Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LPTpYXrch2K25_606EfKfWOVwvw.roa
File:                     LPTpYXrch2K25_606EfKfWOVwvw.roa (raw, json)
Hash identifier:          KZ7NoCJ3IPYmX9BZ0hMHrpsCBrWFbKlkuTTtHC6Ri54=
Subject key identifier:   2C:F4:E9:61:7A:DC:87:62:B6:E7:FE:B4:E8:47:CA:7D:63:95:C2:FC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029767C47264E9CDF605BDFB08D82F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LPTpYXrch2K25_606EfKfWOVwvw.roa
Signing time:             Tue 02 Jan 2024 02:31:02 +0000
ROA not before:           Tue 02 Jan 2024 02:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        185.221.22.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 15:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:97:67:c4:72:64:e9:cd:f6:05:bd:fb:08:d8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cf4e9617adc8762b6e7feb4e847ca7d6395c2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bc:67:14:a0:36:ae:7c:ff:8e:6e:44:38:73:
                    b3:d7:f0:ad:96:11:6d:3f:be:de:d4:07:7a:ff:cc:
                    a4:86:be:81:51:4c:48:3c:ed:d3:d7:1b:60:ba:93:
                    86:a9:f1:ff:33:ce:bc:fa:b9:dd:1a:dd:c1:54:60:
                    7b:03:e8:e4:02:92:b8:1c:30:18:88:e2:ad:c2:e3:
                    98:5e:5f:f1:a7:4a:ca:bf:a6:bf:b4:3b:59:20:ba:
                    95:6c:24:8c:a1:2c:75:cb:36:92:ff:c4:a1:e0:50:
                    88:fe:84:35:98:1d:46:6b:88:eb:23:ca:e1:f4:5a:
                    59:4b:72:14:6f:09:29:03:f1:29:17:a8:67:78:49:
                    93:ff:34:17:f4:3b:27:17:ab:03:06:76:a6:e7:5d:
                    52:e9:37:12:51:ad:25:29:18:2d:81:fa:48:d4:21:
                    f0:be:65:9a:df:19:0b:9c:b7:08:c3:1b:25:50:e1:
                    91:2c:a5:41:9b:e2:4b:6c:c0:61:4a:18:e9:e4:2c:
                    7f:fc:b9:cf:0e:d5:9e:3d:0e:54:01:e3:ab:2c:20:
                    24:b2:26:f8:69:2f:56:49:b2:64:7e:61:a8:82:64:
                    b6:64:0f:85:c8:c7:4b:ba:29:c9:2f:03:02:fd:a8:
                    59:7e:1c:96:7e:52:2b:ec:4f:4b:ca:0f:55:15:fd:
                    a6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F4:E9:61:7A:DC:87:62:B6:E7:FE:B4:E8:47:CA:7D:63:95:C2:FC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LPTpYXrch2K25_606EfKfWOVwvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:13:21:70:fc:18:86:ae:69:ed:35:0a:64:dc:a9:d9:70:5b:
         7d:b5:2a:40:ee:cc:72:bd:ff:41:0c:9a:5c:f4:05:21:92:42:
         63:2e:7b:83:1a:95:71:f0:cf:73:3c:35:61:ef:78:1b:9b:d4:
         64:d2:42:24:9c:4a:e0:97:57:2c:25:ea:7a:57:a9:d4:98:49:
         e4:cc:fd:4e:de:6d:bd:2d:70:0d:b7:7c:69:eb:fb:c7:22:a6:
         44:1b:5b:b3:ae:3e:39:da:9d:64:a4:44:2b:81:dd:be:71:22:
         0d:b2:46:a4:c6:49:53:01:d8:27:ca:48:6c:6f:d0:f9:b9:0e:
         a1:cb:b7:74:a4:4d:c2:63:9b:65:fd:88:ac:b2:ab:cf:f9:ac:
         eb:ec:a4:a2:a8:dd:bb:4d:8e:21:e1:93:36:3c:fa:da:6c:71:
         ba:f7:70:05:8c:9f:34:ba:72:69:8c:ad:03:0e:0f:d8:3b:0d:
         13:e8:a6:d4:51:62:00:10:e6:6d:63:c6:74:3c:14:1c:5d:34:
         c9:06:d4:02:e1:04:80:d8:8b:ea:48:b3:da:80:ff:54:22:59:
         1a:12:d8:e5:3d:e0:d8:15:eb:68:ab:99:49:2b:10:a9:b2:c6:
         5c:5a:8f:13:66:6f:2a:c4:1d:b0:60:30:1a:3c:69:d7:fe:53:
         cd:6b:65:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApdnxHJk6c32Bb37CNgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Y0ZTk2MTdhZGM4NzYyYjZlN2ZlYjRlODQ3Y2E3ZDYzOTVjMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrxnFKA2rnz/jm5EOHOz1/CtlhFt
P77e1Ad6/8ykhr6BUUxIPO3T1xtgupOGqfH/M868+rndGt3BVGB7A+jkApK4HDAY
iOKtwuOYXl/xp0rKv6a/tDtZILqVbCSMoSx1yzaS/8Sh4FCI/oQ1mB1Ga4jrI8rh
9FpZS3IUbwkpA/EpF6hneEmT/zQX9DsnF6sDBnam511S6TcSUa0lKRgtgfpI1CHw
vmWa3xkLnLcIwxslUOGRLKVBm+JLbMBhShjp5Cx//LnPDtWePQ5UAeOrLCAksib4
aS9WSbJkfmGogmS2ZA+FyMdLuinJLwMC/ahZfhyWflIr7E9Lyg9VFf2mCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCz06WF63Idituf+tOhHyn1jlcL8MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTFBUcFlYcmNoMksyNV82MDZFZktmV09Wd3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBud0WMA0G
CSqGSIb3DQEBCwUAA4IBAQAMEyFw/BiGrmntNQpk3KnZcFt9tSpA7sxyvf9BDJpc
9AUhkkJjLnuDGpVx8M9zPDVh73gbm9Rk0kIknErgl1csJep6V6nUmEnkzP1O3m29
LXANt3xp6/vHIqZEG1uzrj452p1kpEQrgd2+cSINskakxklTAdgnykhsb9D5uQ6h
y7d0pE3CY5tl/YissqvP+azr7KSiqN27TY4h4ZM2PPrabHG693AFjJ80unJpjK0D
Dg/YOw0T6KbUUWIAEOZtY8Z0PBQcXTTJBtQC4QSA2IvqSLPagP9UIlkaEtjlPeDY
Fetoq5lJKxCpssZcWo8TZm8qxB2wYDAaPGnX/lPNa2Ug
-----END CERTIFICATE-----