Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/1smm5zx6q5wO34d6nb-OYJ2gEZ8.roa
File:                     1smm5zx6q5wO34d6nb-OYJ2gEZ8.roa (raw, json)
Hash identifier:          xITqnw0kbqE5SAPC4rfA2bQ2EgHv7nkz+FMWxGm5nRc=
Subject key identifier:   D6:C9:A6:E7:3C:7A:AB:9C:0E:DF:87:7A:9D:BF:8E:60:9D:A0:11:9F
Certificate issuer:       /CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
Certificate serial:       018CC8016AE87FC0A2262BD6D1F3B245CB82
Authority key identifier: C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/1smm5zx6q5wO34d6nb-OYJ2gEZ8.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        185.193.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:e8:7f:c0:a2:26:2b:d6:d1:f3:b2:45:cb:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6c9a6e73c7aab9c0edf877a9dbf8e609da0119f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f5:29:6e:b6:81:bd:76:94:0a:30:e5:cd:01:
                    cb:26:1b:62:a8:1a:06:f7:a3:1c:cf:1a:eb:c5:22:
                    b1:14:1c:2b:f7:26:d1:c7:5d:00:b1:46:87:c4:e1:
                    47:c1:ea:6c:b3:f8:63:21:a4:19:cc:91:bd:59:fe:
                    9a:2a:42:c6:eb:39:04:94:f8:a0:96:7d:b8:3c:ae:
                    f0:4d:b0:92:54:74:5b:ed:d4:7c:93:46:0d:a6:68:
                    e9:42:58:c9:99:52:d5:dd:36:6f:f7:35:71:9c:ec:
                    94:ce:84:1a:31:f6:d2:0a:62:75:4b:25:31:48:d3:
                    c9:62:d7:09:33:ff:63:41:b6:57:8b:5b:2e:87:0d:
                    82:21:ea:34:71:dd:cf:b0:55:28:cf:f2:b1:96:15:
                    cc:41:0a:90:a6:7e:9c:02:c1:a6:03:7f:dc:43:01:
                    23:8d:6c:46:d6:cb:7b:38:1e:6a:b9:25:44:42:7f:
                    35:5c:fb:d2:9a:53:2d:1b:ce:1d:ab:d0:4a:9c:5a:
                    28:67:c5:01:e2:93:f5:82:d1:f5:f5:21:05:f6:ee:
                    74:5a:91:54:05:b0:a1:e8:96:b5:bc:73:ee:13:92:
                    52:96:e2:3c:bd:64:3f:34:09:1b:ca:54:77:a2:32:
                    d4:a8:62:71:b0:44:06:14:5b:a2:90:7f:ef:ec:e6:
                    cc:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C9:A6:E7:3C:7A:AB:9C:0E:DF:87:7A:9D:BF:8E:60:9D:A0:11:9F
            X509v3 Authority Key Identifier:
                keyid:C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/1smm5zx6q5wO34d6nb-OYJ2gEZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d0:0c:e0:34:a6:55:1e:22:83:ec:52:c4:dd:c0:cb:64:92:
         39:a8:c3:93:6c:04:68:f4:92:35:a3:d9:33:33:6e:5f:be:53:
         f6:8b:61:6d:62:78:76:c8:70:e9:fc:ed:d7:59:25:04:f0:a5:
         bc:ee:24:27:ca:55:7a:23:43:96:95:41:1e:26:ae:91:72:3e:
         ce:81:a2:43:12:1c:d3:f3:45:e0:29:32:8a:ae:59:5c:ec:c7:
         bd:ee:17:ab:9e:99:97:f1:f3:54:c9:84:e7:c5:72:e9:32:cb:
         3e:12:da:e4:bb:d8:b4:26:85:43:5a:8e:6b:54:44:d5:55:34:
         b7:02:4b:b5:cb:67:36:86:3e:37:2b:89:96:17:68:b3:3a:a9:
         b5:6f:f7:d8:31:e0:f5:df:b1:91:36:15:d1:dd:6f:d2:cd:a4:
         14:b7:57:34:38:36:48:e9:da:c1:be:ea:1a:56:67:69:00:8d:
         8e:b4:e5:91:86:55:05:fe:4d:bc:54:0e:e0:59:8e:f9:5e:1d:
         28:b6:9f:dc:bc:ef:48:c5:03:e2:8d:a5:58:e8:91:3a:ea:fb:
         96:bd:cc:f7:b2:67:0e:96:ea:93:59:82:6f:af:4b:e5:64:2c:
         39:4d:ca:f9:2f:03:01:a7:3a:f9:23:99:3b:47:83:59:02:67:
         f8:dd:9b:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWrof8CiJivW0fOyRcuCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDZiNTlhOTNlMzI0MDgzZmJjYTQyMzdlNDdlOWY1ZWJm
MzcxYWIwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmM5YTZlNzNjN2FhYjljMGVkZjg3N2E5ZGJmOGU2MDlkYTAxMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfUpbraBvXaUCjDlzQHLJhtiqBoG
96MczxrrxSKxFBwr9ybRx10AsUaHxOFHwepss/hjIaQZzJG9Wf6aKkLG6zkElPig
ln24PK7wTbCSVHRb7dR8k0YNpmjpQljJmVLV3TZv9zVxnOyUzoQaMfbSCmJ1SyUx
SNPJYtcJM/9jQbZXi1suhw2CIeo0cd3PsFUoz/KxlhXMQQqQpn6cAsGmA3/cQwEj
jWxG1st7OB5quSVEQn81XPvSmlMtG84dq9BKnFooZ8UB4pP1gtH19SEF9u50WpFU
BbCh6Ja1vHPuE5JSluI8vWQ/NAkbylR3ojLUqGJxsEQGFFuikH/v7ObMAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbJpuc8equcDt+Hep2/jmCdoBGfMB8GA1UdIwQY
MBaAFMnWtZqT4yQIP7ykI35H6fXr83GrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTIt
YjkyMTFlMWZjMWFjLzEvMXNtbTV6eDZxNXdPMzRkNm5iLU9ZSjJnRVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTItYjkyMTFlMWZjMWFj
LzEveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucGlMA0G
CSqGSIb3DQEBCwUAA4IBAQCh0AzgNKZVHiKD7FLE3cDLZJI5qMOTbARo9JI1o9kz
M25fvlP2i2FtYnh2yHDp/O3XWSUE8KW87iQnylV6I0OWlUEeJq6Rcj7OgaJDEhzT
80XgKTKKrllc7Me97hernpmX8fNUyYTnxXLpMss+Etrku9i0JoVDWo5rVETVVTS3
Aku1y2c2hj43K4mWF2izOqm1b/fYMeD137GRNhXR3W/SzaQUt1c0ODZI6drBvuoa
VmdpAI2OtOWRhlUF/k28VA7gWY75Xh0otp/cvO9IxQPijaVY6JE66vuWvcz3smcO
luqTWYJvr0vlZCw5Tcr5LwMBpzr5I5k7R4NZAmf43Zum
-----END CERTIFICATE-----