Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/m8QXttxFvmKj-Fr_Ymund_VIKBY.roa
File:                     m8QXttxFvmKj-Fr_Ymund_VIKBY.roa (raw, json)
Hash identifier:          chTUM3mZk/A7+AxTG4VgVZ6WM5kKbQUlW9gFEbTyv7s=
Subject key identifier:   9B:C4:17:B6:DC:45:BE:62:A3:F8:5A:FF:62:6B:A7:77:F5:48:28:16
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCBF1A6D19AE4A2FA798F4A62D50FA
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/m8QXttxFvmKj-Fr_Ymund_VIKBY.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49107
IP address blocks:        185.126.182.0/24 maxlen: 24
                          185.126.183.0/24 maxlen: 24
                          185.255.176.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bf:1a:6d:19:ae:4a:2f:a7:98:f4:a6:2d:50:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bc417b6dc45be62a3f85aff626ba777f5482816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d3:2e:67:ba:8f:82:0a:ae:1b:52:5d:93:4a:
                    46:ef:cb:4e:8b:fe:dc:08:58:d5:fb:63:26:c6:a1:
                    7c:3b:68:05:1b:3c:3f:3b:42:b7:90:29:99:29:da:
                    bd:b2:d4:f3:d6:a3:f9:30:83:80:28:6d:94:41:ed:
                    65:03:80:ca:ae:9d:e5:25:22:f3:7d:46:11:66:25:
                    23:d1:d3:5d:bc:6f:be:9c:b5:70:d7:8c:ad:c9:aa:
                    3f:0e:66:df:08:c0:9f:18:07:0a:7b:30:a7:85:e3:
                    1a:f1:9e:1c:a7:22:f8:cc:e1:69:0c:44:c7:fa:25:
                    8e:fe:b5:2e:fe:dc:2a:42:e8:c6:c0:12:59:63:f7:
                    d7:66:76:ee:5e:56:66:7d:d4:7f:91:0f:8a:6d:ff:
                    46:cb:95:5e:7a:25:f7:2c:8e:19:77:cd:82:9a:c6:
                    5a:cb:c3:20:6b:73:a9:98:ae:eb:fa:43:b2:99:a1:
                    db:7f:eb:48:20:bd:91:ae:67:7f:3d:9b:44:7f:28:
                    3a:0c:c9:2b:51:c2:6e:2f:6d:b4:e1:0f:46:39:99:
                    18:17:da:9c:ce:be:e9:eb:d1:52:2b:f5:71:a4:b8:
                    60:f7:82:50:3a:22:ec:f3:bc:95:27:45:e1:6a:8d:
                    74:3c:09:9b:65:6e:bb:90:c6:62:2f:3b:f2:a6:87:
                    9f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C4:17:B6:DC:45:BE:62:A3:F8:5A:FF:62:6B:A7:77:F5:48:28:16
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/m8QXttxFvmKj-Fr_Ymund_VIKBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.182.0/23
                  185.255.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:93:ad:bb:f6:e6:05:15:8c:b8:61:4a:aa:5b:52:9e:32:3b:
         c5:20:9a:d1:6b:55:21:98:01:19:e0:7a:6c:84:51:7d:17:7b:
         46:c7:43:55:fa:63:81:06:96:6b:49:fd:f9:06:61:93:a2:5b:
         f5:f6:3d:0b:ff:63:fe:f6:59:4c:d5:6f:1e:af:2b:c6:26:2c:
         c8:7b:d1:09:87:f4:38:63:40:f3:0a:41:ec:36:82:a4:e6:a4:
         7d:c7:ea:02:52:65:87:9e:fc:01:16:a6:6a:f7:80:e7:07:4d:
         a5:27:8f:42:4e:65:6e:16:c1:b0:50:f8:56:85:06:ee:d1:0f:
         90:60:c7:c1:c2:66:11:55:91:f2:aa:91:cd:36:81:f1:23:c6:
         7c:8d:ce:f4:68:f3:83:92:93:7d:87:93:16:1c:e6:4a:4f:ef:
         c5:27:3d:5b:70:2d:1d:74:c9:93:4c:3b:39:4f:0b:ea:65:93:
         d3:22:ff:1e:4c:60:6b:fc:c1:b8:f9:f5:f1:07:a8:c8:2c:6b:
         b4:b5:a2:21:fb:2a:8b:37:e8:a2:c3:45:59:2e:9a:d0:87:0f:
         b8:3e:fd:e7:99:da:a7:43:ba:4b:bf:c4:2e:3d:04:e5:94:2e:
         c8:0b:98:13:24:0f:38:95:96:b7:04:35:75:ac:56:f2:9d:c3:
         d5:63:70:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3L8abRmuSi+nmPSmLVD6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmM0MTdiNmRjNDViZTYyYTNmODVhZmY2MjZiYTc3N2Y1NDgyODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdMuZ7qPggquG1Jdk0pG78tOi/7c
CFjV+2MmxqF8O2gFGzw/O0K3kCmZKdq9stTz1qP5MIOAKG2UQe1lA4DKrp3lJSLz
fUYRZiUj0dNdvG++nLVw14ytyao/DmbfCMCfGAcKezCnheMa8Z4cpyL4zOFpDETH
+iWO/rUu/twqQujGwBJZY/fXZnbuXlZmfdR/kQ+Kbf9Gy5VeeiX3LI4Zd82CmsZa
y8Mga3OpmK7r+kOymaHbf+tIIL2Rrmd/PZtEfyg6DMkrUcJuL2204Q9GOZkYF9qc
zr7p69FSK/VxpLhg94JQOiLs87yVJ0Xhao10PAmbZW67kMZiLzvypoefuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJvEF7bcRb5io/ha/2Jrp3f1SCgWMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvbThRWHR0eEZ2bUtqLUZyX1ltdW5kX1ZJS0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuX62AwQB
uf+wMA0GCSqGSIb3DQEBCwUAA4IBAQBCk6279uYFFYy4YUqqW1KeMjvFIJrRa1Uh
mAEZ4HpshFF9F3tGx0NV+mOBBpZrSf35BmGTolv19j0L/2P+9llM1W8eryvGJizI
e9EJh/Q4Y0DzCkHsNoKk5qR9x+oCUmWHnvwBFqZq94DnB02lJ49CTmVuFsGwUPhW
hQbu0Q+QYMfBwmYRVZHyqpHNNoHxI8Z8jc70aPODkpN9h5MWHOZKT+/FJz1bcC0d
dMmTTDs5TwvqZZPTIv8eTGBr/MG4+fXxB6jILGu0taIh+yqLN+iiw0VZLprQhw+4
Pv3nmdqnQ7pLv8QuPQTllC7IC5gTJA84lZa3BDV1rFbyncPVY3Cl
-----END CERTIFICATE-----