Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wj1YNV990QWNn_1ORHEr-6yDDyQ.roa
File:                     wj1YNV990QWNn_1ORHEr-6yDDyQ.roa (raw, json)
Hash identifier:          hNgpMm2e/Psu0avPsHRvC8MK8W8vPDwJpbosb4kuUVQ=
Subject key identifier:   C2:3D:58:35:5F:7D:D1:05:8D:9F:FD:4E:44:71:2B:FB:AC:83:0F:24
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E8028DE6BBC09B680A2B650CB9CC14D1F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wj1YNV990QWNn_1ORHEr-6yDDyQ.roa
Signing time:             Wed 27 Mar 2024 13:45:45 +0000
ROA not before:           Wed 27 Mar 2024 13:45:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269070
IP address blocks:        185.225.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:28:de:6b:bc:09:b6:80:a2:b6:50:cb:9c:c1:4d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 27 13:45:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c23d58355f7dd1058d9ffd4e44712bfbac830f24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e0:98:36:a5:af:8e:2d:27:a0:00:63:62:68:
                    ba:98:c0:68:24:68:6a:1d:77:77:2b:4b:63:de:dc:
                    3d:27:c9:be:4f:b4:e9:cf:d7:a5:e6:83:87:41:d1:
                    e6:f3:7b:0a:4d:1c:82:6a:20:0a:85:5d:77:1d:62:
                    b2:e3:6a:66:59:44:66:10:5b:64:1e:84:61:3b:16:
                    36:46:3c:0a:02:39:72:0f:2c:8b:70:75:8d:5e:00:
                    89:ce:02:d3:05:f7:a7:31:8f:cc:d4:26:46:92:e3:
                    cf:5b:3a:1c:d0:8f:87:f5:6e:e0:5b:f6:6e:c1:08:
                    d9:8a:3f:09:34:af:20:fd:3c:df:ce:b9:45:49:b9:
                    ef:9f:69:21:e4:2b:74:20:54:fc:9e:d8:68:3f:78:
                    c6:fd:04:dc:90:66:d8:42:c8:3e:41:49:b0:bc:cb:
                    9c:6b:b6:8a:c9:c0:11:49:3c:98:e2:3a:a5:5d:9f:
                    d5:2a:f2:9e:63:a7:53:03:85:05:64:22:0d:06:a9:
                    6b:4d:68:ad:23:ad:e6:4c:ed:a2:62:20:a7:69:f9:
                    de:c0:a8:05:66:9c:52:1b:22:1e:af:c0:7c:65:62:
                    41:1a:91:f1:08:ef:f0:a4:43:8a:f5:a8:77:97:6f:
                    c6:c4:88:b5:01:74:5a:40:e0:c9:cd:fb:27:ca:e5:
                    de:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3D:58:35:5F:7D:D1:05:8D:9F:FD:4E:44:71:2B:FB:AC:83:0F:24
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wj1YNV990QWNn_1ORHEr-6yDDyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d1:ea:03:cb:be:eb:65:88:e7:30:d3:96:b8:7c:6a:97:b2:
         a6:23:56:e4:b1:00:e4:c1:3e:67:f5:f5:42:ca:6c:80:30:35:
         27:fd:04:3a:0e:59:d1:2c:39:c6:e9:05:a5:b9:91:12:a9:d1:
         05:a7:42:b8:37:0a:68:95:ff:9a:56:69:b2:19:ad:f9:db:4f:
         0a:1a:b9:d4:71:f1:df:d1:0a:36:51:a1:52:e1:ee:4d:ff:5b:
         b6:c6:b0:8b:f9:7e:2f:0a:e2:db:22:6f:46:cd:6d:ee:e1:d7:
         8e:38:99:8a:87:6c:5d:f3:53:fc:a4:e8:e0:be:01:de:65:dc:
         54:bb:59:a4:cb:a4:47:ed:0e:4f:5c:00:58:fa:94:92:97:12:
         11:8b:d6:5a:1d:a2:ee:41:7e:e2:31:ec:b0:c2:67:4f:ed:fa:
         07:aa:c9:4e:40:1b:3c:e6:9b:6a:ac:15:ef:f1:d0:83:9d:f1:
         b9:39:5b:79:65:63:72:27:4a:22:ec:56:08:43:36:0f:7b:3e:
         79:54:77:13:6e:7f:3d:44:73:6e:71:3f:97:f3:bd:fd:05:21:
         39:88:40:36:d0:c9:03:91:3e:bf:d9:c5:e0:7a:9d:58:d4:e9:
         62:7a:73:6a:cf:fa:f9:e5:5b:4d:93:76:24:4d:8d:63:23:2e:
         7b:8a:3a:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6AKN5rvAm2gKK2UMucwU0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzI3MTM0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjNkNTgzNTVmN2RkMTA1OGQ5ZmZkNGU0NDcxMmJmYmFjODMwZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuCYNqWvji0noABjYmi6mMBoJGhq
HXd3K0tj3tw9J8m+T7Tpz9el5oOHQdHm83sKTRyCaiAKhV13HWKy42pmWURmEFtk
HoRhOxY2RjwKAjlyDyyLcHWNXgCJzgLTBfenMY/M1CZGkuPPWzoc0I+H9W7gW/Zu
wQjZij8JNK8g/TzfzrlFSbnvn2kh5Ct0IFT8nthoP3jG/QTckGbYQsg+QUmwvMuc
a7aKycARSTyY4jqlXZ/VKvKeY6dTA4UFZCINBqlrTWitI63mTO2iYiCnafnewKgF
ZpxSGyIer8B8ZWJBGpHxCO/wpEOK9ah3l2/GxIi1AXRaQODJzfsnyuXeLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMI9WDVffdEFjZ/9TkRxK/usgw8kMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvd2oxWU5WOTkwUVdObl8xT1JIRXItNnlERHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueEWMA0G
CSqGSIb3DQEBCwUAA4IBAQBi0eoDy77rZYjnMNOWuHxql7KmI1bksQDkwT5n9fVC
ymyAMDUn/QQ6DlnRLDnG6QWluZESqdEFp0K4Nwpolf+aVmmyGa35208KGrnUcfHf
0Qo2UaFS4e5N/1u2xrCL+X4vCuLbIm9GzW3u4deOOJmKh2xd81P8pOjgvgHeZdxU
u1mky6RH7Q5PXABY+pSSlxIRi9ZaHaLuQX7iMeywwmdP7foHqslOQBs85ptqrBXv
8dCDnfG5OVt5ZWNyJ0oi7FYIQzYPez55VHcTbn89RHNucT+X8739BSE5iEA20MkD
kT6/2cXgep1Y1OlienNqz/r55VtNk3YkTY1jIy57ijqK
-----END CERTIFICATE-----