Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/M22vKsZPO7CJxdiPqfm1-GS-n9U.roa
File:                     M22vKsZPO7CJxdiPqfm1-GS-n9U.roa (raw, json)
Hash identifier:          23vI7ErfuXh3UbiB9g6IUcf37oEWcpeAv/Fmb+d0wcc=
Subject key identifier:   33:6D:AF:2A:C6:4F:3B:B0:89:C5:D8:8F:A9:F9:B5:F8:64:BE:9F:D5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80283F888CDC5B3313928427F608007
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/M22vKsZPO7CJxdiPqfm1-GS-n9U.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63127
IP address blocks:        185.218.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:83:f8:88:cd:c5:b3:31:39:28:42:7f:60:80:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336daf2ac64f3bb089c5d88fa9f9b5f864be9fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:06:1c:ea:c1:cb:4f:52:52:c6:c1:8b:f6:47:
                    5c:16:a2:88:99:79:8e:5f:11:b1:60:1a:13:28:75:
                    28:49:44:45:e1:79:da:4a:aa:9a:af:d3:99:bd:06:
                    08:5f:0e:34:2b:a2:27:15:9c:b0:6c:00:31:bc:a7:
                    40:30:ad:6e:77:24:c1:30:41:fd:0f:33:e7:85:a3:
                    dc:3f:e2:34:2c:42:1f:d8:95:68:97:c3:aa:62:e1:
                    49:18:1b:1c:12:28:7a:70:f3:f8:de:49:03:31:69:
                    e1:c3:04:4a:61:3a:bf:6a:2b:91:09:62:c3:b7:27:
                    d8:9e:23:8f:42:81:64:1d:82:a3:82:62:c8:4e:3f:
                    2a:c3:b1:b7:31:a2:08:ea:46:50:e2:cf:fb:f5:65:
                    a3:d9:7d:22:dd:f6:2e:d1:64:1a:2b:a0:84:c5:ee:
                    8e:b9:e7:44:99:61:a7:e4:9d:90:c6:18:7d:bf:1a:
                    27:a2:a5:67:f2:32:b5:02:35:b6:b6:cf:1e:b3:93:
                    e5:4d:9e:15:da:6e:d3:1e:49:55:5c:04:13:8c:8e:
                    35:ac:2d:80:47:8a:7c:43:92:70:30:78:e8:3b:44:
                    d8:8b:db:7d:e9:da:9b:35:ec:90:73:0b:cc:40:48:
                    46:90:7c:42:35:17:f3:c8:24:81:1c:de:05:cd:0a:
                    cd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6D:AF:2A:C6:4F:3B:B0:89:C5:D8:8F:A9:F9:B5:F8:64:BE:9F:D5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/M22vKsZPO7CJxdiPqfm1-GS-n9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:f1:b5:85:77:bd:cf:60:64:7a:25:c1:05:b6:25:04:f5:11:
         82:10:18:8a:04:5c:1b:65:68:35:6c:a7:f4:ca:b9:df:c5:a1:
         6d:77:07:64:c6:bf:74:80:09:d5:62:6f:f3:ff:4b:2a:11:c3:
         8e:cc:fd:7a:8e:27:97:39:bc:e2:41:91:81:c2:42:d7:52:70:
         c1:24:22:2f:1b:ba:d0:8a:c2:0e:8b:3d:b4:01:5c:90:7b:67:
         15:f1:32:9c:87:85:7a:98:46:bc:54:cb:48:23:d8:60:2a:a4:
         a2:91:e2:4b:e9:76:dc:ec:bd:c0:27:a8:7c:57:9a:d6:a4:d9:
         72:2f:5d:57:5c:2b:3b:c5:d2:ce:4f:e3:23:27:5e:47:de:b6:
         20:1e:e2:84:19:0d:1a:c8:d4:94:d6:a7:f9:a6:63:54:ed:ec:
         9a:ea:ca:40:c7:eb:7c:d6:4c:cb:44:df:09:2a:02:a9:75:5e:
         65:d5:3a:ed:19:12:42:96:23:b9:cb:d2:8b:a4:2d:54:2d:2f:
         34:99:6d:7c:5f:7a:8b:a3:75:37:c9:8d:c2:ff:2d:4d:c9:56:
         f2:06:34:81:98:10:d0:be:fb:ef:1f:0d:94:79:2e:ff:15:19:
         b2:93:8e:88:27:0e:a9:c3:89:d4:fb:be:1c:a4:dc:d6:42:d9:
         a6:89:60:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoP4iM3FszE5KEJ/YIAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZkYWYyYWM2NGYzYmIwODljNWQ4OGZhOWY5YjVmODY0YmU5ZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigYc6sHLT1JSxsGL9kdcFqKImXmO
XxGxYBoTKHUoSURF4XnaSqqar9OZvQYIXw40K6InFZywbAAxvKdAMK1udyTBMEH9
DzPnhaPcP+I0LEIf2JVol8OqYuFJGBscEih6cPP43kkDMWnhwwRKYTq/aiuRCWLD
tyfYniOPQoFkHYKjgmLITj8qw7G3MaII6kZQ4s/79WWj2X0i3fYu0WQaK6CExe6O
uedEmWGn5J2Qxhh9vxonoqVn8jK1AjW2ts8es5PlTZ4V2m7THklVXAQTjI41rC2A
R4p8Q5JwMHjoO0TYi9t96dqbNeyQcwvMQEhGkHxCNRfzyCSBHN4FzQrNQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNtryrGTzuwicXYj6n5tfhkvp/VMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTTIydktzWlBPN0NKeGRpUHFmbTEtR1MtbjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudoXMA0G
CSqGSIb3DQEBCwUAA4IBAQBy8bWFd73PYGR6JcEFtiUE9RGCEBiKBFwbZWg1bKf0
yrnfxaFtdwdkxr90gAnVYm/z/0sqEcOOzP16jieXObziQZGBwkLXUnDBJCIvG7rQ
isIOiz20AVyQe2cV8TKch4V6mEa8VMtII9hgKqSikeJL6Xbc7L3AJ6h8V5rWpNly
L11XXCs7xdLOT+MjJ15H3rYgHuKEGQ0ayNSU1qf5pmNU7eya6spAx+t81kzLRN8J
KgKpdV5l1TrtGRJCliO5y9KLpC1ULS80mW18X3qLo3U3yY3C/y1NyVbyBjSBmBDQ
vvvvHw2UeS7/FRmyk46IJw6pw4nU+74cpNzWQtmmiWDC
-----END CERTIFICATE-----