Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/dyCarg_1-VsChHdy4L1GPGR9UFA.roa
File:                     dyCarg_1-VsChHdy4L1GPGR9UFA.roa (raw, json)
Hash identifier:          nv2D2ngfx47AWQ34JvdA2wg/PCS0zt1CclF82Cy8yzI=
Subject key identifier:   77:20:9A:AE:0F:F5:F9:5B:02:84:77:72:E0:BD:46:3C:64:7D:50:50
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B92CFF32A08D50EA9E481A692B0935
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/dyCarg_1-VsChHdy4L1GPGR9UFA.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8869
IP address blocks:        212.133.180.0/24 maxlen: 24
                          212.133.128.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2c:ff:32:a0:8d:50:ea:9e:48:1a:69:2b:09:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77209aae0ff5f95b02847772e0bd463c647d5050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8d:97:32:53:4e:0b:d3:b2:19:c7:98:77:bf:
                    30:94:2e:ad:af:f5:29:4c:72:85:a7:33:f5:5a:f4:
                    f5:2c:90:0c:95:73:1b:43:9a:53:55:8b:49:7d:14:
                    5f:6c:92:8e:d9:07:3d:de:db:a8:b2:72:6f:55:ac:
                    d8:79:55:a6:6b:95:fb:41:e5:b0:4c:dd:e8:c7:d0:
                    16:6e:de:73:cc:22:d5:fe:89:05:5e:ab:f6:03:3e:
                    a9:a3:71:bf:76:ef:87:f9:ae:8e:4b:c1:c6:d4:dd:
                    94:9e:ff:45:24:8c:0e:75:ba:91:7a:0d:b4:5f:60:
                    58:9f:d0:52:17:6a:af:b0:c8:d2:1a:7a:23:c2:fc:
                    a4:99:62:a4:7f:aa:15:00:aa:26:5a:52:b8:46:43:
                    30:f2:c0:ef:5c:b0:28:99:83:ae:d2:94:75:1f:99:
                    ca:e9:da:f7:5a:6e:d1:08:71:ac:48:02:f9:35:86:
                    df:c1:04:bf:ec:ab:5c:5a:c5:e4:b7:3d:37:cb:a2:
                    e1:bf:26:c5:55:7b:07:73:61:a1:07:92:5e:6c:63:
                    0e:e9:f3:4a:ff:cf:30:dd:17:23:cb:a1:00:ba:c6:
                    3c:b3:04:b8:73:20:f4:3b:64:12:81:8c:d6:a4:35:
                    a6:f4:9e:10:d2:13:1c:67:e8:c5:e3:6a:62:b1:a5:
                    55:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:20:9A:AE:0F:F5:F9:5B:02:84:77:72:E0:BD:46:3C:64:7D:50:50
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/dyCarg_1-VsChHdy4L1GPGR9UFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.133.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         af:af:11:1b:c1:9d:8a:f8:5b:ab:89:0c:1a:4a:87:02:db:68:
         9b:6d:82:04:f8:1b:14:a3:4e:f6:ad:b8:b6:f7:f1:01:22:61:
         b9:3c:4c:19:1a:37:74:b3:3d:fc:90:8e:1c:c2:07:1c:7d:31:
         cb:bd:61:b2:cc:02:59:be:25:a9:56:31:93:38:94:ba:31:fd:
         c3:6f:2c:82:cf:96:89:4e:28:ce:54:45:f0:32:58:bc:5e:4f:
         21:75:51:66:25:b2:95:6a:7d:99:af:95:27:99:d1:9f:eb:ec:
         18:11:dc:29:86:27:f3:99:84:64:bb:cf:87:54:b9:c5:f1:68:
         31:76:0e:e4:76:d5:c8:c5:a2:6f:39:9b:a5:74:e3:5b:cb:b4:
         f6:07:6f:49:6b:18:d5:eb:f1:8b:4d:4a:e1:86:b7:c1:ee:05:
         29:1b:19:09:7b:d0:d6:7b:f2:60:c4:dd:89:46:77:be:ad:44:
         e8:60:45:71:bb:f5:4c:09:f6:ce:a8:2e:0e:96:f4:d1:a5:26:
         b5:87:ff:09:0c:d5:03:40:bc:4f:96:fb:2b:e1:ae:32:5c:ab:
         d2:c3:8d:44:cc:a8:67:e5:ec:48:54:19:40:d0:63:4f:4b:f1:
         29:d7:fc:c3:f0:df:cb:7a:70:9c:0c:5e:3b:6c:af:e8:d1:8e:
         aa:8d:c2:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSz/MqCNUOqeSBppKwk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzIwOWFhZTBmZjVmOTViMDI4NDc3NzJlMGJkNDYzYzY0N2Q1MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk42XMlNOC9OyGceYd78wlC6tr/Up
THKFpzP1WvT1LJAMlXMbQ5pTVYtJfRRfbJKO2Qc93tuosnJvVazYeVWma5X7QeWw
TN3ox9AWbt5zzCLV/okFXqv2Az6po3G/du+H+a6OS8HG1N2Unv9FJIwOdbqReg20
X2BYn9BSF2qvsMjSGnojwvykmWKkf6oVAKomWlK4RkMw8sDvXLAomYOu0pR1H5nK
6dr3Wm7RCHGsSAL5NYbfwQS/7KtcWsXktz03y6LhvybFVXsHc2GhB5JebGMO6fNK
/88w3Rcjy6EAusY8swS4cyD0O2QSgYzWpDWm9J4Q0hMcZ+jF42pisaVV9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcgmq4P9flbAoR3cuC9RjxkfVBQMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvZHlDYXJnXzEtVnNDaEhkeTRMMUdQR1I5VUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG1IWAMA0G
CSqGSIb3DQEBCwUAA4IBAQCvrxEbwZ2K+FuriQwaSocC22ibbYIE+BsUo072rbi2
9/EBImG5PEwZGjd0sz38kI4cwgccfTHLvWGyzAJZviWpVjGTOJS6Mf3DbyyCz5aJ
TijOVEXwMli8Xk8hdVFmJbKVan2Zr5UnmdGf6+wYEdwphifzmYRku8+HVLnF8Wgx
dg7kdtXIxaJvOZuldONby7T2B29JaxjV6/GLTUrhhrfB7gUpGxkJe9DWe/JgxN2J
Rne+rUToYEVxu/VMCfbOqC4OlvTRpSa1h/8JDNUDQLxPlvsr4a4yXKvSw41EzKhn
5exIVBlA0GNPS/Ep1/zD8N/LenCcDF47bK/o0Y6qjcIu
-----END CERTIFICATE-----