Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KlFJTuiyE5udGy8BewisoBfnJZQ.roa
File:                     KlFJTuiyE5udGy8BewisoBfnJZQ.roa (raw, json)
Hash identifier:          rA/LaMTKUo4aab/q2csPvojeUNgH+nQQg0+GyE9wQQM=
Subject key identifier:   2A:51:49:4E:E8:B2:13:9B:9D:1B:2F:01:7B:08:AC:A0:17:E7:25:94
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80297E58AF2DD3C68D25FB61E0D7F44
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KlFJTuiyE5udGy8BewisoBfnJZQ.roa
Signing time:             Tue 02 Jan 2024 02:31:02 +0000
ROA not before:           Tue 02 Jan 2024 02:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        185.108.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:97:e5:8a:f2:dd:3c:68:d2:5f:b6:1e:0d:7f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a51494ee8b2139b9d1b2f017b08aca017e72594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:58:b5:b5:01:c3:c0:9c:cd:82:ac:1d:3e:79:
                    08:74:80:0c:55:87:8c:74:ac:f8:25:06:d4:58:b8:
                    0d:b3:67:e8:58:0a:a2:53:6e:f9:28:24:2b:58:c9:
                    17:1e:92:7c:38:be:75:11:5f:66:5b:d1:b7:c6:70:
                    f0:ba:dc:74:6d:18:0f:39:0e:2a:09:35:17:bd:f5:
                    7e:cf:3b:0a:4b:e2:49:e7:2b:f0:fb:07:94:8d:07:
                    a8:fd:ea:4b:f4:a6:9c:a9:1a:fb:9b:87:18:db:75:
                    79:38:05:3a:fe:84:d5:58:f8:11:ed:b6:a3:15:ba:
                    f6:c0:08:88:f1:07:f8:46:81:3c:c1:26:b9:c5:f8:
                    43:5c:f9:ac:42:e7:0b:5b:cf:4e:85:8d:d4:28:98:
                    d0:a4:ff:ad:c3:70:8f:96:cc:59:21:b8:2d:91:a6:
                    b3:46:cd:99:99:a6:2e:94:7f:f2:c4:bd:0a:3e:37:
                    c9:40:f2:a3:13:4d:88:c7:4b:6b:68:24:23:93:9b:
                    01:f9:0e:ae:fe:fa:9f:ec:2c:0a:b2:be:16:11:cd:
                    12:46:8f:9a:c1:1d:30:f9:26:e1:bd:99:f0:c5:9e:
                    26:5a:91:f2:59:eb:e4:4a:48:05:ba:ea:2b:c8:3d:
                    fc:8d:10:d9:ba:c7:34:0d:ef:13:f7:6f:ad:d2:f8:
                    05:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:51:49:4E:E8:B2:13:9B:9D:1B:2F:01:7B:08:AC:A0:17:E7:25:94
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KlFJTuiyE5udGy8BewisoBfnJZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:98:8e:2e:2b:fb:74:5c:ee:7f:3c:00:5c:33:bc:09:73:8d:
         b7:f6:d6:56:60:13:4d:7a:9f:fd:fc:be:45:3e:d4:f5:92:d4:
         6a:91:38:42:5f:09:26:02:ae:c4:e3:16:3f:35:f4:d1:6d:38:
         aa:d1:6e:e7:61:ae:e8:a1:81:79:8f:fd:19:01:19:66:49:a4:
         c5:8b:de:bb:99:46:98:24:72:4a:b2:f9:71:d1:3a:6d:18:6c:
         19:f6:02:23:1a:a4:92:3b:30:42:55:b6:9f:cb:37:e3:0f:f6:
         e9:10:1b:9f:e3:f4:b1:c1:ac:c0:a7:0a:9b:c2:90:93:fa:37:
         35:c7:76:2b:dd:99:2f:ef:34:ab:68:e2:73:6b:81:17:76:f5:
         61:08:92:7a:ad:b7:bf:63:48:68:ee:0d:90:ce:5d:20:ba:76:
         fc:0e:d9:e6:cd:57:8f:04:60:10:27:fa:41:bc:68:a9:83:77:
         12:41:8d:7f:8f:3d:2e:52:ae:1e:f3:74:e0:a6:28:4d:50:b1:
         e1:f6:28:cd:18:43:ea:51:6f:6c:ab:41:f6:67:a9:f7:72:2b:
         4f:86:81:8a:89:9d:c2:a6:6f:b9:78:91:59:9c:49:6c:9b:a2:
         0e:0c:a9:3a:a3:49:08:ed:90:46:e7:e2:d5:7f:98:2a:ed:c6:
         5d:5b:fc:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApflivLdPGjSX7YeDX9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTUxNDk0ZWU4YjIxMzliOWQxYjJmMDE3YjA4YWNhMDE3ZTcyNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVi1tQHDwJzNgqwdPnkIdIAMVYeM
dKz4JQbUWLgNs2foWAqiU275KCQrWMkXHpJ8OL51EV9mW9G3xnDwutx0bRgPOQ4q
CTUXvfV+zzsKS+JJ5yvw+weUjQeo/epL9KacqRr7m4cY23V5OAU6/oTVWPgR7baj
Fbr2wAiI8Qf4RoE8wSa5xfhDXPmsQucLW89OhY3UKJjQpP+tw3CPlsxZIbgtkaaz
Rs2ZmaYulH/yxL0KPjfJQPKjE02Ix0traCQjk5sB+Q6u/vqf7CwKsr4WEc0SRo+a
wR0w+SbhvZnwxZ4mWpHyWevkSkgFuuoryD38jRDZusc0De8T92+t0vgFgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpRSU7oshObnRsvAXsIrKAX5yWUMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS2xGSlR1aXlFNXVkR3k4QmV3aXNvQmZuSlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWzPMA0G
CSqGSIb3DQEBCwUAA4IBAQB+mI4uK/t0XO5/PABcM7wJc4239tZWYBNNep/9/L5F
PtT1ktRqkThCXwkmAq7E4xY/NfTRbTiq0W7nYa7ooYF5j/0ZARlmSaTFi967mUaY
JHJKsvlx0TptGGwZ9gIjGqSSOzBCVbafyzfjD/bpEBuf4/SxwazApwqbwpCT+jc1
x3Yr3Zkv7zSraOJza4EXdvVhCJJ6rbe/Y0ho7g2Qzl0gunb8DtnmzVePBGAQJ/pB
vGipg3cSQY1/jz0uUq4e83TgpihNULHh9ijNGEPqUW9sq0H2Z6n3citPhoGKiZ3C
pm+5eJFZnElsm6IODKk6o0kI7ZBG5+LVf5gq7cZdW/yr
-----END CERTIFICATE-----