Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/drfy4Bc3vLZi72Rr6S_E65NPAZQ.roa
File:                     drfy4Bc3vLZi72Rr6S_E65NPAZQ.roa (raw, json)
Hash identifier:          JyGzlUlZQ4YOos2Oghe3W1I7OM9FJMAOg5nMxZo0Mw8=
Subject key identifier:   76:B7:F2:E0:17:37:BC:B6:62:EF:64:6B:E9:2F:C4:EB:93:4F:01:94
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018D282B6FC1A4743F3CE6C54F000BCD4FC6
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/drfy4Bc3vLZi72Rr6S_E65NPAZQ.roa
Signing time:             Sat 20 Jan 2024 18:39:11 +0000
ROA not before:           Sat 20 Jan 2024 18:39:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        185.243.182.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:28:2b:6f:c1:a4:74:3f:3c:e6:c5:4f:00:0b:cd:4f:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan 20 18:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76b7f2e01737bcb662ef646be92fc4eb934f0194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8a:3e:da:39:61:04:a6:1c:e3:47:8e:ca:71:
                    48:46:89:7e:6a:e5:39:7d:13:15:27:14:36:02:a8:
                    24:62:3b:f1:77:12:41:bb:fb:e6:be:57:e8:13:9e:
                    73:96:ef:2a:b1:b8:a2:3a:55:b2:93:4a:41:ff:a5:
                    8e:e1:2e:8a:f7:ce:f9:ad:52:8f:a1:62:05:85:55:
                    8b:d1:00:0d:a9:8b:13:25:1d:3f:2c:9d:0a:8c:0f:
                    64:09:e8:74:7d:b8:e7:71:09:ec:63:73:53:f4:a9:
                    47:08:21:13:e0:b0:69:1d:f0:55:fd:93:ba:7f:d0:
                    70:33:5e:3f:a2:ee:9a:8e:d6:a8:43:8a:d4:a6:d6:
                    47:56:a9:31:aa:af:d2:c2:05:39:7a:bd:86:aa:fb:
                    30:79:e8:0c:14:82:0e:92:04:9e:ff:23:11:07:d6:
                    de:a5:de:93:51:e6:ff:01:61:ab:9e:0a:f8:a4:ea:
                    5b:03:15:c1:12:f5:aa:17:8b:60:6c:be:b3:22:c7:
                    44:e6:77:71:a1:c9:9c:8c:ee:f6:35:9f:e7:d0:59:
                    f1:23:7a:62:3e:58:31:97:bc:71:5c:eb:24:06:76:
                    a7:f6:a5:86:95:a0:5b:fd:f8:1b:5a:02:ba:1e:d6:
                    73:78:90:dc:55:69:c3:a1:00:99:ec:e3:27:a0:2f:
                    e9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B7:F2:E0:17:37:BC:B6:62:EF:64:6B:E9:2F:C4:EB:93:4F:01:94
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/drfy4Bc3vLZi72Rr6S_E65NPAZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.182.0/24
                  185.249.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:63:83:0f:18:86:42:fe:fd:c3:ed:d4:dd:8b:ea:9c:a1:75:
         00:fb:cf:72:dd:54:0d:e9:6d:75:0a:aa:a2:43:36:c3:2e:57:
         9c:ab:6a:9d:ed:b1:d3:95:18:f7:bd:6f:bc:52:45:cd:e8:d0:
         c7:47:50:1f:b1:3f:93:3f:40:d8:d2:48:03:c8:79:a0:1e:35:
         26:af:94:6b:2e:bc:5d:a4:b9:a0:37:c2:d9:60:c5:63:5e:60:
         55:86:e9:e4:fb:de:7c:85:e4:c3:eb:85:aa:81:aa:85:d0:f4:
         dd:89:10:a6:51:2b:cb:5a:c8:1b:ab:91:76:fc:67:96:5c:59:
         ad:46:68:54:9c:57:c1:58:26:00:26:b9:cf:45:ba:6d:25:10:
         02:0f:16:2f:25:e6:91:7b:fa:f5:12:f9:c2:10:aa:3e:a1:e1:
         c7:a3:46:79:a1:41:ae:8a:a6:95:91:7d:5b:aa:0b:bf:14:2f:
         8b:2c:6d:66:1a:c5:3d:c4:e2:16:48:ef:9e:e6:f5:10:81:d2:
         46:84:4e:c7:d3:8b:60:90:29:4d:3c:52:c4:a2:ff:bc:3c:de:
         ee:7a:af:d0:8f:fb:06:a8:cb:2f:41:ea:69:e7:11:1d:22:df:
         f3:1d:9e:37:a5:fc:2c:0c:49:38:59:46:c0:b5:d6:e9:b9:d2:
         4c:8c:6f:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0oK2/BpHQ/PObFTwALzU/GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTIwMTgzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmI3ZjJlMDE3MzdiY2I2NjJlZjY0NmJlOTJmYzRlYjkzNGYwMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIo+2jlhBKYc40eOynFIRol+auU5
fRMVJxQ2AqgkYjvxdxJBu/vmvlfoE55zlu8qsbiiOlWyk0pB/6WO4S6K9875rVKP
oWIFhVWL0QANqYsTJR0/LJ0KjA9kCeh0fbjncQnsY3NT9KlHCCET4LBpHfBV/ZO6
f9BwM14/ou6ajtaoQ4rUptZHVqkxqq/SwgU5er2GqvsweegMFIIOkgSe/yMRB9be
pd6TUeb/AWGrngr4pOpbAxXBEvWqF4tgbL6zIsdE5ndxocmcjO72NZ/n0FnxI3pi
Plgxl7xxXOskBnan9qWGlaBb/fgbWgK6HtZzeJDcVWnDoQCZ7OMnoC/pOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHa38uAXN7y2Yu9ka+kvxOuTTwGUMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZHJmeTRCYzN2TFppNzJScjZTX0U2NU5QQVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufO2AwQA
ufnKMA0GCSqGSIb3DQEBCwUAA4IBAQBmY4MPGIZC/v3D7dTdi+qcoXUA+89y3VQN
6W11CqqiQzbDLlecq2qd7bHTlRj3vW+8UkXN6NDHR1AfsT+TP0DY0kgDyHmgHjUm
r5RrLrxdpLmgN8LZYMVjXmBVhunk+958heTD64WqgaqF0PTdiRCmUSvLWsgbq5F2
/GeWXFmtRmhUnFfBWCYAJrnPRbptJRACDxYvJeaRe/r1EvnCEKo+oeHHo0Z5oUGu
iqaVkX1bqgu/FC+LLG1mGsU9xOIWSO+e5vUQgdJGhE7H04tgkClNPFLEov+8PN7u
eq/Qj/sGqMsvQepp5xEdIt/zHZ43pfwsDEk4WUbAtdbpudJMjG8m
-----END CERTIFICATE-----