Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/_rYF1KorPQOcFmPQ2L2FhXI09ss.roa
File:                     _rYF1KorPQOcFmPQ2L2FhXI09ss.roa (raw, json)
Hash identifier:          Ky/Rl2gN8EYJg52XQLGMLq7jNMSNpM8FHVAno1jeOQk=
Subject key identifier:   FE:B6:05:D4:AA:2B:3D:03:9C:16:63:D0:D8:BD:85:85:72:34:F6:CB
Certificate issuer:       /CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
Certificate serial:       018CC8016CE5321FD26D3A358C8E1E9462FD
Authority key identifier: C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/_rYF1KorPQOcFmPQ2L2FhXI09ss.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        185.193.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:e5:32:1f:d2:6d:3a:35:8c:8e:1e:94:62:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=feb605d4aa2b3d039c1663d0d8bd85857234f6cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b5:80:3c:a3:0a:37:bd:f5:07:c0:5c:37:f7:
                    01:64:21:40:7d:16:3b:42:2c:cd:fb:c4:69:a6:6b:
                    5a:b0:f6:77:c9:fa:10:72:6c:26:29:d2:8d:ec:8d:
                    ac:aa:83:64:96:91:a2:f0:a9:7a:4d:e0:dd:db:6e:
                    83:92:cd:ef:80:cb:2a:12:00:8b:1b:ab:bf:46:18:
                    0c:b6:d7:33:09:9d:06:1b:bb:8e:ab:c8:77:0e:da:
                    f4:27:c2:a2:43:58:c9:b2:00:41:41:2c:1a:a5:a7:
                    6e:ef:f3:76:86:65:fd:a6:e1:5b:db:2e:bc:a3:9d:
                    c8:e2:da:1e:58:ce:d7:5e:6f:ff:df:d3:40:7e:7f:
                    7f:ea:bd:4e:02:a4:5c:25:1c:41:2f:e3:d7:bd:66:
                    83:fd:a0:44:0a:c7:c4:ae:b4:77:f1:71:2f:d1:3a:
                    ed:59:f3:4a:e1:37:ca:1e:0f:62:dc:13:fa:6d:05:
                    b6:c5:fa:22:6d:3d:11:e7:74:9a:dc:a1:fd:90:72:
                    cf:53:7c:ec:73:b6:40:01:4a:3d:60:13:ab:ec:5b:
                    69:df:1c:9b:ea:d6:05:fd:f9:28:36:e3:f1:a3:41:
                    37:22:d7:56:25:4e:a8:f1:b1:b4:2e:a3:85:f8:fa:
                    6a:3a:58:97:54:12:c9:76:d6:ed:f8:b0:2a:a1:87:
                    b5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B6:05:D4:AA:2B:3D:03:9C:16:63:D0:D8:BD:85:85:72:34:F6:CB
            X509v3 Authority Key Identifier:
                keyid:C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/_rYF1KorPQOcFmPQ2L2FhXI09ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:5b:44:f1:e5:f4:51:fc:5d:de:1b:6a:e9:0e:f3:1d:b5:e4:
         14:86:8a:37:65:30:71:90:f6:b4:24:95:9b:86:28:dd:b7:4a:
         34:a6:07:4b:69:c7:da:42:a4:c4:22:db:4d:13:03:67:85:5a:
         9c:05:76:3c:29:a2:c0:15:65:a9:7d:8e:c0:45:08:dc:98:a4:
         26:68:07:39:41:9e:6f:d3:a9:f5:85:31:aa:0d:50:2f:5c:1e:
         bf:2f:40:63:62:f2:77:fa:e8:f5:e2:93:fc:0e:33:d9:02:30:
         51:7c:4b:9b:ed:e8:41:f1:47:2e:7e:60:1e:0a:ee:28:65:64:
         62:5e:b6:bc:4e:da:86:a0:1b:b5:f7:c6:50:c2:fc:b3:37:f7:
         a3:06:70:05:88:43:67:f3:48:71:a1:da:a7:a3:0f:04:7e:3c:
         f5:39:e1:6a:47:d7:bd:12:0a:c6:fe:4c:c4:8c:63:9e:4d:b6:
         52:8f:fa:3a:45:bd:86:df:7a:f0:d1:fe:97:b5:87:22:3f:83:
         bf:42:17:9d:bb:21:6e:48:5e:00:91:74:41:51:fd:0b:b6:c0:
         44:7d:52:7a:11:1c:3a:25:82:c6:2a:5a:92:94:7a:6d:03:f8:
         5e:15:2c:66:11:3b:b5:b6:61:9a:8c:98:65:74:75:21:2b:93:
         48:e7:4b:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWzlMh/SbTo1jI4elGL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDZiNTlhOTNlMzI0MDgzZmJjYTQyMzdlNDdlOWY1ZWJm
MzcxYWIwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWI2MDVkNGFhMmIzZDAzOWMxNjYzZDBkOGJkODU4NTcyMzRmNmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7WAPKMKN731B8BcN/cBZCFAfRY7
QizN+8RppmtasPZ3yfoQcmwmKdKN7I2sqoNklpGi8Kl6TeDd226Dks3vgMsqEgCL
G6u/RhgMttczCZ0GG7uOq8h3Dtr0J8KiQ1jJsgBBQSwapadu7/N2hmX9puFb2y68
o53I4toeWM7XXm//39NAfn9/6r1OAqRcJRxBL+PXvWaD/aBECsfErrR38XEv0Trt
WfNK4TfKHg9i3BP6bQW2xfoibT0R53Sa3KH9kHLPU3zsc7ZAAUo9YBOr7Ftp3xyb
6tYF/fkoNuPxo0E3ItdWJU6o8bG0LqOF+PpqOliXVBLJdtbt+LAqoYe13QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP62BdSqKz0DnBZj0Ni9hYVyNPbLMB8GA1UdIwQY
MBaAFMnWtZqT4yQIP7ykI35H6fXr83GrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTIt
YjkyMTFlMWZjMWFjLzEvX3JZRjFLb3JQUU9jRm1QUTJMMkZoWEkwOXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTItYjkyMTFlMWZjMWFj
LzEveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucGmMA0G
CSqGSIb3DQEBCwUAA4IBAQBzW0Tx5fRR/F3eG2rpDvMdteQUhoo3ZTBxkPa0JJWb
hijdt0o0pgdLacfaQqTEIttNEwNnhVqcBXY8KaLAFWWpfY7ARQjcmKQmaAc5QZ5v
06n1hTGqDVAvXB6/L0BjYvJ3+uj14pP8DjPZAjBRfEub7ehB8UcufmAeCu4oZWRi
Xra8TtqGoBu198ZQwvyzN/ejBnAFiENn80hxodqnow8Efjz1OeFqR9e9EgrG/kzE
jGOeTbZSj/o6Rb2G33rw0f6XtYciP4O/QheduyFuSF4AkXRBUf0LtsBEfVJ6ERw6
JYLGKlqSlHptA/heFSxmETu1tmGajJhldHUhK5NI50vT
-----END CERTIFICATE-----