Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/y0CWjlNWCadWfz4mHrC7gdGKuws.roa
File:                     y0CWjlNWCadWfz4mHrC7gdGKuws.roa (raw, json)
Hash identifier:          TweKFOqJTzEMoEWAKdQJhQr7xxHPnhJ5VlTHQ9qidz8=
Subject key identifier:   CB:40:96:8E:53:56:09:A7:56:7F:3E:26:1E:B0:BB:81:D1:8A:BB:0B
Certificate issuer:       /CN=d5f264e3805a3d104537357a14ff926ac029599c
Certificate serial:       018CF38BE4DF0F644183E17718D2E78A0211
Authority key identifier: D5:F2:64:E3:80:5A:3D:10:45:37:35:7A:14:FF:92:6A:C0:29:59:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fJk44BaPRBFNzV6FP-SasApWZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/y0CWjlNWCadWfz4mHrC7gdGKuws.roa
Signing time:             Wed 10 Jan 2024 13:24:40 +0000
ROA not before:           Wed 10 Jan 2024 13:24:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8772
IP address blocks:        185.36.102.0/24 maxlen: 24
                          2a05:4cc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/1fJk44BaPRBFNzV6FP-SasApWZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/1fJk44BaPRBFNzV6FP-SasApWZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fJk44BaPRBFNzV6FP-SasApWZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:8b:e4:df:0f:64:41:83:e1:77:18:d2:e7:8a:02:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f264e3805a3d104537357a14ff926ac029599c
        Validity
            Not Before: Jan 10 13:24:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb40968e535609a7567f3e261eb0bb81d18abb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3b:ec:33:aa:2c:28:4d:a6:f5:91:29:80:5e:
                    55:73:81:c4:c0:2c:79:6c:da:c3:1e:37:c9:99:d8:
                    ae:a4:ba:68:f0:4c:59:ae:03:e5:7c:50:d1:de:d8:
                    fa:74:26:59:37:67:33:14:35:90:31:39:d6:8a:87:
                    a0:75:7b:3c:07:f2:32:c7:41:f5:07:bb:ff:2c:97:
                    ff:7a:31:16:81:dd:25:8d:af:08:f1:73:31:fd:54:
                    5a:0d:e5:cd:45:a6:97:a2:d5:4d:00:d4:ad:07:48:
                    af:ab:04:96:5e:bd:bd:46:c0:60:23:cc:59:cd:31:
                    62:57:ca:92:6f:d3:7b:61:34:5f:97:1e:af:77:f5:
                    ff:3f:4e:0b:84:79:04:9b:e3:47:12:9f:24:f3:fa:
                    4b:26:98:71:a3:59:5f:1d:5c:e5:13:ee:cc:2f:3b:
                    b1:dd:ec:f8:86:71:b3:b5:de:8d:9b:e1:e2:c2:fd:
                    26:7a:0e:31:e9:36:3c:6b:b2:e6:8e:14:b5:ec:ce:
                    ab:ef:91:eb:8e:b0:bf:f2:64:02:c8:23:76:03:79:
                    2e:55:03:4d:78:ba:50:4a:28:91:82:4c:6d:0f:d7:
                    c2:08:df:fa:aa:d2:21:b7:d6:96:3e:4f:38:6d:b2:
                    85:19:65:5f:93:c1:ab:43:fc:0a:0a:5a:2a:6b:19:
                    a2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:40:96:8E:53:56:09:A7:56:7F:3E:26:1E:B0:BB:81:D1:8A:BB:0B
            X509v3 Authority Key Identifier:
                keyid:D5:F2:64:E3:80:5A:3D:10:45:37:35:7A:14:FF:92:6A:C0:29:59:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fJk44BaPRBFNzV6FP-SasApWZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/y0CWjlNWCadWfz4mHrC7gdGKuws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/5d632a-e453-42a5-805f-3dcecbca3702/1/1fJk44BaPRBFNzV6FP-SasApWZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.102.0/24
                IPv6:
                  2a05:4cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:9e:b2:85:62:f2:0d:a2:a7:0b:a5:3f:3c:60:a1:00:ed:b9:
         6c:ea:61:d5:f9:cb:cc:93:78:19:38:37:dd:d8:d7:89:a5:24:
         71:36:9d:e6:64:55:96:83:32:fe:78:dc:5b:3f:8b:60:f8:ca:
         d1:86:3f:e5:eb:44:61:96:f1:b3:ee:19:48:b8:d3:2b:b3:23:
         e8:71:ff:3a:0d:e8:7f:42:fe:de:cf:3a:1f:bb:e4:8a:5e:fa:
         5b:d0:67:af:7b:55:5c:da:06:2e:7b:d4:6a:af:20:59:23:7a:
         9a:c6:81:f7:b5:4c:f4:ac:e0:05:42:c4:8e:98:0c:06:e8:a3:
         b9:99:42:54:3a:b0:26:03:03:39:5c:f8:57:15:4a:b3:19:77:
         29:1f:3f:b9:a2:fe:1f:7e:90:18:29:e9:1e:46:ba:76:32:6e:
         58:3a:67:57:1b:ac:00:b3:41:1a:cf:3a:b7:08:59:fd:17:8f:
         c2:d9:80:b9:c3:05:84:f8:4b:71:75:a8:d9:15:54:b3:44:61:
         6c:c4:9b:5d:50:b3:37:75:b9:aa:29:4c:18:ec:d9:c1:18:74:
         e3:71:46:ba:cc:c5:64:44:38:88:50:b0:30:bc:85:33:5e:42:
         29:ec:d9:f1:6d:01:66:33:45:9f:c7:e4:aa:d6:77:5e:53:a3:
         2e:11:4a:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzzi+TfD2RBg+F3GNLnigIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjI2NGUzODA1YTNkMTA0NTM3MzU3YTE0ZmY5MjZhYzAy
OTU5OWMwHhcNMjQwMTEwMTMyNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQwOTY4ZTUzNTYwOWE3NTY3ZjNlMjYxZWIwYmI4MWQxOGFiYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTvsM6osKE2m9ZEpgF5Vc4HEwCx5
bNrDHjfJmdiupLpo8ExZrgPlfFDR3tj6dCZZN2czFDWQMTnWioegdXs8B/Iyx0H1
B7v/LJf/ejEWgd0lja8I8XMx/VRaDeXNRaaXotVNANStB0ivqwSWXr29RsBgI8xZ
zTFiV8qSb9N7YTRflx6vd/X/P04LhHkEm+NHEp8k8/pLJphxo1lfHVzlE+7MLzux
3ez4hnGztd6Nm+Hiwv0meg4x6TY8a7LmjhS17M6r75HrjrC/8mQCyCN2A3kuVQNN
eLpQSiiRgkxtD9fCCN/6qtIht9aWPk84bbKFGWVfk8GrQ/wKCloqaxmi5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtAlo5TVgmnVn8+Jh6wu4HRirsLMB8GA1UdIwQY
MBaAFNXyZOOAWj0QRTc1ehT/kmrAKVmcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZKazQ0QmFQUkJGTnpWNkZQLVNhc0FwV1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81ZDYzMmEtZTQ1My00MmE1LTgwNWYt
M2RjZWNiY2EzNzAyLzEveTBDV2psTldDYWRXZno0bUhyQzdnZEdLdXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81ZDYzMmEtZTQ1My00MmE1LTgwNWYtM2RjZWNiY2EzNzAy
LzEvMWZKazQ0QmFQUkJGTnpWNkZQLVNhc0FwV1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSRmMA0E
AgACMAcDBQMqBUzAMA0GCSqGSIb3DQEBCwUAA4IBAQCrnrKFYvINoqcLpT88YKEA
7bls6mHV+cvMk3gZODfd2NeJpSRxNp3mZFWWgzL+eNxbP4tg+MrRhj/l60RhlvGz
7hlIuNMrsyPocf86Deh/Qv7ezzofu+SKXvpb0Geve1Vc2gYue9RqryBZI3qaxoH3
tUz0rOAFQsSOmAwG6KO5mUJUOrAmAwM5XPhXFUqzGXcpHz+5ov4ffpAYKekeRrp2
Mm5YOmdXG6wAs0Eazzq3CFn9F4/C2YC5wwWE+EtxdajZFVSzRGFsxJtdULM3dbmq
KUwY7NnBGHTjcUa6zMVkRDiIULAwvIUzXkIp7NnxbQFmM0Wfx+Sq1ndeU6MuEUod
-----END CERTIFICATE-----