Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zc7bMuXbNpvxZfjX9Co6uf1Knkk.roa
File:                     zc7bMuXbNpvxZfjX9Co6uf1Knkk.roa (raw, json)
Hash identifier:          ws06eLeTeeJAHPK7uICnbX0gT4B1pFYv5QSzfEjhaM0=
Subject key identifier:   CD:CE:DB:32:E5:DB:36:9B:F1:65:F8:D7:F4:2A:3A:B9:FD:4A:9E:49
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8026F0668F8244A5DC51FBE42F4FE59
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zc7bMuXbNpvxZfjX9Co6uf1Knkk.roa
Signing time:             Tue 02 Jan 2024 02:30:51 +0000
ROA not before:           Tue 02 Jan 2024 02:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        185.218.22.0/24 maxlen: 24
                          185.194.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:6f:06:68:f8:24:4a:5d:c5:1f:be:42:f4:fe:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdcedb32e5db369bf165f8d7f42a3ab9fd4a9e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:97:cf:77:31:e7:9f:24:62:7e:1f:bd:b4:96:
                    be:e4:4c:de:bf:ed:50:20:ce:c2:99:b0:35:09:53:
                    f8:44:76:33:50:d8:c2:50:21:8e:50:aa:39:11:e4:
                    ed:d5:9a:de:6a:a6:44:b6:58:c5:26:6c:7f:00:85:
                    cc:66:5d:31:a8:59:54:e6:9c:20:2f:7f:47:a8:91:
                    82:7d:b3:2a:e1:84:7d:87:a2:93:6b:8a:90:01:1f:
                    90:b5:1c:25:6e:9b:bb:1c:43:14:00:3a:84:d5:c6:
                    66:ce:ca:1f:60:10:86:14:53:68:50:76:64:7b:c7:
                    33:f5:21:08:01:72:d1:2c:c4:a9:27:a3:6f:e6:28:
                    69:d2:27:03:f7:69:65:1c:56:cc:72:51:f9:3c:d6:
                    da:02:f7:26:ef:c7:51:7e:38:39:50:5f:8b:47:6c:
                    89:37:a7:0a:0a:dc:47:f8:fd:e2:65:f8:14:96:1e:
                    4d:bd:22:40:75:f2:85:e1:8c:4f:26:92:ef:24:05:
                    b7:87:f5:3c:79:90:84:04:6c:35:d9:d8:05:43:40:
                    fb:ba:d8:25:0a:75:b4:b2:6f:c7:94:c8:8b:f7:d1:
                    39:16:4e:7d:b7:8c:4b:98:e0:80:d7:1c:fc:f1:18:
                    2c:d0:28:4d:56:7b:24:9f:30:9b:59:ef:f2:82:5c:
                    e1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CE:DB:32:E5:DB:36:9B:F1:65:F8:D7:F4:2A:3A:B9:FD:4A:9E:49
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zc7bMuXbNpvxZfjX9Co6uf1Knkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.179.0/24
                  185.218.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:66:2d:ac:a4:b4:51:52:f0:6c:2b:e6:f4:9c:a7:97:0d:26:
         e2:6d:c6:b2:5e:4c:83:50:cc:8b:8f:fd:5d:23:17:4d:f5:85:
         6f:84:c4:47:62:57:75:4e:dc:85:d8:7b:b5:d1:75:28:d4:09:
         a3:f5:23:91:de:af:27:d7:e9:cb:04:69:c6:62:5b:62:9a:e0:
         87:8d:1f:7a:ce:52:27:02:54:cf:f7:05:d8:d2:d9:70:25:33:
         6e:7d:94:cc:4f:8a:91:35:aa:4e:54:19:90:d2:a9:e6:4a:5b:
         30:01:07:77:b5:1d:b8:8c:44:75:7b:b9:8d:86:69:17:5c:43:
         30:01:6a:a1:53:a3:77:10:77:2d:a7:c2:19:b7:62:1f:2a:16:
         46:20:a4:e0:fa:48:b5:75:ff:fd:3e:91:15:7d:04:0d:c3:bf:
         a4:f1:1b:08:dd:ba:b4:03:66:a4:b8:74:d1:35:be:d0:75:81:
         ec:7f:e7:a4:76:b2:e8:24:c0:fc:46:0f:6c:0c:56:01:70:a5:
         70:19:81:35:1f:76:58:72:d3:58:f8:71:b0:4b:bd:55:91:10:
         e1:ec:e0:de:66:e4:77:43:2e:e8:50:01:9f:35:7d:f8:f7:c7:
         cb:76:13:88:36:1a:db:c4:b1:64:95:90:b1:ef:13:80:fb:44:
         d4:49:6e:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAm8GaPgkSl3FH75C9P5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGNlZGIzMmU1ZGIzNjliZjE2NWY4ZDdmNDJhM2FiOWZkNGE5ZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5fPdzHnnyRifh+9tJa+5Ezev+1Q
IM7CmbA1CVP4RHYzUNjCUCGOUKo5EeTt1ZreaqZEtljFJmx/AIXMZl0xqFlU5pwg
L39HqJGCfbMq4YR9h6KTa4qQAR+QtRwlbpu7HEMUADqE1cZmzsofYBCGFFNoUHZk
e8cz9SEIAXLRLMSpJ6Nv5ihp0icD92llHFbMclH5PNbaAvcm78dRfjg5UF+LR2yJ
N6cKCtxH+P3iZfgUlh5NvSJAdfKF4YxPJpLvJAW3h/U8eZCEBGw12dgFQ0D7utgl
CnW0sm/HlMiL99E5Fk59t4xLmOCA1xz88Rgs0ChNVnsknzCbWe/yglzhkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM3O2zLl2zab8WX41/QqOrn9Sp5JMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvemM3Yk11WGJOcHZ4WmZqWDlDbzZ1ZjFLbmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucKzAwQA
udoWMA0GCSqGSIb3DQEBCwUAA4IBAQBqZi2spLRRUvBsK+b0nKeXDSbibcayXkyD
UMyLj/1dIxdN9YVvhMRHYld1TtyF2Hu10XUo1Amj9SOR3q8n1+nLBGnGYltimuCH
jR96zlInAlTP9wXY0tlwJTNufZTMT4qRNapOVBmQ0qnmSlswAQd3tR24jER1e7mN
hmkXXEMwAWqhU6N3EHctp8IZt2IfKhZGIKTg+ki1df/9PpEVfQQNw7+k8RsI3bq0
A2akuHTRNb7QdYHsf+ekdrLoJMD8Rg9sDFYBcKVwGYE1H3ZYctNY+HGwS71VkRDh
7ODeZuR3Qy7oUAGfNX3498fLdhOINhrbxLFklZCx7xOA+0TUSW5z
-----END CERTIFICATE-----