Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/TaPDpga9KADGM7AkPVyY9ORo2Xo.roa
File:                     TaPDpga9KADGM7AkPVyY9ORo2Xo.roa (raw, json)
Hash identifier:          YQVz+MCJcqhC4v933mdCuvqryMPkp1AsRBEQ1uJkVT4=
Subject key identifier:   4D:A3:C3:A6:06:BD:28:00:C6:33:B0:24:3D:5C:98:F4:E4:68:D9:7A
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       018CC726E2CD37E2647446B24340E4DD452F
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/TaPDpga9KADGM7AkPVyY9ORo2Xo.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44802
IP address blocks:        185.17.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e2:cd:37:e2:64:74:46:b2:43:40:e4:dd:45:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4da3c3a606bd2800c633b0243d5c98f4e468d97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3c:0c:bd:c9:8e:33:b2:cb:60:97:f6:89:c3:
                    1e:e5:c1:1b:fa:f2:0e:b5:2c:ab:b7:12:69:0c:00:
                    5c:3b:ce:be:4e:8f:d0:3e:ac:d5:ed:13:e2:60:f6:
                    79:4d:70:28:9d:0a:b3:8c:ab:e9:06:fb:2e:01:c5:
                    fb:48:55:c5:06:2d:ad:d0:c9:6e:ff:4f:7f:70:a6:
                    04:4d:dd:d3:da:b6:e4:0a:8e:ce:41:06:9c:67:86:
                    cb:4e:f2:b5:9f:2f:94:69:e8:c8:f6:f4:6b:1b:5e:
                    17:b4:9b:d8:64:42:d0:47:a3:43:ca:9d:b0:ed:47:
                    4a:57:8f:a5:0a:77:7e:60:2c:e6:82:1f:ac:07:ad:
                    89:33:5e:48:a9:bd:fd:bf:e2:76:58:c4:ad:0b:9f:
                    0b:f2:53:3b:e8:d1:fe:5f:e2:9e:0f:28:64:ed:02:
                    38:78:0a:56:36:1a:4b:b8:52:62:fc:dd:cd:e2:0b:
                    d3:92:5f:28:10:29:f0:88:12:e7:70:9b:f0:84:ac:
                    76:45:34:63:60:e9:90:c4:ac:56:24:2d:eb:b3:c1:
                    4d:30:b0:ab:9e:e0:aa:6f:b2:80:72:b4:c4:5b:d3:
                    fd:b4:c3:64:5f:1a:b4:0e:2c:e7:d0:89:52:ed:96:
                    15:c0:62:5f:ae:8b:f1:e6:97:54:f9:a2:bb:53:60:
                    a7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A3:C3:A6:06:BD:28:00:C6:33:B0:24:3D:5C:98:F4:E4:68:D9:7A
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/TaPDpga9KADGM7AkPVyY9ORo2Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:7c:eb:93:bb:36:dc:76:b2:64:fd:15:4b:7e:42:96:2e:bf:
         b4:2f:89:4c:c9:f2:c8:9d:d0:51:a9:70:23:fb:9a:98:cf:c3:
         aa:66:d7:d0:aa:24:02:d5:76:2a:ee:71:9e:ff:5b:28:bd:96:
         d3:93:0b:0e:b6:e6:45:07:ad:31:03:b5:e2:4d:a8:e9:54:7c:
         e5:dc:37:09:dc:ef:bd:61:99:65:da:cd:b7:5c:a5:11:b9:31:
         ad:e6:3a:86:d2:db:d6:83:ad:c6:d2:cc:73:dc:41:f3:cf:c2:
         f0:34:fd:87:1b:bd:12:c2:51:61:aa:58:fc:d6:e6:c7:8a:13:
         28:d4:ae:5c:9d:8f:d4:ba:e0:3d:99:27:b9:2c:8c:50:c2:a7:
         b4:38:2c:ef:f9:de:8e:e8:1a:bc:a2:bd:65:66:f8:ac:d2:92:
         16:aa:e2:29:e9:8c:89:f8:f4:33:8f:22:1c:8f:97:16:4b:d3:
         f9:9e:00:ea:4a:cf:30:02:ba:e3:c8:c7:0d:fa:6a:56:ee:02:
         85:9f:ff:9e:34:7c:d7:fd:53:7f:8e:89:35:9f:57:9f:e7:d6:
         44:63:13:11:40:07:d4:44:b3:41:1d:28:24:6f:06:7a:9d:e3:
         8e:36:26:82:b1:41:58:25:89:91:87:f1:2a:64:4b:3e:eb:50:
         3d:b8:eb:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuLNN+JkdEayQ0Dk3UUvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGEzYzNhNjA2YmQyODAwYzYzM2IwMjQzZDVjOThmNGU0NjhkOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzwMvcmOM7LLYJf2icMe5cEb+vIO
tSyrtxJpDABcO86+To/QPqzV7RPiYPZ5TXAonQqzjKvpBvsuAcX7SFXFBi2t0Mlu
/09/cKYETd3T2rbkCo7OQQacZ4bLTvK1ny+UaejI9vRrG14XtJvYZELQR6NDyp2w
7UdKV4+lCnd+YCzmgh+sB62JM15Iqb39v+J2WMStC58L8lM76NH+X+KeDyhk7QI4
eApWNhpLuFJi/N3N4gvTkl8oECnwiBLncJvwhKx2RTRjYOmQxKxWJC3rs8FNMLCr
nuCqb7KAcrTEW9P9tMNkXxq0Dizn0IlS7ZYVwGJfrovx5pdU+aK7U2CnwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2jw6YGvSgAxjOwJD1cmPTkaNl6MB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEvVGFQRHBnYTlLQURHTTdBa1BWeVk5T1JvMlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuREIMA0G
CSqGSIb3DQEBCwUAA4IBAQA4fOuTuzbcdrJk/RVLfkKWLr+0L4lMyfLIndBRqXAj
+5qYz8OqZtfQqiQC1XYq7nGe/1sovZbTkwsOtuZFB60xA7XiTajpVHzl3DcJ3O+9
YZll2s23XKURuTGt5jqG0tvWg63G0sxz3EHzz8LwNP2HG70SwlFhqlj81ubHihMo
1K5cnY/UuuA9mSe5LIxQwqe0OCzv+d6O6Bq8or1lZvis0pIWquIp6YyJ+PQzjyIc
j5cWS9P5ngDqSs8wArrjyMcN+mpW7gKFn/+eNHzX/VN/jok1n1ef59ZEYxMRQAfU
RLNBHSgkbwZ6neOONiaCsUFYJYmRh/EqZEs+61A9uOt8
-----END CERTIFICATE-----