Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uPK7mhRnIX9Taqo43STzuxV7bjk.roa
File:                     uPK7mhRnIX9Taqo43STzuxV7bjk.roa (raw, json)
Hash identifier:          IOF0rF4iUBhu+lHFl7uv7dVgFMqsk/LmtqJPt+rtpZI=
Subject key identifier:   B8:F2:BB:9A:14:67:21:7F:53:6A:AA:38:DD:24:F3:BB:15:7B:6E:39
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802A03850D16BEBE7B25FB120549128
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uPK7mhRnIX9Taqo43STzuxV7bjk.roa
Signing time:             Tue 02 Jan 2024 02:31:04 +0000
ROA not before:           Tue 02 Jan 2024 02:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400039
IP address blocks:        185.234.23.0/24 maxlen: 24
                          185.214.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:a0:38:50:d1:6b:eb:e7:b2:5f:b1:20:54:91:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8f2bb9a1467217f536aaa38dd24f3bb157b6e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:88:6a:d6:e4:0b:14:5d:fd:84:50:4f:58:8d:
                    6b:6e:76:b6:4e:22:2e:9c:d3:2e:1d:d9:bc:85:30:
                    bd:49:5a:8b:d8:0a:92:95:a7:cf:20:02:5f:97:a1:
                    3a:d4:54:9e:6c:c2:be:cf:5d:87:44:58:76:24:0f:
                    e1:09:cb:d2:15:92:5a:6c:e3:f1:fd:4a:e6:07:bb:
                    fe:be:a7:cf:64:ef:d9:13:4f:d0:5b:ef:92:de:1b:
                    54:48:2d:27:2b:62:4b:e1:7a:9b:36:74:80:37:2b:
                    54:b1:52:25:14:ed:65:87:68:d7:82:b9:4d:30:6d:
                    c5:08:f8:33:34:5c:d2:4e:3b:e1:d2:11:ae:73:83:
                    c4:ef:fd:40:e6:a6:d8:af:12:d4:bf:75:73:cb:b8:
                    02:82:ef:ab:ad:b4:a6:ef:9b:e9:6f:b4:c3:29:ec:
                    71:6f:70:cd:24:bb:2c:c0:5a:32:64:c4:9e:4b:0a:
                    1e:0e:e1:0d:64:f9:ab:cb:58:e9:5e:92:bf:f0:59:
                    02:73:ac:d9:82:d1:32:26:b5:e8:60:7f:a8:80:c1:
                    f1:74:08:91:9a:cc:51:d7:3b:c9:ab:ab:18:7f:1d:
                    00:72:d1:0b:0c:ba:9b:9a:a2:13:f4:2f:53:b7:79:
                    b9:9a:c3:69:dc:52:d1:7c:ea:41:81:f9:64:71:50:
                    05:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F2:BB:9A:14:67:21:7F:53:6A:AA:38:DD:24:F3:BB:15:7B:6E:39
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uPK7mhRnIX9Taqo43STzuxV7bjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.109.0/24
                  185.234.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:51:cd:0b:5f:93:9f:f0:ed:cd:a4:63:57:d1:7e:96:f6:a6:
         1f:1f:43:7e:bd:f0:ad:e0:25:de:55:f3:6c:2e:0c:43:62:a1:
         db:e8:f0:5a:fb:a1:23:cc:e6:6d:d9:ac:fb:e9:d2:ce:b4:38:
         b6:c1:4b:ea:24:5d:09:39:3e:b2:e3:b6:4f:28:b4:f8:ac:74:
         33:95:05:39:89:d1:21:a9:9b:87:ba:bc:6d:ac:a4:f4:ab:ee:
         84:2b:b3:56:c8:99:4c:b4:48:2c:18:9a:7c:15:76:45:0d:71:
         82:1b:1f:be:1a:a3:bf:47:5e:bb:39:c3:56:65:70:6f:56:e2:
         e0:40:64:08:25:31:64:e1:e6:f2:d2:b3:8d:a7:03:eb:c6:52:
         70:e5:fa:4f:91:59:d2:19:24:9c:5b:47:6b:9d:69:ad:94:20:
         19:b6:c9:b2:6a:10:89:be:4d:39:08:9a:01:21:92:7c:5c:69:
         61:0a:24:a5:a0:bb:7c:8b:9a:0e:c2:25:b5:25:03:12:11:02:
         bf:40:93:09:46:81:ae:82:e0:71:c4:24:58:1b:ca:c2:41:93:
         cc:3c:a5:b8:b4:a4:fd:29:b8:d8:ce:db:4a:5a:2f:e8:96:fd:
         f8:38:b6:bc:d6:8d:37:05:c1:64:be:2c:ae:c0:16:48:9f:86:
         a9:95:c5:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAqA4UNFr6+eyX7EgVJEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGYyYmI5YTE0NjcyMTdmNTM2YWFhMzhkZDI0ZjNiYjE1N2I2ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIhq1uQLFF39hFBPWI1rbna2TiIu
nNMuHdm8hTC9SVqL2AqSlafPIAJfl6E61FSebMK+z12HRFh2JA/hCcvSFZJabOPx
/UrmB7v+vqfPZO/ZE0/QW++S3htUSC0nK2JL4XqbNnSANytUsVIlFO1lh2jXgrlN
MG3FCPgzNFzSTjvh0hGuc4PE7/1A5qbYrxLUv3Vzy7gCgu+rrbSm75vpb7TDKexx
b3DNJLsswFoyZMSeSwoeDuENZPmry1jpXpK/8FkCc6zZgtEyJrXoYH+ogMHxdAiR
msxR1zvJq6sYfx0ActELDLqbmqIT9C9Tt3m5msNp3FLRfOpBgflkcVAFNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLjyu5oUZyF/U2qqON0k87sVe245MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdVBLN21oUm5JWDlUYXFvNDNTVHp1eFY3YmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudZtAwQA
ueoXMA0GCSqGSIb3DQEBCwUAA4IBAQB5Uc0LX5Of8O3NpGNX0X6W9qYfH0N+vfCt
4CXeVfNsLgxDYqHb6PBa+6EjzOZt2az76dLOtDi2wUvqJF0JOT6y47ZPKLT4rHQz
lQU5idEhqZuHurxtrKT0q+6EK7NWyJlMtEgsGJp8FXZFDXGCGx++GqO/R167OcNW
ZXBvVuLgQGQIJTFk4eby0rONpwPrxlJw5fpPkVnSGSScW0drnWmtlCAZtsmyahCJ
vk05CJoBIZJ8XGlhCiSloLt8i5oOwiW1JQMSEQK/QJMJRoGuguBxxCRYG8rCQZPM
PKW4tKT9KbjYzttKWi/olv34OLa81o03BcFkviyuwBZIn4aplcXQ
-----END CERTIFICATE-----