Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/gNQcOW_yCAL2NwzGGgDTxqvkgQs.roa
File:                     gNQcOW_yCAL2NwzGGgDTxqvkgQs.roa (raw, json)
Hash identifier:          8a8aHQxaW3ZP0kD/Fa5p9M4vY3xy9TXcU8f+D1NY5EM=
Subject key identifier:   80:D4:1C:39:6F:F2:08:02:F6:37:0C:C6:1A:00:D3:C6:AB:E4:81:0B
Certificate issuer:       /CN=b586a8643633e9874111a8bcf3518a0905f28609
Certificate serial:       018E3961A7A0B98823CB21C93ED38E6C8989
Authority key identifier: B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/gNQcOW_yCAL2NwzGGgDTxqvkgQs.roa
Signing time:             Wed 13 Mar 2024 19:54:44 +0000
ROA not before:           Wed 13 Mar 2024 19:54:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202085
IP address blocks:        185.160.140.0/24 maxlen: 24
                          2a0d:1580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:39:61:a7:a0:b9:88:23:cb:21:c9:3e:d3:8e:6c:89:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b586a8643633e9874111a8bcf3518a0905f28609
        Validity
            Not Before: Mar 13 19:54:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80d41c396ff20802f6370cc61a00d3c6abe4810b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3f:dd:bd:89:16:52:11:97:87:93:fe:cc:cf:
                    d6:53:90:9b:50:ef:43:14:11:14:7a:c8:b7:81:8e:
                    d1:86:0d:e5:20:9e:02:b7:2e:a5:06:09:ba:c9:14:
                    eb:88:fe:de:10:de:c9:cb:48:65:a5:35:df:41:c7:
                    8c:e8:53:40:f9:e5:cc:e1:cd:3f:1d:16:59:97:d1:
                    83:78:e8:96:e2:fe:47:14:96:22:4b:87:00:27:6b:
                    82:b6:04:1d:3e:90:00:d6:49:49:2b:36:00:2d:ba:
                    f2:4c:3b:fa:41:35:dd:d9:3d:a8:c7:3f:c1:79:ef:
                    21:ba:00:5f:f5:91:5d:73:8c:c5:62:dc:da:69:a8:
                    c4:3b:28:28:cf:02:6f:c1:f3:88:09:a7:81:19:64:
                    1d:ad:69:e3:be:af:19:b3:43:02:93:e6:80:0d:2f:
                    7e:fd:6c:33:bf:cd:e1:5f:3d:16:41:80:58:2d:46:
                    ac:4c:b4:cf:51:ca:f8:3e:46:3c:ac:9a:ce:2a:dc:
                    fb:f1:a5:2e:ca:5a:31:e7:c5:cb:a0:70:25:13:03:
                    d7:72:0a:83:33:00:39:d3:14:e3:4c:24:fb:f4:3c:
                    6f:50:7b:16:66:aa:b5:f9:8d:4e:ba:67:16:bb:10:
                    9c:9f:08:64:77:14:89:d4:f6:7d:f4:12:8b:52:36:
                    41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D4:1C:39:6F:F2:08:02:F6:37:0C:C6:1A:00:D3:C6:AB:E4:81:0B
            X509v3 Authority Key Identifier:
                keyid:B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/gNQcOW_yCAL2NwzGGgDTxqvkgQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.140.0/24
                IPv6:
                  2a0d:1580::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:fe:8c:78:be:cf:79:ec:22:cd:3b:1b:91:6e:2b:b8:5a:58:
         85:47:66:0b:c2:3c:c7:c7:a1:e3:ad:b9:44:c1:7f:01:6e:ca:
         81:41:ec:fc:91:cd:f1:56:bd:13:dc:dd:eb:b4:9d:d3:ca:e7:
         3e:99:c1:a8:55:10:81:20:19:ba:ac:4a:c8:53:d7:e6:8e:18:
         cd:50:ad:eb:b4:5d:32:67:eb:ab:f2:9d:38:56:b1:d1:af:3b:
         5f:27:a8:2d:6c:da:43:3f:b2:76:f7:2a:d2:a8:3a:92:3b:cd:
         20:91:85:c1:19:ed:4b:93:a2:a9:fb:12:10:26:ed:58:36:4f:
         63:0d:17:d8:92:72:fc:5e:f4:58:53:eb:9a:35:94:28:8c:cc:
         ff:d3:98:43:cf:41:97:77:38:5f:51:3f:b9:ca:4d:30:7a:3e:
         68:3e:83:d8:00:50:67:df:b8:62:ca:8c:ad:f1:35:9f:48:08:
         36:8c:ba:98:66:df:4f:01:af:69:22:4c:fd:49:3f:96:c2:c2:
         80:c3:02:03:63:8a:88:97:0f:35:1b:c2:94:08:f7:54:e4:32:
         ae:58:7a:8d:df:4e:31:42:a1:72:ce:8d:ee:1f:8b:34:1e:3a:
         83:6f:a1:c1:52:df:de:be:c3:fd:51:e4:3e:0b:e9:a1:e1:a7:
         c3:8c:48:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY45YaeguYgjyyHJPtOObImJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODZhODY0MzYzM2U5ODc0MTExYThiY2YzNTE4YTA5MDVm
Mjg2MDkwHhcNMjQwMzEzMTk1NDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ0MWMzOTZmZjIwODAyZjYzNzBjYzYxYTAwZDNjNmFiZTQ4MTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj/dvYkWUhGXh5P+zM/WU5CbUO9D
FBEUesi3gY7Rhg3lIJ4Cty6lBgm6yRTriP7eEN7Jy0hlpTXfQceM6FNA+eXM4c0/
HRZZl9GDeOiW4v5HFJYiS4cAJ2uCtgQdPpAA1klJKzYALbryTDv6QTXd2T2oxz/B
ee8hugBf9ZFdc4zFYtzaaajEOygozwJvwfOICaeBGWQdrWnjvq8Zs0MCk+aADS9+
/Wwzv83hXz0WQYBYLUasTLTPUcr4PkY8rJrOKtz78aUuylox58XLoHAlEwPXcgqD
MwA50xTjTCT79DxvUHsWZqq1+Y1OumcWuxCcnwhkdxSJ1PZ99BKLUjZBzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIDUHDlv8ggC9jcMxhoA08ar5IELMB8GA1UdIwQY
MBaAFLWGqGQ2M+mHQRGovPNRigkF8oYJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMt
NDQ5OWUzMjM5ZjFmLzEvZ05RY09XX3lDQUwyTnd6R0dnRFR4cXZrZ1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMtNDQ5OWUzMjM5ZjFm
LzEvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuaCMMA8E
AgACMAkDBwAqDRWAAAAwDQYJKoZIhvcNAQELBQADggEBAJr+jHi+z3nsIs07G5Fu
K7haWIVHZgvCPMfHoeOtuUTBfwFuyoFB7PyRzfFWvRPc3eu0ndPK5z6ZwahVEIEg
GbqsSshT1+aOGM1Qreu0XTJn66vynThWsdGvO18nqC1s2kM/snb3KtKoOpI7zSCR
hcEZ7UuToqn7EhAm7Vg2T2MNF9iScvxe9FhT65o1lCiMzP/TmEPPQZd3OF9RP7nK
TTB6Pmg+g9gAUGffuGLKjK3xNZ9ICDaMuphm308Br2kiTP1JP5bCwoDDAgNjioiX
DzUbwpQI91TkMq5Yeo3fTjFCoXLOje4fizQeOoNvocFS396+w/1R5D4L6aHhp8OM
SOQ=
-----END CERTIFICATE-----