Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/IdkicXHgBh98D1ruUOYuLUDfW_s.roa
File:                     IdkicXHgBh98D1ruUOYuLUDfW_s.roa (raw, json)
Hash identifier:          gYoLoA3NLnAJv5aQv5Ey5k6o7gEqnoeRd195UU9NwG4=
Subject key identifier:   21:D9:22:71:71:E0:06:1F:7C:0F:5A:EE:50:E6:2E:2D:40:DF:5B:FB
Certificate issuer:       /CN=2f2b26c552563006213cfe4814a9dc2a0fc16f43
Certificate serial:       018CC94AF1AB4A903C866203155A10106244
Authority key identifier: 2F:2B:26:C5:52:56:30:06:21:3C:FE:48:14:A9:DC:2A:0F:C1:6F:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LysmxVJWMAYhPP5IFKncKg_Bb0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/IdkicXHgBh98D1ruUOYuLUDfW_s.roa
Signing time:             Tue 02 Jan 2024 08:29:41 +0000
ROA not before:           Tue 02 Jan 2024 08:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        185.131.204.0/24 maxlen: 24
                          2a12:bfc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/LysmxVJWMAYhPP5IFKncKg_Bb0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/LysmxVJWMAYhPP5IFKncKg_Bb0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LysmxVJWMAYhPP5IFKncKg_Bb0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:f1:ab:4a:90:3c:86:62:03:15:5a:10:10:62:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2b26c552563006213cfe4814a9dc2a0fc16f43
        Validity
            Not Before: Jan  2 08:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21d9227171e0061f7c0f5aee50e62e2d40df5bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e5:29:b4:9d:cd:42:ac:bc:7e:68:c0:39:2a:
                    f5:d6:42:26:7f:aa:e0:5a:00:a3:f7:b6:94:1e:ac:
                    de:e1:ec:ba:d8:89:92:17:93:52:55:36:ee:b8:45:
                    d9:b2:cf:4f:d7:df:81:1b:73:b4:9c:53:00:67:6b:
                    2d:f5:37:3a:6c:27:c3:2a:18:e7:20:8f:00:d2:2d:
                    ea:46:1c:ec:cb:73:7a:5e:10:ec:3e:71:fa:80:e1:
                    80:12:e0:5c:36:2a:b2:df:4e:a5:43:89:2a:97:44:
                    00:d9:7a:52:11:1e:98:a7:3a:e9:cd:7c:bf:06:e1:
                    5d:ce:1c:0c:36:e5:79:20:df:8f:e9:73:be:bc:7c:
                    2b:3a:20:65:96:73:75:81:d8:f5:a4:9c:24:b4:63:
                    7a:81:0e:48:24:d5:dd:02:a1:7d:0d:f2:cc:6b:8a:
                    dd:99:61:66:a3:f1:05:30:0f:f7:8e:32:56:bf:88:
                    2c:4a:fd:29:f0:99:a6:76:f6:0b:d7:37:90:d5:fd:
                    87:58:93:ab:17:82:42:ec:fd:de:53:81:30:c6:c3:
                    df:ce:de:9f:0a:8d:89:b6:48:c6:62:cf:ab:92:84:
                    01:1b:20:e5:44:f3:33:77:95:dc:c5:b8:20:d0:7a:
                    a2:c2:1c:2b:6c:fe:f7:cf:81:14:4f:92:79:f5:05:
                    7b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D9:22:71:71:E0:06:1F:7C:0F:5A:EE:50:E6:2E:2D:40:DF:5B:FB
            X509v3 Authority Key Identifier:
                keyid:2F:2B:26:C5:52:56:30:06:21:3C:FE:48:14:A9:DC:2A:0F:C1:6F:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LysmxVJWMAYhPP5IFKncKg_Bb0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/IdkicXHgBh98D1ruUOYuLUDfW_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4cc115-af65-4913-9d69-1c35b839379b/1/LysmxVJWMAYhPP5IFKncKg_Bb0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.204.0/24
                IPv6:
                  2a12:bfc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:42:8b:e4:bb:bd:95:b0:ad:21:91:31:44:5b:d5:8a:fe:03:
         62:15:1e:21:c0:e8:30:86:8b:d0:cc:46:14:bd:c5:53:2c:b2:
         8e:c1:43:2a:ff:af:e3:fe:d6:3e:c6:68:52:39:50:2c:fd:0f:
         58:2e:7f:00:38:02:fb:8a:3e:f3:7b:84:ed:ff:c8:3c:7b:ec:
         8f:6f:af:3f:18:ac:e2:45:bb:f1:8c:13:79:b2:b2:5e:a6:9e:
         ae:c8:87:d8:fd:c5:87:b2:06:37:55:8c:f6:d6:58:34:ad:37:
         7e:d5:46:d3:95:47:0e:68:76:b7:4d:ea:b1:a2:34:c8:7f:7b:
         5f:54:f4:8a:e1:b6:8b:8f:eb:c8:5c:5f:9c:bd:1f:02:3c:c2:
         ed:79:c5:ad:2d:c9:40:54:56:a7:a4:e4:e8:40:b6:03:6e:3f:
         27:da:c6:56:25:21:e7:20:60:9f:27:66:f2:e0:1b:b5:75:44:
         b7:2d:bb:20:d0:45:57:94:85:a2:2e:e3:fa:d2:4b:38:fa:5a:
         49:64:b9:3b:23:a8:7f:36:82:55:f6:f1:23:c7:73:d3:21:40:
         f7:bc:08:c1:0d:ff:b5:b7:26:d0:1b:36:24:bf:1a:cb:d9:43:
         fe:87:0a:5a:55:dc:d1:0a:bf:a4:31:db:87:a5:f7:e8:23:be:
         a9:ef:7a:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJSvGrSpA8hmIDFVoQEGJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmIyNmM1NTI1NjMwMDYyMTNjZmU0ODE0YTlkYzJhMGZj
MTZmNDMwHhcNMjQwMTAyMDgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQ5MjI3MTcxZTAwNjFmN2MwZjVhZWU1MGU2MmUyZDQwZGY1YmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeUptJ3NQqy8fmjAOSr11kImf6rg
WgCj97aUHqze4ey62ImSF5NSVTbuuEXZss9P19+BG3O0nFMAZ2st9Tc6bCfDKhjn
II8A0i3qRhzsy3N6XhDsPnH6gOGAEuBcNiqy306lQ4kql0QA2XpSER6YpzrpzXy/
BuFdzhwMNuV5IN+P6XO+vHwrOiBllnN1gdj1pJwktGN6gQ5IJNXdAqF9DfLMa4rd
mWFmo/EFMA/3jjJWv4gsSv0p8JmmdvYL1zeQ1f2HWJOrF4JC7P3eU4EwxsPfzt6f
Co2JtkjGYs+rkoQBGyDlRPMzd5Xcxbgg0HqiwhwrbP73z4EUT5J59QV7mQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCHZInFx4AYffA9a7lDmLi1A31v7MB8GA1UdIwQY
MBaAFC8rJsVSVjAGITz+SBSp3CoPwW9DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlzbXhWSldNQVloUFA1SUZLbmNLZ19CYjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80Y2MxMTUtYWY2NS00OTEzLTlkNjkt
MWMzNWI4MzkzNzliLzEvSWRraWNYSGdCaDk4RDFydVVPWXVMVURmV19zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80Y2MxMTUtYWY2NS00OTEzLTlkNjktMWMzNWI4MzkzNzli
LzEvTHlzbXhWSldNQVloUFA1SUZLbmNLZ19CYjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYPMMA8E
AgACMAkDBwAqEr/AAAAwDQYJKoZIhvcNAQELBQADggEBAExCi+S7vZWwrSGRMURb
1Yr+A2IVHiHA6DCGi9DMRhS9xVMsso7BQyr/r+P+1j7GaFI5UCz9D1gufwA4AvuK
PvN7hO3/yDx77I9vrz8YrOJFu/GME3mysl6mnq7Ih9j9xYeyBjdVjPbWWDStN37V
RtOVRw5odrdN6rGiNMh/e19U9IrhtouP68hcX5y9HwI8wu15xa0tyUBUVqek5OhA
tgNuPyfaxlYlIecgYJ8nZvLgG7V1RLctuyDQRVeUhaIu4/rSSzj6WklkuTsjqH82
glX28SPHc9MhQPe8CMEN/7W3JtAbNiS/GsvZQ/6HClpV3NEKv6Qx24el9+gjvqnv
evk=
-----END CERTIFICATE-----