Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/Dy6XhSxZqckgA0viJWcHEMwk3CU.roa
File:                     Dy6XhSxZqckgA0viJWcHEMwk3CU.roa (raw, json)
Hash identifier:          PuvDB8xpvlN4yV07agPsntCXqt75SkI8d+65HAK3nqg=
Subject key identifier:   0F:2E:97:85:2C:59:A9:C9:20:03:4B:E2:25:67:07:10:CC:24:DC:25
Certificate issuer:       /CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
Certificate serial:       018CC80167B4864837B0D9C46D89B17EF681
Authority key identifier: D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/Dy6XhSxZqckgA0viJWcHEMwk3CU.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64406
IP address blocks:        185.72.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:67:b4:86:48:37:b0:d9:c4:6d:89:b1:7e:f6:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f2e97852c59a9c920034be225670710cc24dc25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e2:c1:c1:ef:c6:b8:a9:0c:3d:26:76:f2:50:
                    69:e8:8a:3b:13:57:43:74:c0:49:06:49:e5:bf:d0:
                    de:08:87:86:2a:31:7d:78:01:ea:ad:ff:fc:81:20:
                    11:69:6b:c8:cd:46:20:2f:49:26:04:b1:eb:fc:5a:
                    b9:c0:3b:76:f4:0b:6f:e2:ce:a0:4d:df:23:7a:51:
                    1b:69:04:0e:15:3b:8c:fc:55:ca:d1:9f:8d:3c:31:
                    cd:97:1b:c5:d3:c6:c5:8d:a5:66:09:0d:6d:9e:6e:
                    6b:e0:45:d4:0f:85:09:f6:4d:d6:c1:b9:a4:61:c1:
                    17:00:4f:4a:3f:30:d1:0e:7b:ce:6d:c6:30:b9:fa:
                    08:bf:98:4d:78:bf:3e:16:b5:49:f8:19:65:39:cd:
                    13:7a:d6:2c:9b:6e:e9:e9:85:10:49:97:2e:44:56:
                    60:27:a1:07:7e:8e:86:f3:0e:8a:49:9b:4b:cf:fa:
                    62:b6:90:36:80:9f:ba:a9:ed:e4:91:1b:d4:61:c3:
                    6d:bb:b6:29:67:88:11:d8:c2:47:c2:7b:88:4d:51:
                    92:32:80:99:9c:6c:8d:91:bd:b6:02:52:42:26:5f:
                    30:37:ed:b3:dc:6a:b3:bf:31:6c:43:c9:0e:ae:69:
                    29:b6:07:4c:bb:73:52:f9:57:00:7c:6d:bc:ef:a9:
                    81:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2E:97:85:2C:59:A9:C9:20:03:4B:E2:25:67:07:10:CC:24:DC:25
            X509v3 Authority Key Identifier:
                keyid:D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/Dy6XhSxZqckgA0viJWcHEMwk3CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:27:35:54:22:f0:17:92:e1:dd:e2:d5:ec:ae:03:d0:d4:b7:
         a1:c5:ef:af:e5:c6:f8:ed:fe:50:42:91:ac:39:8c:fb:bb:28:
         c9:58:c7:53:d5:34:d7:f3:1d:7a:eb:3c:5f:9e:b3:83:c6:85:
         62:d5:9e:4a:48:4a:a1:23:e9:2f:b9:64:b3:63:15:e2:f7:b1:
         62:e7:9b:4e:57:af:2c:30:0f:10:ff:07:25:15:03:de:02:70:
         87:01:dc:7b:87:71:3b:7c:34:b9:84:38:16:48:59:b8:4b:43:
         4e:d6:43:84:50:7e:89:c6:aa:00:c7:c5:20:bf:d5:d4:bf:7d:
         95:b3:2d:ea:55:57:85:90:d2:5b:f6:da:08:7a:ac:2f:09:2e:
         67:78:8a:d1:62:42:b2:47:c6:84:d5:5f:18:40:f0:de:42:ca:
         86:84:12:49:2d:b1:e8:d1:5d:3e:2a:d4:ea:37:3d:ee:2f:92:
         e9:5c:04:77:c2:b1:9f:d6:ef:bd:50:12:64:ee:7f:ed:51:14:
         7a:d9:7f:ff:3f:d3:d4:cb:64:7c:b7:a3:c7:6c:b2:a2:84:92:
         c6:5c:17:b3:c9:58:d0:06:28:8c:31:5e:39:02:9b:51:ad:13:
         b2:27:15:c0:c8:5a:be:ca:5e:9f:08:8c:d2:e9:b9:86:1b:86:
         c5:3c:8b:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWe0hkg3sNnEbYmxfvaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQxOGY0YzM2MDY3MjIwZjRkODMzY2JjNzhhMTBmOTRl
YjA4ODgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjJlOTc4NTJjNTlhOWM5MjAwMzRiZTIyNTY3MDcxMGNjMjRkYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouLBwe/GuKkMPSZ28lBp6Io7E1dD
dMBJBknlv9DeCIeGKjF9eAHqrf/8gSARaWvIzUYgL0kmBLHr/Fq5wDt29Atv4s6g
Td8jelEbaQQOFTuM/FXK0Z+NPDHNlxvF08bFjaVmCQ1tnm5r4EXUD4UJ9k3Wwbmk
YcEXAE9KPzDRDnvObcYwufoIv5hNeL8+FrVJ+BllOc0TetYsm27p6YUQSZcuRFZg
J6EHfo6G8w6KSZtLz/pitpA2gJ+6qe3kkRvUYcNtu7YpZ4gR2MJHwnuITVGSMoCZ
nGyNkb22AlJCJl8wN+2z3GqzvzFsQ8kOrmkptgdMu3NS+VcAfG2876mBVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8ul4UsWanJIANL4iVnBxDMJNwlMB8GA1UdIwQY
MBaAFNmtGPTDYGciD02DPLx4oQ+U6wiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAt
YzI2NDczODVlNzI3LzEvRHk2WGhTeFpxY2tnQTB2aUpXY0hFTXdrM0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAtYzI2NDczODVlNzI3
LzEvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgyMA0G
CSqGSIb3DQEBCwUAA4IBAQC3JzVUIvAXkuHd4tXsrgPQ1Lehxe+v5cb47f5QQpGs
OYz7uyjJWMdT1TTX8x166zxfnrODxoVi1Z5KSEqhI+kvuWSzYxXi97Fi55tOV68s
MA8Q/wclFQPeAnCHAdx7h3E7fDS5hDgWSFm4S0NO1kOEUH6JxqoAx8Ugv9XUv32V
sy3qVVeFkNJb9toIeqwvCS5neIrRYkKyR8aE1V8YQPDeQsqGhBJJLbHo0V0+KtTq
Nz3uL5LpXAR3wrGf1u+9UBJk7n/tURR62X//P9PUy2R8t6PHbLKihJLGXBezyVjQ
BiiMMV45AptRrROyJxXAyFq+yl6fCIzS6bmGG4bFPIuR
-----END CERTIFICATE-----