Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/AAUfkBghQ7qiFaGjKdoaoy7Owvg.roa
File:                     AAUfkBghQ7qiFaGjKdoaoy7Owvg.roa (raw, json)
Hash identifier:          r5KWTTxmaOH+mRCIgfcGelsPCmoKJoiLI/+M6TaRXMs=
Subject key identifier:   00:05:1F:90:18:21:43:BA:A2:15:A1:A3:29:DA:1A:A3:2E:CE:C2:F8
Certificate issuer:       /CN=66f04275253f967384c4973758a54b7fd085fe45
Certificate serial:       018CC56EA4C3B751C0506CC1B25E1FD6E95E
Authority key identifier: 66:F0:42:75:25:3F:96:73:84:C4:97:37:58:A5:4B:7F:D0:85:FE:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvBCdSU_lnOExJc3WKVLf9CF_kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/AAUfkBghQ7qiFaGjKdoaoy7Owvg.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204645
IP address blocks:        185.109.172.0/22 maxlen: 24
                          2a02:4e80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/ZvBCdSU_lnOExJc3WKVLf9CF_kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/ZvBCdSU_lnOExJc3WKVLf9CF_kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvBCdSU_lnOExJc3WKVLf9CF_kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a4:c3:b7:51:c0:50:6c:c1:b2:5e:1f:d6:e9:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f04275253f967384c4973758a54b7fd085fe45
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00051f90182143baa215a1a329da1aa32ecec2f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9b:27:a8:a7:df:83:b0:a4:70:22:96:df:7b:
                    c5:f7:73:49:1a:a9:be:77:83:3d:f5:8f:62:62:ef:
                    e6:25:7e:f5:e9:d2:a8:79:14:e7:d6:52:56:20:6b:
                    a5:a8:74:39:52:dd:c9:85:58:b3:98:1d:b7:07:97:
                    d5:20:55:b4:38:b9:92:af:22:55:4a:ec:a3:bd:94:
                    54:ca:56:57:a0:0f:a7:d2:01:c7:7c:7d:fb:d6:33:
                    0e:ce:d9:85:02:ab:4e:21:f2:60:b7:e4:71:34:3e:
                    30:f3:90:c0:b3:86:29:f9:9b:89:1a:41:df:8e:17:
                    29:45:04:13:04:62:3c:f4:8d:36:cb:91:4f:65:70:
                    b9:3b:ae:44:87:80:f3:8f:8f:71:df:c4:d0:aa:d1:
                    8d:88:e6:ab:50:10:66:03:d6:27:e5:a3:64:b1:97:
                    cb:35:a0:4c:0e:52:79:fe:b8:c1:76:2c:7c:74:d2:
                    98:43:4d:7c:5a:cc:f5:a9:5d:b6:12:57:b2:a0:f8:
                    c3:13:54:f3:0e:79:e0:48:da:f4:7f:45:17:0a:73:
                    91:a8:e8:a8:5a:4f:9b:50:5b:72:eb:3a:98:01:71:
                    ec:51:70:f9:b1:8b:31:c6:ab:c0:98:16:67:53:93:
                    bf:9e:48:38:32:df:f9:9c:80:f3:d9:dc:06:99:06:
                    53:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:05:1F:90:18:21:43:BA:A2:15:A1:A3:29:DA:1A:A3:2E:CE:C2:F8
            X509v3 Authority Key Identifier:
                keyid:66:F0:42:75:25:3F:96:73:84:C4:97:37:58:A5:4B:7F:D0:85:FE:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvBCdSU_lnOExJc3WKVLf9CF_kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/AAUfkBghQ7qiFaGjKdoaoy7Owvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/9e16d2-d3b9-4efa-9c3d-e4961852c8b6/1/ZvBCdSU_lnOExJc3WKVLf9CF_kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.172.0/22
                IPv6:
                  2a02:4e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:78:c3:ba:1d:5a:dc:bc:af:19:2c:0b:96:45:a2:84:af:8f:
         97:17:ae:ea:b4:37:5e:ee:17:5a:ce:fe:01:51:ed:ec:ed:02:
         67:4a:c5:09:e9:97:23:ce:23:6b:cc:c8:80:77:14:76:a3:4e:
         f2:6f:19:65:af:51:09:79:e1:f4:be:9e:db:44:a7:f1:27:01:
         02:23:3f:bc:9d:bb:40:de:3a:8e:32:14:65:52:f4:0e:0b:02:
         00:75:dc:0a:40:0e:16:e5:c5:22:22:35:d7:4e:09:9f:39:3b:
         36:4f:64:77:9c:14:70:84:25:f5:b7:7f:9a:c2:35:74:c0:8f:
         85:76:5c:3f:9e:be:13:7e:4c:31:fd:25:57:3d:d7:b1:50:0a:
         72:3b:9e:9e:0a:99:e2:0a:a1:1f:ee:75:c8:79:ed:33:93:8f:
         47:e6:ae:23:e4:41:21:ed:a3:b0:94:57:a2:c6:bd:a2:2f:46:
         82:4d:53:56:84:fe:29:b6:ed:93:b1:41:c9:3f:3a:20:fc:6d:
         1e:be:8c:22:ef:0e:23:cb:c7:fa:78:78:5c:6d:c4:57:e8:be:
         6c:d5:b7:5d:1f:63:bc:43:5b:dc:01:1d:56:51:4b:d6:2a:86:
         bd:f0:f8:97:a2:7d:7c:6e:49:87:69:43:a7:47:3d:0a:66:c1:
         79:21:69:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbqTDt1HAUGzBsl4f1uleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjA0Mjc1MjUzZjk2NzM4NGM0OTczNzU4YTU0YjdmZDA4
NWZlNDUwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA1MWY5MDE4MjE0M2JhYTIxNWExYTMyOWRhMWFhMzJlY2VjMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpsnqKffg7CkcCKW33vF93NJGqm+
d4M99Y9iYu/mJX716dKoeRTn1lJWIGulqHQ5Ut3JhVizmB23B5fVIFW0OLmSryJV
SuyjvZRUylZXoA+n0gHHfH371jMOztmFAqtOIfJgt+RxND4w85DAs4Yp+ZuJGkHf
jhcpRQQTBGI89I02y5FPZXC5O65Eh4Dzj49x38TQqtGNiOarUBBmA9Yn5aNksZfL
NaBMDlJ5/rjBdix8dNKYQ018Wsz1qV22EleyoPjDE1TzDnngSNr0f0UXCnORqOio
Wk+bUFty6zqYAXHsUXD5sYsxxqvAmBZnU5O/nkg4Mt/5nIDz2dwGmQZTYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAAFH5AYIUO6ohWhoynaGqMuzsL4MB8GA1UdIwQY
MBaAFGbwQnUlP5ZzhMSXN1ilS3/Qhf5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZCQ2RTVV9sbk9FeEpjM1dLVkxmOUNGX2tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS85ZTE2ZDItZDNiOS00ZWZhLTljM2Qt
ZTQ5NjE4NTJjOGI2LzEvQUFVZmtCZ2hRN3FpRmFHaktkb2FveTdPd3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS85ZTE2ZDItZDNiOS00ZWZhLTljM2QtZTQ5NjE4NTJjOGI2
LzEvWnZCQ2RTVV9sbk9FeEpjM1dLVkxmOUNGX2tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW2sMA0E
AgACMAcDBQAqAk6AMA0GCSqGSIb3DQEBCwUAA4IBAQB7eMO6HVrcvK8ZLAuWRaKE
r4+XF67qtDde7hdazv4BUe3s7QJnSsUJ6ZcjziNrzMiAdxR2o07ybxllr1EJeeH0
vp7bRKfxJwECIz+8nbtA3jqOMhRlUvQOCwIAddwKQA4W5cUiIjXXTgmfOTs2T2R3
nBRwhCX1t3+awjV0wI+Fdlw/nr4Tfkwx/SVXPdexUApyO56eCpniCqEf7nXIee0z
k49H5q4j5EEh7aOwlFeixr2iL0aCTVNWhP4ptu2TsUHJPzog/G0evowi7w4jy8f6
eHhcbcRX6L5s1bddH2O8Q1vcAR1WUUvWKoa98PiXon18bkmHaUOnRz0KZsF5IWlD
-----END CERTIFICATE-----