Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/Kten7VkPCkJgk_kpcta9NDUFGyg.roa
File:                     Kten7VkPCkJgk_kpcta9NDUFGyg.roa (raw, json)
Hash identifier:          zgojY5y9Eu+/IHNOrjX1tBG+vQtPLIb6MEHAi7jNym4=
Subject key identifier:   2A:D7:A7:ED:59:0F:0A:42:60:93:F9:29:72:D6:BD:34:35:05:1B:28
Certificate issuer:       /CN=6f31c64c3e5a7de1040f40da8fedc47c38fe59fa
Certificate serial:       018CC9BC5DF0DA574499DD1546512C9C3A91
Authority key identifier: 6F:31:C6:4C:3E:5A:7D:E1:04:0F:40:DA:8F:ED:C4:7C:38:FE:59:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/Kten7VkPCkJgk_kpcta9NDUFGyg.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34113
IP address blocks:        185.97.104.0/24 maxlen: 24
                          185.97.105.0/24 maxlen: 24
                          185.97.106.0/24 maxlen: 24
                          185.97.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5d:f0:da:57:44:99:dd:15:46:51:2c:9c:3a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f31c64c3e5a7de1040f40da8fedc47c38fe59fa
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ad7a7ed590f0a426093f92972d6bd3435051b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f9:ba:71:56:3b:e1:3a:04:f6:c7:bb:7c:20:
                    0e:24:14:a5:2a:22:44:e9:52:20:9c:17:00:34:6f:
                    73:61:4a:34:06:2b:26:c9:75:0f:73:99:dd:56:50:
                    22:f1:9b:74:76:23:a5:fc:36:81:db:12:af:58:e8:
                    94:71:1b:ed:b6:b9:b7:8a:3f:04:d5:01:40:9a:74:
                    6e:91:ca:68:69:0c:77:f6:76:90:64:c5:09:24:bf:
                    2f:a4:42:d3:18:14:bc:ec:3a:be:11:02:a0:cb:9c:
                    28:7b:03:19:93:15:69:37:09:27:9b:e2:3e:bc:5a:
                    f2:03:2b:c5:2d:28:fc:85:6e:e3:0e:1b:a9:32:2b:
                    25:35:3b:21:cd:a5:8e:c7:89:33:fd:b8:61:c6:4c:
                    f2:b1:aa:2f:12:55:bf:f4:3e:b9:5e:c1:f6:14:9e:
                    c2:96:90:9f:e7:8d:6c:5d:3d:36:9d:29:24:8c:75:
                    4f:b6:7a:23:ca:a4:14:c6:7b:c3:b9:ac:72:15:94:
                    d4:3f:35:d0:0a:76:0a:e6:a5:47:85:52:d0:66:28:
                    cc:b8:d5:4c:b2:ad:62:89:2b:74:75:22:dc:c5:e7:
                    7f:36:88:68:1e:19:25:fa:db:2f:d2:e0:27:8e:eb:
                    59:67:c8:16:fb:da:26:c2:23:56:b1:63:b5:77:91:
                    20:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D7:A7:ED:59:0F:0A:42:60:93:F9:29:72:D6:BD:34:35:05:1B:28
            X509v3 Authority Key Identifier:
                keyid:6F:31:C6:4C:3E:5A:7D:E1:04:0F:40:DA:8F:ED:C4:7C:38:FE:59:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/Kten7VkPCkJgk_kpcta9NDUFGyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:f9:37:9d:fe:e4:30:80:b1:e8:77:81:54:94:43:54:80:4b:
         6c:81:9d:29:f1:b5:67:4e:96:c3:ba:0c:06:cf:af:e4:5d:0f:
         53:9b:c5:62:4a:cf:6c:de:63:59:33:20:cd:9b:d4:52:a0:2e:
         58:80:dd:87:e6:82:4e:99:ce:cc:4d:1f:59:65:84:0a:39:db:
         c0:d2:16:93:9b:c2:75:77:3f:8f:d3:b9:00:3c:29:4e:d0:67:
         16:c4:9f:14:6e:fb:33:9b:fc:c3:2d:ee:c8:fe:e5:15:41:be:
         b3:6c:ee:8b:22:50:42:78:2e:04:67:fd:5d:04:08:49:be:0a:
         3b:f2:78:66:90:2d:1f:1e:ef:ae:40:42:e8:94:0d:19:8e:eb:
         e2:6c:8c:1f:ae:1d:5e:87:7a:56:2c:6d:35:01:35:1d:e5:db:
         17:a9:64:0e:46:06:cb:4c:6b:fb:a4:61:20:27:87:ed:80:43:
         5f:d5:5b:4c:7a:c0:6f:81:28:f1:06:09:d2:90:e9:12:85:16:
         ba:d4:94:aa:13:60:20:90:0f:d4:44:a4:de:d0:35:8b:b7:04:
         e6:53:9d:e6:01:01:15:d1:06:3d:40:ba:45:48:9f:49:60:fe:
         52:32:82:84:4f:f9:eb:16:51:a7:ce:d4:d1:b5:22:d5:5e:51:
         be:59:af:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF3w2ldEmd0VRlEsnDqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzFjNjRjM2U1YTdkZTEwNDBmNDBkYThmZWRjNDdjMzhm
ZTU5ZmEwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQ3YTdlZDU5MGYwYTQyNjA5M2Y5Mjk3MmQ2YmQzNDM1MDUxYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPm6cVY74ToE9se7fCAOJBSlKiJE
6VIgnBcANG9zYUo0BismyXUPc5ndVlAi8Zt0diOl/DaB2xKvWOiUcRvttrm3ij8E
1QFAmnRukcpoaQx39naQZMUJJL8vpELTGBS87Dq+EQKgy5woewMZkxVpNwknm+I+
vFryAyvFLSj8hW7jDhupMislNTshzaWOx4kz/bhhxkzysaovElW/9D65XsH2FJ7C
lpCf541sXT02nSkkjHVPtnojyqQUxnvDuaxyFZTUPzXQCnYK5qVHhVLQZijMuNVM
sq1iiSt0dSLcxed/NohoHhkl+tsv0uAnjutZZ8gW+9omwiNWsWO1d5EgjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrXp+1ZDwpCYJP5KXLWvTQ1BRsoMB8GA1UdIwQY
MBaAFG8xxkw+Wn3hBA9A2o/txHw4/ln6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpIR1RENWFmZUVFRDBEYWotM0VmRGotV2ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi84ZWQzODItMzA5Ny00MTNlLWI2YTIt
YjA4MGEzNDUxYzdmLzEvS3RlbjdWa1BDa0pna19rcGN0YTlORFVGR3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi84ZWQzODItMzA5Ny00MTNlLWI2YTItYjA4MGEzNDUxYzdm
LzEvYnpIR1RENWFmZUVFRDBEYWotM0VmRGotV2ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWFoMA0G
CSqGSIb3DQEBCwUAA4IBAQCv+Ted/uQwgLHod4FUlENUgEtsgZ0p8bVnTpbDugwG
z6/kXQ9Tm8ViSs9s3mNZMyDNm9RSoC5YgN2H5oJOmc7MTR9ZZYQKOdvA0haTm8J1
dz+P07kAPClO0GcWxJ8Ubvszm/zDLe7I/uUVQb6zbO6LIlBCeC4EZ/1dBAhJvgo7
8nhmkC0fHu+uQELolA0ZjuvibIwfrh1eh3pWLG01ATUd5dsXqWQORgbLTGv7pGEg
J4ftgENf1VtMesBvgSjxBgnSkOkShRa61JSqE2AgkA/URKTe0DWLtwTmU53mAQEV
0QY9QLpFSJ9JYP5SMoKET/nrFlGnztTRtSLVXlG+Wa9f
-----END CERTIFICATE-----