Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HnbOf4RFetuBnniNo3JA9yI0Zw8.roa
File:                     HnbOf4RFetuBnniNo3JA9yI0Zw8.roa (raw, json)
Hash identifier:          nYUj6h3rhs22l0dVItm0ifELZKmBKKFS1jrGwZqylPI=
Subject key identifier:   1E:76:CE:7F:84:45:7A:DB:81:9E:78:8D:A3:72:40:F7:22:34:67:0F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01932BB08ADA00654A67906E8216F8912AFF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HnbOf4RFetuBnniNo3JA9yI0Zw8.roa
Signing time:             Thu 14 Nov 2024 17:20:10 +0000
ROA not before:           Thu 14 Nov 2024 17:20:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.210.233.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          194.76.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:b0:8a:da:00:65:4a:67:90:6e:82:16:f8:91:2a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 14 17:20:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e76ce7f84457adb819e788da37240f72234670f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:47:e1:31:dd:5b:be:a0:a3:47:9e:dc:f2:4b:
                    93:7f:58:3e:5e:a5:f5:bc:20:c9:8c:84:e6:3c:17:
                    5f:51:59:15:d0:08:73:a5:10:12:c7:17:21:5c:45:
                    ed:e0:7a:c6:82:27:05:ef:cb:4b:bb:92:cb:56:77:
                    6c:02:f6:ad:5b:a8:83:10:6d:e1:b9:86:33:c1:cc:
                    4e:6d:3a:78:2b:55:1c:de:c6:d4:76:fd:1c:c0:a6:
                    4b:ff:1d:1c:30:39:66:b8:b8:ab:2e:65:3f:9e:f9:
                    87:4b:ea:6a:69:d0:d5:2c:b1:53:55:80:10:97:72:
                    73:96:ba:5a:e7:3c:bd:4f:51:80:36:9e:55:df:ee:
                    f2:ea:05:b6:3a:aa:31:1b:2f:61:20:b5:20:05:4f:
                    c9:0b:7c:c1:ea:41:5a:60:c3:90:c8:84:d9:9a:1d:
                    ff:1d:48:a7:a6:65:85:bf:94:23:56:67:90:2c:42:
                    8d:f2:ed:5f:17:48:36:af:41:ad:c5:2e:94:d7:6a:
                    e6:42:4d:1d:1b:a4:0f:97:84:81:54:de:e0:8b:50:
                    51:04:72:7a:d0:89:cf:ab:74:3d:0c:93:24:a6:87:
                    87:a4:4f:63:e7:b4:49:91:a4:cb:7f:d3:e9:23:a7:
                    b0:ab:4d:17:51:1d:11:ec:85:28:b6:10:82:18:61:
                    a6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:76:CE:7F:84:45:7A:DB:81:9E:78:8D:A3:72:40:F7:22:34:67:0F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HnbOf4RFetuBnniNo3JA9yI0Zw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.233.0/24
                  185.223.80.0/24
                  194.76.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:49:6e:20:4b:2a:43:b7:56:15:ea:67:e1:70:e7:43:30:92:
         2f:8e:20:b6:10:be:af:59:eb:99:6c:52:29:c7:c1:28:a4:28:
         19:f5:4d:7e:5a:6f:da:32:3c:ca:03:13:d2:76:d1:8f:e4:2b:
         44:61:e3:c3:ec:2d:e4:6c:25:0a:9b:c2:36:13:cb:32:08:0a:
         60:f1:a3:06:1f:33:a0:b4:5a:c4:be:66:b9:54:b4:9d:ec:8d:
         6c:cd:f4:3d:0d:9b:12:75:37:f4:cc:b0:ca:cf:c4:d6:b0:9b:
         0e:d3:db:e6:22:ff:ce:73:10:10:6e:de:3b:03:86:23:30:f5:
         00:2b:e2:8d:21:8f:87:68:0f:87:2e:da:9a:1a:7d:4a:ff:5d:
         d8:c7:72:d9:69:39:93:dd:8f:b1:a8:ef:94:d4:fd:dc:3d:7c:
         8b:f1:0b:85:d8:b0:6d:4c:6c:09:e5:67:8e:2a:45:d8:aa:d2:
         a8:93:a3:dd:66:a7:ef:7e:d7:ea:6a:a5:6a:55:a9:36:93:a7:
         50:c3:02:5f:a6:83:7a:9f:1b:6f:a2:16:8e:20:63:c4:21:28:
         2b:21:00:19:c6:91:7c:be:e1:d8:96:6c:3a:e9:6f:81:20:ba:
         4b:f2:aa:cc:16:f0:a3:6c:ff:2e:8b:09:b6:6d:2b:06:89:c4:
         4a:49:50:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMrsIraAGVKZ5Bughb4kSr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTE0MTcyMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc2Y2U3Zjg0NDU3YWRiODE5ZTc4OGRhMzcyNDBmNzIyMzQ2NzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkfhMd1bvqCjR57c8kuTf1g+XqX1
vCDJjITmPBdfUVkV0AhzpRASxxchXEXt4HrGgicF78tLu5LLVndsAvatW6iDEG3h
uYYzwcxObTp4K1Uc3sbUdv0cwKZL/x0cMDlmuLirLmU/nvmHS+pqadDVLLFTVYAQ
l3Jzlrpa5zy9T1GANp5V3+7y6gW2OqoxGy9hILUgBU/JC3zB6kFaYMOQyITZmh3/
HUinpmWFv5QjVmeQLEKN8u1fF0g2r0GtxS6U12rmQk0dG6QPl4SBVN7gi1BRBHJ6
0InPq3Q9DJMkpoeHpE9j57RJkaTLf9PpI6ewq00XUR0R7IUothCCGGGmawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB52zn+ERXrbgZ54jaNyQPciNGcPMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSG5iT2Y0UkZldHVCbm5pTm8zSkE5eUkwWnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudLpAwQA
ud9QAwQAwkytMA0GCSqGSIb3DQEBCwUAA4IBAQAxSW4gSypDt1YV6mfhcOdDMJIv
jiC2EL6vWeuZbFIpx8EopCgZ9U1+Wm/aMjzKAxPSdtGP5CtEYePD7C3kbCUKm8I2
E8syCApg8aMGHzOgtFrEvma5VLSd7I1szfQ9DZsSdTf0zLDKz8TWsJsO09vmIv/O
cxAQbt47A4YjMPUAK+KNIY+HaA+HLtqaGn1K/13Yx3LZaTmT3Y+xqO+U1P3cPXyL
8QuF2LBtTGwJ5WeOKkXYqtKok6PdZqfvftfqaqVqVak2k6dQwwJfpoN6nxtvohaO
IGPEISgrIQAZxpF8vuHYlmw66W+BILpL8qrMFvCjbP8uiwm2bSsGicRKSVC+
-----END CERTIFICATE-----