Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fV4j2IOBHAyXj13oGc9x6zSxmqo.roa
File:                     fV4j2IOBHAyXj13oGc9x6zSxmqo.roa (raw, json)
Hash identifier:          8Z1yBOXd0v2IpXwZmoRuMO3T+WlU1TNJDxgzarj1xZ4=
Subject key identifier:   7D:5E:23:D8:83:81:1C:0C:97:8F:5D:E8:19:CF:71:EB:34:B1:9A:AA
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018DF10A6BD123D23D6D622B2C5DEA322E03
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fV4j2IOBHAyXj13oGc9x6zSxmqo.roa
Signing time:             Wed 28 Feb 2024 18:46:48 +0000
ROA not before:           Wed 28 Feb 2024 18:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205663
IP address blocks:        185.250.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f1:0a:6b:d1:23:d2:3d:6d:62:2b:2c:5d:ea:32:2e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Feb 28 18:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d5e23d883811c0c978f5de819cf71eb34b19aaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:68:dd:9b:d9:93:fb:6e:e3:83:87:a9:7a:2d:
                    e5:63:47:6e:3d:c9:a4:d8:be:eb:80:b4:8e:95:15:
                    ee:f6:18:52:b8:82:98:a2:42:04:6c:05:53:76:d5:
                    83:94:c0:0e:61:c6:ef:6d:76:73:b2:22:7d:e4:2a:
                    2a:c9:7c:ae:b7:cf:49:0e:8c:f5:46:57:d2:43:28:
                    f6:c1:05:ed:15:8e:f4:2e:cb:6f:36:41:ef:bf:fa:
                    62:fc:70:5e:aa:99:19:66:d1:23:1f:13:cd:43:02:
                    43:2b:26:e6:e1:33:b8:1b:2f:cd:b1:17:67:e8:bc:
                    c2:bf:57:54:c1:00:66:c9:4f:bb:12:a3:39:10:b7:
                    dc:df:f3:14:29:3f:bc:b5:7a:f7:77:eb:6c:7e:ad:
                    78:33:d0:e2:6a:d1:c8:36:73:69:f8:b5:09:d6:b6:
                    ef:7a:5b:7c:b1:5d:c5:4d:8a:a2:2a:99:10:57:5a:
                    78:ce:12:a1:24:33:49:8d:21:14:1e:f5:0b:0e:8e:
                    88:c4:15:1e:8e:d7:d3:14:16:fa:8f:4a:f4:bf:ef:
                    b2:ce:1f:19:7f:a7:60:fa:c9:98:5f:51:da:d4:d7:
                    1e:75:f5:62:80:93:8c:d6:cc:63:b5:11:ef:99:ed:
                    f3:7d:ef:ef:c9:69:f3:b2:f1:16:0a:c4:4d:5f:0c:
                    78:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:5E:23:D8:83:81:1C:0C:97:8F:5D:E8:19:CF:71:EB:34:B1:9A:AA
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fV4j2IOBHAyXj13oGc9x6zSxmqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:63:41:0d:7d:80:ef:3d:09:fd:16:90:43:1c:48:1c:6f:22:
         bd:7d:29:a3:8b:d7:cd:66:c9:63:78:68:b1:75:8d:17:26:ba:
         39:57:20:c4:20:12:2f:33:f1:7e:e6:ab:64:66:1e:15:73:bc:
         eb:8a:8e:18:0a:a5:2a:c1:33:b8:b0:90:46:f2:d4:b4:77:d7:
         b6:29:02:aa:7f:71:db:d6:ff:f1:9a:25:e0:c9:ca:fb:29:66:
         06:53:9e:fc:34:e3:81:22:34:cf:37:77:84:f2:1a:af:a8:32:
         76:7c:d4:ce:2d:f9:8a:9f:b6:c2:40:18:f8:c1:15:74:1f:90:
         62:2d:a1:22:f4:6c:92:c3:f6:96:6a:59:68:b3:ce:86:f3:c9:
         fa:53:31:97:ce:78:3d:82:f4:fb:26:2f:ba:99:f1:a0:ec:69:
         38:2b:a8:f7:6b:87:5b:6c:7f:1b:c9:fa:3b:d5:15:9f:00:7d:
         45:88:57:f4:4a:3a:01:80:05:e5:6e:79:85:0c:e3:49:41:d0:
         d6:c0:41:30:1a:3e:b2:52:ec:fe:e6:f1:70:c0:b7:e6:35:fb:
         a8:56:0a:13:05:b2:9e:82:01:c4:11:8d:98:b0:9b:6a:33:3e:
         70:81:62:fd:33:c8:ca:1b:4a:70:4b:57:2f:a2:65:3a:38:86:
         3d:ef:16:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3xCmvRI9I9bWIrLF3qMi4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMjI4MTg0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDVlMjNkODgzODExYzBjOTc4ZjVkZTgxOWNmNzFlYjM0YjE5YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2jdm9mT+27jg4epei3lY0duPcmk
2L7rgLSOlRXu9hhSuIKYokIEbAVTdtWDlMAOYcbvbXZzsiJ95CoqyXyut89JDoz1
RlfSQyj2wQXtFY70LstvNkHvv/pi/HBeqpkZZtEjHxPNQwJDKybm4TO4Gy/NsRdn
6LzCv1dUwQBmyU+7EqM5ELfc3/MUKT+8tXr3d+tsfq14M9DiatHINnNp+LUJ1rbv
elt8sV3FTYqiKpkQV1p4zhKhJDNJjSEUHvULDo6IxBUejtfTFBb6j0r0v++yzh8Z
f6dg+smYX1Ha1NcedfVigJOM1sxjtRHvme3zfe/vyWnzsvEWCsRNXwx4JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1eI9iDgRwMl49d6BnPces0sZqqMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZlY0ajJJT0JIQXlYajEzb0djOXg2elN4bXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufoaMA0G
CSqGSIb3DQEBCwUAA4IBAQDMY0ENfYDvPQn9FpBDHEgcbyK9fSmji9fNZsljeGix
dY0XJro5VyDEIBIvM/F+5qtkZh4Vc7zrio4YCqUqwTO4sJBG8tS0d9e2KQKqf3Hb
1v/xmiXgycr7KWYGU578NOOBIjTPN3eE8hqvqDJ2fNTOLfmKn7bCQBj4wRV0H5Bi
LaEi9GySw/aWallos86G88n6UzGXzng9gvT7Ji+6mfGg7Gk4K6j3a4dbbH8byfo7
1RWfAH1FiFf0SjoBgAXlbnmFDONJQdDWwEEwGj6yUuz+5vFwwLfmNfuoVgoTBbKe
ggHEEY2YsJtqMz5wgWL9M8jKG0pwS1cvomU6OIY97xbJ
-----END CERTIFICATE-----