Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l0jAXJpjVqBKQEWvxjAvVIF1oV8.roa
File:                     l0jAXJpjVqBKQEWvxjAvVIF1oV8.roa (raw, json)
Hash identifier:          tt3e4NEryro0Hv6x55fDhB7RgqkqfrB98FYaGkiti3E=
Subject key identifier:   97:48:C0:5C:9A:63:56:A0:4A:40:45:AF:C6:30:2F:54:81:75:A1:5F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029EE40E0EA175C197B5765E8DA873
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l0jAXJpjVqBKQEWvxjAvVIF1oV8.roa
Signing time:             Tue 02 Jan 2024 02:31:04 +0000
ROA not before:           Tue 02 Jan 2024 02:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396998
IP address blocks:        185.251.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9e:e4:0e:0e:a1:75:c1:97:b5:76:5e:8d:a8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9748c05c9a6356a04a4045afc6302f548175a15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9c:53:f3:61:77:da:85:13:13:e5:aa:db:ad:
                    4f:0b:00:76:92:88:48:10:f8:ec:2d:1d:c9:70:01:
                    9d:b9:4f:0b:09:4e:d6:b0:b9:cb:eb:71:ed:cc:b6:
                    0a:fc:2a:d8:6a:b7:e2:93:f7:ad:36:c5:79:aa:b3:
                    7b:f1:de:b9:b7:3c:96:b2:40:0c:c7:ac:ff:22:f1:
                    f4:18:96:64:5f:74:3a:64:ef:83:dc:e7:88:57:8c:
                    36:bd:71:46:ee:59:d8:eb:8a:1f:64:df:58:9a:bb:
                    e9:ab:04:0b:ce:61:2b:ab:bb:55:fe:52:fc:8b:06:
                    0c:93:88:d0:be:d4:c8:29:08:6a:22:f6:9a:76:88:
                    cc:1b:3b:4c:c6:7b:5c:df:58:a9:7b:8c:3a:2f:81:
                    27:b8:c3:7d:42:f4:d9:cc:f3:be:63:b9:c4:27:45:
                    c9:27:c4:2b:35:7b:d8:db:0e:4e:e9:7a:d4:db:60:
                    c6:34:94:e9:92:5d:89:05:fa:f1:19:be:f0:ef:64:
                    30:57:b0:27:41:44:cc:2f:89:3c:d4:95:4f:7a:6b:
                    7a:a1:3f:1c:40:4d:e0:58:94:45:a6:a9:ed:65:8b:
                    b2:4a:f7:15:ec:ed:c6:29:00:98:ed:ed:e7:2c:39:
                    a2:04:4f:82:7f:a1:67:00:52:49:2b:8a:94:78:9d:
                    73:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:48:C0:5C:9A:63:56:A0:4A:40:45:AF:C6:30:2F:54:81:75:A1:5F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l0jAXJpjVqBKQEWvxjAvVIF1oV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:5e:2e:12:17:30:87:bc:8a:d9:bf:01:3b:61:c3:a1:69:ba:
         13:32:a3:83:7c:86:91:85:1c:ce:7a:93:5b:24:8e:b1:ca:c4:
         a5:90:3a:2f:66:70:05:03:86:2a:4b:ef:71:c0:b8:69:5a:21:
         2c:7e:66:25:9b:38:05:7d:04:c9:a3:21:92:ee:d0:2b:01:72:
         1d:c0:14:05:8f:8c:06:5d:f0:2a:45:92:cf:2d:26:3e:5e:62:
         d2:d6:33:ec:aa:9a:2b:db:7b:9c:03:ef:b2:64:93:3e:38:3a:
         fe:a9:04:c3:0f:b9:6a:9a:3a:ea:c7:37:30:5b:24:a9:2c:21:
         dd:23:ad:00:a2:bd:81:c7:c9:4b:51:c3:7d:be:ac:7d:e7:b1:
         ac:5b:9e:09:cc:76:8a:d7:bf:75:76:94:70:aa:c0:86:8d:50:
         30:29:1e:a3:3d:df:80:5d:cb:7b:a7:88:3b:d8:de:d1:d6:59:
         26:b6:d1:2e:29:d2:39:3c:43:93:d7:68:13:fe:b8:11:27:8f:
         84:d9:ec:65:67:3e:92:3f:a1:c2:40:77:6c:0b:24:b0:8d:ce:
         f5:9b:d7:90:74:16:3b:57:ba:9c:3a:d1:63:9d:cc:32:ad:88:
         87:d9:8b:b3:6e:c5:c6:63:b5:5e:d6:6f:62:b1:fe:97:3b:64:
         59:dd:8e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAp7kDg6hdcGXtXZejahzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQ4YzA1YzlhNjM1NmEwNGE0MDQ1YWZjNjMwMmY1NDgxNzVhMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpxT82F32oUTE+Wq261PCwB2kohI
EPjsLR3JcAGduU8LCU7WsLnL63HtzLYK/CrYarfik/etNsV5qrN78d65tzyWskAM
x6z/IvH0GJZkX3Q6ZO+D3OeIV4w2vXFG7lnY64ofZN9YmrvpqwQLzmErq7tV/lL8
iwYMk4jQvtTIKQhqIvaadojMGztMxntc31ipe4w6L4EnuMN9QvTZzPO+Y7nEJ0XJ
J8QrNXvY2w5O6XrU22DGNJTpkl2JBfrxGb7w72QwV7AnQUTML4k81JVPemt6oT8c
QE3gWJRFpqntZYuySvcV7O3GKQCY7e3nLDmiBE+Cf6FnAFJJK4qUeJ1zgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdIwFyaY1agSkBFr8YwL1SBdaFfMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbDBqQVhKcGpWcUJLUUVXdnhqQXZWSUYxb1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufvkMA0G
CSqGSIb3DQEBCwUAA4IBAQCFXi4SFzCHvIrZvwE7YcOhaboTMqODfIaRhRzOepNb
JI6xysSlkDovZnAFA4YqS+9xwLhpWiEsfmYlmzgFfQTJoyGS7tArAXIdwBQFj4wG
XfAqRZLPLSY+XmLS1jPsqpor23ucA++yZJM+ODr+qQTDD7lqmjrqxzcwWySpLCHd
I60Aor2Bx8lLUcN9vqx957GsW54JzHaK1791dpRwqsCGjVAwKR6jPd+AXct7p4g7
2N7R1lkmttEuKdI5PEOT12gT/rgRJ4+E2exlZz6SP6HCQHdsCySwjc71m9eQdBY7
V7qcOtFjncwyrYiH2YuzbsXGY7Ve1m9isf6XO2RZ3Y6G
-----END CERTIFICATE-----