Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/dYbNkP2f_Df2uxPOf7CEmKnF3T4.roa
File:                     dYbNkP2f_Df2uxPOf7CEmKnF3T4.roa (raw, json)
Hash identifier:          wI1uXZNbRGt0oS7TOdAXketR7ThvKx6z1q85aKWkfP4=
Subject key identifier:   75:86:CD:90:FD:9F:FC:37:F6:BB:13:CE:7F:B0:84:98:A9:C5:DD:3E
Certificate issuer:       /CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
Certificate serial:       018CC64B4296360863913416838021A4118D
Authority key identifier: DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/dYbNkP2f_Df2uxPOf7CEmKnF3T4.roa
Signing time:             Mon 01 Jan 2024 18:31:10 +0000
ROA not before:           Mon 01 Jan 2024 18:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.186.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:42:96:36:08:63:91:34:16:83:80:21:a4:11:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
        Validity
            Not Before: Jan  1 18:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7586cd90fd9ffc37f6bb13ce7fb08498a9c5dd3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:27:8b:45:f8:72:95:0a:24:21:b8:4d:5c:f4:
                    0f:3e:36:07:36:55:fc:01:f1:62:27:54:c5:07:ae:
                    b5:7d:7d:37:80:50:05:70:f7:68:f0:4e:32:9c:84:
                    6e:89:57:7e:c7:c4:f9:5f:43:ae:6d:63:1a:82:56:
                    b1:ff:c5:d5:77:96:84:af:4b:3b:6f:b4:3b:86:e7:
                    5b:71:54:77:4a:22:49:93:0c:8e:8c:72:df:87:b0:
                    fe:f9:87:2a:df:29:1d:f6:8a:51:9f:28:de:3b:e9:
                    13:b4:02:20:e4:24:e0:6f:ef:37:ca:90:04:85:a2:
                    55:b2:1a:c0:03:f2:0a:e3:ad:e3:26:07:2e:20:22:
                    92:e2:d8:2e:4d:2a:1b:65:9e:9b:7d:26:20:71:b2:
                    4c:0b:94:2d:f6:8f:2a:cc:0a:77:50:6e:06:75:a7:
                    3a:1c:3a:05:c6:51:96:8e:d0:b7:0d:d3:82:ca:59:
                    8c:b9:57:10:e1:e4:a7:81:8c:e2:27:e9:b4:5b:30:
                    90:6c:7d:56:85:07:e3:32:a7:bb:fb:7e:b5:e6:d2:
                    9b:2f:93:5b:d4:d7:a3:11:7e:3d:7f:fd:3c:5a:51:
                    d5:0d:9d:e0:65:e1:8d:32:29:91:e5:ae:8a:f9:17:
                    fb:b1:d0:90:89:81:13:e5:be:0c:ed:67:08:14:fc:
                    0b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:86:CD:90:FD:9F:FC:37:F6:BB:13:CE:7F:B0:84:98:A9:C5:DD:3E
            X509v3 Authority Key Identifier:
                keyid:DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/dYbNkP2f_Df2uxPOf7CEmKnF3T4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:e5:5f:44:29:51:48:94:68:ef:a5:94:10:4a:ad:a1:5f:4d:
         52:48:a0:fe:13:5b:ba:64:e8:e5:a9:6f:bd:f7:28:99:ec:78:
         6f:20:a8:b0:25:1c:be:3e:43:8c:cb:63:36:14:ac:f5:6d:e2:
         24:da:49:7a:06:12:4a:ad:e6:4b:ba:51:a5:12:52:79:a8:57:
         c3:4a:6c:97:53:f8:e1:42:e9:80:20:fd:c9:aa:c3:b1:35:2e:
         36:b7:b6:eb:7a:be:28:1c:97:4c:86:03:a4:dd:51:3b:01:da:
         4e:71:79:7c:14:35:41:26:3f:c0:56:a5:c8:76:89:ab:8e:69:
         4f:23:36:95:6b:d5:d3:7e:54:91:2a:ce:cd:e6:21:ff:a1:b8:
         80:a4:e3:d3:c6:12:e8:02:05:d4:f2:18:81:37:88:5e:dd:1a:
         3e:31:b6:dd:a1:e6:d8:cd:a3:4d:99:a2:8e:a3:9a:82:01:46:
         fb:f4:be:d5:c4:a7:21:c5:cd:41:e7:b8:76:cf:cf:87:f0:54:
         c7:4a:71:82:c0:60:8d:d2:59:7b:0c:5e:56:d1:23:ea:09:1c:
         f5:e3:e2:ec:71:c4:d1:cf:0d:17:c5:11:46:5d:d9:64:71:a7:
         ef:fb:54:ce:c9:2d:85:2c:81:6e:4b:95:10:33:aa:12:15:20:
         ac:f9:e0:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0KWNghjkTQWg4AhpBGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTBhZGIxYThiNzk3MDIwZjBlYzdhMjlhOWI1YWJhZDQw
YjY1M2UwHhcNMjQwMTAxMTgzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTg2Y2Q5MGZkOWZmYzM3ZjZiYjEzY2U3ZmIwODQ5OGE5YzVkZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSeLRfhylQokIbhNXPQPPjYHNlX8
AfFiJ1TFB661fX03gFAFcPdo8E4ynIRuiVd+x8T5X0OubWMaglax/8XVd5aEr0s7
b7Q7hudbcVR3SiJJkwyOjHLfh7D++Ycq3ykd9opRnyjeO+kTtAIg5CTgb+83ypAE
haJVshrAA/IK463jJgcuICKS4tguTSobZZ6bfSYgcbJMC5Qt9o8qzAp3UG4Gdac6
HDoFxlGWjtC3DdOCylmMuVcQ4eSngYziJ+m0WzCQbH1WhQfjMqe7+3615tKbL5Nb
1NejEX49f/08WlHVDZ3gZeGNMimR5a6K+Rf7sdCQiYET5b4M7WcIFPwLAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWGzZD9n/w39rsTzn+whJipxd0+MB8GA1UdIwQY
MBaAFNygrbGot5cCDw7HopqbWrrUC2U+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYt
M2UzNmNhOWEyZDY5LzEvZFliTmtQMmZfRGYydXhQT2Y3Q0VtS25GM1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYtM2UzNmNhOWEyZDY5
LzEvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubobMA0G
CSqGSIb3DQEBCwUAA4IBAQCA5V9EKVFIlGjvpZQQSq2hX01SSKD+E1u6ZOjlqW+9
9yiZ7HhvIKiwJRy+PkOMy2M2FKz1beIk2kl6BhJKreZLulGlElJ5qFfDSmyXU/jh
QumAIP3JqsOxNS42t7brer4oHJdMhgOk3VE7AdpOcXl8FDVBJj/AVqXIdomrjmlP
IzaVa9XTflSRKs7N5iH/obiApOPTxhLoAgXU8hiBN4he3Ro+MbbdoebYzaNNmaKO
o5qCAUb79L7VxKchxc1B57h2z8+H8FTHSnGCwGCN0ll7DF5W0SPqCRz14+LsccTR
zw0XxRFGXdlkcafv+1TOyS2FLIFuS5UQM6oSFSCs+eBy
-----END CERTIFICATE-----