:56:60:36:64:
                    69:10:4b:4b:7c:51:69:76:08:ec:e9:c1:bb:8f:95:
                    02:f8:7c:4c:41:ad:31:1b:9b:77:9c:4d:82:43:bb:
                    3c:83:ee:f6:78:38:b2:78:dc:a8:f8:57:d9:75:00:
                    8d:0b:67:1d:6a:19:0b:39:48:6a:06:36:22:f6:31:
                    f3:ae:bb:8d:dc:1c:c6:c4:83:bc:f3:91:c5:db:6f:
                    46:26:94:93:14:a5:5d:c4:21:8b:55:0e:41:03:e9:
                    a8:86:65:ed:ca:f1:fa:6e:cf:c9:7a:2a:3f:9b:b7:
                    94:d9:a4:3f:b8:40:cc:8b:df:1e:c8:5b:b4:23:33:
                    74:61:1b:a7:f7:1c:d2:0a:b6:bc:bb:37:9b:c3:18:
                    04:43:5d:60:69:e9:97:11:8c:f0:64:14:42:61:c6:
                    82:7e:39:74:fd:3b:93:60:15:d5:bb:7a:30:ae:ce:
                    80:aa:4b:d4:88:a2:d1:45:ce:84:14:c0:71:eb:ba:
                    ea:04:28:cc:24:de:e9:d8:86:c4:50:f6:67:d0:05:
                    c6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:98:D7:4C:04:46:CE:FF:50:77:66:ED:EF:BC:E7:FA:0C:D4:6D:0F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5jXTARGzv9Qd2bt77zn-gzUbQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:65:72:73:64:98:50:bf:f1:15:b0:5f:b6:f4:b2:54:cd:de:
         3f:a7:39:30:cb:f4:a9:91:6f:f2:fd:91:89:49:ae:df:67:99:
         ac:cf:ac:cd:21:e3:97:10:83:72:4a:84:f8:d8:0d:5b:9d:b9:
         ed:4e:ea:ad:ff:32:ae:91:f2:78:34:c8:39:52:39:bc:ea:3d:
         ad:bf:3c:48:50:b9:1d:ba:e5:c9:b4:ef:5f:2a:d6:69:ff:f4:
         ca:95:29:a5:9e:04:ce:63:ce:c8:54:8d:4b:81:a1:83:f2:4c:
         33:51:c7:28:e2:dd:0b:a9:b6:5b:2f:a1:d3:b5:69:53:c5:17:
         cd:13:fd:82:c1:fc:e8:6d:85:fa:bf:62:20:4f:d1:c1:fa:74:
         0a:8e:12:13:29:88:75:46:26:88:bc:04:1d:a8:c3:89:99:29:
         ca:57:ad:1a:ab:5d:bb:13:77:bb:53:e1:6d:5a:c7:cc:5e:c6:
         fe:73:71:ae:a1:c0:b3:c2:6c:a5:87:e5:f6:fe:4c:d0:2a:10:
         2f:29:fa:67:97:7d:6a:14:61:33:24:b7:65:b5:a9:2b:a8:e8:
         f6:07:41:e9:1b:5e:d4:e3:ce:5c:48:77:b7:e0:66:e4:ca:d7:
         cd:de:bc:3c:f0:59:a3:4e:e7:5f:65:f4:4a:79:f4:b4:fb:2e:
         f5:fe:e9:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4P79uZmyMcQa9RqfOUny3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzA1MTg0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjk4ZDc0YzA0NDZjZWZmNTA3NzY2ZWRlZmJjZTdmYTBjZDQ2ZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4i6ZKl2uNgtJt+8nyWfHjD9i44T
uimUrUfikUh9KA1bdJvjsnTnGURqep5U9DLn0NQMRLQjBFZgNmRpEEtLfFFpdgjs
6cG7j5UC+HxMQa0xG5t3nE2CQ7s8g+72eDiyeNyo+FfZdQCNC2cdahkLOUhqBjYi
9jHzrruN3BzGxIO885HF229GJpSTFKVdxCGLVQ5BA+mohmXtyvH6bs/Jeio/m7eU
2aQ/uEDMi98eyFu0IzN0YRun9xzSCra8uzebwxgEQ11gaemXEYzwZBRCYcaCfjl0
/TuTYBXVu3owrs6AqkvUiKLRRc6EFMBx67rqBCjMJN7p2IbEUPZn0AXGZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+Y10wERs7/UHdm7e+85/oM1G0PMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRDVqWFRBUkd6djlRZDJidDc3em4tZ3pVYlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueJpMA0G
CSqGSIb3DQEBCwUAA4IBAQBpZXJzZJhQv/EVsF+29LJUzd4/pzkwy/SpkW/y/ZGJ
Sa7fZ5msz6zNIeOXEINySoT42A1bnbntTuqt/zKukfJ4NMg5Ujm86j2tvzxIULkd
uuXJtO9fKtZp//TKlSmlngTOY87IVI1LgaGD8kwzUcco4t0LqbZbL6HTtWlTxRfN
E/2CwfzobYX6v2IgT9HB+nQKjhITKYh1RiaIvAQdqMOJmSnKV60aq127E3e7U+Ft
WsfMXsb+c3GuocCzwmylh+X2/kzQKhAvKfpnl31qFGEzJLdltakrqOj2B0HpG17U
485cSHe34GbkytfN3rw88FmjTudfZfRKefS0+y71/ukC
-----END CERTIFICATE-----