Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/oSVglwEYDWWOX9YnGOBA4fEJkEY.roa
File:                     oSVglwEYDWWOX9YnGOBA4fEJkEY.roa (raw, json)
Hash identifier:          o/0BiG9pj++s5c1tsRjonIECbBzTLUP15eC9zH2i570=
Subject key identifier:   A1:25:60:97:01:18:0D:65:8E:5F:D6:27:18:E0:40:E1:F1:09:90:46
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80276684D76961141B68B93908C847E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/oSVglwEYDWWOX9YnGOBA4fEJkEY.roa
Signing time:             Tue 02 Jan 2024 02:30:53 +0000
ROA not before:           Tue 02 Jan 2024 02:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        185.220.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:76:68:4d:76:96:11:41:b6:8b:93:90:8c:84:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a125609701180d658e5fd62718e040e1f1099046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a5:83:73:3f:37:ae:e3:60:4d:db:0e:8e:60:
                    f4:2f:dc:d6:64:9a:6d:3f:49:fc:13:9c:c6:8a:98:
                    81:5f:65:9d:0f:01:41:f9:51:33:a7:cf:be:56:98:
                    a6:d1:51:15:d6:af:9d:b4:b3:1c:3c:13:b3:57:88:
                    2d:9a:6f:56:3b:b4:e0:4f:b6:5e:17:41:e6:34:5c:
                    a9:88:e2:b3:cd:4f:d2:0c:10:a8:84:71:0b:fc:c3:
                    01:f9:b9:a3:e7:b8:cd:d2:bf:d4:3e:ce:1a:e9:56:
                    2d:79:20:94:9a:33:0f:14:19:b3:7d:46:7f:be:be:
                    ea:47:9c:b6:8b:42:b1:a5:69:73:63:1f:5c:67:98:
                    ec:10:15:6f:a0:3c:30:14:08:7f:06:aa:d3:ff:c4:
                    25:57:95:03:bd:02:07:f3:3f:7f:4f:c2:76:dd:d3:
                    1a:b6:05:57:a0:71:a8:61:35:fe:b6:bb:5c:6b:0b:
                    89:5a:8a:8f:3b:b1:cd:f6:3c:ff:c8:56:64:ee:1a:
                    bf:b3:69:ec:a7:49:00:0f:65:73:5d:eb:90:71:51:
                    04:9a:e4:52:50:3e:62:d2:10:f6:b5:8e:66:4c:ab:
                    eb:6c:08:a0:fa:e8:6d:0f:27:67:e7:5a:7b:b6:b0:
                    98:aa:a7:41:d8:8c:d5:20:de:32:ca:f8:7a:48:0e:
                    b6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:25:60:97:01:18:0D:65:8E:5F:D6:27:18:E0:40:E1:F1:09:90:46
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/oSVglwEYDWWOX9YnGOBA4fEJkEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:70:ef:2a:a5:fe:49:3b:72:07:8f:d9:79:70:8c:fe:32:29:
         a9:40:06:68:62:52:22:c3:30:2e:b2:b5:1e:7b:e7:33:ed:2b:
         b3:98:25:9f:11:81:12:ae:83:ea:81:01:9b:33:e3:e8:61:7a:
         f8:2b:05:ce:f2:a4:e9:db:58:ab:d8:ca:4b:8b:7a:9e:98:c8:
         04:84:97:4d:25:16:88:d6:41:70:93:83:9f:ad:f7:ad:f7:3c:
         b4:10:6a:78:d8:b4:e2:fe:b9:9d:17:12:5a:4d:2d:43:ef:0d:
         a4:b4:41:cd:36:93:6b:10:f8:0e:4c:96:32:10:6d:cf:6a:c6:
         fe:d1:1e:ed:3a:26:95:3c:67:fd:54:10:20:2a:6b:0f:4e:a4:
         73:2b:c3:af:e5:2a:67:0e:3c:65:90:d7:9e:68:5d:28:5e:d1:
         7a:5f:bf:9e:34:d6:a7:70:75:f0:99:97:6a:05:a2:71:98:e0:
         26:ec:2f:58:f6:5a:6a:34:64:bb:2c:fe:e7:d9:6f:89:a9:02:
         ba:f0:ea:db:94:81:09:20:d3:9a:0f:f2:ef:67:b2:44:e2:af:
         77:00:2d:14:2a:df:77:5f:a5:36:48:e7:d1:4c:2d:22:1f:69:
         ae:f2:b7:05:7d:92:ad:ba:f3:0b:f7:9f:44:43:2b:22:70:4c:
         01:d6:ab:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnZoTXaWEUG2i5OQjIR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTI1NjA5NzAxMTgwZDY1OGU1ZmQ2MjcxOGUwNDBlMWYxMDk5MDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KWDcz83ruNgTdsOjmD0L9zWZJpt
P0n8E5zGipiBX2WdDwFB+VEzp8++Vpim0VEV1q+dtLMcPBOzV4gtmm9WO7TgT7Ze
F0HmNFypiOKzzU/SDBCohHEL/MMB+bmj57jN0r/UPs4a6VYteSCUmjMPFBmzfUZ/
vr7qR5y2i0KxpWlzYx9cZ5jsEBVvoDwwFAh/BqrT/8QlV5UDvQIH8z9/T8J23dMa
tgVXoHGoYTX+trtcawuJWoqPO7HN9jz/yFZk7hq/s2nsp0kAD2VzXeuQcVEEmuRS
UD5i0hD2tY5mTKvrbAig+uhtDydn51p7trCYqqdB2IzVIN4yyvh6SA62vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKElYJcBGA1ljl/WJxjgQOHxCZBGMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvb1NWZ2x3RVlEV1dPWDlZbkdPQkE0ZkVKa0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz6MA0G
CSqGSIb3DQEBCwUAA4IBAQC5cO8qpf5JO3IHj9l5cIz+MimpQAZoYlIiwzAusrUe
e+cz7SuzmCWfEYESroPqgQGbM+PoYXr4KwXO8qTp21ir2MpLi3qemMgEhJdNJRaI
1kFwk4Ofrfet9zy0EGp42LTi/rmdFxJaTS1D7w2ktEHNNpNrEPgOTJYyEG3Pasb+
0R7tOiaVPGf9VBAgKmsPTqRzK8Ov5SpnDjxlkNeeaF0oXtF6X7+eNNancHXwmZdq
BaJxmOAm7C9Y9lpqNGS7LP7n2W+JqQK68OrblIEJINOaD/LvZ7JE4q93AC0UKt93
X6U2SOfRTC0iH2mu8rcFfZKtuvML959EQysicEwB1qts
-----END CERTIFICATE-----