Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SLyc1Dqu1yTqZ6mcDXKc1lfI6mM.roa
File:                     SLyc1Dqu1yTqZ6mcDXKc1lfI6mM.roa (raw, json)
Hash identifier:          H1ibu1EvNQDK6gMjnz3QLAPLe7A4J5tb9xyL+5dyxaI=
Subject key identifier:   48:BC:9C:D4:3A:AE:D7:24:EA:67:A9:9C:0D:72:9C:D6:57:C8:EA:63
Certificate issuer:       /CN=dc327af32a98492757b200ea040db24ec3136592
Certificate serial:       0190D9664E0C5C0EFA5479B9B15CEBECF5D4
Authority key identifier: DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SLyc1Dqu1yTqZ6mcDXKc1lfI6mM.roa
Signing time:             Mon 22 Jul 2024 07:44:38 +0000
ROA not before:           Mon 22 Jul 2024 07:44:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.241.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:66:4e:0c:5c:0e:fa:54:79:b9:b1:5c:eb:ec:f5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc327af32a98492757b200ea040db24ec3136592
        Validity
            Not Before: Jul 22 07:44:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48bc9cd43aaed724ea67a99c0d729cd657c8ea63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7d:fc:84:64:78:57:98:15:fe:48:dd:9c:09:
                    15:a6:a0:13:f1:d4:60:f2:c5:5e:4f:3f:92:6d:31:
                    55:72:80:2e:a4:ef:7e:5a:f3:c9:0d:d5:71:04:a4:
                    b3:18:e7:9b:68:1a:2e:79:4a:8f:44:bf:e8:71:44:
                    e1:c8:de:0b:82:6a:61:84:5c:9d:81:0f:16:ca:81:
                    6e:e7:fe:8c:d0:c0:2d:83:44:53:21:38:95:ff:31:
                    44:5b:89:84:19:b5:c6:7d:d5:9f:1c:9d:4f:ad:12:
                    5d:2b:c3:bb:57:73:15:a5:e5:93:57:1b:25:57:37:
                    d8:04:76:46:36:a3:16:fe:3c:6d:c6:f5:b4:79:d3:
                    b7:37:cb:40:51:56:69:c4:02:4d:bd:64:67:97:66:
                    5c:6f:9f:21:84:d5:22:b1:25:99:b1:f3:78:05:a0:
                    a2:d0:fc:72:28:d0:62:85:65:90:0f:ff:66:31:e9:
                    e2:bd:e7:6f:23:51:30:a3:6e:84:ae:12:c3:72:3b:
                    94:37:da:1c:b6:ff:78:ca:17:10:3c:74:f0:fc:56:
                    39:62:49:a2:76:32:27:3f:82:63:74:24:05:39:8d:
                    58:a2:da:30:c9:84:7e:2a:da:37:2b:f8:78:f5:be:
                    ff:10:5e:c1:bb:8c:05:eb:dd:ff:89:3d:0e:c6:86:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BC:9C:D4:3A:AE:D7:24:EA:67:A9:9C:0D:72:9C:D6:57:C8:EA:63
            X509v3 Authority Key Identifier:
                keyid:DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SLyc1Dqu1yTqZ6mcDXKc1lfI6mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:25:52:a8:e3:a6:2c:88:a3:7e:f9:28:a0:9f:06:61:41:f0:
         1a:e9:c5:e6:89:80:6f:6b:01:ae:ef:77:e3:e6:1c:25:5e:ef:
         68:f1:d7:c8:ea:09:56:53:cd:82:9f:32:ff:44:31:b1:6f:79:
         99:a8:d0:bc:e6:0a:5c:d6:09:8f:e5:c3:cb:d1:13:3a:6c:89:
         09:a3:d6:77:e3:22:1c:7e:a8:ad:5d:79:cb:66:c7:de:83:2a:
         5a:17:1e:2f:73:18:39:07:59:6e:b7:7b:f0:3c:f6:e2:62:4d:
         98:ff:2e:80:bf:2f:df:6b:b5:65:5b:ba:90:98:76:92:f8:19:
         ef:0a:b2:b6:61:3c:ce:39:b8:36:0f:1e:73:d2:ed:f9:f1:26:
         56:85:fa:c0:7f:ec:59:94:e9:95:e8:7b:51:88:6a:99:88:00:
         38:31:46:be:86:a5:3d:f7:6d:c8:23:b1:c4:cc:63:69:9d:b8:
         ee:ee:ae:26:54:f7:ca:76:e8:7e:5e:36:75:dc:c6:7b:7a:f9:
         a2:86:b6:23:c0:1e:bb:87:e9:1c:e3:55:4e:45:e3:31:1b:4b:
         5f:3d:a6:cb:98:fa:9b:93:b5:ca:09:36:27:5c:a5:be:a8:f3:
         12:e7:d0:04:16:dd:5f:91:b1:d2:c3:dd:bb:89:c7:bc:89:cb:
         e1:a7:2d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZZk4MXA76VHm5sVzr7PXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzI3YWYzMmE5ODQ5Mjc1N2IyMDBlYTA0MGRiMjRlYzMx
MzY1OTIwHhcNMjQwNzIyMDc0NDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGJjOWNkNDNhYWVkNzI0ZWE2N2E5OWMwZDcyOWNkNjU3YzhlYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n38hGR4V5gV/kjdnAkVpqAT8dRg
8sVeTz+SbTFVcoAupO9+WvPJDdVxBKSzGOebaBoueUqPRL/ocUThyN4LgmphhFyd
gQ8WyoFu5/6M0MAtg0RTITiV/zFEW4mEGbXGfdWfHJ1PrRJdK8O7V3MVpeWTVxsl
VzfYBHZGNqMW/jxtxvW0edO3N8tAUVZpxAJNvWRnl2Zcb58hhNUisSWZsfN4BaCi
0PxyKNBihWWQD/9mMenivedvI1Ewo26ErhLDcjuUN9octv94yhcQPHTw/FY5Ykmi
djInP4JjdCQFOY1YotowyYR+Kto3K/h49b7/EF7Bu4wF693/iT0OxoZzIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEi8nNQ6rtck6mepnA1ynNZXyOpjMB8GA1UdIwQY
MBaAFNwyevMqmEknV7IA6gQNsk7DE2WSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMt
MTYyMTllMTQwZmE3LzEvU0x5YzFEcXUxeVRxWjZtY0RYS2MxbGZJNm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMtMTYyMTllMTQwZmE3
LzEvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEIMA0G
CSqGSIb3DQEBCwUAA4IBAQBJJVKo46YsiKN++SignwZhQfAa6cXmiYBvawGu73fj
5hwlXu9o8dfI6glWU82CnzL/RDGxb3mZqNC85gpc1gmP5cPL0RM6bIkJo9Z34yIc
fqitXXnLZsfegypaFx4vcxg5B1lut3vwPPbiYk2Y/y6Avy/fa7VlW7qQmHaS+Bnv
CrK2YTzOObg2Dx5z0u358SZWhfrAf+xZlOmV6HtRiGqZiAA4MUa+hqU9923II7HE
zGNpnbju7q4mVPfKduh+XjZ13MZ7evmihrYjwB67h+kc41VOReMxG0tfPabLmPqb
k7XKCTYnXKW+qPMS59AEFt1fkbHSw927ice8icvhpy2E
-----END CERTIFICATE-----