Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/jDt7u2twT7csb6qf0qeLdE5sAvE.roa
File:                     jDt7u2twT7csb6qf0qeLdE5sAvE.roa (raw, json)
Hash identifier:          iAHCFrZZt/cvZ+wiCQ6x/qWsz+ydMgJzqcHW2Qc8EeA=
Subject key identifier:   8C:3B:7B:BB:6B:70:4F:B7:2C:6F:AA:9F:D2:A7:8B:74:4E:6C:02:F1
Certificate issuer:       /CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
Certificate serial:       018E74B52FE8C6AFAE976B5E220F26A57F7B
Authority key identifier: 36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/jDt7u2twT7csb6qf0qeLdE5sAvE.roa
Signing time:             Mon 25 Mar 2024 08:23:35 +0000
ROA not before:           Mon 25 Mar 2024 08:23:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        185.194.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:b5:2f:e8:c6:af:ae:97:6b:5e:22:0f:26:a5:7f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
        Validity
            Not Before: Mar 25 08:23:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c3b7bbb6b704fb72c6faa9fd2a78b744e6c02f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:08:f7:6c:14:6b:cd:99:aa:a5:09:81:f8:ac:
                    f9:ed:b6:0a:0b:9a:1c:94:8d:90:68:34:b2:fb:b1:
                    76:56:7a:4f:b0:31:55:f2:3f:80:ed:a3:84:18:bf:
                    07:f9:69:32:89:a1:31:8e:aa:ad:6c:ff:12:fa:1d:
                    0d:81:80:4f:6e:f5:b1:e9:2b:62:ee:5d:de:0b:ec:
                    88:b2:6f:28:30:46:c2:56:fe:8c:ee:8d:88:d9:1f:
                    92:ba:4d:da:cd:84:aa:d3:cf:df:c9:03:aa:f4:5e:
                    6e:5c:94:44:d3:d4:3b:b7:3f:96:8d:51:b5:e5:c8:
                    db:08:31:95:9b:9e:a6:03:ae:a5:8c:a6:92:00:a8:
                    65:90:03:58:5b:bd:57:b7:da:92:4a:d4:da:4e:cb:
                    cc:bb:78:4f:89:71:34:20:d9:55:6a:e7:57:a3:0b:
                    dd:81:ed:d1:7c:66:34:dc:19:c1:9e:b8:e5:6c:cf:
                    76:59:d9:f8:76:b4:0c:a7:ac:f3:20:68:ce:03:e4:
                    3b:0a:2b:03:c1:ea:e4:ac:ec:62:c8:05:68:d5:be:
                    a3:b0:ec:ab:b5:cc:27:34:6a:91:f0:f5:0a:2b:15:
                    df:84:e2:2e:3e:9b:56:09:f6:6f:5c:51:fe:46:29:
                    fe:81:7f:12:ed:a4:05:ef:af:0c:f5:42:94:ec:32:
                    70:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3B:7B:BB:6B:70:4F:B7:2C:6F:AA:9F:D2:A7:8B:74:4E:6C:02:F1
            X509v3 Authority Key Identifier:
                keyid:36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/jDt7u2twT7csb6qf0qeLdE5sAvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:cd:11:42:24:0d:c5:4c:5d:07:0a:49:c3:b0:ca:57:f4:5d:
         03:33:45:f0:b4:78:7f:0a:cb:40:00:7f:d4:66:91:fc:ab:f3:
         05:85:dd:b7:bb:4d:dd:57:80:6f:f4:f8:b5:8e:e0:2f:2c:b0:
         35:bc:4a:bb:98:ec:ab:f3:af:4f:a6:69:c8:46:41:ca:aa:ce:
         69:ab:b7:61:2c:b5:de:5c:99:2a:a4:55:fe:6d:1e:3f:80:57:
         4a:11:cd:f3:a6:93:0a:9f:32:8f:d9:2c:e9:13:d1:ef:ab:8e:
         1f:af:95:25:3d:65:68:82:8c:72:cd:62:6f:38:fa:fb:85:4c:
         2c:bb:d5:fe:c4:c2:dc:78:27:ac:57:85:4f:c5:7a:39:5a:57:
         c1:93:80:62:e2:ef:16:f0:eb:23:1a:3f:b0:20:0c:50:5e:9d:
         01:c5:d5:05:2d:d6:1c:5d:61:37:df:01:ed:13:40:1a:23:bc:
         b2:34:e4:5a:b0:77:36:2e:9a:31:2d:6d:df:71:e4:6f:49:be:
         13:56:1c:ba:85:a6:e5:1a:bb:7c:66:74:20:cd:bc:dd:e4:5a:
         b6:45:34:94:d8:9b:15:be:a1:50:5c:af:06:2a:c8:8d:d9:02:
         a4:36:f4:c8:cc:8d:f9:5f:4e:4e:bc:aa:fa:cc:38:7e:bf:35:
         00:db:6e:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY50tS/oxq+ul2teIg8mpX97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTRmY2M2YmY2YTg3NDBmYTc4MTQ2NDFmZDlkNmVjOGQ4
NjJlNWYwHhcNMjQwMzI1MDgyMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzNiN2JiYjZiNzA0ZmI3MmM2ZmFhOWZkMmE3OGI3NDRlNmMwMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qj3bBRrzZmqpQmB+Kz57bYKC5oc
lI2QaDSy+7F2VnpPsDFV8j+A7aOEGL8H+WkyiaExjqqtbP8S+h0NgYBPbvWx6Sti
7l3eC+yIsm8oMEbCVv6M7o2I2R+Suk3azYSq08/fyQOq9F5uXJRE09Q7tz+WjVG1
5cjbCDGVm56mA66ljKaSAKhlkANYW71Xt9qSStTaTsvMu3hPiXE0INlVaudXowvd
ge3RfGY03BnBnrjlbM92Wdn4drQMp6zzIGjOA+Q7CisDwerkrOxiyAVo1b6jsOyr
tcwnNGqR8PUKKxXfhOIuPptWCfZvXFH+Rin+gX8S7aQF768M9UKU7DJwjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIw7e7trcE+3LG+qn9Kni3RObALxMB8GA1UdIwQY
MBaAFDaU/Ma/aodA+ngUZB/Z1uyNhi5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUt
MGQzZmNlNDI5YmRlLzEvakR0N3UydHdUN2NzYjZxZjBxZUxkRTVzQXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUtMGQzZmNlNDI5YmRl
LzEvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLOMA0G
CSqGSIb3DQEBCwUAA4IBAQBVzRFCJA3FTF0HCknDsMpX9F0DM0XwtHh/CstAAH/U
ZpH8q/MFhd23u03dV4Bv9Pi1juAvLLA1vEq7mOyr869PpmnIRkHKqs5pq7dhLLXe
XJkqpFX+bR4/gFdKEc3zppMKnzKP2SzpE9Hvq44fr5UlPWVogoxyzWJvOPr7hUws
u9X+xMLceCesV4VPxXo5WlfBk4Bi4u8W8OsjGj+wIAxQXp0BxdUFLdYcXWE33wHt
E0AaI7yyNORasHc2LpoxLW3fceRvSb4TVhy6hablGrt8ZnQgzbzd5Fq2RTSU2JsV
vqFQXK8GKsiN2QKkNvTIzI35X05OvKr6zDh+vzUA2263
-----END CERTIFICATE-----