Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/y6ImEtUKxlbDmnYA9zzCvNTl8Q0.roa
File:                     y6ImEtUKxlbDmnYA9zzCvNTl8Q0.roa (raw, json)
Hash identifier:          HdQVUCDY/Il6jlxa1Ie8V3VBLGFB9Fr5QnuCblut3ig=
Subject key identifier:   CB:A2:26:12:D5:0A:C6:56:C3:9A:76:00:F7:3C:C2:BC:D4:E5:F1:0D
Certificate issuer:       /CN=dd6daef6664a7529b629f3fd65004915230f1be9
Certificate serial:       018CCA99D72DDF3BCD7A28A96BBBA25F0259
Authority key identifier: DD:6D:AE:F6:66:4A:75:29:B6:29:F3:FD:65:00:49:15:23:0F:1B:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/y6ImEtUKxlbDmnYA9zzCvNTl8Q0.roa
Signing time:             Tue 02 Jan 2024 14:35:28 +0000
ROA not before:           Tue 02 Jan 2024 14:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197851
IP address blocks:        185.136.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:d7:2d:df:3b:cd:7a:28:a9:6b:bb:a2:5f:02:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd6daef6664a7529b629f3fd65004915230f1be9
        Validity
            Not Before: Jan  2 14:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba22612d50ac656c39a7600f73cc2bcd4e5f10d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cd:79:14:7d:d5:ca:e3:2e:16:19:35:22:af:
                    9f:d5:6e:1e:b8:ba:af:7e:66:8a:38:5d:ad:79:3e:
                    5a:47:2d:1c:64:6f:31:18:ec:96:bc:a3:7f:b5:6f:
                    0c:3e:b3:d8:70:08:4e:a4:1a:c4:d2:e3:87:40:61:
                    36:05:0c:a0:14:77:04:5f:00:f2:e0:ef:e2:c4:2e:
                    01:af:20:34:df:98:41:99:b8:8b:d9:6f:5a:44:a0:
                    f3:f3:96:78:ab:09:71:42:b2:44:0a:c9:b9:ad:7e:
                    c0:0b:65:01:33:c3:9c:3c:b8:63:fb:28:5c:b2:b2:
                    fb:b2:e9:35:b9:1a:a3:d0:3d:ca:d7:e8:e5:e0:95:
                    91:d3:6a:07:90:bd:5f:70:4d:06:5c:bf:23:58:98:
                    e1:71:90:63:f5:9c:c1:cd:05:c1:41:f8:76:b7:95:
                    eb:65:99:47:47:b8:48:88:b0:16:cd:52:44:fd:3f:
                    b0:cb:1c:e1:10:71:ba:54:66:f9:5b:57:4d:1a:14:
                    db:8e:ea:a5:cf:66:6d:aa:29:a2:1c:e7:dd:ee:e0:
                    7b:c7:78:3f:18:25:15:e6:51:f3:e1:d9:3c:1c:f3:
                    57:9f:70:78:ab:e8:15:09:1f:b9:5d:fa:bb:64:8e:
                    d1:98:3d:e8:1e:7b:a4:ee:ad:5f:18:b5:8c:25:40:
                    26:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A2:26:12:D5:0A:C6:56:C3:9A:76:00:F7:3C:C2:BC:D4:E5:F1:0D
            X509v3 Authority Key Identifier:
                keyid:DD:6D:AE:F6:66:4A:75:29:B6:29:F3:FD:65:00:49:15:23:0F:1B:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/y6ImEtUKxlbDmnYA9zzCvNTl8Q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/7dd42b-66ed-4c13-a336-cfe1335f27fb/1/3W2u9mZKdSm2KfP9ZQBJFSMPG-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:7a:e4:aa:8b:b7:78:3e:a1:9f:7b:de:95:c9:e0:ba:94:d8:
         ef:5c:82:fd:f6:82:88:2e:39:4a:e3:9b:cc:f8:bb:42:76:1f:
         0f:a0:b9:7b:ac:aa:ce:bf:71:0b:99:58:69:95:0e:e9:c8:5a:
         51:fe:52:94:53:38:3f:b7:23:ec:9e:50:b2:a9:af:e3:de:f5:
         63:e7:84:5c:51:99:4e:ce:52:3f:c8:a9:f4:de:cb:0d:c5:3c:
         61:0e:10:f6:ed:40:cc:0d:80:76:f0:ce:b0:6f:4c:85:62:cc:
         68:12:26:34:e9:b7:75:2c:3e:05:3a:81:a2:43:5b:11:35:9b:
         37:1e:0a:04:b6:48:be:cd:92:62:d3:06:30:88:86:4e:e2:78:
         74:53:5c:37:65:66:25:c2:fc:8b:1f:f4:ac:54:49:a0:2c:ad:
         08:ff:bb:fc:88:3b:7e:2d:e5:c3:1e:4c:a0:03:2c:74:87:1a:
         03:0a:28:84:54:0a:86:f8:1b:bf:62:c1:d3:98:ea:99:45:00:
         33:6d:61:d4:fa:77:52:7f:c3:22:1e:47:67:5e:4b:58:02:0a:
         f9:ba:97:23:17:f3:04:a9:ef:17:ae:18:df:06:3b:6b:76:b4:
         81:68:4c:60:ee:ba:32:c9:74:dd:71:8f:50:67:24:b1:3e:38:
         6d:78:9c:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmdct3zvNeiipa7uiXwJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNmRhZWY2NjY0YTc1MjliNjI5ZjNmZDY1MDA0OTE1MjMw
ZjFiZTkwHhcNMjQwMTAyMTQzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmEyMjYxMmQ1MGFjNjU2YzM5YTc2MDBmNzNjYzJiY2Q0ZTVmMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc15FH3VyuMuFhk1Iq+f1W4euLqv
fmaKOF2teT5aRy0cZG8xGOyWvKN/tW8MPrPYcAhOpBrE0uOHQGE2BQygFHcEXwDy
4O/ixC4BryA035hBmbiL2W9aRKDz85Z4qwlxQrJECsm5rX7AC2UBM8OcPLhj+yhc
srL7suk1uRqj0D3K1+jl4JWR02oHkL1fcE0GXL8jWJjhcZBj9ZzBzQXBQfh2t5Xr
ZZlHR7hIiLAWzVJE/T+wyxzhEHG6VGb5W1dNGhTbjuqlz2ZtqimiHOfd7uB7x3g/
GCUV5lHz4dk8HPNXn3B4q+gVCR+5Xfq7ZI7RmD3oHnuk7q1fGLWMJUAm/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuiJhLVCsZWw5p2APc8wrzU5fENMB8GA1UdIwQY
MBaAFN1trvZmSnUptinz/WUASRUjDxvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1cydTltWktkU20yS2ZQOVpRQkpGU01QRy1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi83ZGQ0MmItNjZlZC00YzEzLWEzMzYt
Y2ZlMTMzNWYyN2ZiLzEveTZJbUV0VUt4bGJEbW5ZQTl6ekN2TlRsOFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi83ZGQ0MmItNjZlZC00YzEzLWEzMzYtY2ZlMTMzNWYyN2Zi
LzEvM1cydTltWktkU20yS2ZQOVpRQkpGU01QRy1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYhXMA0G
CSqGSIb3DQEBCwUAA4IBAQBueuSqi7d4PqGfe96VyeC6lNjvXIL99oKILjlK45vM
+LtCdh8PoLl7rKrOv3ELmVhplQ7pyFpR/lKUUzg/tyPsnlCyqa/j3vVj54RcUZlO
zlI/yKn03ssNxTxhDhD27UDMDYB28M6wb0yFYsxoEiY06bd1LD4FOoGiQ1sRNZs3
HgoEtki+zZJi0wYwiIZO4nh0U1w3ZWYlwvyLH/SsVEmgLK0I/7v8iDt+LeXDHkyg
Ayx0hxoDCiiEVAqG+Bu/YsHTmOqZRQAzbWHU+ndSf8MiHkdnXktYAgr5upcjF/ME
qe8XrhjfBjtrdrSBaExg7royyXTdcY9QZySxPjhteJwA
-----END CERTIFICATE-----