Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ropPx5mIO3hcJ3-oFWpfFOYi2Us.roa
File:                     ropPx5mIO3hcJ3-oFWpfFOYi2Us.roa (raw, json)
Hash identifier:          EUF0H1y01yF599WLntHGQweO7xV5SHMqjfIs8iTYx0M=
Subject key identifier:   AE:8A:4F:C7:99:88:3B:78:5C:27:7F:A8:15:6A:5F:14:E6:22:D9:4B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8027C885CA3CA2873D1623F556B3EC7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ropPx5mIO3hcJ3-oFWpfFOYi2Us.roa
Signing time:             Tue 02 Jan 2024 02:30:55 +0000
ROA not before:           Tue 02 Jan 2024 02:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48296
IP address blocks:        185.226.106.0/24 maxlen: 24
                          185.228.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:7c:88:5c:a3:ca:28:73:d1:62:3f:55:6b:3e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae8a4fc799883b785c277fa8156a5f14e622d94b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e4:f9:4e:84:7b:61:c9:73:c4:4a:04:8f:ba:
                    20:15:21:4b:52:b1:79:fa:7c:95:fd:56:dd:b6:86:
                    62:09:15:21:5d:c6:72:07:bc:65:0b:23:1d:12:b1:
                    cb:a1:dc:60:86:52:8c:c3:f7:96:58:b0:27:03:aa:
                    7a:a4:24:91:b6:33:7d:23:10:08:aa:cb:de:51:d2:
                    90:d8:19:ba:34:a7:53:88:8e:0d:b0:23:a3:4e:eb:
                    3e:c1:d1:94:74:24:83:c8:b4:77:c2:cb:f0:e2:bf:
                    ec:07:10:ab:8e:3a:b9:4a:7a:1b:7e:a4:b9:81:ee:
                    10:58:83:0c:7b:b5:6a:f4:bc:37:86:39:39:ee:fc:
                    b4:a5:d9:c8:3c:b8:cf:b0:5b:99:79:42:79:e0:12:
                    55:82:16:fe:79:c5:9f:da:dd:2c:c8:67:84:91:a4:
                    72:8c:99:b0:b8:16:13:05:20:1f:0d:4f:d9:e1:23:
                    a1:f4:97:24:1a:02:5a:a0:46:82:26:cf:7b:c3:08:
                    14:8d:5d:16:48:b5:71:63:41:65:d6:6e:0c:c8:f1:
                    98:2e:69:5d:37:a3:09:f0:cc:68:5e:47:0b:45:0f:
                    34:3a:53:9d:db:a3:80:b6:61:ee:f6:32:32:b1:12:
                    0a:fd:34:22:e3:ef:d7:3b:96:4d:76:9a:e0:e5:e1:
                    e4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8A:4F:C7:99:88:3B:78:5C:27:7F:A8:15:6A:5F:14:E6:22:D9:4B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ropPx5mIO3hcJ3-oFWpfFOYi2Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.106.0/24
                  185.228.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f1:4d:44:36:f7:d2:f9:59:09:2b:93:c3:5a:d2:ce:7c:60:
         29:5b:fc:63:be:a5:42:ab:64:cd:1f:5c:86:41:67:ec:a9:6a:
         fb:bd:b4:92:d7:7e:01:18:1a:09:a9:aa:c6:d7:ce:5f:92:82:
         55:ce:13:49:26:cc:3c:5a:d0:cc:ea:1a:9c:94:52:bb:72:d3:
         6d:52:9f:75:50:6a:75:a1:04:dd:ff:b6:c2:11:66:e6:c3:af:
         5d:20:ac:4e:21:d8:a7:a8:e3:2c:42:03:07:6b:65:c2:ca:6e:
         62:68:a7:37:e2:7d:ee:b0:ca:11:5b:20:e4:bd:02:d1:4c:c5:
         fb:5a:3f:ff:dc:52:05:ec:85:33:63:70:94:93:61:7f:a4:6c:
         59:2a:d5:06:1c:88:05:66:e0:1d:3b:a3:f2:d3:f1:b5:22:70:
         02:4e:58:14:9d:c0:ae:85:5d:08:d5:d7:6b:6f:af:f6:94:bd:
         95:e6:85:6e:1c:8d:5e:38:0c:0b:bf:f1:35:a3:5e:9a:76:c0:
         45:f7:05:99:34:9d:64:8a:ec:0f:d7:c5:75:c0:0a:69:2f:cc:
         2c:ed:b0:a3:0a:0f:88:28:53:9f:35:f0:21:34:b9:4c:d4:8e:
         4e:98:84:f6:46:d8:f4:9e:42:ea:df:f4:9e:b8:eb:b3:b2:1f:
         50:bc:9d:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAnyIXKPKKHPRYj9Vaz7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThhNGZjNzk5ODgzYjc4NWMyNzdmYTgxNTZhNWYxNGU2MjJkOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+T5ToR7YclzxEoEj7ogFSFLUrF5
+nyV/VbdtoZiCRUhXcZyB7xlCyMdErHLodxghlKMw/eWWLAnA6p6pCSRtjN9IxAI
qsveUdKQ2Bm6NKdTiI4NsCOjTus+wdGUdCSDyLR3wsvw4r/sBxCrjjq5SnobfqS5
ge4QWIMMe7Vq9Lw3hjk57vy0pdnIPLjPsFuZeUJ54BJVghb+ecWf2t0syGeEkaRy
jJmwuBYTBSAfDU/Z4SOh9JckGgJaoEaCJs97wwgUjV0WSLVxY0Fl1m4MyPGYLmld
N6MJ8MxoXkcLRQ80OlOd26OAtmHu9jIysRIK/TQi4+/XO5ZNdprg5eHkXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK6KT8eZiDt4XCd/qBVqXxTmItlLMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcm9wUHg1bUlPM2hjSjMtb0ZXcGZGT1lpMlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueJqAwQA
ueRKMA0GCSqGSIb3DQEBCwUAA4IBAQBN8U1ENvfS+VkJK5PDWtLOfGApW/xjvqVC
q2TNH1yGQWfsqWr7vbSS134BGBoJqarG185fkoJVzhNJJsw8WtDM6hqclFK7ctNt
Up91UGp1oQTd/7bCEWbmw69dIKxOIdinqOMsQgMHa2XCym5iaKc34n3usMoRWyDk
vQLRTMX7Wj//3FIF7IUzY3CUk2F/pGxZKtUGHIgFZuAdO6Py0/G1InACTlgUncCu
hV0I1ddrb6/2lL2V5oVuHI1eOAwLv/E1o16adsBF9wWZNJ1kiuwP18V1wAppL8ws
7bCjCg+IKFOfNfAhNLlM1I5OmIT2Rtj0nkLq3/SeuOuzsh9QvJ3T
-----END CERTIFICATE-----