Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/yz1DQh0QzkkA49N9iS7ThokKYH0.roa
File:                     yz1DQh0QzkkA49N9iS7ThokKYH0.roa (raw, json)
Hash identifier:          3dPQSEP9z8lwcCDik0ituoCOOV917MN5n3ce1pcyaf4=
Subject key identifier:   CB:3D:43:42:1D:10:CE:49:00:E3:D3:7D:89:2E:D3:86:89:0A:60:7D
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       018CC5005DE77D848C889778D2662981AF5F
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/yz1DQh0QzkkA49N9iS7ThokKYH0.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39238
IP address blocks:        193.109.217.0/24 maxlen: 24
                          45.153.72.0/23 maxlen: 23
                          185.183.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5d:e7:7d:84:8c:88:97:78:d2:66:29:81:af:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb3d43421d10ce4900e3d37d892ed386890a607d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a9:ea:a7:27:40:3d:33:4e:31:9b:d7:83:20:
                    c5:c0:28:e2:5f:4f:f1:e7:50:7b:40:4f:68:71:ff:
                    47:d8:88:2c:0e:5a:71:e9:82:17:73:c4:64:36:78:
                    83:0a:cb:df:ae:f7:9b:d5:3d:00:46:cd:a2:4d:24:
                    bd:a3:87:48:c9:73:3a:54:6d:f1:0f:07:34:0e:04:
                    88:b1:44:55:49:60:b0:bf:3d:53:d3:d9:05:a1:da:
                    af:67:1e:97:b7:ad:de:80:e4:ed:52:32:ce:1f:75:
                    d4:c3:0d:e5:4b:ea:86:78:79:a4:7b:ab:a5:1f:a0:
                    d2:b3:66:87:11:0e:4d:d1:b0:84:63:74:1a:42:f3:
                    34:30:9d:15:56:78:28:fc:1e:9c:b7:32:d9:71:b6:
                    2c:82:93:54:64:ce:56:1a:b7:76:02:40:c6:28:13:
                    ac:5a:a3:9a:c6:2d:49:15:43:f0:55:e7:96:52:d1:
                    69:c5:7f:f8:88:7f:c6:80:4d:68:70:ac:3e:e8:8c:
                    27:0d:4b:5e:64:96:66:45:72:57:c8:64:63:bc:60:
                    54:22:24:74:ed:d9:91:fb:a2:9e:99:b3:67:7d:0d:
                    6b:90:16:16:2e:ac:48:a4:b8:6d:6e:44:e2:36:19:
                    95:54:4c:d5:a2:76:d7:24:76:26:02:7c:54:59:ff:
                    4c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:3D:43:42:1D:10:CE:49:00:E3:D3:7D:89:2E:D3:86:89:0A:60:7D
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/yz1DQh0QzkkA49N9iS7ThokKYH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.72.0/23
                  185.183.160.0/22
                  193.109.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:da:8d:24:b3:56:48:54:73:ff:80:90:bb:1d:c6:6a:31:15:
         aa:53:3b:3d:5a:0c:c7:c0:67:24:a9:1b:1d:9b:7c:17:a3:1f:
         cb:92:c8:70:3e:cc:90:54:39:d4:04:af:91:77:62:eb:93:f3:
         10:c3:20:f5:9c:2d:a9:8a:c8:6a:34:fc:3c:ae:c8:5b:09:09:
         84:fa:71:98:1e:a8:6e:8d:29:9c:6c:ef:d7:a8:90:88:d8:66:
         15:ca:1e:ce:69:c5:88:46:96:7e:db:0d:c3:a4:0e:d3:9c:39:
         3e:f1:91:3c:49:95:b6:cc:d8:73:8f:32:27:65:87:4c:cf:50:
         c0:10:be:bf:1e:cd:2a:10:a4:77:c6:f6:1a:2a:68:96:7e:77:
         1d:bd:81:85:36:e2:ee:47:a2:6e:58:ca:d8:d1:e1:66:c7:c1:
         ce:fe:e6:24:57:d3:13:7b:56:bb:f4:51:d2:6b:36:8c:25:48:
         19:1b:e0:13:4f:0d:99:fb:88:82:81:45:ac:5d:2d:e1:cb:42:
         d9:49:ca:4d:3e:b4:6e:42:51:f1:f6:2f:9a:83:a4:fa:86:04:
         89:1a:07:24:c0:6e:b1:73:e7:26:a8:b4:7d:d8:af:7d:2a:09:
         d7:68:fc:aa:cc:c1:8f:84:82:e7:97:d0:49:3b:85:ed:a2:9a:
         6e:2e:c7:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAF3nfYSMiJd40mYpga9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjNkNDM0MjFkMTBjZTQ5MDBlM2QzN2Q4OTJlZDM4Njg5MGE2MDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhanqpydAPTNOMZvXgyDFwCjiX0/x
51B7QE9ocf9H2IgsDlpx6YIXc8RkNniDCsvfrveb1T0ARs2iTSS9o4dIyXM6VG3x
Dwc0DgSIsURVSWCwvz1T09kFodqvZx6Xt63egOTtUjLOH3XUww3lS+qGeHmke6ul
H6DSs2aHEQ5N0bCEY3QaQvM0MJ0VVngo/B6ctzLZcbYsgpNUZM5WGrd2AkDGKBOs
WqOaxi1JFUPwVeeWUtFpxX/4iH/GgE1ocKw+6IwnDUteZJZmRXJXyGRjvGBUIiR0
7dmR+6KembNnfQ1rkBYWLqxIpLhtbkTiNhmVVEzVonbXJHYmAnxUWf9MawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMs9Q0IdEM5JAOPTfYku04aJCmB9MB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEveXoxRFFoMFF6a2tBNDlOOWlTN1Rob2tLWUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZlIAwQC
ubegAwQAwW3ZMA0GCSqGSIb3DQEBCwUAA4IBAQAf2o0ks1ZIVHP/gJC7HcZqMRWq
Uzs9WgzHwGckqRsdm3wXox/LkshwPsyQVDnUBK+Rd2Lrk/MQwyD1nC2pishqNPw8
rshbCQmE+nGYHqhujSmcbO/XqJCI2GYVyh7OacWIRpZ+2w3DpA7TnDk+8ZE8SZW2
zNhzjzInZYdMz1DAEL6/Hs0qEKR3xvYaKmiWfncdvYGFNuLuR6JuWMrY0eFmx8HO
/uYkV9MTe1a79FHSazaMJUgZG+ATTw2Z+4iCgUWsXS3hy0LZScpNPrRuQlHx9i+a
g6T6hgSJGgckwG6xc+cmqLR92K99KgnXaPyqzMGPhILnl9BJO4XtoppuLsfn
-----END CERTIFICATE-----