Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/0yYiNPj_6i3eA0ZeZCGKKV4X-Wg.roa
File:                     0yYiNPj_6i3eA0ZeZCGKKV4X-Wg.roa (raw, json)
Hash identifier:          /0FzPahpOFflABDx+hc6W2M/FDhcbxd55279l6+ZHjw=
Subject key identifier:   D3:26:22:34:F8:FF:EA:2D:DE:03:46:5E:64:21:8A:29:5E:17:F9:68
Certificate issuer:       /CN=ff37d6c1f6a5c4a92bbffd85c4142127fa3e1a30
Certificate serial:       018CCA2A173891A001D4472AF7BA59A25B60
Authority key identifier: FF:37:D6:C1:F6:A5:C4:A9:2B:BF:FD:85:C4:14:21:27:FA:3E:1A:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zfWwfalxKkrv_2FxBQhJ_o-GjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/0yYiNPj_6i3eA0ZeZCGKKV4X-Wg.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204756
IP address blocks:        185.240.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/_zfWwfalxKkrv_2FxBQhJ_o-GjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/_zfWwfalxKkrv_2FxBQhJ_o-GjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zfWwfalxKkrv_2FxBQhJ_o-GjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:17:38:91:a0:01:d4:47:2a:f7:ba:59:a2:5b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff37d6c1f6a5c4a92bbffd85c4142127fa3e1a30
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3262234f8ffea2dde03465e64218a295e17f968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:9b:90:0b:0e:45:49:ff:96:13:4f:9d:b9:86:
                    0c:b2:0f:3e:ff:f0:a2:f2:b8:12:5b:02:77:8e:18:
                    81:22:f4:a4:35:c2:cf:8f:2f:55:9f:d7:ee:e5:1c:
                    97:09:1b:dc:e0:d4:32:97:0b:e4:88:a3:a8:70:23:
                    37:70:05:f2:4e:68:8d:3e:44:23:50:f7:ef:3e:e9:
                    23:f4:fd:9c:38:38:a0:7b:5f:01:cc:84:f2:07:85:
                    db:ab:38:d7:c3:69:c0:b8:b9:d1:98:45:41:a1:8b:
                    c5:6f:ec:12:1c:83:c3:a0:ab:e6:72:b8:7d:7c:7a:
                    35:52:4e:62:b1:67:63:60:1e:2a:e7:03:40:6a:76:
                    bd:7a:cf:99:b8:93:a3:5b:e6:4c:18:9a:06:84:cc:
                    f8:79:f3:48:87:fe:0a:55:ce:4e:1f:bd:bb:1f:cf:
                    ac:b4:9f:fc:a0:1d:1a:ad:5a:d6:95:27:0f:d7:9e:
                    e0:bc:a4:c8:e2:30:7c:69:56:6f:12:f9:88:12:85:
                    16:52:25:ac:6f:7d:fa:0d:8d:84:85:15:d2:b2:30:
                    13:62:09:e1:8d:1a:d7:87:b6:4d:0c:3e:66:a0:fb:
                    00:a8:ed:9c:d6:ca:a6:9e:ca:44:b1:43:31:2b:b4:
                    1c:a0:16:fe:ea:d8:96:86:dd:aa:5e:4e:01:6c:57:
                    7e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:26:22:34:F8:FF:EA:2D:DE:03:46:5E:64:21:8A:29:5E:17:F9:68
            X509v3 Authority Key Identifier:
                keyid:FF:37:D6:C1:F6:A5:C4:A9:2B:BF:FD:85:C4:14:21:27:FA:3E:1A:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zfWwfalxKkrv_2FxBQhJ_o-GjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/0yYiNPj_6i3eA0ZeZCGKKV4X-Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/87d43c-e0ed-48b3-b4e3-05ed86735306/1/_zfWwfalxKkrv_2FxBQhJ_o-GjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:7e:de:e8:c2:d2:63:96:74:bb:cb:09:f1:fc:8d:99:21:58:
         cd:22:40:1e:cb:06:bb:38:7c:ad:65:a9:1c:fa:11:b5:15:83:
         ea:f5:fa:84:17:d5:15:3c:d9:bf:0e:ac:0d:e2:60:c2:bd:c1:
         69:3b:4d:64:06:11:63:b4:0c:03:7e:9f:67:44:62:f8:9f:2a:
         04:9c:18:3c:d4:b9:f6:c2:fd:90:31:93:40:e9:83:47:c6:db:
         3d:51:1b:c0:92:86:a5:b3:66:37:4b:91:6a:55:ee:60:b1:53:
         c5:24:20:37:96:a0:23:6a:6e:56:4c:60:2f:4d:90:be:a2:0c:
         7d:ef:6e:b0:5a:4d:08:4d:26:d8:5c:3f:87:9c:35:24:ac:dc:
         53:0d:60:15:2a:c9:07:d3:01:d6:7f:1c:72:09:4a:eb:67:f5:
         6f:72:f7:cd:16:fc:e4:2a:6a:c9:61:93:a9:b8:b1:d6:c4:b5:
         9f:41:9b:cc:87:52:c6:19:77:0d:8c:59:5a:c3:f1:99:12:9e:
         38:bc:23:1d:3a:5a:da:35:15:63:30:97:f6:bc:ce:e4:c2:cb:
         aa:ce:65:d2:25:f0:b9:d8:8a:ba:28:76:b4:1d:96:d4:7e:24:
         3b:85:73:e0:6c:7e:8a:27:10:12:2d:85:98:1b:48:94:8a:b0:
         65:7f:01:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhc4kaAB1Ecq97pZoltgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzdkNmMxZjZhNWM0YTkyYmJmZmQ4NWM0MTQyMTI3ZmEz
ZTFhMzAwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzI2MjIzNGY4ZmZlYTJkZGUwMzQ2NWU2NDIxOGEyOTVlMTdmOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JuQCw5FSf+WE0+duYYMsg8+//Ci
8rgSWwJ3jhiBIvSkNcLPjy9Vn9fu5RyXCRvc4NQylwvkiKOocCM3cAXyTmiNPkQj
UPfvPukj9P2cODige18BzITyB4XbqzjXw2nAuLnRmEVBoYvFb+wSHIPDoKvmcrh9
fHo1Uk5isWdjYB4q5wNAana9es+ZuJOjW+ZMGJoGhMz4efNIh/4KVc5OH727H8+s
tJ/8oB0arVrWlScP157gvKTI4jB8aVZvEvmIEoUWUiWsb336DY2EhRXSsjATYgnh
jRrXh7ZNDD5moPsAqO2c1sqmnspEsUMxK7QcoBb+6tiWht2qXk4BbFd+XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMmIjT4/+ot3gNGXmQhiileF/loMB8GA1UdIwQY
MBaAFP831sH2pcSpK7/9hcQUISf6PhowMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pmV3dmYWx4S2tydl8yRnhCUWhKX28tR2pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84N2Q0M2MtZTBlZC00OGIzLWI0ZTMt
MDVlZDg2NzM1MzA2LzEvMHlZaU5Qal82aTNlQTBaZVpDR0tLVjRYLVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84N2Q0M2MtZTBlZC00OGIzLWI0ZTMtMDVlZDg2NzM1MzA2
LzEvX3pmV3dmYWx4S2tydl8yRnhCUWhKX28tR2pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufAkMA0G
CSqGSIb3DQEBCwUAA4IBAQBDft7owtJjlnS7ywnx/I2ZIVjNIkAeywa7OHytZakc
+hG1FYPq9fqEF9UVPNm/DqwN4mDCvcFpO01kBhFjtAwDfp9nRGL4nyoEnBg81Ln2
wv2QMZNA6YNHxts9URvAkoals2Y3S5FqVe5gsVPFJCA3lqAjam5WTGAvTZC+ogx9
726wWk0ITSbYXD+HnDUkrNxTDWAVKskH0wHWfxxyCUrrZ/VvcvfNFvzkKmrJYZOp
uLHWxLWfQZvMh1LGGXcNjFlaw/GZEp44vCMdOlraNRVjMJf2vM7kwsuqzmXSJfC5
2Iq6KHa0HZbUfiQ7hXPgbH6KJxASLYWYG0iUirBlfwHm
-----END CERTIFICATE-----