Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L7YWPqk5S-0l8m7bXIBdXsESd44.roa
File:                     L7YWPqk5S-0l8m7bXIBdXsESd44.roa (raw, json)
Hash identifier:          2+Za8xL5IDBydBlcfRM4HybVk7n4tNB7AbSY3b8GaVM=
Subject key identifier:   2F:B6:16:3E:A9:39:4B:ED:25:F2:6E:DB:5C:80:5D:5E:C1:12:77:8E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80284A16789CBEB51E8ADD076D6E3F0
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L7YWPqk5S-0l8m7bXIBdXsESd44.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138195
IP address blocks:        185.214.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:84:a1:67:89:cb:eb:51:e8:ad:d0:76:d6:e3:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fb6163ea9394bed25f26edb5c805d5ec112778e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:d3:b4:74:e2:60:f7:4a:d3:4a:83:9d:e8:
                    b2:93:e0:94:2b:39:c8:63:93:cd:3b:79:f7:f9:0a:
                    a3:06:28:e5:cb:f9:0a:ec:39:ab:92:fe:f8:5f:6e:
                    51:9e:55:b3:43:e9:7f:dc:58:e0:80:9b:89:b7:fc:
                    6b:5a:e5:56:53:b9:2f:bd:e4:7d:85:d6:75:a6:45:
                    0f:44:44:71:f2:63:ec:60:a9:6c:b8:fe:97:58:a8:
                    52:d0:88:83:19:19:9e:c6:df:02:d5:de:f7:3a:1d:
                    5b:04:4e:a0:bc:f7:e7:2f:cd:75:44:90:f2:a4:59:
                    64:ab:77:a4:13:b0:da:01:fc:39:6b:93:a9:ad:a1:
                    93:4d:f7:d7:8d:34:b1:e9:fd:b9:fd:3f:dc:67:c1:
                    27:36:b8:1d:3b:92:df:ac:ae:83:78:01:36:2f:84:
                    94:ff:f7:b1:74:c0:80:71:21:dc:55:bd:91:02:0f:
                    23:68:60:2e:50:4c:85:ae:94:dc:5d:3f:de:3f:67:
                    a1:e7:3c:9b:a8:78:19:f1:c5:53:02:f2:73:25:1c:
                    0e:69:20:c9:5a:55:b3:3f:63:23:4c:bc:c3:36:b2:
                    81:3c:89:36:be:b2:e7:96:50:bd:17:ec:ce:4d:72:
                    2e:c4:e5:ff:c5:2b:f2:0a:2b:9b:62:f7:51:63:97:
                    e2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B6:16:3E:A9:39:4B:ED:25:F2:6E:DB:5C:80:5D:5E:C1:12:77:8E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L7YWPqk5S-0l8m7bXIBdXsESd44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:dc:39:d2:23:f5:77:f4:fa:03:2d:1d:a8:76:9b:2c:89:b9:
         26:3c:3a:92:5c:49:9c:e1:41:58:84:08:53:cb:e8:57:7f:01:
         75:3b:76:70:64:ba:c3:73:89:c1:a9:16:25:37:d6:0e:fc:07:
         8d:ad:5f:32:ea:76:91:32:b7:e0:62:66:1b:95:46:53:b9:82:
         06:ff:0e:ec:68:d5:ee:05:b3:71:b5:b6:28:b0:bb:1a:5e:e9:
         23:12:6c:a7:c5:8d:2a:f2:a1:6a:97:bd:13:5f:1f:5b:16:90:
         e7:33:5f:2e:e6:87:ff:d8:26:c1:11:f4:14:46:e6:5b:7c:13:
         b9:8f:d1:92:b1:64:83:9e:35:67:d8:8d:bd:38:00:a5:e3:6c:
         52:16:33:dd:7c:c0:6e:44:c0:83:2a:61:34:48:2c:5f:c5:98:
         ca:93:af:81:ef:72:03:6a:a2:71:6a:bd:a6:5f:68:ad:ad:26:
         c4:f5:61:01:d6:1d:c3:b0:f6:55:df:f7:e9:36:cf:4c:1e:52:
         a9:e0:aa:23:7b:30:26:92:b1:ae:18:f7:3e:8d:95:09:96:a9:
         29:15:f1:78:e2:5c:dc:57:3a:87:5d:a2:a4:e4:a0:37:95:3b:
         53:44:05:2d:4b:51:8d:76:17:23:4f:07:7e:13:5a:99:33:15:
         8b:e3:c3:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoShZ4nL61HordB21uPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI2MTYzZWE5Mzk0YmVkMjVmMjZlZGI1YzgwNWQ1ZWMxMTI3NzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR/TtHTiYPdK00qDneiyk+CUKznI
Y5PNO3n3+QqjBijly/kK7Dmrkv74X25RnlWzQ+l/3FjggJuJt/xrWuVWU7kvveR9
hdZ1pkUPRERx8mPsYKlsuP6XWKhS0IiDGRmext8C1d73Oh1bBE6gvPfnL811RJDy
pFlkq3ekE7DaAfw5a5OpraGTTffXjTSx6f25/T/cZ8EnNrgdO5LfrK6DeAE2L4SU
//exdMCAcSHcVb2RAg8jaGAuUEyFrpTcXT/eP2eh5zybqHgZ8cVTAvJzJRwOaSDJ
WlWzP2MjTLzDNrKBPIk2vrLnllC9F+zOTXIuxOX/xSvyCiubYvdRY5fi0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+2Fj6pOUvtJfJu21yAXV7BEneOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTDdZV1BxazVTLTBsOG03YlhJQmRYc0VTZDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZnMA0G
CSqGSIb3DQEBCwUAA4IBAQCj3DnSI/V39PoDLR2odpssibkmPDqSXEmc4UFYhAhT
y+hXfwF1O3ZwZLrDc4nBqRYlN9YO/AeNrV8y6naRMrfgYmYblUZTuYIG/w7saNXu
BbNxtbYosLsaXukjEmynxY0q8qFql70TXx9bFpDnM18u5of/2CbBEfQURuZbfBO5
j9GSsWSDnjVn2I29OACl42xSFjPdfMBuRMCDKmE0SCxfxZjKk6+B73IDaqJxar2m
X2itrSbE9WEB1h3DsPZV3/fpNs9MHlKp4KojezAmkrGuGPc+jZUJlqkpFfF44lzc
VzqHXaKk5KA3lTtTRAUtS1GNdhcjTwd+E1qZMxWL48Md
-----END CERTIFICATE-----