Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/CncA_sdg5HY2EvznG9GeBkJm7uw.roa
File:                     CncA_sdg5HY2EvznG9GeBkJm7uw.roa (raw, json)
Hash identifier:          D0FGS7kSVFWZEmHMVkB3TGQ54EDmGMLtGhBBLeROzGI=
Subject key identifier:   0A:77:00:FE:C7:60:E4:76:36:12:FC:E7:1B:D1:9E:06:42:66:EE:EC
Certificate issuer:       /CN=2433a86bbc5c2bab452ff03f45a9eaf0a610c40c
Certificate serial:       018CC493425F81D47863D64E59CED1179DCB
Authority key identifier: 24:33:A8:6B:BC:5C:2B:AB:45:2F:F0:3F:45:A9:EA:F0:A6:10:C4:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDOoa7xcK6tFL_A_Ranq8KYQxAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/CncA_sdg5HY2EvznG9GeBkJm7uw.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210909
IP address blocks:        185.205.69.0/24 maxlen: 24
                          2a10:e000:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/JDOoa7xcK6tFL_A_Ranq8KYQxAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/JDOoa7xcK6tFL_A_Ranq8KYQxAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDOoa7xcK6tFL_A_Ranq8KYQxAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:42:5f:81:d4:78:63:d6:4e:59:ce:d1:17:9d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2433a86bbc5c2bab452ff03f45a9eaf0a610c40c
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a7700fec760e4763612fce71bd19e064266eeec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0e:33:24:cb:6f:28:d4:1e:86:23:c7:9c:72:
                    6c:07:8f:7f:39:d0:0a:20:6c:5c:8c:f9:16:10:5e:
                    60:84:98:db:f5:99:03:d1:9d:1f:02:b8:71:59:c4:
                    0c:93:e7:33:bc:35:62:ef:79:b1:8d:31:b9:8f:17:
                    40:12:e8:70:b4:16:30:b7:01:56:bf:17:3f:4e:ac:
                    7e:26:d6:27:f5:53:fd:98:d5:c0:83:30:64:b6:26:
                    be:77:7a:58:a1:42:5a:93:f4:74:30:99:11:d7:30:
                    bf:67:28:c1:61:c4:0d:ef:92:ab:cf:9a:4c:dc:9c:
                    bf:f4:91:83:ab:e3:89:d4:0e:a9:77:af:86:4a:06:
                    03:b4:34:09:a3:06:84:48:89:8b:9e:a2:6e:2a:a2:
                    c2:9f:47:35:8a:e6:4d:92:e3:e1:68:57:b6:f5:2d:
                    d4:8e:2a:aa:54:37:b7:2a:cc:f4:f4:92:6c:25:23:
                    85:64:7a:94:c6:f0:c7:d7:e5:0d:fd:9a:96:5b:36:
                    a6:98:35:04:35:15:57:5e:74:9e:9c:53:72:c0:29:
                    27:54:d4:21:34:60:fd:53:c5:9f:31:2e:ec:fb:3b:
                    23:26:24:de:43:98:f0:57:47:f7:db:03:3f:b9:21:
                    52:a4:36:82:de:f7:ff:fc:1f:36:2a:8c:04:25:e1:
                    72:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:77:00:FE:C7:60:E4:76:36:12:FC:E7:1B:D1:9E:06:42:66:EE:EC
            X509v3 Authority Key Identifier:
                keyid:24:33:A8:6B:BC:5C:2B:AB:45:2F:F0:3F:45:A9:EA:F0:A6:10:C4:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDOoa7xcK6tFL_A_Ranq8KYQxAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/CncA_sdg5HY2EvznG9GeBkJm7uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f0f2d0-2738-4ed4-8ad9-05b6c9c16441/1/JDOoa7xcK6tFL_A_Ranq8KYQxAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.69.0/24
                IPv6:
                  2a10:e000:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:23:c0:e9:21:39:7c:66:43:a9:fb:cc:82:8a:c1:ab:d8:5f:
         63:d5:40:64:53:68:3d:4c:36:7d:65:2d:27:83:48:84:49:8f:
         4b:df:8c:fc:9d:0f:a9:90:3a:db:5e:fd:19:b7:fc:fc:5e:85:
         4d:b7:3f:3f:3d:26:1c:69:2f:86:44:79:d0:e8:0f:a0:96:79:
         3a:45:8a:8e:26:76:c1:e2:24:11:2b:8b:ae:81:dd:e9:09:ba:
         ab:f0:0f:49:66:14:e5:dc:50:6e:fe:5e:d5:9b:96:98:50:98:
         dd:e4:70:13:72:75:64:e1:a3:52:d3:70:f2:74:ec:ef:33:c8:
         49:ff:4e:a1:03:d1:cf:e6:c6:93:34:79:bb:de:ab:a5:90:97:
         54:69:5e:71:03:cd:c2:d0:d8:b4:1f:d1:a3:36:d8:8f:a8:a3:
         7f:fa:66:3a:4c:ed:78:6e:96:7b:6f:80:94:a8:9d:7a:e7:4b:
         9d:32:8b:d2:70:ee:68:e6:4f:d9:02:fc:b1:d8:5e:00:39:89:
         76:67:95:c7:5e:78:d2:1c:cb:2f:0f:be:2d:d4:4d:ee:5e:5c:
         40:f7:6c:52:48:87:94:de:c1:d7:d2:39:1e:c7:8f:cd:17:93:
         f5:a0:60:25:66:60:92:8c:c3:fa:02:98:bc:50:1e:5f:10:58:
         eb:fa:b5:fb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk0JfgdR4Y9ZOWc7RF53LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzNhODZiYmM1YzJiYWI0NTJmZjAzZjQ1YTllYWYwYTYx
MGM0MGMwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc3MDBmZWM3NjBlNDc2MzYxMmZjZTcxYmQxOWUwNjQyNjZlZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQ4zJMtvKNQehiPHnHJsB49/OdAK
IGxcjPkWEF5ghJjb9ZkD0Z0fArhxWcQMk+czvDVi73mxjTG5jxdAEuhwtBYwtwFW
vxc/Tqx+JtYn9VP9mNXAgzBktia+d3pYoUJak/R0MJkR1zC/ZyjBYcQN75Krz5pM
3Jy/9JGDq+OJ1A6pd6+GSgYDtDQJowaESImLnqJuKqLCn0c1iuZNkuPhaFe29S3U
jiqqVDe3Ksz09JJsJSOFZHqUxvDH1+UN/ZqWWzammDUENRVXXnSenFNywCknVNQh
NGD9U8WfMS7s+zsjJiTeQ5jwV0f32wM/uSFSpDaC3vf//B82KowEJeFy5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAp3AP7HYOR2NhL85xvRngZCZu7sMB8GA1UdIwQY
MBaAFCQzqGu8XCurRS/wP0Wp6vCmEMQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRPb2E3eGNLNnRGTF9BX1JhbnE4S1lReEF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMGYyZDAtMjczOC00ZWQ0LThhZDkt
MDViNmM5YzE2NDQxLzEvQ25jQV9zZGc1SFkyRXZ6bkc5R2VCa0ptN3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMGYyZDAtMjczOC00ZWQ0LThhZDktMDViNmM5YzE2NDQx
LzEvSkRPb2E3eGNLNnRGTF9BX1JhbnE4S1lReEF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuc1FMA8E
AgACMAkDBwAqEOAAAAEwDQYJKoZIhvcNAQELBQADggEBACQjwOkhOXxmQ6n7zIKK
wavYX2PVQGRTaD1MNn1lLSeDSIRJj0vfjPydD6mQOtte/Rm3/PxehU23Pz89Jhxp
L4ZEedDoD6CWeTpFio4mdsHiJBEri66B3ekJuqvwD0lmFOXcUG7+XtWblphQmN3k
cBNydWTho1LTcPJ07O8zyEn/TqED0c/mxpM0ebveq6WQl1RpXnEDzcLQ2LQf0aM2
2I+oo3/6ZjpM7XhulntvgJSonXrnS50yi9Jw7mjmT9kC/LHYXgA5iXZnlcdeeNIc
yy8Pvi3UTe5eXED3bFJIh5TewdfSOR7Hj80Xk/WgYCVmYJKMw/oCmLxQHl8QWOv6
tfs=
-----END CERTIFICATE-----