Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/EtD9tjnxvG1ujRuElYTC-TVQ9gY.roa
File:                     EtD9tjnxvG1ujRuElYTC-TVQ9gY.roa (raw, json)
Hash identifier:          99dyRMFTAOm5RowurxvxiWu5uZvv3KYkPF+YQU2buug=
Subject key identifier:   12:D0:FD:B6:39:F1:BC:6D:6E:8D:1B:84:95:84:C2:F9:35:50:F6:06
Certificate issuer:       /CN=b586a8643633e9874111a8bcf3518a0905f28609
Certificate serial:       018CCA2B730FE88EBE03DEF287E9B97C53AA
Authority key identifier: B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/EtD9tjnxvG1ujRuElYTC-TVQ9gY.roa
Signing time:             Tue 02 Jan 2024 12:34:54 +0000
ROA not before:           Tue 02 Jan 2024 12:34:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210175
IP address blocks:        185.160.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:73:0f:e8:8e:be:03:de:f2:87:e9:b9:7c:53:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b586a8643633e9874111a8bcf3518a0905f28609
        Validity
            Not Before: Jan  2 12:34:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12d0fdb639f1bc6d6e8d1b849584c2f93550f606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:0c:03:25:99:78:a3:f9:15:75:0e:ab:95:a0:
                    cb:ce:1b:68:49:14:fb:16:ac:69:20:35:ae:54:49:
                    a5:e4:26:0e:e8:29:84:d2:1c:b4:e7:06:76:93:9f:
                    49:36:05:e2:a2:81:1e:8c:62:c4:67:ee:29:c1:85:
                    55:9b:6c:64:8d:55:94:cc:93:90:eb:30:51:94:40:
                    53:53:17:67:43:05:cc:7c:a9:5c:d9:be:41:ed:ce:
                    75:e2:2c:97:c3:01:30:01:f6:6e:25:e6:8f:eb:1c:
                    cc:e5:39:a6:5e:e6:9c:92:4b:97:ce:42:f6:a8:0b:
                    89:b4:9b:3b:4a:ea:0a:fc:69:d5:16:df:df:a6:82:
                    c5:a8:6a:ae:40:b6:d4:52:21:1f:23:e1:3a:e8:02:
                    b6:c7:1d:af:53:56:b6:0f:8f:24:a4:b8:4e:77:54:
                    ba:14:55:54:a2:e7:3c:e8:1a:d4:c8:ad:30:de:ec:
                    60:e7:3f:3b:6e:4d:4b:22:41:81:5b:28:f9:33:09:
                    db:6f:5e:b1:0d:8a:e6:97:5b:3d:6a:32:59:91:06:
                    6c:fd:1a:f5:4b:8a:90:76:ed:6f:76:52:5d:a0:be:
                    97:9a:af:76:74:93:14:56:c6:6b:b1:1a:22:66:7d:
                    36:80:d4:47:ba:98:58:b4:b1:6d:89:44:da:a4:4a:
                    91:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:D0:FD:B6:39:F1:BC:6D:6E:8D:1B:84:95:84:C2:F9:35:50:F6:06
            X509v3 Authority Key Identifier:
                keyid:B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/EtD9tjnxvG1ujRuElYTC-TVQ9gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:23:10:b5:ef:97:e2:d3:2b:2a:02:2d:18:fa:4f:e7:a4:7c:
         af:39:a3:76:f6:63:bc:06:0a:5e:40:34:8d:f1:65:d8:8e:42:
         24:2b:6e:3c:a7:c7:cd:95:6a:38:e7:ac:4c:92:0c:34:15:cd:
         26:02:46:17:d2:86:e0:7e:e1:14:6c:6c:a2:bc:d7:e4:7d:e3:
         16:03:5d:be:7e:ae:d5:8f:36:78:6d:dd:1e:56:a2:28:ef:f9:
         a0:db:72:e9:5a:0f:55:89:2a:98:2e:11:8f:ad:a6:d0:9f:5d:
         dc:29:b7:e4:a4:9d:1b:40:f4:3e:47:21:93:ac:23:d6:e1:e5:
         32:90:e6:58:b4:8d:3a:26:d5:35:31:af:83:23:a7:9e:4c:38:
         7d:9f:a2:43:5f:73:c6:21:e2:e5:11:0d:31:e7:32:d9:09:75:
         88:b4:64:e1:1d:0f:96:cc:4f:aa:2e:ac:f5:45:f0:fe:29:47:
         0f:3e:9f:d8:46:e8:3a:90:05:bc:8a:42:c2:05:62:e3:05:da:
         56:ec:3f:bb:79:40:32:f5:a5:62:d1:4c:ad:5a:1d:2f:24:3f:
         b8:b5:c0:b3:7c:b6:06:80:f8:cf:c0:cf:dd:b6:d2:97:b6:71:
         c5:8d:d9:a3:f2:14:6f:97:c7:b9:a1:13:28:56:a6:0a:6c:b1:
         59:c1:93:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3MP6I6+A97yh+m5fFOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODZhODY0MzYzM2U5ODc0MTExYThiY2YzNTE4YTA5MDVm
Mjg2MDkwHhcNMjQwMTAyMTIzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmQwZmRiNjM5ZjFiYzZkNmU4ZDFiODQ5NTg0YzJmOTM1NTBmNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAwDJZl4o/kVdQ6rlaDLzhtoSRT7
FqxpIDWuVEml5CYO6CmE0hy05wZ2k59JNgXiooEejGLEZ+4pwYVVm2xkjVWUzJOQ
6zBRlEBTUxdnQwXMfKlc2b5B7c514iyXwwEwAfZuJeaP6xzM5TmmXuackkuXzkL2
qAuJtJs7SuoK/GnVFt/fpoLFqGquQLbUUiEfI+E66AK2xx2vU1a2D48kpLhOd1S6
FFVUouc86BrUyK0w3uxg5z87bk1LIkGBWyj5Mwnbb16xDYrml1s9ajJZkQZs/Rr1
S4qQdu1vdlJdoL6Xmq92dJMUVsZrsRoiZn02gNRHuphYtLFtiUTapEqRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLQ/bY58bxtbo0bhJWEwvk1UPYGMB8GA1UdIwQY
MBaAFLWGqGQ2M+mHQRGovPNRigkF8oYJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMt
NDQ5OWUzMjM5ZjFmLzEvRXREOXRqbnh2RzF1alJ1RWxZVEMtVFZROWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMtNDQ5OWUzMjM5ZjFm
LzEvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaCNMA0G
CSqGSIb3DQEBCwUAA4IBAQA5IxC175fi0ysqAi0Y+k/npHyvOaN29mO8BgpeQDSN
8WXYjkIkK248p8fNlWo456xMkgw0Fc0mAkYX0obgfuEUbGyivNfkfeMWA12+fq7V
jzZ4bd0eVqIo7/mg23LpWg9ViSqYLhGPrabQn13cKbfkpJ0bQPQ+RyGTrCPW4eUy
kOZYtI06JtU1Ma+DI6eeTDh9n6JDX3PGIeLlEQ0x5zLZCXWItGThHQ+WzE+qLqz1
RfD+KUcPPp/YRug6kAW8ikLCBWLjBdpW7D+7eUAy9aVi0UytWh0vJD+4tcCzfLYG
gPjPwM/dttKXtnHFjdmj8hRvl8e5oRMoVqYKbLFZwZO+
-----END CERTIFICATE-----