Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e1_bUk_KB1HHMKU3OH0WdMpD18E.roa
File:                     e1_bUk_KB1HHMKU3OH0WdMpD18E.roa (raw, json)
Hash identifier:          UsjPc1wkpwPSsY/0mb/l0u9sZ2KNCxw8K2HMu+vHujw=
Subject key identifier:   7B:5F:DB:52:4F:CA:07:51:C7:30:A5:37:38:7D:16:74:CA:43:D7:C1
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01904EAFAE9A79958AD0E8F47A742C5919B7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e1_bUk_KB1HHMKU3OH0WdMpD18E.roa
Signing time:             Tue 25 Jun 2024 09:17:34 +0000
ROA not before:           Tue 25 Jun 2024 09:17:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216107
IP address blocks:        185.234.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 05:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:af:ae:9a:79:95:8a:d0:e8:f4:7a:74:2c:59:19:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 25 09:17:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b5fdb524fca0751c730a537387d1674ca43d7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9d:37:5b:77:ec:59:a0:f8:f9:74:26:ed:8b:
                    4f:0d:86:c2:8a:2e:e3:f9:38:bd:9e:3c:09:b2:ad:
                    f3:f4:2f:9a:d3:03:4c:41:b7:f6:9f:5e:ab:cb:ee:
                    37:38:55:b8:ae:02:9c:d3:9c:78:13:53:7e:e4:f5:
                    72:28:b3:a8:28:13:57:f8:20:e2:64:d7:d5:5c:7e:
                    58:cf:dd:07:0a:e1:e2:3a:13:bb:d1:7f:06:70:29:
                    f3:fa:81:c3:6b:d2:67:ea:a5:87:2d:86:e8:05:9f:
                    8b:53:8c:37:a8:f1:4f:98:e1:99:29:b8:dc:53:a4:
                    3c:dc:f0:44:c1:34:e3:a2:2d:a2:97:b7:99:68:de:
                    b6:56:4f:b3:0a:c5:e8:b1:ae:33:3c:79:96:4e:74:
                    f8:86:53:75:db:91:6c:46:f8:0a:c9:37:e1:d9:61:
                    ee:21:37:6e:b0:23:8a:48:ab:93:e8:8f:27:c5:cc:
                    1c:23:e6:9e:e4:80:87:e9:8f:7d:ec:be:b0:7b:19:
                    4a:02:9a:d9:d4:31:8a:64:91:3b:e2:fc:0e:40:5d:
                    e4:b6:3f:16:52:39:05:92:79:42:20:59:15:b0:fc:
                    fa:93:3c:6b:16:09:f3:78:2c:5a:e4:ef:c1:af:b2:
                    c5:fc:39:60:27:5d:af:eb:c0:70:5c:92:c7:ae:1e:
                    99:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:5F:DB:52:4F:CA:07:51:C7:30:A5:37:38:7D:16:74:CA:43:D7:C1
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e1_bUk_KB1HHMKU3OH0WdMpD18E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:68:64:8f:af:eb:0c:6d:e4:2e:18:8c:54:d2:c8:6a:4e:fe:
         5f:2b:37:f9:27:b9:b4:e5:0c:34:cd:f1:b7:cb:14:a5:a7:22:
         1a:2a:2e:b7:7c:21:aa:59:05:a1:1f:7b:dd:ad:83:26:99:79:
         9f:ce:93:e9:ed:3e:84:47:3e:b1:d3:4d:a3:50:cc:f3:99:1d:
         1d:90:2e:84:1e:31:b7:b8:8f:34:c8:d2:7d:c0:01:8f:d5:09:
         b9:96:43:26:e7:d4:71:6d:90:64:26:59:72:0f:7e:c7:f0:8e:
         0e:7a:03:0b:5a:d4:ca:82:16:48:4f:1f:56:c5:61:ad:4a:5a:
         77:1f:02:46:a2:89:f7:12:a8:25:d5:86:6e:c1:8d:a7:e3:83:
         e8:87:91:77:4b:8b:f3:a3:08:fe:de:7e:58:5e:11:06:fa:45:
         4b:e4:e2:98:a5:0c:df:27:17:63:c5:d3:c8:a7:27:14:97:de:
         99:7f:84:21:2f:c6:d3:e0:f1:6f:19:13:54:55:07:b5:68:25:
         af:d2:53:4b:1f:79:36:b8:9f:e9:0a:92:26:a2:e3:96:38:d7:
         1f:e8:ae:ce:b4:cb:9d:18:22:db:ae:66:9a:39:58:f7:a3:0f:
         17:43:41:02:68:ee:51:d8:e3:cc:90:3f:55:00:81:94:e9:b1:
         b1:cb:b3:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBOr66aeZWK0Oj0enQsWRm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNjI1MDkxNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjVmZGI1MjRmY2EwNzUxYzczMGE1MzczODdkMTY3NGNhNDNkN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJ03W3fsWaD4+XQm7YtPDYbCii7j
+Ti9njwJsq3z9C+a0wNMQbf2n16ry+43OFW4rgKc05x4E1N+5PVyKLOoKBNX+CDi
ZNfVXH5Yz90HCuHiOhO70X8GcCnz+oHDa9Jn6qWHLYboBZ+LU4w3qPFPmOGZKbjc
U6Q83PBEwTTjoi2il7eZaN62Vk+zCsXosa4zPHmWTnT4hlN125FsRvgKyTfh2WHu
ITdusCOKSKuT6I8nxcwcI+ae5ICH6Y997L6wexlKAprZ1DGKZJE74vwOQF3ktj8W
UjkFknlCIFkVsPz6kzxrFgnzeCxa5O/Br7LF/DlgJ12v68BwXJLHrh6ZxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtf21JPygdRxzClNzh9FnTKQ9fBMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZTFfYlVrX0tCMUhITUtVM09IMFdkTXBEMThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoUMA0G
CSqGSIb3DQEBCwUAA4IBAQBGaGSPr+sMbeQuGIxU0shqTv5fKzf5J7m05Qw0zfG3
yxSlpyIaKi63fCGqWQWhH3vdrYMmmXmfzpPp7T6ERz6x002jUMzzmR0dkC6EHjG3
uI80yNJ9wAGP1Qm5lkMm59RxbZBkJllyD37H8I4OegMLWtTKghZITx9WxWGtSlp3
HwJGoon3Eqgl1YZuwY2n44Poh5F3S4vzowj+3n5YXhEG+kVL5OKYpQzfJxdjxdPI
pycUl96Zf4QhL8bT4PFvGRNUVQe1aCWv0lNLH3k2uJ/pCpImouOWONcf6K7OtMud
GCLbrmaaOVj3ow8XQ0ECaO5R2OPMkD9VAIGU6bGxy7PM
-----END CERTIFICATE-----