Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/KzBYV7iVpAHwfZvpIDDElSurI44.roa
File:                     KzBYV7iVpAHwfZvpIDDElSurI44.roa (raw, json)
Hash identifier:          sk/NhYwbwuw7O99FusfljxQS+Isfa+xgNlLQGt9RyPw=
Subject key identifier:   2B:30:58:57:B8:95:A4:01:F0:7D:9B:E9:20:30:C4:95:2B:AB:23:8E
Certificate issuer:       /CN=c2ce59d1af830c94ba8ea11cf8fec6dd9c03b917
Certificate serial:       018CC9BBF19064B932F7F9F26D9563709D82
Authority key identifier: C2:CE:59:D1:AF:83:0C:94:BA:8E:A1:1C:F8:FE:C6:DD:9C:03:B9:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/KzBYV7iVpAHwfZvpIDDElSurI44.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211147
IP address blocks:        185.120.181.0/24 maxlen: 24
                          2a0e:ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f1:90:64:b9:32:f7:f9:f2:6d:95:63:70:9d:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ce59d1af830c94ba8ea11cf8fec6dd9c03b917
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b305857b895a401f07d9be92030c4952bab238e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b7:7c:74:91:7a:b1:68:62:db:89:05:1b:16:
                    4b:e6:28:4d:64:81:ca:87:dc:65:cf:d8:61:61:50:
                    63:86:00:d0:0d:78:69:05:0b:29:83:10:f6:98:11:
                    8f:69:81:71:98:44:be:70:e7:5b:bf:49:11:ce:a5:
                    e0:53:de:43:18:cb:69:87:42:d8:f8:31:f1:b7:26:
                    73:95:24:77:ed:f1:89:b8:e2:8d:37:83:dd:d4:27:
                    f9:96:16:01:c4:64:b8:a3:ae:ff:68:df:d9:01:72:
                    84:a6:f2:55:21:18:3d:57:9f:8c:c7:ec:73:e8:0c:
                    48:aa:58:ad:5d:9f:28:2e:a0:b1:47:0b:3e:20:54:
                    2a:1d:db:a0:f7:36:ea:0d:22:df:0b:62:bd:75:45:
                    2f:66:e1:ac:a5:16:7f:35:06:c9:b2:2b:fa:06:15:
                    78:c9:f0:07:94:53:a9:c7:ab:83:75:74:d8:92:e5:
                    e6:83:50:1d:8c:4c:aa:cd:e9:20:51:50:34:7b:27:
                    da:73:df:85:2b:8f:e7:99:c2:c7:20:b9:73:54:9c:
                    8c:e2:36:ad:ff:ab:b0:ae:31:62:a6:ba:f5:89:3b:
                    34:0d:bb:d1:3f:e8:18:83:b7:1b:7e:f5:04:39:aa:
                    51:e5:49:c8:fe:54:06:c3:a4:79:76:f2:f3:6c:22:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:30:58:57:B8:95:A4:01:F0:7D:9B:E9:20:30:C4:95:2B:AB:23:8E
            X509v3 Authority Key Identifier:
                keyid:C2:CE:59:D1:AF:83:0C:94:BA:8E:A1:1C:F8:FE:C6:DD:9C:03:B9:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/KzBYV7iVpAHwfZvpIDDElSurI44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/44222e-568e-4c43-8dc8-a54bbc34cce9/1/ws5Z0a-DDJS6jqEc-P7G3ZwDuRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.181.0/24
                IPv6:
                  2a0e:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:a0:c3:a3:8c:23:e4:c3:ce:e9:df:b6:c6:2e:98:b1:cf:05:
         0b:18:ad:fc:c1:3a:4c:4a:42:58:2c:df:1a:ff:fe:5b:70:1c:
         db:d1:bc:94:d3:6b:d5:2b:df:df:09:da:09:0e:8c:d3:cd:93:
         43:73:25:56:7e:f0:e8:14:6e:6e:77:3d:25:a3:bc:9c:35:08:
         3e:91:9d:03:eb:47:cc:55:e1:24:e0:10:4d:b8:78:6b:e4:fd:
         d4:69:39:b9:a4:31:e3:e9:c2:db:b1:5c:2d:3b:97:dc:b6:d4:
         dd:3f:27:b5:bb:a5:1e:bf:25:37:6a:36:9e:94:65:3f:66:9c:
         93:34:5d:44:86:ce:83:31:ff:5b:14:0a:79:3f:a5:bc:21:66:
         98:38:92:9a:d6:fe:c7:ce:98:b9:e8:fa:2b:de:87:d4:43:fe:
         45:be:87:0a:f0:b2:0e:da:30:84:6a:c3:44:3e:b7:55:13:8d:
         60:b5:5b:84:44:f1:e0:d4:c0:3f:23:20:e6:bd:70:56:9d:d6:
         95:bd:bc:d4:8a:fd:e9:bb:a5:38:c6:39:48:8c:61:21:7d:84:
         6c:07:22:b4:25:06:9c:4e:3e:08:69:75:ec:fc:5b:13:f0:92:
         c4:f8:dd:39:48:90:13:f9:5c:72:00:4d:ce:a2:ff:44:2a:16:
         2e:7f:ee:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu/GQZLky9/nybZVjcJ2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyY2U1OWQxYWY4MzBjOTRiYThlYTExY2Y4ZmVjNmRkOWMw
M2I5MTcwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjMwNTg1N2I4OTVhNDAxZjA3ZDliZTkyMDMwYzQ5NTJiYWIyMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprd8dJF6sWhi24kFGxZL5ihNZIHK
h9xlz9hhYVBjhgDQDXhpBQspgxD2mBGPaYFxmES+cOdbv0kRzqXgU95DGMtph0LY
+DHxtyZzlSR37fGJuOKNN4Pd1Cf5lhYBxGS4o67/aN/ZAXKEpvJVIRg9V5+Mx+xz
6AxIqlitXZ8oLqCxRws+IFQqHdug9zbqDSLfC2K9dUUvZuGspRZ/NQbJsiv6BhV4
yfAHlFOpx6uDdXTYkuXmg1AdjEyqzekgUVA0eyfac9+FK4/nmcLHILlzVJyM4jat
/6uwrjFiprr1iTs0DbvRP+gYg7cbfvUEOapR5UnI/lQGw6R5dvLzbCI7MQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCswWFe4laQB8H2b6SAwxJUrqyOOMB8GA1UdIwQY
MBaAFMLOWdGvgwyUuo6hHPj+xt2cA7kXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3M1WjBhLURESlM2anFFYy1QN0czWndEdVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi80NDIyMmUtNTY4ZS00YzQzLThkYzgt
YTU0YmJjMzRjY2U5LzEvS3pCWVY3aVZwQUh3Zlp2cElEREVsU3VySTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi80NDIyMmUtNTY4ZS00YzQzLThkYzgtYTU0YmJjMzRjY2U5
LzEvd3M1WjBhLURESlM2anFFYy1QN0czWndEdVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXi1MA0E
AgACMAcDBQMqDg7AMA0GCSqGSIb3DQEBCwUAA4IBAQADoMOjjCPkw87p37bGLpix
zwULGK38wTpMSkJYLN8a//5bcBzb0byU02vVK9/fCdoJDozTzZNDcyVWfvDoFG5u
dz0lo7ycNQg+kZ0D60fMVeEk4BBNuHhr5P3UaTm5pDHj6cLbsVwtO5fcttTdPye1
u6UevyU3ajaelGU/ZpyTNF1Ehs6DMf9bFAp5P6W8IWaYOJKa1v7Hzpi56Por3ofU
Q/5FvocK8LIO2jCEasNEPrdVE41gtVuERPHg1MA/IyDmvXBWndaVvbzUiv3pu6U4
xjlIjGEhfYRsByK0JQacTj4IaXXs/FsT8JLE+N05SJAT+VxyAE3Oov9EKhYuf+4L
-----END CERTIFICATE-----