Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/1-vSHnYOhrrhSPChU5bO-Xo1TG-M.roa
File:                     1-vSHnYOhrrhSPChU5bO-Xo1TG-M.roa (raw, json)
Hash identifier:          AS4PKVUL88DJNesWZT9jhzsMt7YTP7xs1LfDfHa9Now=
Subject key identifier:   FA:F4:87:9D:83:A1:AE:B8:52:3C:28:54:E5:B3:BE:5E:8D:53:1B:E3
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       018CC86F6A5FD4F28266D8650711CB1578A5
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/1-vSHnYOhrrhSPChU5bO-Xo1TG-M.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.67.36.0/22 maxlen: 32
                          2a05:bc0::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6a:5f:d4:f2:82:66:d8:65:07:11:cb:15:78:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faf4879d83a1aeb8523c2854e5b3be5e8d531be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:65:9e:32:c9:48:11:56:76:e5:50:d3:c9:0e:
                    31:a5:26:33:05:92:23:f9:8a:6d:32:b4:d4:96:cf:
                    6d:25:bc:b5:d7:41:80:25:34:83:a1:9e:a3:b1:7b:
                    9e:16:e6:e3:73:d6:4d:5f:b0:a7:bd:1c:f0:2c:40:
                    e4:71:9f:e1:6d:14:c6:04:46:d4:75:a6:4d:bb:2d:
                    9c:e9:f9:bd:a2:82:92:47:1f:ad:3a:9e:0e:9e:7d:
                    4b:2c:2c:da:5d:fb:e6:9f:8d:f0:ed:77:8d:ac:7c:
                    69:41:e7:c6:43:6f:ee:48:c6:fe:6a:91:6c:cd:e2:
                    93:04:68:b0:af:64:3f:f3:5b:e5:8c:90:70:d3:10:
                    0c:15:f9:85:ed:8a:22:11:a6:7c:f6:19:37:b5:d7:
                    96:43:8e:38:ad:57:31:78:62:8d:bf:27:eb:47:e0:
                    bd:04:2f:6d:09:09:49:1a:ee:48:36:af:0e:1a:f0:
                    63:58:e8:d0:89:4f:d4:9a:9b:c2:0d:5c:3c:3f:1d:
                    16:29:ce:43:e5:ca:8b:ce:b2:e9:6d:cd:45:c2:a7:
                    52:f4:8a:fa:6a:2f:7f:59:31:61:b2:65:08:f1:56:
                    ff:c6:bf:94:38:12:ab:22:00:00:d6:34:b3:a5:ff:
                    47:a7:28:74:04:c6:60:64:25:67:ed:83:05:31:1e:
                    b5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F4:87:9D:83:A1:AE:B8:52:3C:28:54:E5:B3:BE:5E:8D:53:1B:E3
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/1-vSHnYOhrrhSPChU5bO-Xo1TG-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.36.0/22
                IPv6:
                  2a05:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:48:9e:2d:11:5d:3f:b6:6f:9b:22:18:6e:34:69:ef:0a:df:
         3b:80:60:cb:6b:e7:91:2e:93:71:b4:ad:51:ee:97:79:52:a7:
         07:66:d3:95:71:53:c9:b5:fa:28:d4:d1:75:ea:90:55:3f:40:
         0b:72:5d:09:ea:0d:bd:fd:b5:4e:25:4b:7f:f4:2c:27:71:45:
         fe:73:34:95:cf:eb:b0:45:fa:ed:14:c1:eb:0a:27:02:55:6c:
         e9:3a:88:f2:35:c2:79:e2:ca:e4:26:a7:82:e4:20:d6:0a:0c:
         76:e0:a5:8b:76:92:d2:d1:05:fc:ad:cb:73:78:76:88:9d:c6:
         33:c3:20:40:0a:e2:ca:12:31:d5:74:18:26:6e:4e:b4:78:d5:
         f8:ca:0f:03:2a:87:94:cb:dd:5a:b6:93:6e:a7:21:25:fe:3a:
         04:61:92:cd:29:4a:b4:9f:6b:01:9e:73:1b:60:ba:cb:fa:cd:
         09:d8:ca:c6:1b:5c:b8:d3:1d:07:c1:14:a6:3e:e2:c8:15:e3:
         3a:6f:e2:43:30:6f:de:75:82:7a:4d:5e:24:b3:86:46:ca:c9:
         f6:2b:45:14:83:3e:f4:95:fd:55:ff:51:5b:c5:49:bc:31:f3:
         67:d9:2b:12:a9:32:dd:3c:87:69:3f:56:10:73:96:c6:e2:a4:
         b8:2c:61:1d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIb2pf1PKCZthlBxHLFXilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWY0ODc5ZDgzYTFhZWI4NTIzYzI4NTRlNWIzYmU1ZThkNTMxYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWWeMslIEVZ25VDTyQ4xpSYzBZIj
+YptMrTUls9tJby110GAJTSDoZ6jsXueFubjc9ZNX7CnvRzwLEDkcZ/hbRTGBEbU
daZNuy2c6fm9ooKSRx+tOp4Onn1LLCzaXfvmn43w7XeNrHxpQefGQ2/uSMb+apFs
zeKTBGiwr2Q/81vljJBw0xAMFfmF7YoiEaZ89hk3tdeWQ444rVcxeGKNvyfrR+C9
BC9tCQlJGu5INq8OGvBjWOjQiU/UmpvCDVw8Px0WKc5D5cqLzrLpbc1FwqdS9Ir6
ai9/WTFhsmUI8Vb/xr+UOBKrIgAA1jSzpf9Hpyh0BMZgZCVn7YMFMR61zwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPr0h52Doa64UjwoVOWzvl6NUxvjMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvMS12U0huWU9ocnJoU1BDaFU1Yk8tWG8xVEctTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmIvZGNmOTc2LTAwN2QtNDU0Mi1iMGUyLTVmOGZjNzA3ODM2
YS8xL1dUaVhGMC1XZEpEYjloaWRSNTN5eVRjYjlBUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlDJDAN
BAIAAjAHAwUDKgULwDANBgkqhkiG9w0BAQsFAAOCAQEAekieLRFdP7ZvmyIYbjRp
7wrfO4Bgy2vnkS6TcbStUe6XeVKnB2bTlXFTybX6KNTRdeqQVT9AC3JdCeoNvf21
TiVLf/QsJ3FF/nM0lc/rsEX67RTB6wonAlVs6TqI8jXCeeLK5CanguQg1goMduCl
i3aS0tEF/K3Lc3h2iJ3GM8MgQAriyhIx1XQYJm5OtHjV+MoPAyqHlMvdWraTbqch
Jf46BGGSzSlKtJ9rAZ5zG2C6y/rNCdjKxhtcuNMdB8EUpj7iyBXjOm/iQzBv3nWC
ek1eJLOGRsrJ9itFFIM+9JX9Vf9RW8VJvDHzZ9krEqky3TyHaT9WEHOWxuKkuCxh
HQ==
-----END CERTIFICATE-----