Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/odRVToQzgn8kMlKcb_7vIN14a4c.roa
File:                     odRVToQzgn8kMlKcb_7vIN14a4c.roa (raw, json)
Hash identifier:          S9Cn5dE1WWXIh3gUHfz2u/ZWsT/lUTDPU2z0KQKWh34=
Subject key identifier:   A1:D4:55:4E:84:33:82:7F:24:32:52:9C:6F:FE:EF:20:DD:78:6B:87
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC7275620AD2E2B26CF7A058A713E28F5
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/odRVToQzgn8kMlKcb_7vIN14a4c.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202562
IP address blocks:        185.186.10.0/24 maxlen: 24
                          2a0b:6b86:300::/40 maxlen: 48
                          2a0b:6b83::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:56:20:ad:2e:2b:26:cf:7a:05:8a:71:3e:28:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1d4554e8433827f2432529c6ffeef20dd786b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:76:b9:d9:5c:9f:5d:8a:64:e2:4f:ce:02:c7:
                    16:ba:dc:9d:71:73:f0:2c:be:9a:64:04:d9:0f:54:
                    98:49:46:6f:9b:e0:2d:24:f9:5f:ba:44:f5:bb:1a:
                    58:39:93:7b:c5:48:5b:3d:e9:95:10:25:be:b1:40:
                    d4:82:b6:d5:72:f0:23:5e:cd:68:1b:5b:c0:57:35:
                    e9:41:0e:a4:09:da:da:dd:03:f3:27:5e:95:26:6d:
                    a4:36:2f:fa:cf:a3:f9:c0:8a:c5:06:d1:c1:f6:82:
                    30:7f:16:25:57:71:9d:56:c5:cc:02:56:4d:e4:14:
                    c0:97:16:01:0c:a1:03:52:11:44:31:5d:35:e0:48:
                    c8:68:0c:82:5e:8a:4b:84:af:28:0a:f6:8b:27:d7:
                    14:5a:50:d2:23:8c:3b:5a:aa:83:1a:fc:e1:65:fe:
                    32:02:8c:26:c9:63:04:58:17:25:c2:fd:f7:ae:76:
                    95:23:d7:90:a6:6a:c1:2b:23:27:8f:56:cf:d8:45:
                    c9:5b:18:43:3a:98:53:ca:12:41:b7:62:18:1a:fa:
                    cd:44:6f:53:49:73:a5:ff:7f:7b:1d:aa:48:86:2f:
                    dd:3d:a2:dd:eb:f0:bb:2a:82:be:ae:72:85:b8:84:
                    94:f8:78:6e:b8:4b:69:38:aa:1d:d9:f1:c4:b6:aa:
                    2e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D4:55:4E:84:33:82:7F:24:32:52:9C:6F:FE:EF:20:DD:78:6B:87
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/odRVToQzgn8kMlKcb_7vIN14a4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.10.0/24
                IPv6:
                  2a0b:6b83::/32
                  2a0b:6b86:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         cd:b3:78:34:98:6f:8a:e8:71:8f:6a:ac:8d:c0:a3:74:0f:83:
         e6:40:c4:a4:22:95:eb:ae:79:26:89:e5:9b:22:b8:60:4b:b7:
         bc:0e:e6:d2:43:a7:bd:b3:19:29:e7:33:a9:a1:6c:a8:fe:61:
         96:c2:fe:62:4f:be:75:c1:6b:01:ec:3f:fa:df:c9:df:82:71:
         9f:d9:98:8e:c1:c6:5b:be:7f:9c:b5:fe:94:89:f9:e4:45:20:
         ba:5e:3d:14:c3:ee:50:9c:28:37:4b:86:b3:a8:04:eb:2f:b8:
         e2:6b:12:b5:d5:61:95:e5:90:4b:d1:ee:56:3a:ce:4e:da:12:
         71:28:51:ad:3b:07:c7:89:f7:85:02:f6:2c:96:cc:00:b5:27:
         f3:dc:ea:1e:c4:14:64:36:66:ff:cc:ab:fc:2d:6e:84:a3:35:
         79:17:07:c4:51:41:10:cf:d9:e6:71:5b:f0:29:03:f4:c4:db:
         a2:2a:fb:ae:24:6d:23:91:16:43:12:b4:dc:96:7a:55:27:7e:
         7f:47:35:b4:40:59:1a:dd:e3:17:a3:12:17:13:b9:f3:ad:d2:
         69:1f:e6:da:4e:9f:55:d4:92:98:21:a9:c3:9a:8f:01:d4:e3:
         be:8a:d5:60:f9:1f:45:8c:0c:8f:89:aa:6c:6e:a5:43:0d:75:
         96:47:27:c8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJ1YgrS4rJs96BYpxPij1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQ0NTU0ZTg0MzM4MjdmMjQzMjUyOWM2ZmZlZWYyMGRkNzg2Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHa52VyfXYpk4k/OAscWutydcXPw
LL6aZATZD1SYSUZvm+AtJPlfukT1uxpYOZN7xUhbPemVECW+sUDUgrbVcvAjXs1o
G1vAVzXpQQ6kCdra3QPzJ16VJm2kNi/6z6P5wIrFBtHB9oIwfxYlV3GdVsXMAlZN
5BTAlxYBDKEDUhFEMV014EjIaAyCXopLhK8oCvaLJ9cUWlDSI4w7WqqDGvzhZf4y
AowmyWMEWBclwv33rnaVI9eQpmrBKyMnj1bP2EXJWxhDOphTyhJBt2IYGvrNRG9T
SXOl/397HapIhi/dPaLd6/C7KoK+rnKFuISU+HhuuEtpOKod2fHEtqouTQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKHUVU6EM4J/JDJSnG/+7yDdeGuHMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvb2RSVlRvUXpnbjhrTWxLY2JfN3ZJTjE0YTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAMBAIAATAGAwQAuboKMBUE
AgACMA8DBQAqC2uDAwYAKgtrhgMwDQYJKoZIhvcNAQELBQADggEBAM2zeDSYb4ro
cY9qrI3Ao3QPg+ZAxKQileuueSaJ5ZsiuGBLt7wO5tJDp72zGSnnM6mhbKj+YZbC
/mJPvnXBawHsP/rfyd+CcZ/ZmI7Bxlu+f5y1/pSJ+eRFILpePRTD7lCcKDdLhrOo
BOsvuOJrErXVYZXlkEvR7lY6zk7aEnEoUa07B8eJ94UC9iyWzAC1J/Pc6h7EFGQ2
Zv/Mq/wtboSjNXkXB8RRQRDP2eZxW/ApA/TE26Iq+64kbSORFkMStNyWelUnfn9H
NbRAWRrd4xejEhcTufOt0mkf5tpOn1XUkpghqcOajwHU476K1WD5H0WMDI+Jqmxu
pUMNdZZHJ8g=
-----END CERTIFICATE-----