Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/rfISRsbxyQFD2UaAkt-st9gii5U.roa
File:                     rfISRsbxyQFD2UaAkt-st9gii5U.roa (raw, json)
Hash identifier:          fDuvnP9+68W/i0gBlEYrMnTeNzg83c2XxlHkD91mxKY=
Subject key identifier:   AD:F2:12:46:C6:F1:C9:01:43:D9:46:80:92:DF:AC:B7:D8:22:8B:95
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01921B8EFFBC1A8976CE4DA962B795F1AEA1
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/rfISRsbxyQFD2UaAkt-st9gii5U.roa
Signing time:             Sun 22 Sep 2024 21:06:49 +0000
ROA not before:           Sun 22 Sep 2024 21:06:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        185.226.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1b:8e:ff:bc:1a:89:76:ce:4d:a9:62:b7:95:f1:ae:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Sep 22 21:06:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adf21246c6f1c90143d9468092dfacb7d8228b95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f3:1f:9c:81:d9:a6:99:78:c3:c5:e0:fe:dd:
                    08:bf:fb:7a:4b:27:4b:78:47:10:2f:cc:51:0a:53:
                    1d:14:16:de:d8:1c:43:bf:41:8e:b3:f2:4b:90:1c:
                    2f:db:2c:45:d0:11:84:08:d3:2a:d2:76:31:55:b4:
                    28:5d:32:15:3f:b5:1a:48:73:8b:f3:9f:5b:f5:52:
                    1f:06:aa:9e:37:25:1c:50:98:31:02:e1:0e:f3:a9:
                    a6:e5:ed:33:71:c7:d0:18:09:d5:11:9b:bb:f8:a8:
                    67:10:4a:4c:94:a2:99:cc:aa:44:a0:0c:6a:da:01:
                    67:8d:46:1d:1c:66:2d:8b:67:e7:4d:5a:17:8b:ba:
                    cb:5c:6d:9c:2c:5e:24:cc:fd:cf:95:15:37:be:b8:
                    b3:15:d3:63:0f:03:7c:f0:7e:47:fe:3b:ce:62:83:
                    27:b7:3f:b6:5b:4f:54:83:90:29:e0:3b:8b:42:cc:
                    2b:3d:b3:43:59:cc:bc:ce:40:8c:ae:46:31:ba:ec:
                    b1:1a:a4:53:1b:eb:6a:c6:d1:fc:7b:31:3c:ec:dc:
                    7b:38:83:38:41:e5:ee:1f:b7:87:be:2e:b2:74:25:
                    1c:53:2c:e8:c4:ad:9a:8d:f0:e1:d4:4e:17:c3:67:
                    59:af:40:ef:3f:b9:37:ac:c3:57:a7:80:ab:2b:67:
                    4e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F2:12:46:C6:F1:C9:01:43:D9:46:80:92:DF:AC:B7:D8:22:8B:95
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/rfISRsbxyQFD2UaAkt-st9gii5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:30:17:cf:46:0c:cb:1a:38:45:d1:8e:e5:ca:13:af:2b:22:
         16:83:46:c8:de:04:1c:69:aa:a4:10:ce:9a:a9:cf:5e:fa:04:
         3a:81:0c:79:e0:de:38:b9:c1:82:1c:36:10:c6:30:96:52:33:
         9c:45:23:7a:0f:16:9d:9f:f5:ca:f8:da:6f:1f:77:0f:5f:e6:
         a2:38:9d:4a:6b:67:f1:d0:61:69:9a:42:44:a6:3e:9a:ca:f0:
         47:65:2d:41:87:6f:03:df:3b:44:a7:3a:cd:50:71:05:c0:fe:
         f4:bb:9f:e2:41:65:15:22:64:85:b4:11:bd:1e:34:57:f0:da:
         fc:11:74:42:dc:a7:96:77:5b:fd:5d:1a:d2:76:5a:8d:3c:54:
         d1:e0:8e:1f:cb:6c:e8:ca:06:35:05:0f:4c:c6:ce:c0:36:93:
         90:ab:f0:7f:6c:5d:57:d0:fe:57:24:74:d8:9c:62:dd:24:ea:
         72:11:2d:8d:a1:89:b0:e8:f2:b1:8e:0b:99:12:f9:da:7f:8b:
         d5:ae:d4:5d:a4:cf:48:62:d5:99:e7:e5:e3:90:bc:f1:68:64:
         ce:ec:d7:4b:22:bb:c9:27:34:e6:d0:e1:5e:43:0c:5b:61:88:
         c8:a5:42:40:81:37:ae:82:75:c2:f1:cb:fc:25:d5:10:fa:76:
         f9:bb:98:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIbjv+8Gol2zk2pYreV8a6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwOTIyMjEwNjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGYyMTI0NmM2ZjFjOTAxNDNkOTQ2ODA5MmRmYWNiN2Q4MjI4Yjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvMfnIHZppl4w8Xg/t0Iv/t6SydL
eEcQL8xRClMdFBbe2BxDv0GOs/JLkBwv2yxF0BGECNMq0nYxVbQoXTIVP7UaSHOL
859b9VIfBqqeNyUcUJgxAuEO86mm5e0zccfQGAnVEZu7+KhnEEpMlKKZzKpEoAxq
2gFnjUYdHGYti2fnTVoXi7rLXG2cLF4kzP3PlRU3vrizFdNjDwN88H5H/jvOYoMn
tz+2W09Ug5Ap4DuLQswrPbNDWcy8zkCMrkYxuuyxGqRTG+tqxtH8ezE87Nx7OIM4
QeXuH7eHvi6ydCUcUyzoxK2ajfDh1E4Xw2dZr0DvP7k3rMNXp4CrK2dOBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3yEkbG8ckBQ9lGgJLfrLfYIouVMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvcmZJU1JzYnh5UUZEMlVhQWt0LXN0OWdpaTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueK0MA0G
CSqGSIb3DQEBCwUAA4IBAQB6MBfPRgzLGjhF0Y7lyhOvKyIWg0bI3gQcaaqkEM6a
qc9e+gQ6gQx54N44ucGCHDYQxjCWUjOcRSN6Dxadn/XK+NpvH3cPX+aiOJ1Ka2fx
0GFpmkJEpj6ayvBHZS1Bh28D3ztEpzrNUHEFwP70u5/iQWUVImSFtBG9HjRX8Nr8
EXRC3KeWd1v9XRrSdlqNPFTR4I4fy2zoygY1BQ9Mxs7ANpOQq/B/bF1X0P5XJHTY
nGLdJOpyES2NoYmw6PKxjguZEvnaf4vVrtRdpM9IYtWZ5+XjkLzxaGTO7NdLIrvJ
JzTm0OFeQwxbYYjIpUJAgTeugnXC8cv8JdUQ+nb5u5jS
-----END CERTIFICATE-----