Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lrZuae4coaG5aw0nzvZ1RbhbsXg.roa
File:                     lrZuae4coaG5aw0nzvZ1RbhbsXg.roa (raw, json)
Hash identifier:          6/Od4vpcb98Rp+TjC7y9mZhYyhXy9QADXiTzX9M2Tso=
Subject key identifier:   96:B6:6E:69:EE:1C:A1:A1:B9:6B:0D:27:CE:F6:75:45:B8:5B:B1:78
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029A28B3A1EB74B9B4A5B087B57504
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lrZuae4coaG5aw0nzvZ1RbhbsXg.roa
Signing time:             Tue 02 Jan 2024 02:31:02 +0000
ROA not before:           Tue 02 Jan 2024 02:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213006
IP address blocks:        185.214.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9a:28:b3:a1:eb:74:b9:b4:a5:b0:87:b5:75:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96b66e69ee1ca1a1b96b0d27cef67545b85bb178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:42:aa:c9:a4:3f:8c:73:93:6f:a9:60:f3:7d:
                    42:45:9d:39:44:f9:44:83:cb:b8:ab:e9:46:f9:60:
                    b9:1f:d2:14:34:df:fd:90:63:0c:33:4f:54:f3:ad:
                    66:70:12:bf:3a:6d:4e:d4:52:a4:d9:e2:ba:f7:ab:
                    7b:89:39:bc:49:4f:86:3a:20:cf:4c:75:1a:1e:a3:
                    75:ef:fb:93:ab:9c:6a:6c:86:cc:a2:8a:4d:d3:72:
                    1b:e9:74:31:6c:dc:9e:a3:63:5b:4f:1b:59:85:8e:
                    47:d1:64:71:3e:5b:71:be:d8:26:72:6b:97:2f:ff:
                    db:15:a3:b9:0a:d4:19:bd:61:59:2c:2f:27:a6:6f:
                    27:dc:59:4f:44:d2:d6:e2:b9:4b:c0:e4:a9:6a:9a:
                    b1:26:c9:f2:10:d6:9b:a0:76:cf:69:45:b2:08:fa:
                    89:3e:3e:74:11:48:be:22:8c:76:d1:dc:af:7f:03:
                    73:d4:7b:73:50:97:a9:00:c9:e5:bc:08:7e:25:03:
                    47:75:06:11:ff:61:04:a5:ab:8d:da:f0:18:6a:bd:
                    e8:44:96:13:b8:40:36:0b:f6:ca:18:f4:ea:f6:55:
                    f8:a7:b7:97:49:f3:2a:88:54:ad:50:8c:ae:16:61:
                    42:33:0e:39:41:dd:2e:50:f6:11:96:01:f7:36:c5:
                    14:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B6:6E:69:EE:1C:A1:A1:B9:6B:0D:27:CE:F6:75:45:B8:5B:B1:78
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lrZuae4coaG5aw0nzvZ1RbhbsXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f6:b4:e9:69:c3:eb:c6:6d:a8:5a:95:5f:bc:47:a2:36:09:
         00:6c:3f:f2:84:e1:30:2d:20:8f:29:d0:b8:a8:eb:46:4d:57:
         7e:0c:97:85:7e:e6:7f:cf:37:7f:e2:6d:f2:83:60:9d:45:2e:
         b3:d5:15:03:59:7b:bd:bd:2d:f0:35:bb:46:a1:5c:ad:53:fd:
         b3:d6:56:e0:ff:f4:ea:ad:48:15:f6:89:c9:a8:b1:a8:71:f1:
         0b:54:41:d3:fb:23:87:f3:34:b8:32:2d:4a:1a:e1:1c:00:2b:
         37:3e:9c:5b:fa:c2:0e:7f:ee:3c:4f:7e:6b:54:cf:42:ee:ef:
         f3:37:68:ce:da:3e:81:ef:8a:f8:26:1b:6e:c7:3d:38:09:ff:
         5f:cf:55:10:c9:06:8c:2f:02:a7:32:34:ec:10:27:a5:00:2a:
         a9:e4:86:12:d3:c9:2b:5f:a8:71:13:be:2f:ac:0c:ba:af:f5:
         cc:83:18:33:87:c0:29:97:fe:14:2d:aa:c7:ef:08:fa:ea:9a:
         f2:1e:bd:f9:3b:2d:18:2d:41:73:34:af:7a:9e:e4:e3:25:d0:
         e6:71:44:d1:52:42:1c:fc:08:48:66:d9:33:b4:35:73:2a:0a:
         ef:01:b3:18:dc:d1:4d:3d:9d:ce:3a:97:01:a8:95:d5:90:16:
         78:c9:37:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApoos6HrdLm0pbCHtXUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmI2NmU2OWVlMWNhMWExYjk2YjBkMjdjZWY2NzU0NWI4NWJiMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkKqyaQ/jHOTb6lg831CRZ05RPlE
g8u4q+lG+WC5H9IUNN/9kGMMM09U861mcBK/Om1O1FKk2eK696t7iTm8SU+GOiDP
THUaHqN17/uTq5xqbIbMoopN03Ib6XQxbNyeo2NbTxtZhY5H0WRxPltxvtgmcmuX
L//bFaO5CtQZvWFZLC8npm8n3FlPRNLW4rlLwOSpapqxJsnyENaboHbPaUWyCPqJ
Pj50EUi+Iox20dyvfwNz1HtzUJepAMnlvAh+JQNHdQYR/2EEpauN2vAYar3oRJYT
uEA2C/bKGPTq9lX4p7eXSfMqiFStUIyuFmFCMw45Qd0uUPYRlgH3NsUUxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa2bmnuHKGhuWsNJ872dUW4W7F4MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbHJadWFlNGNvYUc1YXcwbnp2WjFSYmhic1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZUMA0G
CSqGSIb3DQEBCwUAA4IBAQA+9rTpacPrxm2oWpVfvEeiNgkAbD/yhOEwLSCPKdC4
qOtGTVd+DJeFfuZ/zzd/4m3yg2CdRS6z1RUDWXu9vS3wNbtGoVytU/2z1lbg//Tq
rUgV9onJqLGocfELVEHT+yOH8zS4Mi1KGuEcACs3Ppxb+sIOf+48T35rVM9C7u/z
N2jO2j6B74r4Jhtuxz04Cf9fz1UQyQaMLwKnMjTsECelACqp5IYS08krX6hxE74v
rAy6r/XMgxgzh8Apl/4ULarH7wj66pryHr35Oy0YLUFzNK96nuTjJdDmcUTRUkIc
/AhIZtkztDVzKgrvAbMY3NFNPZ3OOpcBqJXVkBZ4yTea
-----END CERTIFICATE-----