Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KvfwQeZqor2V48WY5eFfnP00_pc.roa
File:                     KvfwQeZqor2V48WY5eFfnP00_pc.roa (raw, json)
Hash identifier:          zs3LDH1Uul5KupFAi0zg1jA7omZ7Q1YWxocgrYnnrUg=
Subject key identifier:   2A:F7:F0:41:E6:6A:A2:BD:95:E3:C5:98:E5:E1:5F:9C:FD:34:FE:97
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802832508FE2A9B9F923F8525ADBDDE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KvfwQeZqor2V48WY5eFfnP00_pc.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62816
IP address blocks:        185.227.146.0/24 maxlen: 24
                          185.108.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:83:25:08:fe:2a:9b:9f:92:3f:85:25:ad:bd:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2af7f041e66aa2bd95e3c598e5e15f9cfd34fe97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:14:66:86:61:3c:a7:c4:dd:87:40:a4:94:df:
                    f1:2e:12:38:5f:23:1d:08:37:9d:1d:14:87:3c:8c:
                    a6:41:c6:7b:30:81:c7:95:d3:01:f8:65:f9:87:f9:
                    e6:74:73:d5:c7:63:94:b8:b1:bc:df:06:5f:d9:bf:
                    19:cf:ca:f7:ef:db:4a:43:bb:5a:dd:65:6b:ba:46:
                    99:c4:73:ca:7c:99:1e:ab:97:cf:cf:21:7a:16:50:
                    cf:c0:27:fb:0c:0a:7d:86:f1:be:8a:56:24:35:77:
                    00:fc:c2:c4:4c:81:df:02:db:86:91:26:1f:b8:c0:
                    77:fe:24:75:a8:00:15:0e:cf:17:e4:07:a8:17:1d:
                    df:64:d1:71:b3:23:91:71:93:50:3c:14:2d:67:af:
                    c7:b3:b1:4f:60:be:32:f3:d3:5e:cb:66:c0:88:ab:
                    e7:02:bb:c9:f7:f4:e9:38:80:3a:9e:24:4d:e1:f7:
                    fb:ab:db:ec:b5:e7:ad:52:1e:21:ff:f3:05:64:26:
                    7d:52:ef:6a:a0:e4:f0:6d:88:0e:ed:b6:30:ed:e2:
                    0c:b4:82:f0:ff:7f:a1:bf:83:d5:43:cd:60:cc:40:
                    4c:0f:40:d3:ad:f4:93:8d:c9:1b:04:cf:17:01:76:
                    ca:d0:50:30:a1:d5:ed:45:d0:e4:98:d7:3b:70:e1:
                    10:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F7:F0:41:E6:6A:A2:BD:95:E3:C5:98:E5:E1:5F:9C:FD:34:FE:97
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KvfwQeZqor2V48WY5eFfnP00_pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.204.0/24
                  185.227.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:85:44:df:04:4a:c0:fb:7a:13:b8:b6:85:5c:b9:5e:01:71:
         fd:32:93:98:46:f6:50:3d:50:a2:f5:4d:17:25:d5:ac:e4:93:
         7f:75:a5:d9:aa:37:98:39:0c:c3:65:73:91:3c:0b:78:93:5e:
         c2:08:04:d5:75:f7:09:8c:02:17:21:7f:f9:e4:b6:ab:6a:68:
         a1:b3:5f:19:98:80:cf:cc:fa:6e:ed:f0:dc:57:22:d6:fe:a8:
         82:b7:3d:c7:6e:17:51:a5:1f:7b:83:00:b5:c1:a8:7e:56:b1:
         9a:c8:9d:fb:3c:5a:f3:5f:55:c9:9f:82:c5:0a:5d:06:99:3c:
         3e:a1:70:e9:21:08:86:a2:a5:6d:57:4b:4f:a9:47:40:99:55:
         6d:14:86:bc:5e:61:41:f4:89:1a:e5:54:10:de:a7:fb:d9:0f:
         52:fb:a8:10:c1:63:dd:9e:1a:cc:4b:e1:83:96:d2:0f:28:8b:
         d3:de:1f:b1:00:7a:e1:62:ed:04:28:14:70:e9:46:53:83:a3:
         08:46:86:49:be:c7:52:3e:29:fd:19:19:b5:1a:e3:00:c4:3c:
         cb:f6:ea:0d:c4:bb:e2:e5:2b:a1:c5:e2:f2:6e:6c:39:94:13:
         ef:40:69:78:9b:31:a5:b5:0b:c3:2b:9a:6e:f4:60:fc:58:24:
         10:12:6a:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAoMlCP4qm5+SP4Ulrb3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY3ZjA0MWU2NmFhMmJkOTVlM2M1OThlNWUxNWY5Y2ZkMzRmZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxRmhmE8p8Tdh0CklN/xLhI4XyMd
CDedHRSHPIymQcZ7MIHHldMB+GX5h/nmdHPVx2OUuLG83wZf2b8Zz8r379tKQ7ta
3WVrukaZxHPKfJkeq5fPzyF6FlDPwCf7DAp9hvG+ilYkNXcA/MLETIHfAtuGkSYf
uMB3/iR1qAAVDs8X5AeoFx3fZNFxsyORcZNQPBQtZ6/Hs7FPYL4y89Ney2bAiKvn
ArvJ9/TpOIA6niRN4ff7q9vsteetUh4h//MFZCZ9Uu9qoOTwbYgO7bYw7eIMtILw
/3+hv4PVQ81gzEBMD0DTrfSTjckbBM8XAXbK0FAwodXtRdDkmNc7cOEQgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCr38EHmaqK9lePFmOXhX5z9NP6XMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS3Zmd1FlWnFvcjJWNDhXWTVlRmZuUDAwX3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWzMAwQA
ueOSMA0GCSqGSIb3DQEBCwUAA4IBAQBxhUTfBErA+3oTuLaFXLleAXH9MpOYRvZQ
PVCi9U0XJdWs5JN/daXZqjeYOQzDZXORPAt4k17CCATVdfcJjAIXIX/55Laramih
s18ZmIDPzPpu7fDcVyLW/qiCtz3HbhdRpR97gwC1wah+VrGayJ37PFrzX1XJn4LF
Cl0GmTw+oXDpIQiGoqVtV0tPqUdAmVVtFIa8XmFB9Ika5VQQ3qf72Q9S+6gQwWPd
nhrMS+GDltIPKIvT3h+xAHrhYu0EKBRw6UZTg6MIRoZJvsdSPin9GRm1GuMAxDzL
9uoNxLvi5SuhxeLybmw5lBPvQGl4mzGltQvDK5pu9GD8WCQQEmpY
-----END CERTIFICATE-----