Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/6F2eFGvD9097EIg4LB9CffrGO9o.roa
File:                     6F2eFGvD9097EIg4LB9CffrGO9o.roa (raw, json)
Hash identifier:          G50yLixHsvPkj866UDZyGTk19dI1HJOeQtwYsy0L2BE=
Subject key identifier:   E8:5D:9E:14:6B:C3:F7:4F:7B:10:88:38:2C:1F:42:7D:FA:C6:3B:DA
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018CC6B929114F2BD1102D6487F39D9BDF48
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/6F2eFGvD9097EIg4LB9CffrGO9o.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206776
IP address blocks:        185.196.222.0/24 maxlen: 24
                          185.165.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:11:4f:2b:d1:10:2d:64:87:f3:9d:9b:df:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e85d9e146bc3f74f7b1088382c1f427dfac63bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ea:4f:26:50:3f:98:cf:30:1a:e9:8b:7a:ce:
                    24:77:85:96:76:6f:25:14:4e:02:a7:a4:d3:83:2c:
                    45:67:25:08:ac:62:13:2c:65:d2:fa:e5:dd:f8:38:
                    f7:6a:6c:34:1d:4a:e5:b4:72:29:1c:19:35:ff:90:
                    86:cb:57:64:9a:f5:36:3b:17:4c:32:36:92:10:f5:
                    33:0f:03:df:80:ee:8a:51:dd:29:43:9e:26:fd:44:
                    c1:27:cc:1b:e9:d3:69:a0:72:9c:de:81:11:26:05:
                    ee:fa:62:43:27:d4:05:bc:71:09:c2:88:e0:47:2c:
                    2c:24:ed:d7:a2:9d:b2:79:a0:99:c5:66:38:a6:95:
                    cb:04:d3:a7:9c:76:96:5b:06:05:90:7b:87:00:77:
                    63:5e:93:49:b5:80:f8:ac:bb:11:52:eb:41:5e:23:
                    33:74:89:64:ae:05:21:29:e4:31:25:ac:20:2e:92:
                    f3:d2:13:b0:8e:60:20:65:71:a7:5a:d5:91:2d:ac:
                    0b:4a:2b:5d:2f:9a:ef:a5:8a:ed:cc:64:cb:b4:15:
                    1f:bb:34:5c:6e:dd:e4:da:da:f7:71:ac:c2:ac:81:
                    27:d5:8a:f4:01:2f:e9:0e:bd:8e:fb:77:be:b0:c8:
                    6f:85:cb:da:29:7a:54:5a:76:80:08:53:70:30:03:
                    e2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:5D:9E:14:6B:C3:F7:4F:7B:10:88:38:2C:1F:42:7D:FA:C6:3B:DA
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/6F2eFGvD9097EIg4LB9CffrGO9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.154.0/24
                  185.196.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:87:f0:b4:bb:95:38:bf:18:73:da:47:94:9a:8a:d9:5d:cb:
         3f:35:1e:b5:c0:36:46:9e:1b:45:c9:73:d4:c4:4c:fe:67:cb:
         b3:28:ad:2e:10:a3:bc:4d:bb:c6:b2:fa:c6:36:b7:0b:15:96:
         d6:6c:95:db:6e:e3:1a:1d:00:67:52:b0:84:e8:00:c5:6c:c8:
         07:a6:31:65:42:17:87:b8:48:66:9a:8b:c0:fb:a8:d2:fe:ec:
         77:c9:36:d6:74:dc:24:e0:77:2f:01:8d:ef:35:a8:41:41:bb:
         eb:d9:fc:f9:72:4b:cd:20:17:d4:f9:73:c8:bf:87:3c:f8:ef:
         ed:12:87:d6:00:83:3d:45:c1:a4:d9:c0:d8:d4:47:1a:26:c2:
         9b:dd:44:28:8b:49:a3:91:db:06:b3:e0:96:d5:36:07:d5:25:
         9c:e6:6d:5e:08:98:1e:6f:87:6d:d1:17:d9:7f:73:21:82:db:
         43:bd:9f:ba:9c:00:c5:a1:e8:f0:a0:5a:85:56:8c:d9:22:53:
         b7:d4:2b:9b:cb:ae:28:fc:07:54:76:6f:d6:dd:3f:21:df:4d:
         d3:68:2d:a7:df:a1:5c:2c:16:40:c7:fe:cb:87:9a:a0:85:79:
         10:03:39:93:6a:99:04:b7:9f:41:6e:2e:91:d2:97:5b:56:27:
         2f:65:39:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuSkRTyvREC1kh/Odm99IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODVkOWUxNDZiYzNmNzRmN2IxMDg4MzgyYzFmNDI3ZGZhYzYzYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnepPJlA/mM8wGumLes4kd4WWdm8l
FE4Cp6TTgyxFZyUIrGITLGXS+uXd+Dj3amw0HUrltHIpHBk1/5CGy1dkmvU2OxdM
MjaSEPUzDwPfgO6KUd0pQ54m/UTBJ8wb6dNpoHKc3oERJgXu+mJDJ9QFvHEJwojg
RywsJO3Xop2yeaCZxWY4ppXLBNOnnHaWWwYFkHuHAHdjXpNJtYD4rLsRUutBXiMz
dIlkrgUhKeQxJawgLpLz0hOwjmAgZXGnWtWRLawLSitdL5rvpYrtzGTLtBUfuzRc
bt3k2tr3cazCrIEn1Yr0AS/pDr2O+3e+sMhvhcvaKXpUWnaACFNwMAPiuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOhdnhRrw/dPexCIOCwfQn36xjvaMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvNkYyZUZHdkQ5MDk3RUlnNExCOUNmZnJHTzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaWaAwQA
ucTeMA0GCSqGSIb3DQEBCwUAA4IBAQAvh/C0u5U4vxhz2keUmorZXcs/NR61wDZG
nhtFyXPUxEz+Z8uzKK0uEKO8TbvGsvrGNrcLFZbWbJXbbuMaHQBnUrCE6ADFbMgH
pjFlQheHuEhmmovA+6jS/ux3yTbWdNwk4HcvAY3vNahBQbvr2fz5ckvNIBfU+XPI
v4c8+O/tEofWAIM9RcGk2cDY1EcaJsKb3UQoi0mjkdsGs+CW1TYH1SWc5m1eCJge
b4dt0RfZf3MhgttDvZ+6nADFoejwoFqFVozZIlO31Cuby64o/AdUdm/W3T8h303T
aC2n36FcLBZAx/7Lh5qghXkQAzmTapkEt59Bbi6R0pdbVicvZTkC
-----END CERTIFICATE-----