Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/aAXteRptlBPF339bdxjaeW6KuSk.roa
File:                     aAXteRptlBPF339bdxjaeW6KuSk.roa (raw, json)
Hash identifier:          js9iXstVMnxgFXesjVC0E8fSQxl3se0s/WU3DcyJhAk=
Subject key identifier:   68:05:ED:79:1A:6D:94:13:C5:DF:7F:5B:77:18:DA:79:6E:8A:B9:29
Certificate issuer:       /CN=af0b1da79ef7fc1ef95962dc8a01f2b8d4b352bf
Certificate serial:       018CCA2BD5DC96899ED38D0930702B7D8852
Authority key identifier: AF:0B:1D:A7:9E:F7:FC:1E:F9:59:62:DC:8A:01:F2:B8:D4:B3:52:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/aAXteRptlBPF339bdxjaeW6KuSk.roa
Signing time:             Tue 02 Jan 2024 12:35:19 +0000
ROA not before:           Tue 02 Jan 2024 12:35:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200748
IP address blocks:        185.241.180.0/22 maxlen: 22
                          2a0c:a780::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d5:dc:96:89:9e:d3:8d:09:30:70:2b:7d:88:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0b1da79ef7fc1ef95962dc8a01f2b8d4b352bf
        Validity
            Not Before: Jan  2 12:35:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6805ed791a6d9413c5df7f5b7718da796e8ab929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b1:08:82:c8:1b:9a:76:27:bc:14:85:1c:a2:
                    ba:35:b6:83:7d:20:15:d9:ea:b1:c5:6f:2c:ee:b2:
                    02:ff:7b:ae:bf:4c:a2:d3:17:77:69:4b:ff:f0:54:
                    8c:01:20:62:50:b8:1d:d6:9e:97:0a:0b:42:a4:1a:
                    83:29:fc:06:b2:85:d9:f8:b4:1e:f1:c5:c9:99:48:
                    6f:85:8b:b0:8a:b9:e6:1d:7a:dc:50:c7:82:b2:34:
                    90:74:6d:26:00:ba:36:b0:30:4f:7b:a5:9e:83:74:
                    54:24:f1:ff:5b:c0:18:14:c5:bd:48:a1:9c:3a:48:
                    97:0d:e0:89:3c:6a:a3:23:b7:cf:e1:4c:49:b9:d9:
                    e6:72:43:81:c0:7a:4c:c8:7f:51:ba:7a:b3:40:24:
                    6d:d3:cf:49:d9:7b:83:b6:92:d2:15:2e:e0:35:2d:
                    6a:23:a5:61:d5:a2:bc:a7:81:49:66:c9:80:ba:b2:
                    64:5c:13:18:21:67:0c:74:10:00:fc:c0:c9:d0:13:
                    5b:37:43:d7:66:24:72:aa:de:11:54:6c:0e:51:85:
                    bf:f2:f3:7e:3e:dc:e6:40:66:2d:91:82:d7:50:e6:
                    ad:7a:e3:07:a7:3a:a3:6e:bc:14:b4:09:fd:8d:dd:
                    fd:58:12:9f:5d:f0:77:02:c2:40:86:16:f4:b6:0d:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:05:ED:79:1A:6D:94:13:C5:DF:7F:5B:77:18:DA:79:6E:8A:B9:29
            X509v3 Authority Key Identifier:
                keyid:AF:0B:1D:A7:9E:F7:FC:1E:F9:59:62:DC:8A:01:F2:B8:D4:B3:52:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/aAXteRptlBPF339bdxjaeW6KuSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.180.0/22
                IPv6:
                  2a0c:a780::/31

    Signature Algorithm: sha256WithRSAEncryption
         9d:64:4c:63:84:61:70:3a:72:53:6e:2a:5d:dc:d9:07:8b:46:
         32:dc:67:81:a7:e3:29:47:3e:a6:ba:0f:7d:c0:8c:b4:df:17:
         00:93:66:67:23:c3:bd:9b:69:fe:69:e2:37:54:c3:2f:cb:c9:
         78:db:f6:1a:d0:4a:2c:94:15:3b:4b:a3:72:5e:45:d2:20:b1:
         04:86:c5:b6:04:f8:01:85:aa:6e:b6:32:08:c2:a9:d3:4a:b8:
         51:84:31:f3:5c:b3:2f:65:e7:b6:59:be:bd:f9:b2:ec:16:08:
         ce:44:f6:89:b1:96:6f:6e:e8:d6:8c:53:8e:b3:82:94:be:c9:
         36:68:b6:15:77:ab:ae:c5:b3:78:db:a8:8b:45:0b:2c:cd:98:
         16:fb:65:4c:93:5f:09:bb:23:8e:95:96:f9:f2:60:db:0f:36:
         52:9e:21:94:0f:a3:e0:cb:50:54:f8:33:1b:69:7e:8f:1a:51:
         f4:66:a9:bf:d5:a5:2e:9c:7a:b5:ba:f4:07:f1:06:2e:48:8c:
         2e:eb:eb:d7:90:f9:55:71:f1:0b:85:e9:b6:aa:f3:83:f2:b1:
         69:24:b3:21:33:7a:c7:cf:61:26:7d:5d:5a:5e:e9:74:6c:0a:
         bd:28:34:b6:09:01:e2:8d:a5:a8:82:2e:9c:71:67:2c:c2:3f:
         ed:b8:33:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK9Xclome040JMHArfYhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGIxZGE3OWVmN2ZjMWVmOTU5NjJkYzhhMDFmMmI4ZDRi
MzUyYmYwHhcNMjQwMTAyMTIzNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA1ZWQ3OTFhNmQ5NDEzYzVkZjdmNWI3NzE4ZGE3OTZlOGFiOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbEIgsgbmnYnvBSFHKK6NbaDfSAV
2eqxxW8s7rIC/3uuv0yi0xd3aUv/8FSMASBiULgd1p6XCgtCpBqDKfwGsoXZ+LQe
8cXJmUhvhYuwirnmHXrcUMeCsjSQdG0mALo2sDBPe6Weg3RUJPH/W8AYFMW9SKGc
OkiXDeCJPGqjI7fP4UxJudnmckOBwHpMyH9RunqzQCRt089J2XuDtpLSFS7gNS1q
I6Vh1aK8p4FJZsmAurJkXBMYIWcMdBAA/MDJ0BNbN0PXZiRyqt4RVGwOUYW/8vN+
PtzmQGYtkYLXUOateuMHpzqjbrwUtAn9jd39WBKfXfB3AsJAhhb0tg0/ZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGgF7XkabZQTxd9/W3cY2nluirkpMB8GA1UdIwQY
MBaAFK8LHaee9/we+Vli3IoB8rjUs1K/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndzZHA1NzNfQjc1V1dMY2lnSHl1TlN6VXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8wMDg5OGEtZTdjMC00ODM2LWE5NmIt
OTJiMmVhMzE5YmMxLzEvYUFYdGVScHRsQlBGMzM5YmR4amFlVzZLdVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8wMDg5OGEtZTdjMC00ODM2LWE5NmItOTJiMmVhMzE5YmMx
LzEvcndzZHA1NzNfQjc1V1dMY2lnSHl1TlN6VXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufG0MA0E
AgACMAcDBQEqDKeAMA0GCSqGSIb3DQEBCwUAA4IBAQCdZExjhGFwOnJTbipd3NkH
i0Yy3GeBp+MpRz6mug99wIy03xcAk2ZnI8O9m2n+aeI3VMMvy8l42/Ya0EoslBU7
S6NyXkXSILEEhsW2BPgBhaputjIIwqnTSrhRhDHzXLMvZee2Wb69+bLsFgjORPaJ
sZZvbujWjFOOs4KUvsk2aLYVd6uuxbN426iLRQsszZgW+2VMk18JuyOOlZb58mDb
DzZSniGUD6Pgy1BU+DMbaX6PGlH0Zqm/1aUunHq1uvQH8QYuSIwu6+vXkPlVcfEL
hem2qvOD8rFpJLMhM3rHz2EmfV1aXul0bAq9KDS2CQHijaWogi6ccWcswj/tuDN9
-----END CERTIFICATE-----