Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/myDk6lv81VPJsWBiMXJeoy4RE-I.roa
File:                     myDk6lv81VPJsWBiMXJeoy4RE-I.roa (raw, json)
Hash identifier:          GhtFd14Kn3XpYxKqptEKBiJt/8p3nj9z2NmBeyR/xRE=
Subject key identifier:   9B:20:E4:EA:5B:FC:D5:53:C9:B1:60:62:31:72:5E:A3:2E:11:13:E2
Certificate issuer:       /CN=76d47c234a8b92f31d3989cc42219f80c947da19
Certificate serial:       018CC9BCC142FB142BCC346629650B74F347
Authority key identifier: 76:D4:7C:23:4A:8B:92:F3:1D:39:89:CC:42:21:9F:80:C9:47:DA:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dtR8I0qLkvMdOYnMQiGfgMlH2hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/myDk6lv81VPJsWBiMXJeoy4RE-I.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48095
IP address blocks:        185.217.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/dtR8I0qLkvMdOYnMQiGfgMlH2hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/dtR8I0qLkvMdOYnMQiGfgMlH2hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dtR8I0qLkvMdOYnMQiGfgMlH2hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c1:42:fb:14:2b:cc:34:66:29:65:0b:74:f3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76d47c234a8b92f31d3989cc42219f80c947da19
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b20e4ea5bfcd553c9b1606231725ea32e1113e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:02:a5:d0:dc:77:1d:df:f5:58:80:76:da:98:
                    35:eb:7f:cc:86:e2:bd:42:07:2c:95:70:f8:49:b4:
                    67:14:22:10:9b:f1:bf:76:cd:d2:d1:52:60:bc:f9:
                    ca:91:4e:77:bf:16:e4:f2:11:c3:e7:62:6c:11:dc:
                    21:dc:57:72:97:64:69:02:7e:d2:a7:ef:99:cd:05:
                    ce:18:2c:3f:70:bb:6c:1c:03:91:1a:f6:2f:61:15:
                    ae:b4:65:bc:1f:bd:a9:8c:c5:36:77:1d:78:bd:04:
                    55:da:1b:c3:0a:e1:af:74:cc:c7:42:b0:93:9b:46:
                    ad:38:03:91:9b:81:69:36:86:40:01:c0:b9:95:ed:
                    af:90:65:e1:48:7d:91:db:49:d1:02:55:95:80:51:
                    a0:fa:78:c7:d3:5d:98:c1:d3:f8:93:9c:ec:93:72:
                    e9:bb:bc:b1:16:f4:ae:ee:00:0a:fd:7c:dd:94:ad:
                    30:dc:55:36:e3:34:ad:9d:71:9b:2d:7d:e8:6e:92:
                    4a:68:2c:c0:96:a5:d7:24:a1:85:d6:e3:e7:4c:b8:
                    12:1d:0c:51:01:7d:3b:03:b2:24:df:c3:a8:37:03:
                    d3:1b:d5:6d:e7:2c:1d:7f:74:37:1b:ea:8c:08:02:
                    9f:34:cf:92:61:c1:0b:6b:92:b1:e7:30:76:76:68:
                    ca:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:20:E4:EA:5B:FC:D5:53:C9:B1:60:62:31:72:5E:A3:2E:11:13:E2
            X509v3 Authority Key Identifier:
                keyid:76:D4:7C:23:4A:8B:92:F3:1D:39:89:CC:42:21:9F:80:C9:47:DA:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dtR8I0qLkvMdOYnMQiGfgMlH2hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/myDk6lv81VPJsWBiMXJeoy4RE-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/3550d9-3022-4dba-a75a-1c0d4a21cb23/1/dtR8I0qLkvMdOYnMQiGfgMlH2hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:c4:42:d5:e7:f9:da:4c:b7:3f:b8:97:59:3b:a1:44:12:c8:
         cd:1b:e3:b7:db:fc:1f:5f:e1:cd:2c:c1:68:14:57:3d:f8:44:
         b4:9c:1f:54:95:ad:b6:d0:8b:a8:ac:f7:62:92:2b:16:5e:de:
         cf:38:28:6f:50:fe:96:9f:af:5a:4b:b3:ec:2b:88:34:54:b5:
         b0:5e:60:6a:47:b8:3c:31:3e:ff:e4:4d:07:06:e5:dd:7d:92:
         e2:24:4a:78:1c:28:9b:66:3a:26:4a:10:24:3e:7a:39:8d:7f:
         e4:9c:45:ea:1d:59:09:3c:11:12:db:15:ef:5b:8f:d6:93:31:
         5b:5c:c4:bf:58:7b:fc:fe:93:98:1f:8a:a5:bb:ad:c8:45:ad:
         63:db:20:ab:6a:80:e5:05:00:79:6c:14:15:bd:06:32:74:87:
         f6:c1:97:cc:3d:8f:13:db:22:09:92:ca:02:89:81:ba:51:25:
         40:dc:b6:85:df:05:8c:8e:4e:61:d8:bd:fb:ab:2e:cf:78:d2:
         d1:da:2d:62:34:79:c6:ee:da:29:de:50:3d:ab:0e:ec:ff:e5:
         c4:7b:69:db:cb:01:d2:56:0c:98:a8:a3:56:64:df:24:6c:af:
         23:72:76:fa:eb:6b:0b:7b:29:e4:9b:ba:3b:6e:35:c0:c0:dc:
         fd:de:7c:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMFC+xQrzDRmKWULdPNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZDQ3YzIzNGE4YjkyZjMxZDM5ODljYzQyMjE5ZjgwYzk0
N2RhMTkwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjIwZTRlYTViZmNkNTUzYzliMTYwNjIzMTcyNWVhMzJlMTExM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQKl0Nx3Hd/1WIB22pg163/MhuK9
QgcslXD4SbRnFCIQm/G/ds3S0VJgvPnKkU53vxbk8hHD52JsEdwh3Fdyl2RpAn7S
p++ZzQXOGCw/cLtsHAORGvYvYRWutGW8H72pjMU2dx14vQRV2hvDCuGvdMzHQrCT
m0atOAORm4FpNoZAAcC5le2vkGXhSH2R20nRAlWVgFGg+njH012YwdP4k5zsk3Lp
u7yxFvSu7gAK/XzdlK0w3FU24zStnXGbLX3obpJKaCzAlqXXJKGF1uPnTLgSHQxR
AX07A7Ik38OoNwPTG9Vt5ywdf3Q3G+qMCAKfNM+SYcELa5Kx5zB2dmjKlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsg5Opb/NVTybFgYjFyXqMuERPiMB8GA1UdIwQY
MBaAFHbUfCNKi5LzHTmJzEIhn4DJR9oZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHRSOEkwcUxrdk1kT1luTVFpR2ZnTWxIMmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8zNTUwZDktMzAyMi00ZGJhLWE3NWEt
MWMwZDRhMjFjYjIzLzEvbXlEazZsdjgxVlBKc1dCaU1YSmVveTRSRS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8zNTUwZDktMzAyMi00ZGJhLWE3NWEtMWMwZDRhMjFjYjIz
LzEvZHRSOEkwcUxrdk1kT1luTVFpR2ZnTWxIMmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudkYMA0G
CSqGSIb3DQEBCwUAA4IBAQC1xELV5/naTLc/uJdZO6FEEsjNG+O32/wfX+HNLMFo
FFc9+ES0nB9Ula220IuorPdikisWXt7POChvUP6Wn69aS7PsK4g0VLWwXmBqR7g8
MT7/5E0HBuXdfZLiJEp4HCibZjomShAkPno5jX/knEXqHVkJPBES2xXvW4/WkzFb
XMS/WHv8/pOYH4qlu63IRa1j2yCraoDlBQB5bBQVvQYydIf2wZfMPY8T2yIJksoC
iYG6USVA3LaF3wWMjk5h2L37qy7PeNLR2i1iNHnG7top3lA9qw7s/+XEe2nbywHS
VgyYqKNWZN8kbK8jcnb662sLeynkm7o7bjXAwNz93nw9
-----END CERTIFICATE-----