Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/9MaN6jNSTVmnoA-2OmPI3sB4uLk.roa
File:                     9MaN6jNSTVmnoA-2OmPI3sB4uLk.roa (raw, json)
Hash identifier:          y5zsFvvy9pmFGs0bbdyHDhPoew6cGwCtIP61g17v6uE=
Subject key identifier:   F4:C6:8D:EA:33:52:4D:59:A7:A0:0F:B6:3A:63:C8:DE:C0:78:B8:B9
Certificate issuer:       /CN=34921598b6a261aa4c3e67144ac876033253e0aa
Certificate serial:       018CC72719E30E97BB375A8ACCC2BCC6842E
Authority key identifier: 34:92:15:98:B6:A2:61:AA:4C:3E:67:14:4A:C8:76:03:32:53:E0:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJIVmLaiYapMPmcUSsh2AzJT4Ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/9MaN6jNSTVmnoA-2OmPI3sB4uLk.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39605
IP address blocks:        185.28.232.0/22 maxlen: 24
                          2a00:a320::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/NJIVmLaiYapMPmcUSsh2AzJT4Ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/NJIVmLaiYapMPmcUSsh2AzJT4Ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJIVmLaiYapMPmcUSsh2AzJT4Ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:19:e3:0e:97:bb:37:5a:8a:cc:c2:bc:c6:84:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34921598b6a261aa4c3e67144ac876033253e0aa
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4c68dea33524d59a7a00fb63a63c8dec078b8b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1f:54:d0:82:a9:81:b7:1e:7f:88:9f:bd:1b:
                    67:dd:f1:1b:b2:45:69:eb:2c:ee:fd:2c:de:03:86:
                    0d:de:4e:dc:8d:2c:12:63:f4:b3:c6:90:1b:08:0b:
                    43:9d:14:d6:f3:ae:6f:f4:43:e8:79:82:40:5a:3e:
                    7a:0d:15:ae:c9:e3:c9:bd:2a:c6:e1:d4:12:fb:e6:
                    cd:65:a0:c0:35:67:9c:e1:bc:c8:20:16:4d:24:6b:
                    07:6a:ca:1e:14:43:ef:85:05:37:f3:1b:78:c0:e8:
                    39:ff:33:dc:8e:5b:23:81:c0:8a:b4:03:2c:7f:c7:
                    ec:53:85:d3:a9:aa:50:bf:c8:c3:be:35:91:8f:da:
                    e0:d6:29:fe:a5:11:c8:97:16:d2:70:09:74:c1:00:
                    70:59:7d:09:e3:01:ff:bc:86:78:31:86:47:5c:36:
                    3c:15:cd:82:27:14:73:1d:3a:fb:e5:76:1f:d3:2c:
                    ed:81:64:1f:7f:15:0e:7e:cc:b0:94:8c:95:f8:ed:
                    65:5c:2c:f5:98:83:0a:09:24:a7:c0:60:87:75:3f:
                    0a:67:24:81:72:8d:25:85:d9:f2:dd:af:d6:8a:d4:
                    37:fa:ae:46:41:d2:6f:ec:a6:ce:b7:35:56:aa:eb:
                    70:8f:cf:c7:97:ee:23:c7:80:53:ec:f4:34:04:5d:
                    26:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C6:8D:EA:33:52:4D:59:A7:A0:0F:B6:3A:63:C8:DE:C0:78:B8:B9
            X509v3 Authority Key Identifier:
                keyid:34:92:15:98:B6:A2:61:AA:4C:3E:67:14:4A:C8:76:03:32:53:E0:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJIVmLaiYapMPmcUSsh2AzJT4Ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/9MaN6jNSTVmnoA-2OmPI3sB4uLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b000e2-67c3-46f7-8820-42e002dad9ae/1/NJIVmLaiYapMPmcUSsh2AzJT4Ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.232.0/22
                IPv6:
                  2a00:a320::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:72:bc:66:7b:1a:56:70:e7:36:34:cd:8e:22:28:fa:a7:7f:
         d3:e0:62:ac:e3:41:a2:42:04:49:0b:d9:cc:25:47:1a:a7:de:
         9e:72:04:a8:d9:9f:65:02:63:15:47:c3:dc:f0:47:e3:54:8b:
         4c:70:c8:9f:90:90:e8:9f:ba:d5:5e:47:93:db:f0:58:c3:08:
         77:f2:e1:48:15:84:d2:a7:94:a9:75:33:60:21:0f:85:7e:9c:
         f5:50:49:bf:80:b0:20:97:ef:3a:1e:12:dc:d5:0d:53:e6:87:
         36:ab:5d:da:04:d5:78:2f:3a:e5:95:ba:f8:a5:69:a5:10:7c:
         4e:0e:26:f5:31:44:3a:f8:0e:fc:09:b8:d6:c1:56:21:f1:f1:
         dd:d5:ff:58:f9:2c:8f:be:e0:b6:24:25:c2:28:4b:18:82:9e:
         33:82:ba:03:1a:7f:3b:59:ca:90:90:ab:81:ff:9d:ff:7b:11:
         2e:f0:9f:46:d6:48:37:b0:73:14:1f:71:09:95:fd:94:df:bb:
         cb:2d:90:6c:23:ad:13:69:8a:99:12:69:7c:12:96:90:88:2e:
         5f:1d:ed:5e:2e:24:b3:6b:58:65:2c:5f:d8:5a:e2:bb:19:17:
         ad:60:15:c0:66:d8:4c:fc:fc:35:ef:47:cd:bc:c2:cf:01:40:
         4b:52:b6:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJxnjDpe7N1qKzMK8xoQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTIxNTk4YjZhMjYxYWE0YzNlNjcxNDRhYzg3NjAzMzI1
M2UwYWEwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM2OGRlYTMzNTI0ZDU5YTdhMDBmYjYzYTYzYzhkZWMwNzhiOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth9U0IKpgbcef4ifvRtn3fEbskVp
6yzu/SzeA4YN3k7cjSwSY/SzxpAbCAtDnRTW865v9EPoeYJAWj56DRWuyePJvSrG
4dQS++bNZaDANWec4bzIIBZNJGsHasoeFEPvhQU38xt4wOg5/zPcjlsjgcCKtAMs
f8fsU4XTqapQv8jDvjWRj9rg1in+pRHIlxbScAl0wQBwWX0J4wH/vIZ4MYZHXDY8
Fc2CJxRzHTr75XYf0yztgWQffxUOfsywlIyV+O1lXCz1mIMKCSSnwGCHdT8KZySB
co0lhdny3a/WitQ3+q5GQdJv7KbOtzVWqutwj8/Hl+4jx4BT7PQ0BF0mvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPTGjeozUk1Zp6APtjpjyN7AeLi5MB8GA1UdIwQY
MBaAFDSSFZi2omGqTD5nFErIdgMyU+CqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpJVm1MYWlZYXBNUG1jVVNzaDJBekpUNEtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iMDAwZTItNjdjMy00NmY3LTg4MjAt
NDJlMDAyZGFkOWFlLzEvOU1hTjZqTlNUVm1ub0EtMk9tUEkzc0I0dUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iMDAwZTItNjdjMy00NmY3LTg4MjAtNDJlMDAyZGFkOWFl
LzEvTkpJVm1MYWlZYXBNUG1jVVNzaDJBekpUNEtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRzoMA0E
AgACMAcDBQAqAKMgMA0GCSqGSIb3DQEBCwUAA4IBAQAvcrxmexpWcOc2NM2OIij6
p3/T4GKs40GiQgRJC9nMJUcap96ecgSo2Z9lAmMVR8Pc8EfjVItMcMifkJDon7rV
XkeT2/BYwwh38uFIFYTSp5SpdTNgIQ+Ffpz1UEm/gLAgl+86HhLc1Q1T5oc2q13a
BNV4Lzrllbr4pWmlEHxODib1MUQ6+A78CbjWwVYh8fHd1f9Y+SyPvuC2JCXCKEsY
gp4zgroDGn87WcqQkKuB/53/exEu8J9G1kg3sHMUH3EJlf2U37vLLZBsI60TaYqZ
Eml8EpaQiC5fHe1eLiSza1hlLF/YWuK7GRetYBXAZthM/Pw170fNvMLPAUBLUrZc
-----END CERTIFICATE-----