Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/UDlEqtFvi8QMIwl9NlgeMbdkRSQ.roa
File:                     UDlEqtFvi8QMIwl9NlgeMbdkRSQ.roa (raw, json)
Hash identifier:          IbGniZ5QuqvyRgYP+sK2swz86C11okJAtpQQvw/IHtA=
Subject key identifier:   50:39:44:AA:D1:6F:8B:C4:0C:23:09:7D:36:58:1E:31:B7:64:45:24
Certificate issuer:       /CN=60c44dff71879863ea71442023b7f354dc3dad7c
Certificate serial:       018CC3B6CBEA8C0500AFF060FA2553A7F240
Authority key identifier: 60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/UDlEqtFvi8QMIwl9NlgeMbdkRSQ.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.88.184.0/24 maxlen: 24
                          185.88.186.0/24 maxlen: 24
                          185.88.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:cb:ea:8c:05:00:af:f0:60:fa:25:53:a7:f2:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c44dff71879863ea71442023b7f354dc3dad7c
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=503944aad16f8bc40c23097d36581e31b7644524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:18:40:11:a0:9a:06:c5:87:fb:37:18:a1:c6:
                    3e:0e:41:78:84:f4:03:eb:aa:28:df:d4:05:54:c5:
                    d3:c3:ee:c0:03:b4:45:61:56:0b:72:14:4f:a8:f6:
                    19:52:9c:38:cc:cd:5d:5f:bd:bd:ec:62:32:de:be:
                    58:0d:b8:16:81:ab:e7:a0:cd:2a:39:2f:34:98:05:
                    15:b9:b3:8a:e4:c4:6a:1c:ac:74:fe:e4:d3:69:ad:
                    40:8e:4c:99:32:34:c2:50:a2:82:40:42:67:7f:34:
                    15:17:8c:09:59:b0:53:54:73:d5:8d:12:6a:b7:c0:
                    3b:64:5f:fe:97:03:ad:71:73:e0:ea:03:ba:79:ff:
                    d2:41:1e:d4:cc:a0:07:33:e3:eb:f6:c7:5f:73:f6:
                    97:5c:5c:e5:cf:1a:75:9e:11:b4:d0:12:59:6a:92:
                    d1:bb:7a:1d:81:80:4e:6f:4e:43:88:05:3f:2b:96:
                    74:10:08:70:22:c2:4c:a0:97:fe:7d:a6:24:26:48:
                    d8:f4:3e:64:2e:18:da:06:b8:f6:73:8b:3c:d2:4e:
                    07:41:27:59:89:ce:39:82:ec:ed:73:cd:a4:91:e4:
                    44:e0:e3:a5:8e:b7:3e:14:0d:02:b3:a0:78:c6:bc:
                    97:7d:65:20:51:28:4e:3f:8a:6f:e8:6b:1c:b0:b9:
                    ac:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:39:44:AA:D1:6F:8B:C4:0C:23:09:7D:36:58:1E:31:B7:64:45:24
            X509v3 Authority Key Identifier:
                keyid:60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/UDlEqtFvi8QMIwl9NlgeMbdkRSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.184.0-185.88.186.255

    Signature Algorithm: sha256WithRSAEncryption
         bc:88:88:02:f0:c8:53:d1:b3:01:27:38:d1:a1:7c:b6:42:b5:
         ac:0c:b8:67:ae:93:74:8d:c3:04:21:68:da:78:fd:36:74:e7:
         98:43:fa:15:79:5d:2b:dc:62:68:8a:a3:c4:e2:82:ba:6e:4b:
         a9:b7:78:f0:da:8f:d1:10:eb:77:d0:d5:c3:8a:89:33:5e:57:
         f1:bb:62:1c:0d:b9:63:ef:d3:1a:29:dd:c9:d9:9e:9a:57:48:
         13:61:eb:46:04:7f:88:24:22:54:bf:2a:22:cb:02:54:13:fd:
         52:a7:01:71:3d:78:5e:96:55:34:05:96:2e:7e:25:6c:57:5e:
         26:e4:43:12:ea:5b:cb:b2:5a:b5:43:33:41:8b:9a:ac:23:bc:
         b4:6e:ae:04:2f:be:6d:91:71:55:a9:2c:9b:32:05:31:d2:bc:
         ab:70:df:45:f9:53:73:25:16:dc:70:13:d2:87:2b:96:16:7c:
         cd:fa:d7:a1:b7:38:12:2b:5e:3e:4b:2b:b9:b7:19:e7:ed:a7:
         fd:2d:67:43:bc:f1:70:0a:00:b3:8f:9a:5f:ab:b0:b6:4b:bc:
         86:d4:92:82:05:c5:a7:ed:1f:6c:2a:1e:94:dc:b7:59:ce:e9:
         6f:69:57:56:d6:81:bb:76:f0:fd:bb:bc:ce:80:76:88:0f:14:
         51:f1:04:da
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtsvqjAUAr/Bg+iVTp/JAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzQ0ZGZmNzE4Nzk4NjNlYTcxNDQyMDIzYjdmMzU0ZGMz
ZGFkN2MwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDM5NDRhYWQxNmY4YmM0MGMyMzA5N2QzNjU4MWUzMWI3NjQ0NTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBhAEaCaBsWH+zcYocY+DkF4hPQD
66oo39QFVMXTw+7AA7RFYVYLchRPqPYZUpw4zM1dX7297GIy3r5YDbgWgavnoM0q
OS80mAUVubOK5MRqHKx0/uTTaa1AjkyZMjTCUKKCQEJnfzQVF4wJWbBTVHPVjRJq
t8A7ZF/+lwOtcXPg6gO6ef/SQR7UzKAHM+Pr9sdfc/aXXFzlzxp1nhG00BJZapLR
u3odgYBOb05DiAU/K5Z0EAhwIsJMoJf+faYkJkjY9D5kLhjaBrj2c4s80k4HQSdZ
ic45guztc82kkeRE4OOljrc+FA0Cs6B4xryXfWUgUShOP4pv6GscsLmsMQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFA5RKrRb4vEDCMJfTZYHjG3ZEUkMB8GA1UdIwQY
MBaAFGDETf9xh5hj6nFEICO381TcPa18MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWIt
YjJkNzM2Nzg3MjdiLzEvVURsRXF0RnZpOFFNSXdsOU5sZ2VNYmRrUlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWItYjJkNzM2Nzg3Mjdi
LzEvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5WLgD
BAC5WLowDQYJKoZIhvcNAQELBQADggEBALyIiALwyFPRswEnONGhfLZCtawMuGeu
k3SNwwQhaNp4/TZ055hD+hV5XSvcYmiKo8TigrpuS6m3ePDaj9EQ63fQ1cOKiTNe
V/G7YhwNuWPv0xop3cnZnppXSBNh60YEf4gkIlS/KiLLAlQT/VKnAXE9eF6WVTQF
li5+JWxXXibkQxLqW8uyWrVDM0GLmqwjvLRurgQvvm2RcVWpLJsyBTHSvKtw30X5
U3MlFtxwE9KHK5YWfM3616G3OBIrXj5LK7m3Geftp/0tZ0O88XAKALOPml+rsLZL
vIbUkoIFxaftH2wqHpTct1nO6W9pV1bWgbt28P27vM6AdogPFFHxBNo=
-----END CERTIFICATE-----