Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/aKfto2wjgPyoEmcUV6t493LvzUk.roa
File:                     aKfto2wjgPyoEmcUV6t493LvzUk.roa (raw, json)
Hash identifier:          /obZ/gO+6rPA2rf+Po8Q3SVeICTRveSNXQIFOXjsTb0=
Subject key identifier:   68:A7:ED:A3:6C:23:80:FC:A8:12:67:14:57:AB:78:F7:72:EF:CD:49
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       01936410E867164E7E21444BD0AE27234CED
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/aKfto2wjgPyoEmcUV6t493LvzUk.roa
Signing time:             Mon 25 Nov 2024 16:04:09 +0000
ROA not before:           Mon 25 Nov 2024 16:04:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        185.69.120.0/22 maxlen: 22
                          185.199.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:64:10:e8:67:16:4e:7e:21:44:4b:d0:ae:27:23:4c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Nov 25 16:04:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68a7eda36c2380fca812671457ab78f772efcd49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:62:66:32:2c:bb:c1:ce:1d:b2:15:b8:4c:fc:
                    b5:e3:0e:d4:0e:20:84:5a:ac:5f:67:fc:d1:e1:ce:
                    21:e5:dd:fd:da:32:88:5e:0a:43:28:cb:62:0c:89:
                    7a:04:53:ed:9a:72:4b:0c:64:55:df:84:71:49:be:
                    2d:cc:f8:bb:13:65:ed:00:8d:33:50:b2:67:f4:80:
                    a5:e2:03:b9:02:07:03:9e:0b:c9:72:01:81:1d:80:
                    fc:1c:8d:b7:87:e2:86:54:5d:ca:6e:cc:fe:45:74:
                    63:88:68:4a:3e:90:2e:2f:b4:2b:f7:7d:ea:f9:fb:
                    11:41:89:f7:d1:6e:3a:37:05:97:d1:6b:51:78:4f:
                    d0:07:2c:0c:95:96:29:ee:db:84:b4:a0:be:3b:f0:
                    9a:6b:78:9d:5e:72:d0:7c:a9:3b:53:40:2d:a0:a7:
                    6d:22:71:34:ee:2e:44:31:9e:ae:37:e9:c6:0b:94:
                    d9:77:13:77:7c:61:d7:cd:15:94:2b:f7:96:b6:f0:
                    23:74:20:08:be:85:fc:4f:97:8e:34:80:e3:82:cc:
                    cc:12:1d:b9:ce:ec:c2:65:29:35:48:c5:0b:c3:10:
                    7f:44:47:67:dc:24:a4:4f:36:4d:d1:68:a6:c7:3d:
                    5f:91:28:a8:66:b9:bd:17:58:36:67:e7:ba:2e:bd:
                    69:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A7:ED:A3:6C:23:80:FC:A8:12:67:14:57:AB:78:F7:72:EF:CD:49
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/aKfto2wjgPyoEmcUV6t493LvzUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.120.0/22
                  185.199.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c6:6e:48:29:9b:76:0c:36:cf:92:f8:33:e9:75:4c:25:35:a2:
         c0:7e:d1:54:54:70:d5:c2:a7:15:8a:65:3e:76:16:b7:81:1e:
         7c:6c:b5:5a:f1:f7:53:86:8f:0b:8e:0e:79:f4:99:ae:0a:25:
         57:6a:11:0a:31:8f:d1:c6:20:c2:64:35:16:a8:90:e4:14:dc:
         cf:06:6f:a4:f9:94:7a:b9:80:28:93:a9:a7:9e:ed:f0:a4:a5:
         a6:a0:3b:ea:1d:e7:3f:2f:ff:a9:59:34:d5:d3:68:da:20:fc:
         6b:69:d1:01:ca:0a:01:8d:8d:b7:1b:4c:4a:c6:91:5d:e7:7c:
         d5:79:5d:60:5a:4d:9d:a1:bb:27:da:e7:e5:12:e5:10:f5:5a:
         61:5d:ac:60:55:f4:d9:55:52:a7:f1:88:13:53:de:80:24:1e:
         c2:e8:a1:b6:54:7c:76:8c:ed:42:9d:e5:5a:bb:ed:4e:f6:bd:
         ea:b5:06:62:b2:7c:22:a2:43:8b:7d:9b:4e:e1:90:30:6e:d0:
         3f:49:04:93:e2:f1:db:71:0e:4d:d5:e3:1d:29:7d:06:74:a2:
         01:6f:6c:bc:bc:0e:6b:b7:d4:80:e6:eb:5a:1a:4f:37:52:23:
         e1:ba:38:3a:2e:15:ac:52:de:2d:d9:9c:d8:b5:28:6a:36:6e:
         c7:84:8d:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNkEOhnFk5+IURL0K4nI0ztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjQxMTI1MTYwNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGE3ZWRhMzZjMjM4MGZjYTgxMjY3MTQ1N2FiNzhmNzcyZWZjZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmJmMiy7wc4dshW4TPy14w7UDiCE
WqxfZ/zR4c4h5d392jKIXgpDKMtiDIl6BFPtmnJLDGRV34RxSb4tzPi7E2XtAI0z
ULJn9ICl4gO5AgcDngvJcgGBHYD8HI23h+KGVF3Kbsz+RXRjiGhKPpAuL7Qr933q
+fsRQYn30W46NwWX0WtReE/QBywMlZYp7tuEtKC+O/Caa3idXnLQfKk7U0AtoKdt
InE07i5EMZ6uN+nGC5TZdxN3fGHXzRWUK/eWtvAjdCAIvoX8T5eONIDjgszMEh25
zuzCZSk1SMULwxB/REdn3CSkTzZN0Wimxz1fkSioZrm9F1g2Z+e6Lr1pqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGin7aNsI4D8qBJnFFerePdy781JMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvYUtmdG8yd2pnUHlvRW1jVVY2dDQ5M0x2elVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuUV4AwQC
ucfEMA0GCSqGSIb3DQEBCwUAA4IBAQDGbkgpm3YMNs+S+DPpdUwlNaLAftFUVHDV
wqcVimU+dha3gR58bLVa8fdTho8Ljg559JmuCiVXahEKMY/RxiDCZDUWqJDkFNzP
Bm+k+ZR6uYAok6mnnu3wpKWmoDvqHec/L/+pWTTV02jaIPxradEBygoBjY23G0xK
xpFd53zVeV1gWk2dobsn2uflEuUQ9VphXaxgVfTZVVKn8YgTU96AJB7C6KG2VHx2
jO1CneVau+1O9r3qtQZisnwiokOLfZtO4ZAwbtA/SQST4vHbcQ5N1eMdKX0GdKIB
b2y8vA5rt9SA5utaGk83UiPhujg6LhWsUt4t2ZzYtShqNm7HhI15
-----END CERTIFICATE-----