Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/DDSC7yu_ArGqLk0-ihlJmU1SWJw.roa
File:                     DDSC7yu_ArGqLk0-ihlJmU1SWJw.roa (raw, json)
Hash identifier:          KAaWww/euDluMCDNVakBB0bMY1+sqEJQO3TRwUj1HZA=
Subject key identifier:   0C:34:82:EF:2B:BF:02:B1:AA:2E:4D:3E:8A:19:49:99:4D:52:58:9C
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018CC8DEE9383B06505F7C33F3AB7DE90261
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/DDSC7yu_ArGqLk0-ihlJmU1SWJw.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8870
IP address blocks:        185.237.74.0/24 maxlen: 24
                          185.237.75.0/24 maxlen: 24
                          185.237.73.0/24 maxlen: 24
                          185.237.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e9:38:3b:06:50:5f:7c:33:f3:ab:7d:e9:02:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c3482ef2bbf02b1aa2e4d3e8a1949994d52589c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c4:24:d9:84:fb:29:47:64:36:94:06:37:35:
                    77:34:7e:7a:75:cf:ca:e8:94:5b:12:49:ec:00:a6:
                    d4:b1:d0:1e:fd:c2:84:01:e0:75:2c:37:b1:5b:ef:
                    31:67:37:d2:54:ee:ba:38:25:6b:94:80:79:24:63:
                    cb:2a:c8:a5:aa:a0:84:7d:bb:7b:db:0c:78:ce:2d:
                    47:fd:2a:cd:d8:df:b5:ec:08:50:79:2e:72:38:a9:
                    17:d5:cb:55:2b:ec:af:38:d6:de:69:12:27:d9:f6:
                    76:04:a2:91:52:d8:e0:65:54:1c:4f:ae:38:6a:2a:
                    f4:bb:10:e7:e0:34:36:fd:c3:c7:4f:67:b1:fb:30:
                    73:08:d7:6e:53:77:8d:1b:ca:b3:47:0c:01:de:3e:
                    7a:ac:9a:f9:2e:45:8f:fe:eb:89:0b:04:99:de:fe:
                    44:55:6e:bd:ec:75:d1:14:48:fd:6a:fb:64:19:d2:
                    a8:b3:c4:97:1c:c1:c4:58:9b:09:6f:6e:c5:db:05:
                    64:b7:fd:e6:3f:02:c4:5c:35:19:10:37:38:29:7d:
                    d1:68:8f:2e:cc:ff:bf:e2:73:98:0a:8c:ab:7b:89:
                    90:04:51:32:f9:a6:ec:83:f2:a2:ff:4e:aa:db:27:
                    40:31:7e:8f:36:43:08:9c:0b:2d:5e:e3:c2:e2:95:
                    bd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:34:82:EF:2B:BF:02:B1:AA:2E:4D:3E:8A:19:49:99:4D:52:58:9C
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/DDSC7yu_ArGqLk0-ihlJmU1SWJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:63:97:d4:26:c8:64:f1:19:0c:ad:0f:42:b4:85:09:7b:7d:
         6e:55:db:1c:bd:f3:db:52:80:69:7a:f6:23:ea:9d:33:54:75:
         30:21:a4:ed:ac:dd:3d:8f:57:72:6b:58:35:f0:b1:a5:61:01:
         e7:40:d1:ec:72:b9:dc:c1:39:3c:87:1c:ab:45:ae:a9:32:6a:
         e3:ec:24:2e:6e:4b:ab:8e:a2:d2:5f:21:4a:03:d5:bb:71:9a:
         0f:ad:c9:0e:84:b6:5a:77:da:23:3a:f3:cd:5e:f7:54:f8:4a:
         31:68:8b:7b:4c:b3:dd:e5:fb:30:5a:d9:1f:a9:45:97:04:92:
         9f:95:3d:ac:4e:e3:c6:ea:79:c9:2a:24:cc:57:80:e3:64:85:
         45:fe:3f:8d:4f:91:13:25:f0:2d:3a:dd:76:e2:08:0e:33:f4:
         25:c2:34:4f:79:85:1c:df:90:2a:e2:50:ea:44:5b:23:c6:1c:
         4e:f0:6c:48:b4:ba:8a:a6:c3:19:48:e6:97:f3:30:e8:e3:4d:
         b1:05:88:d9:0d:e9:0a:13:23:0a:0d:bb:c2:50:89:db:de:0f:
         ef:47:95:00:31:31:6b:35:44:07:d3:7f:20:e1:69:6b:55:91:
         e4:32:f3:78:7e:19:be:b1:8e:bb:f7:f1:99:9e:0b:8b:18:3a:
         54:d1:0e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uk4OwZQX3wz86t96QJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM0ODJlZjJiYmYwMmIxYWEyZTRkM2U4YTE5NDk5OTRkNTI1ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8Qk2YT7KUdkNpQGNzV3NH56dc/K
6JRbEknsAKbUsdAe/cKEAeB1LDexW+8xZzfSVO66OCVrlIB5JGPLKsilqqCEfbt7
2wx4zi1H/SrN2N+17AhQeS5yOKkX1ctVK+yvONbeaRIn2fZ2BKKRUtjgZVQcT644
air0uxDn4DQ2/cPHT2ex+zBzCNduU3eNG8qzRwwB3j56rJr5LkWP/uuJCwSZ3v5E
VW697HXRFEj9avtkGdKos8SXHMHEWJsJb27F2wVkt/3mPwLEXDUZEDc4KX3RaI8u
zP+/4nOYCoyre4mQBFEy+absg/Ki/06q2ydAMX6PNkMInAstXuPC4pW99wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAw0gu8rvwKxqi5NPooZSZlNUlicMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvRERTQzd5dV9BckdxTGswLWlobEptVTFTV0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue1IMA0G
CSqGSIb3DQEBCwUAA4IBAQBMY5fUJshk8RkMrQ9CtIUJe31uVdscvfPbUoBpevYj
6p0zVHUwIaTtrN09j1dya1g18LGlYQHnQNHscrncwTk8hxyrRa6pMmrj7CQubkur
jqLSXyFKA9W7cZoPrckOhLZad9ojOvPNXvdU+EoxaIt7TLPd5fswWtkfqUWXBJKf
lT2sTuPG6nnJKiTMV4DjZIVF/j+NT5ETJfAtOt124ggOM/QlwjRPeYUc35Aq4lDq
RFsjxhxO8GxItLqKpsMZSOaX8zDo402xBYjZDekKEyMKDbvCUInb3g/vR5UAMTFr
NUQH038g4WlrVZHkMvN4fhm+sY679/GZnguLGDpU0Q7S
-----END CERTIFICATE-----