Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lvq9AK4iFoMJifshZefxP8Wwuwo.roa
File:                     Lvq9AK4iFoMJifshZefxP8Wwuwo.roa (raw, json)
Hash identifier:          AV1frYMfxOqJTqRqudz4yguwFRjvDrmYgv5UaAhBHWQ=
Subject key identifier:   2E:FA:BD:00:AE:22:16:83:09:89:FB:21:65:E7:F1:3F:C5:B0:BB:0A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80286AE6556F729173876B4C3D537DD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lvq9AK4iFoMJifshZefxP8Wwuwo.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198193
IP address blocks:        185.246.58.0/23 maxlen: 23
                          185.246.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:86:ae:65:56:f7:29:17:38:76:b4:c3:d5:37:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2efabd00ae2216830989fb2165e7f13fc5b0bb0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:88:12:cb:f4:f8:47:64:6b:a7:8c:3d:e2:ab:
                    1f:40:61:46:f6:a3:ae:79:10:05:13:86:a7:f5:e9:
                    75:9a:bd:64:6e:aa:95:36:13:ab:4b:47:38:68:7f:
                    f3:98:d5:66:0e:8c:db:81:41:e9:84:9a:2e:61:1f:
                    f4:7c:87:03:e2:53:90:15:c0:32:a6:23:15:be:6b:
                    b3:23:6d:40:41:39:3f:78:bb:e9:25:66:30:20:8c:
                    68:f4:a0:e9:33:d3:98:fc:7f:33:e7:1b:fd:61:fc:
                    50:6f:fc:3e:53:0a:68:f1:4a:bf:89:58:82:ea:60:
                    1b:68:1f:c9:2f:9f:e5:9d:ee:f7:ae:d8:bf:df:80:
                    24:e2:81:ea:f2:db:2d:05:a2:b8:01:07:4d:b9:2e:
                    4a:ad:b9:f3:bd:b1:83:8e:ae:7b:d5:dd:da:46:85:
                    c9:1f:0c:f1:e0:29:4b:6a:a0:f1:e1:d8:af:48:ed:
                    b8:a3:ca:6d:d2:33:6e:58:7b:f1:dd:84:91:f5:65:
                    e8:a3:2b:99:a5:47:ae:f9:19:c5:2b:c2:c4:8f:04:
                    1e:77:7d:16:0d:99:7e:81:99:40:ea:d4:2f:ae:72:
                    2d:ac:c0:38:13:c6:a6:cf:f4:cc:30:9a:e9:60:78:
                    a9:8a:42:83:c8:ec:cb:e5:e9:69:b2:40:06:9b:1c:
                    a2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:FA:BD:00:AE:22:16:83:09:89:FB:21:65:E7:F1:3F:C5:B0:BB:0A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lvq9AK4iFoMJifshZefxP8Wwuwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:9a:04:29:4c:4b:15:3b:3f:e5:9d:6b:e4:13:14:9f:d7:63:
         16:e3:dc:11:01:7d:7d:02:61:20:6e:ec:bd:d1:3f:1d:81:0a:
         3f:68:83:11:50:84:31:03:8c:da:5d:28:06:63:d9:55:2a:ba:
         d9:5c:9a:9f:48:04:27:fe:9a:d9:f9:c0:99:71:f1:f2:69:54:
         1c:da:24:8f:e2:90:c8:b6:38:ad:69:d9:f3:e7:59:37:4a:06:
         62:6c:37:96:a6:45:39:c3:1a:36:43:e3:57:6e:97:36:ba:e8:
         c8:db:3f:5e:89:43:68:84:57:2e:ec:a1:44:d2:12:98:78:2b:
         7e:92:bb:9c:b5:61:ab:c1:8a:48:b6:af:17:b6:28:3c:c2:54:
         d4:87:9d:62:05:60:dd:30:ed:ff:82:19:0c:c9:e7:48:ca:a5:
         ce:52:f3:dd:42:3e:cc:ab:0f:b5:1a:f6:18:0a:da:2a:28:26:
         a1:fc:9b:80:6d:8b:d2:51:f0:af:f9:b2:f0:a1:18:35:6a:39:
         42:74:84:f9:d9:29:c4:86:56:55:46:56:45:9b:9f:95:43:17:
         fe:e1:12:b1:d2:dd:13:d1:b0:f6:15:c1:b5:77:59:40:37:c1:
         28:d2:f1:02:99:07:10:74:c3:d9:ce:5d:a2:35:02:64:a8:01:
         3b:98:54:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoauZVb3KRc4drTD1TfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWZhYmQwMGFlMjIxNjgzMDk4OWZiMjE2NWU3ZjEzZmM1YjBiYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4gSy/T4R2Rrp4w94qsfQGFG9qOu
eRAFE4an9el1mr1kbqqVNhOrS0c4aH/zmNVmDozbgUHphJouYR/0fIcD4lOQFcAy
piMVvmuzI21AQTk/eLvpJWYwIIxo9KDpM9OY/H8z5xv9YfxQb/w+Uwpo8Uq/iViC
6mAbaB/JL5/lne73rti/34Ak4oHq8tstBaK4AQdNuS5KrbnzvbGDjq571d3aRoXJ
Hwzx4ClLaqDx4divSO24o8pt0jNuWHvx3YSR9WXooyuZpUeu+RnFK8LEjwQed30W
DZl+gZlA6tQvrnItrMA4E8amz/TMMJrpYHipikKDyOzL5elpskAGmxyi2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC76vQCuIhaDCYn7IWXn8T/FsLsKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTHZxOUFLNGlGb01KaWZzaFplZnhQOFd3dXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufY4MA0G
CSqGSIb3DQEBCwUAA4IBAQCQmgQpTEsVOz/lnWvkExSf12MW49wRAX19AmEgbuy9
0T8dgQo/aIMRUIQxA4zaXSgGY9lVKrrZXJqfSAQn/prZ+cCZcfHyaVQc2iSP4pDI
tjitadnz51k3SgZibDeWpkU5wxo2Q+NXbpc2uujI2z9eiUNohFcu7KFE0hKYeCt+
kructWGrwYpItq8Xtig8wlTUh51iBWDdMO3/ghkMyedIyqXOUvPdQj7Mqw+1GvYY
CtoqKCah/JuAbYvSUfCv+bLwoRg1ajlCdIT52SnEhlZVRlZFm5+VQxf+4RKx0t0T
0bD2FcG1d1lAN8Eo0vECmQcQdMPZzl2iNQJkqAE7mFSp
-----END CERTIFICATE-----