Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/dY5YHDURGUHiN-lAbH3teL3Zvnk.roa
File:                     dY5YHDURGUHiN-lAbH3teL3Zvnk.roa (raw, json)
Hash identifier:          UPeZHsHSrqoO0IahxKFNK0L+q5H85m2PNs0xM64op9k=
Subject key identifier:   75:8E:58:1C:35:11:19:41:E2:37:E9:40:6C:7D:ED:78:BD:D9:BE:79
Certificate issuer:       /CN=009a637282b3d0a0fca4a554f6936f7df42e8165
Certificate serial:       018CC348DC6DB63298165C45B75C40080153
Authority key identifier: 00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/dY5YHDURGUHiN-lAbH3teL3Zvnk.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200457
IP address blocks:        185.106.172.0/22 maxlen: 24
                          2a06:3d40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dc:6d:b6:32:98:16:5c:45:b7:5c:40:08:01:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=009a637282b3d0a0fca4a554f6936f7df42e8165
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=758e581c35111941e237e9406c7ded78bdd9be79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:86:b6:9b:84:75:56:ce:7a:b4:23:55:8a:ce:
                    51:13:86:3a:45:e4:7d:48:74:b0:ab:ed:b9:ca:6a:
                    ee:55:fc:5e:8f:41:5b:96:5d:cd:ab:e4:4c:58:f7:
                    b9:0a:7d:3d:4f:6a:d0:ec:80:a2:bc:be:dd:00:6f:
                    e3:d5:25:a9:aa:b2:38:cb:e6:cb:19:0a:8f:e4:7c:
                    a4:8c:65:16:f1:2f:d9:12:11:70:29:b1:7a:f1:57:
                    d0:1b:82:1c:91:fe:c7:7c:37:d9:93:4c:16:b0:01:
                    0f:82:f1:6e:69:79:62:c6:6c:cc:47:b2:90:6a:72:
                    67:08:ab:a2:37:9d:80:51:a5:28:be:11:5e:dc:5f:
                    cf:fb:b0:20:83:da:7f:2d:75:e4:f0:55:fe:2d:14:
                    ac:29:88:d5:e0:ac:fc:70:43:63:9e:6a:e6:9d:05:
                    3d:69:31:87:af:d1:bc:63:90:10:ca:66:a9:1e:a0:
                    4a:34:0b:d9:62:ff:3c:de:c8:ce:5a:5a:76:6e:8d:
                    eb:5b:f4:46:9f:69:f8:14:66:f6:de:42:08:de:48:
                    5c:81:5e:c9:7a:87:df:b9:8b:65:c3:b7:a1:d7:37:
                    9f:d6:de:d6:3e:37:e5:6d:ed:a7:22:da:15:49:de:
                    df:fd:2e:9b:13:46:93:ac:32:53:7b:63:7f:ce:00:
                    ae:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:8E:58:1C:35:11:19:41:E2:37:E9:40:6C:7D:ED:78:BD:D9:BE:79
            X509v3 Authority Key Identifier:
                keyid:00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/dY5YHDURGUHiN-lAbH3teL3Zvnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.172.0/22
                IPv6:
                  2a06:3d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:8d:10:e3:17:bd:51:3a:34:07:e4:4c:09:71:70:d4:ec:62:
         21:a0:50:46:78:7c:df:88:0f:91:59:80:f5:f4:42:57:e1:9e:
         54:c3:ad:4e:2a:8e:fa:52:a8:25:60:3b:ad:c9:a3:b9:22:56:
         e5:a4:11:d4:9f:55:dd:1d:48:7a:1f:a3:a4:69:1d:f0:f0:9b:
         de:76:07:9d:31:24:00:39:56:76:e9:8d:3e:43:cf:81:93:5b:
         58:72:b3:d7:18:b4:99:74:c0:3e:90:ae:b9:13:32:73:68:cf:
         db:35:95:3a:eb:a9:89:36:83:81:7c:da:8f:87:5f:ff:68:22:
         ca:21:c8:c4:bd:06:f5:d6:d2:ec:c2:7c:79:75:97:7f:36:3c:
         4a:a9:de:89:cc:2b:17:25:ba:33:34:2b:47:49:d8:12:aa:6d:
         12:5f:4a:25:11:23:26:6f:1d:d0:fa:db:94:fa:f3:06:82:9f:
         e0:45:c7:ea:a5:17:cd:60:f9:3c:3d:63:3c:59:04:02:1f:ba:
         e4:6a:5d:00:55:67:6e:b2:08:82:3f:f2:ef:e4:6b:d0:11:07:
         d1:2f:ac:15:22:b8:c0:3b:7e:86:9a:88:c0:52:2b:70:a6:6c:
         24:98:21:ed:f8:20:62:69:b5:eb:83:0d:a3:99:08:df:b6:1b:
         0d:44:d9:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSNxttjKYFlxFt1xACAFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOWE2MzcyODJiM2QwYTBmY2E0YTU1NGY2OTM2ZjdkZjQy
ZTgxNjUwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NThlNTgxYzM1MTExOTQxZTIzN2U5NDA2YzdkZWQ3OGJkZDliZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ya2m4R1Vs56tCNVis5RE4Y6ReR9
SHSwq+25ymruVfxej0Fbll3Nq+RMWPe5Cn09T2rQ7ICivL7dAG/j1SWpqrI4y+bL
GQqP5HykjGUW8S/ZEhFwKbF68VfQG4Ickf7HfDfZk0wWsAEPgvFuaXlixmzMR7KQ
anJnCKuiN52AUaUovhFe3F/P+7Agg9p/LXXk8FX+LRSsKYjV4Kz8cENjnmrmnQU9
aTGHr9G8Y5AQymapHqBKNAvZYv883sjOWlp2bo3rW/RGn2n4FGb23kII3khcgV7J
eoffuYtlw7eh1zef1t7WPjflbe2nItoVSd7f/S6bE0aTrDJTe2N/zgCuuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHWOWBw1ERlB4jfpQGx97Xi92b55MB8GA1UdIwQY
MBaAFACaY3KCs9Cg/KSlVPaTb330LoFlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMt
ZDRlZGMwZWIzZTBhLzEvZFk1WUhEVVJHVUhpTi1sQWJIM3RlTDNadm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMtZDRlZGMwZWIzZTBh
LzEvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWqsMA0E
AgACMAcDBQMqBj1AMA0GCSqGSIb3DQEBCwUAA4IBAQCGjRDjF71ROjQH5EwJcXDU
7GIhoFBGeHzfiA+RWYD19EJX4Z5Uw61OKo76UqglYDutyaO5IlblpBHUn1XdHUh6
H6OkaR3w8JvedgedMSQAOVZ26Y0+Q8+Bk1tYcrPXGLSZdMA+kK65EzJzaM/bNZU6
66mJNoOBfNqPh1//aCLKIcjEvQb11tLswnx5dZd/NjxKqd6JzCsXJbozNCtHSdgS
qm0SX0olESMmbx3Q+tuU+vMGgp/gRcfqpRfNYPk8PWM8WQQCH7rkal0AVWdusgiC
P/Lv5GvQEQfRL6wVIrjAO36GmojAUitwpmwkmCHt+CBiabXrgw2jmQjfthsNRNmT
-----END CERTIFICATE-----