Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kRsqRlzG-LqWbXuSGLC9G6wzqnw.roa
File:                     kRsqRlzG-LqWbXuSGLC9G6wzqnw.roa (raw, json)
Hash identifier:          eo+4odVMelEnvAX1KeR9SBMVACJ9BVOcuxJwkRL/dNM=
Subject key identifier:   91:1B:2A:46:5C:C6:F8:BA:96:6D:7B:92:18:B0:BD:1B:AC:33:AA:7C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E2D3479FBC052787E2457B72A2F6B3900
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kRsqRlzG-LqWbXuSGLC9G6wzqnw.roa
Signing time:             Mon 11 Mar 2024 11:09:57 +0000
ROA not before:           Mon 11 Mar 2024 11:09:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        185.222.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:34:79:fb:c0:52:78:7e:24:57:b7:2a:2f:6b:39:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 11 11:09:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=911b2a465cc6f8ba966d7b9218b0bd1bac33aa7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f0:42:a3:cf:a0:cb:e6:be:bd:71:e4:f5:06:
                    bb:a8:b7:38:99:3a:43:78:e3:e8:31:e1:53:ea:e7:
                    ee:99:4f:da:3c:f5:32:09:76:b9:b4:d7:95:96:be:
                    c2:fe:1c:19:01:de:13:70:a9:73:2d:60:10:52:f8:
                    50:a8:1c:f3:19:fc:a9:45:21:04:63:ea:65:01:84:
                    47:86:96:5c:be:73:06:75:ab:34:35:00:46:a7:1f:
                    c3:4f:2d:7d:de:87:18:9c:7e:6b:f6:54:1f:8a:2c:
                    19:f9:1a:9d:c1:7b:03:3d:c4:6a:a4:81:3d:d2:e0:
                    e8:95:57:de:7e:3e:05:b7:0a:47:0b:7c:94:28:2d:
                    e8:6a:2c:71:9c:4e:c2:d1:d2:46:aa:c5:e8:a9:2b:
                    8b:0b:a2:e8:cf:6a:17:09:41:a1:47:03:6c:17:ed:
                    ee:b8:e5:3e:8d:87:82:64:a8:ab:c4:f7:75:89:84:
                    b1:e9:c5:f2:de:a1:0b:c9:9d:eb:eb:1f:7d:88:28:
                    4c:23:b5:07:28:ee:db:dc:49:31:62:78:11:e7:d2:
                    40:01:9d:ee:6c:71:f9:c1:e2:d4:7e:c2:dc:39:e7:
                    51:07:fe:46:ab:4f:00:af:e6:8e:b1:a0:73:6a:13:
                    42:04:e6:13:69:ca:1a:51:4f:cc:44:9c:38:2c:52:
                    1a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1B:2A:46:5C:C6:F8:BA:96:6D:7B:92:18:B0:BD:1B:AC:33:AA:7C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/kRsqRlzG-LqWbXuSGLC9G6wzqnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:04:60:ef:56:43:cd:43:ec:a8:3f:1a:52:bd:81:d9:4d:eb:
         fe:c7:94:30:33:52:25:d0:b9:e6:05:e3:b0:29:6f:92:1b:31:
         27:eb:db:a9:2b:bb:a1:31:66:9d:9c:8d:53:9f:87:0f:91:c1:
         69:83:87:23:9e:71:0d:97:5d:4b:96:5b:9f:25:be:a6:c4:da:
         35:6b:48:56:6f:3e:92:04:09:9e:4f:37:9a:7b:e8:8b:2f:6d:
         4c:bd:3f:e1:0f:f2:2d:bb:fe:07:09:64:be:b5:c0:c9:09:89:
         9b:ef:e0:68:40:c0:8d:dd:03:e7:77:49:3d:e2:c7:93:33:99:
         e8:eb:f5:61:00:ba:ed:a9:de:a8:80:97:88:a5:b6:95:1a:76:
         c6:5e:50:f2:e4:43:f3:4b:09:0d:65:b8:2f:a0:40:88:97:78:
         f1:7a:ac:76:4a:2b:a7:44:da:37:f7:78:f2:36:8d:50:c6:5b:
         e0:95:8c:fe:2b:bb:29:c6:40:a0:bb:f7:a8:b3:a1:1e:f4:82:
         aa:9c:b7:ff:08:a3:eb:8c:9e:3f:70:ba:14:2c:46:d4:2e:9e:
         54:0e:e1:99:e8:01:34:2c:d9:0b:3b:5d:f4:ea:8e:56:40:18:
         dd:b9:5d:11:a5:53:14:0f:5f:41:fe:aa:52:eb:55:3a:72:d1:
         fe:ef:2f:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tNHn7wFJ4fiRXtyovazkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzExMTEwOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFiMmE0NjVjYzZmOGJhOTY2ZDdiOTIxOGIwYmQxYmFjMzNhYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPBCo8+gy+a+vXHk9Qa7qLc4mTpD
eOPoMeFT6ufumU/aPPUyCXa5tNeVlr7C/hwZAd4TcKlzLWAQUvhQqBzzGfypRSEE
Y+plAYRHhpZcvnMGdas0NQBGpx/DTy193ocYnH5r9lQfiiwZ+RqdwXsDPcRqpIE9
0uDolVfefj4FtwpHC3yUKC3oaixxnE7C0dJGqsXoqSuLC6Loz2oXCUGhRwNsF+3u
uOU+jYeCZKirxPd1iYSx6cXy3qELyZ3r6x99iChMI7UHKO7b3EkxYngR59JAAZ3u
bHH5weLUfsLcOedRB/5Gq08Ar+aOsaBzahNCBOYTacoaUU/MRJw4LFIaLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEbKkZcxvi6lm17khiwvRusM6p8MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEva1JzcVJsekctTHFXYlh1U0dMQzlHNnd6cW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4cMA0G
CSqGSIb3DQEBCwUAA4IBAQAJBGDvVkPNQ+yoPxpSvYHZTev+x5QwM1Il0LnmBeOw
KW+SGzEn69upK7uhMWadnI1Tn4cPkcFpg4cjnnENl11LllufJb6mxNo1a0hWbz6S
BAmeTzeae+iLL21MvT/hD/Itu/4HCWS+tcDJCYmb7+BoQMCN3QPnd0k94seTM5no
6/VhALrtqd6ogJeIpbaVGnbGXlDy5EPzSwkNZbgvoECIl3jxeqx2SiunRNo393jy
No1QxlvglYz+K7spxkCgu/eos6Ee9IKqnLf/CKPrjJ4/cLoULEbULp5UDuGZ6AE0
LNkLO1306o5WQBjduV0RpVMUD19B/qpS61U6ctH+7y/U
-----END CERTIFICATE-----