Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/DLmZcVJPpBJV2sVGk13YZbfAsQM.roa
File:                     DLmZcVJPpBJV2sVGk13YZbfAsQM.roa (raw, json)
Hash identifier:          UPrLveATd5V16X20qQsW1mNFiRpiWWQI8/n/xkX0IY0=
Subject key identifier:   0C:B9:99:71:52:4F:A4:12:55:DA:C5:46:93:5D:D8:65:B7:C0:B1:03
Certificate issuer:       /CN=6d2203ec1e5a6c266cca39b9af1abe2cb20b195a
Certificate serial:       01916A502493448FE451B23AA89F1BD0F24C
Authority key identifier: 6D:22:03:EC:1E:5A:6C:26:6C:CA:39:B9:AF:1A:BE:2C:B2:0B:19:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/DLmZcVJPpBJV2sVGk13YZbfAsQM.roa
Signing time:             Mon 19 Aug 2024 11:05:22 +0000
ROA not before:           Mon 19 Aug 2024 11:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203200
IP address blocks:        185.122.76.0/22 maxlen: 24
                          2a10:d340:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:50:24:93:44:8f:e4:51:b2:3a:a8:9f:1b:d0:f2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d2203ec1e5a6c266cca39b9af1abe2cb20b195a
        Validity
            Not Before: Aug 19 11:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cb99971524fa41255dac546935dd865b7c0b103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f4:d9:3c:c1:1f:75:1a:84:5d:c6:84:e6:5f:
                    82:04:a0:0c:12:fb:6c:26:af:8f:c2:49:ae:f5:66:
                    01:4c:18:24:9a:0d:ac:d5:70:97:12:2e:f0:aa:3c:
                    c7:52:92:b2:c8:c9:da:2d:e5:2d:a1:98:70:b4:5d:
                    30:a1:0e:37:e4:99:3f:6d:d4:45:96:63:dc:99:1f:
                    53:82:b6:6f:a0:76:66:3b:03:2a:a5:7c:81:31:73:
                    31:a4:01:f1:d3:51:23:28:f2:ea:b7:23:27:8f:e1:
                    9a:a0:e5:c9:fc:93:05:1b:1d:66:f1:05:e1:13:61:
                    95:38:19:0c:4e:82:fd:58:62:58:43:a1:d7:3e:06:
                    d8:7b:2d:ed:d0:ea:2f:46:db:26:fe:8b:63:b1:47:
                    4e:68:bc:a8:15:69:56:c8:54:a3:43:59:02:8e:d4:
                    24:05:d1:91:14:fb:d2:d7:73:b0:bb:94:ca:17:5f:
                    2f:47:07:53:e5:53:21:29:fd:e7:d5:91:d9:72:f4:
                    eb:e3:db:69:b5:26:a4:7b:84:e4:5d:f8:b9:50:cb:
                    ee:23:a8:fe:e5:f3:98:1e:89:f7:16:ba:6f:f4:cd:
                    20:69:4d:58:90:b5:62:89:53:d9:8e:8f:41:26:47:
                    d7:57:39:12:46:77:50:9f:82:0a:8e:14:a7:54:ec:
                    8e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B9:99:71:52:4F:A4:12:55:DA:C5:46:93:5D:D8:65:B7:C0:B1:03
            X509v3 Authority Key Identifier:
                keyid:6D:22:03:EC:1E:5A:6C:26:6C:CA:39:B9:AF:1A:BE:2C:B2:0B:19:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/DLmZcVJPpBJV2sVGk13YZbfAsQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.76.0/22
                IPv6:
                  2a10:d340:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:ab:02:d4:a1:b4:00:9c:c7:2a:7f:c2:e0:32:77:a9:44:8b:
         09:8a:da:3c:93:dd:d5:6d:27:8c:46:88:2f:7a:77:9e:53:78:
         bb:94:a5:0e:45:dd:8a:37:fc:e8:19:2d:07:ad:a8:c7:02:d4:
         30:fc:97:38:8a:41:8f:b0:90:5a:2b:ab:f7:40:e9:e5:7a:c0:
         a5:e5:42:c1:52:5a:c4:aa:1e:8f:64:98:93:f7:83:59:e8:36:
         e5:e6:d9:4a:95:5e:c9:d2:5e:59:38:4b:c8:49:9e:ac:5c:76:
         82:af:96:83:76:34:8f:8d:43:39:5a:96:e9:08:63:62:9d:81:
         8a:7c:75:8d:ea:44:9f:53:7f:66:71:fe:48:88:f5:b3:d4:a4:
         4c:47:b7:93:7d:49:c9:f4:8f:32:8f:e0:58:9d:c1:f9:c3:ee:
         83:0b:e0:33:dd:ec:7e:2c:07:a9:f7:68:94:7d:d5:da:e0:b1:
         6a:70:e4:92:b0:f1:37:8f:96:43:6f:05:d8:99:b1:52:fa:e3:
         db:d1:47:de:45:b0:51:a7:39:68:64:36:e4:eb:e5:20:6e:7f:
         08:59:e9:7b:23:e7:56:de:2c:dd:4e:d5:ba:70:12:aa:70:e9:
         43:a4:8f:a3:27:97:02:40:0f:bb:d9:ab:66:25:e1:74:fa:73:
         f2:da:d4:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZFqUCSTRI/kUbI6qJ8b0PJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjIwM2VjMWU1YTZjMjY2Y2NhMzliOWFmMWFiZTJjYjIw
YjE5NWEwHhcNMjQwODE5MTEwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2I5OTk3MTUyNGZhNDEyNTVkYWM1NDY5MzVkZDg2NWI3YzBiMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvTZPMEfdRqEXcaE5l+CBKAMEvts
Jq+Pwkmu9WYBTBgkmg2s1XCXEi7wqjzHUpKyyMnaLeUtoZhwtF0woQ435Jk/bdRF
lmPcmR9TgrZvoHZmOwMqpXyBMXMxpAHx01EjKPLqtyMnj+GaoOXJ/JMFGx1m8QXh
E2GVOBkMToL9WGJYQ6HXPgbYey3t0OovRtsm/otjsUdOaLyoFWlWyFSjQ1kCjtQk
BdGRFPvS13Owu5TKF18vRwdT5VMhKf3n1ZHZcvTr49tptSake4TkXfi5UMvuI6j+
5fOYHon3Frpv9M0gaU1YkLViiVPZjo9BJkfXVzkSRndQn4IKjhSnVOyO2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAy5mXFST6QSVdrFRpNd2GW3wLEDMB8GA1UdIwQY
MBaAFG0iA+weWmwmbMo5ua8aviyyCxlaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNJRDdCNWFiQ1pzeWptNXJ4cS1MTElMR1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mYzUyMmYtYjIwZi00N2FmLTgwYzYt
MWE5Nzk0NGM5MWNhLzEvRExtWmNWSlBwQkpWMnNWR2sxM1laYmZBc1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mYzUyMmYtYjIwZi00N2FmLTgwYzYtMWE5Nzk0NGM5MWNh
LzEvYlNJRDdCNWFiQ1pzeWptNXJ4cS1MTElMR1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXpMMA8E
AgACMAkDBwAqENNAAAEwDQYJKoZIhvcNAQELBQADggEBAEqrAtShtACcxyp/wuAy
d6lEiwmK2jyT3dVtJ4xGiC96d55TeLuUpQ5F3Yo3/OgZLQetqMcC1DD8lziKQY+w
kForq/dA6eV6wKXlQsFSWsSqHo9kmJP3g1noNuXm2UqVXsnSXlk4S8hJnqxcdoKv
loN2NI+NQzlalukIY2KdgYp8dY3qRJ9Tf2Zx/kiI9bPUpExHt5N9Scn0jzKP4Fid
wfnD7oML4DPd7H4sB6n3aJR91drgsWpw5JKw8TePlkNvBdiZsVL649vRR95FsFGn
OWhkNuTr5SBufwhZ6Xsj51beLN1O1bpwEqpw6UOkj6MnlwJAD7vZq2Yl4XT6c/La
1Ag=
-----END CERTIFICATE-----