Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/vSaSI2c_qqhDXSuhRpVfGcty7hc.roa
File:                     vSaSI2c_qqhDXSuhRpVfGcty7hc.roa (raw, json)
Hash identifier:          6XKzIn2oKBA0EQEliblnUBkH858YkzgLGGg8Rzo0hUk=
Subject key identifier:   BD:26:92:23:67:3F:AA:A8:43:5D:2B:A1:46:95:5F:19:CB:72:EE:17
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0190C068FA5CA845EAD3C76837555BB6178A
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/vSaSI2c_qqhDXSuhRpVfGcty7hc.roa
Signing time:             Wed 17 Jul 2024 11:17:03 +0000
ROA not before:           Wed 17 Jul 2024 11:17:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        185.226.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:68:fa:5c:a8:45:ea:d3:c7:68:37:55:5b:b6:17:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 17 11:17:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd269223673faaa8435d2ba146955f19cb72ee17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:72:81:7c:66:f1:d7:e0:c9:db:51:0c:b0:
                    63:87:ef:61:48:16:1b:41:9c:12:17:bf:06:26:f4:
                    ad:16:3f:3e:9c:11:24:c7:9a:36:45:af:f1:88:27:
                    f8:f2:e4:e5:5e:a9:13:36:f4:33:d2:bc:a5:c1:ec:
                    cd:f6:d2:99:45:86:88:10:99:62:f6:33:a4:f2:aa:
                    c6:2f:95:1f:b8:41:08:e2:c2:6f:f0:ba:07:a0:1d:
                    58:38:9f:7c:80:93:3a:45:2c:29:db:59:75:b0:55:
                    b0:11:10:2a:86:b0:6b:52:74:be:97:be:6c:31:8b:
                    74:62:7a:a5:fa:70:ba:a9:9c:9f:a0:9c:64:21:a1:
                    67:c0:84:88:e1:07:9b:68:27:7d:1b:e5:b6:22:48:
                    87:56:cd:a4:ec:fa:59:e9:d7:34:45:b7:1d:a3:44:
                    19:68:72:98:04:67:5c:1a:73:fa:20:71:28:68:30:
                    4e:95:3a:80:d0:c5:69:3c:31:a4:4d:6d:7d:60:aa:
                    94:85:8d:82:30:a0:9f:2a:16:4a:be:54:a7:58:9e:
                    c1:97:2b:8e:cc:c2:c6:c7:53:e2:15:c9:ee:7d:ae:
                    78:f8:23:2e:b4:21:69:49:71:42:ee:55:ea:c4:a1:
                    5c:04:d9:fc:e0:d1:13:5e:f4:24:1c:84:e5:65:62:
                    32:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:26:92:23:67:3F:AA:A8:43:5D:2B:A1:46:95:5F:19:CB:72:EE:17
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/vSaSI2c_qqhDXSuhRpVfGcty7hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:80:77:b1:b7:1a:23:9e:30:40:4c:f7:14:6e:3b:7f:8e:cc:
         fa:2e:0f:7e:e5:32:a0:69:4e:fa:93:92:37:1c:ab:f5:4b:ee:
         ea:48:a7:40:ef:b9:b4:4f:ad:74:fc:d8:13:a7:6b:2a:38:5a:
         06:0a:ae:ea:96:4b:2c:48:44:c7:b2:e9:82:d7:57:03:6c:a3:
         23:3b:7b:84:50:67:97:69:03:22:80:bd:e2:87:dc:a0:8f:8e:
         34:8b:a3:4d:3f:ab:30:de:d9:3a:e0:93:28:6b:96:a3:bf:92:
         2c:67:a6:5d:09:06:e2:8b:83:4b:7b:4e:8b:d0:46:0c:e1:1a:
         70:c1:37:cf:04:85:cd:26:16:fd:29:49:f3:b4:e2:b8:58:04:
         97:14:53:cf:92:4e:f8:17:ff:52:ab:77:b1:bf:7d:9a:a1:c0:
         a3:3d:41:bd:d6:17:c1:3c:8e:ab:b2:16:3a:09:5a:5f:57:84:
         e2:93:2a:11:55:75:49:f4:a1:90:66:4e:75:5c:8b:e7:ea:cb:
         e6:f5:f2:aa:52:ea:c9:57:43:65:8c:02:be:14:a8:15:be:5c:
         44:e9:4a:ed:bc:f8:cb:12:ee:09:85:5f:c6:08:f9:63:ff:9e:
         7e:40:ae:0e:7c:e8:7d:9a:29:22:9b:f5:38:f2:74:16:e9:6b:
         a0:77:15:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDAaPpcqEXq08doN1VbtheKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwNzE3MTExNzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI2OTIyMzY3M2ZhYWE4NDM1ZDJiYTE0Njk1NWYxOWNiNzJlZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroBygXxm8dfgydtRDLBjh+9hSBYb
QZwSF78GJvStFj8+nBEkx5o2Ra/xiCf48uTlXqkTNvQz0rylwezN9tKZRYaIEJli
9jOk8qrGL5UfuEEI4sJv8LoHoB1YOJ98gJM6RSwp21l1sFWwERAqhrBrUnS+l75s
MYt0Ynql+nC6qZyfoJxkIaFnwISI4QebaCd9G+W2IkiHVs2k7PpZ6dc0Rbcdo0QZ
aHKYBGdcGnP6IHEoaDBOlTqA0MVpPDGkTW19YKqUhY2CMKCfKhZKvlSnWJ7BlyuO
zMLGx1PiFcnufa54+CMutCFpSXFC7lXqxKFcBNn84NETXvQkHITlZWIyfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0mkiNnP6qoQ10roUaVXxnLcu4XMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvdlNhU0kyY19xcWhEWFN1aFJwVmZHY3R5N2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueK2MA0G
CSqGSIb3DQEBCwUAA4IBAQBxgHextxojnjBATPcUbjt/jsz6Lg9+5TKgaU76k5I3
HKv1S+7qSKdA77m0T610/NgTp2sqOFoGCq7qlkssSETHsumC11cDbKMjO3uEUGeX
aQMigL3ih9ygj440i6NNP6sw3tk64JMoa5ajv5IsZ6ZdCQbii4NLe06L0EYM4Rpw
wTfPBIXNJhb9KUnztOK4WASXFFPPkk74F/9Sq3exv32aocCjPUG91hfBPI6rshY6
CVpfV4TikyoRVXVJ9KGQZk51XIvn6svm9fKqUurJV0NljAK+FKgVvlxE6UrtvPjL
Eu4JhV/GCPlj/55+QK4OfOh9mikim/U48nQW6WugdxU0
-----END CERTIFICATE-----