Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dRVb5fPlNXC11aKfjjgHOjjx67c.roa
File:                     dRVb5fPlNXC11aKfjjgHOjjx67c.roa (raw, json)
Hash identifier:          IFIiMsQ3vO7p68Ay6IyjjumBks2zRcZbS67rDiPLDsE=
Subject key identifier:   75:15:5B:E5:F3:E5:35:70:B5:D5:A2:9F:8E:38:07:3A:38:F1:EB:B7
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC794678F31A15FC66A966D5E7D9B32F3
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dRVb5fPlNXC11aKfjjgHOjjx67c.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1101
IP address blocks:        185.100.59.0/24 maxlen: 24
                          2001:67c:12d8::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:67:8f:31:a1:5f:c6:6a:96:6d:5e:7d:9b:32:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75155be5f3e53570b5d5a29f8e38073a38f1ebb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f9:cb:cd:bb:fc:c1:08:e2:2a:2c:14:75:e6:
                    8d:69:f8:80:4b:b7:00:64:52:6d:1f:d4:4c:12:49:
                    f9:35:34:da:54:25:cb:ba:f3:e0:ac:f7:f4:b3:85:
                    f1:bb:9c:47:bb:69:df:66:74:ef:fd:fc:e8:db:f9:
                    56:76:72:b0:15:12:95:33:5f:a7:f6:b0:8b:a6:69:
                    48:f2:64:4f:4a:3d:fa:6d:ef:e7:43:6d:b8:02:6f:
                    a6:6f:15:42:93:95:06:57:58:19:88:3d:95:0c:bc:
                    9b:ae:88:20:d6:05:3d:37:75:59:4c:0f:8f:4c:b1:
                    a4:89:11:97:5e:60:7f:7b:5a:47:87:3a:01:68:d9:
                    f8:3e:13:29:e4:3d:13:e9:40:32:0c:71:2f:17:9b:
                    98:6f:6d:fb:51:f3:0f:53:4f:6e:2c:4b:be:d8:da:
                    12:ca:1c:d2:b1:52:8b:82:da:e6:03:7d:bc:5e:13:
                    66:ad:ef:12:44:4f:c1:68:f0:36:97:b9:56:59:cc:
                    c5:4f:02:42:85:16:a1:5e:0b:5d:0c:ab:3e:89:e9:
                    fb:ce:f8:ce:bf:31:38:26:cd:72:3a:5c:3a:cd:27:
                    3f:49:e0:b5:d5:6b:c2:6f:6a:78:34:bb:d0:f3:0d:
                    a3:68:18:1d:fc:f2:8f:23:3e:a3:63:d8:2f:98:61:
                    d9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:15:5B:E5:F3:E5:35:70:B5:D5:A2:9F:8E:38:07:3A:38:F1:EB:B7
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dRVb5fPlNXC11aKfjjgHOjjx67c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.59.0/24
                IPv6:
                  2001:67c:12d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:6b:1e:f2:a3:56:c2:e3:40:7e:c5:d0:ec:a6:39:43:48:2e:
         54:f2:3a:7e:ea:5c:18:86:22:9d:f4:97:63:52:78:9d:52:24:
         a7:ec:76:b9:39:73:00:a4:4e:f6:b1:34:36:3f:29:7c:4b:a2:
         96:4c:20:78:e7:b7:37:60:92:8d:15:bc:00:d8:e5:15:10:78:
         7b:95:76:6d:b8:b0:60:bc:33:64:c9:06:04:b0:c6:d1:e0:85:
         fc:c4:81:9a:3f:76:a2:1f:96:46:68:88:a8:24:39:c2:fd:02:
         2f:4d:4a:77:9a:4e:1e:a8:10:0e:86:32:e2:db:63:76:41:e6:
         a4:81:c1:29:6b:9a:f7:7c:df:41:d6:de:f6:c9:8c:34:38:9c:
         66:0f:b5:31:3e:07:91:d8:56:4f:d0:de:de:6d:88:f7:33:c2:
         36:fe:9e:f0:ca:e8:a7:79:ed:c2:2f:1f:69:e9:f9:09:90:39:
         a9:df:8c:b2:fc:11:c9:25:84:9a:2b:79:0c:14:93:b9:c8:3c:
         15:65:4e:72:40:15:60:88:23:14:8b:1a:c2:21:5f:d1:d5:b2:
         ec:ea:1d:14:fd:66:d8:41:f5:49:4e:94:a9:92:b1:ab:60:3d:
         7e:76:2b:00:0d:13:d2:3c:e5:32:77:d3:f2:4c:a6:b2:ba:e0:
         44:e1:c4:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlGePMaFfxmqWbV59mzLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE1NWJlNWYzZTUzNTcwYjVkNWEyOWY4ZTM4MDczYTM4ZjFlYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/nLzbv8wQjiKiwUdeaNafiAS7cA
ZFJtH9RMEkn5NTTaVCXLuvPgrPf0s4Xxu5xHu2nfZnTv/fzo2/lWdnKwFRKVM1+n
9rCLpmlI8mRPSj36be/nQ224Am+mbxVCk5UGV1gZiD2VDLybrogg1gU9N3VZTA+P
TLGkiRGXXmB/e1pHhzoBaNn4PhMp5D0T6UAyDHEvF5uYb237UfMPU09uLEu+2NoS
yhzSsVKLgtrmA328XhNmre8SRE/BaPA2l7lWWczFTwJChRahXgtdDKs+ien7zvjO
vzE4Js1yOlw6zSc/SeC11WvCb2p4NLvQ8w2jaBgd/PKPIz6jY9gvmGHZhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHUVW+Xz5TVwtdWin444Bzo48eu3MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvZFJWYjVmUGxOWEMxMWFLZmpqZ0hPamp4NjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWQ7MA8E
AgACMAkDBwAgAQZ8EtgwDQYJKoZIhvcNAQELBQADggEBAEBrHvKjVsLjQH7F0Oym
OUNILlTyOn7qXBiGIp30l2NSeJ1SJKfsdrk5cwCkTvaxNDY/KXxLopZMIHjntzdg
ko0VvADY5RUQeHuVdm24sGC8M2TJBgSwxtHghfzEgZo/dqIflkZoiKgkOcL9Ai9N
SneaTh6oEA6GMuLbY3ZB5qSBwSlrmvd830HW3vbJjDQ4nGYPtTE+B5HYVk/Q3t5t
iPczwjb+nvDK6Kd57cIvH2np+QmQOanfjLL8EcklhJoreQwUk7nIPBVlTnJAFWCI
IxSLGsIhX9HVsuzqHRT9ZthB9UlOlKmSsatgPX52KwANE9I85TJ30/JMprK64ETh
xM4=
-----END CERTIFICATE-----