Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/1fYYEbIvEaxVvZFqg0M_i623HVo.roa
File:                     1fYYEbIvEaxVvZFqg0M_i623HVo.roa (raw, json)
Hash identifier:          W8iK2GIpn+Q/jPgRZ0bjB/mQ2skphYEapu5SibpDNX4=
Subject key identifier:   D5:F6:18:11:B2:2F:11:AC:55:BD:91:6A:83:43:3F:8B:AD:B7:1D:5A
Certificate issuer:       /CN=35dacf70367d0ac305a5ac1abbaf2398b26d9355
Certificate serial:       01915B892F3ED92D62E7EEBA57B28AF02B4A
Authority key identifier: 35:DA:CF:70:36:7D:0A:C3:05:A5:AC:1A:BB:AF:23:98:B2:6D:93:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NdrPcDZ9CsMFpawau68jmLJtk1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/1fYYEbIvEaxVvZFqg0M_i623HVo.roa
Signing time:             Fri 16 Aug 2024 14:13:22 +0000
ROA not before:           Fri 16 Aug 2024 14:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206952
IP address blocks:        185.168.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/NdrPcDZ9CsMFpawau68jmLJtk1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/NdrPcDZ9CsMFpawau68jmLJtk1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NdrPcDZ9CsMFpawau68jmLJtk1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:89:2f:3e:d9:2d:62:e7:ee:ba:57:b2:8a:f0:2b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35dacf70367d0ac305a5ac1abbaf2398b26d9355
        Validity
            Not Before: Aug 16 14:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5f61811b22f11ac55bd916a83433f8badb71d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:90:02:b2:12:93:6e:e4:fc:11:a8:66:5a:9c:
                    7b:fc:fd:67:25:87:59:f4:0d:4d:df:51:33:5d:87:
                    cd:a5:37:0a:33:61:3c:f5:8e:20:12:40:78:e5:87:
                    7f:9f:80:c9:0a:30:23:79:39:25:08:70:12:61:15:
                    de:53:03:e0:cb:d6:3e:ec:ea:87:09:cb:d7:83:df:
                    46:f8:ab:48:2e:34:0d:d6:cd:d1:e9:8a:ac:6b:72:
                    37:1d:a2:bf:cd:6d:e9:50:fc:ed:46:d1:71:56:58:
                    f8:c9:56:a4:28:e9:8a:79:0b:97:a1:71:f3:4c:26:
                    3a:32:75:f4:c3:2b:0e:1f:d3:d5:23:32:b4:68:f9:
                    1c:90:21:e8:61:42:4f:6b:b2:62:c4:39:5c:97:bf:
                    7a:a5:6e:f5:a9:46:6b:a4:79:c0:d8:95:72:30:c9:
                    8e:1d:08:2f:ab:0e:fc:94:07:46:fe:44:27:18:a3:
                    54:86:cc:96:8d:1b:41:78:b0:bb:50:5b:91:24:7d:
                    95:7a:b1:9c:99:cb:59:80:f6:be:07:fd:61:5f:5d:
                    68:06:2b:3e:7a:dc:16:4b:0b:81:6e:88:52:2c:d3:
                    cd:31:64:f8:27:da:6b:d8:c7:0e:30:fc:e6:53:9e:
                    03:5f:f0:76:82:20:56:67:7e:b7:2f:81:2b:90:d5:
                    f2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F6:18:11:B2:2F:11:AC:55:BD:91:6A:83:43:3F:8B:AD:B7:1D:5A
            X509v3 Authority Key Identifier:
                keyid:35:DA:CF:70:36:7D:0A:C3:05:A5:AC:1A:BB:AF:23:98:B2:6D:93:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NdrPcDZ9CsMFpawau68jmLJtk1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/1fYYEbIvEaxVvZFqg0M_i623HVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/f6892f-51b6-4e4a-b1e0-fd3fd1803294/1/NdrPcDZ9CsMFpawau68jmLJtk1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:76:07:99:d0:7f:cb:92:42:e3:e6:e3:03:49:77:3e:43:82:
         aa:c0:1c:67:8a:e8:a5:dc:05:1b:9c:3a:e8:4d:7b:2f:4c:ca:
         7c:3b:57:84:e8:d9:d9:25:d9:37:9c:07:b1:e7:f4:bc:46:87:
         91:82:97:36:bc:82:5d:95:17:ef:7f:08:18:d9:f7:8d:e9:32:
         b9:cd:7f:22:96:73:83:fc:20:86:d2:ee:0b:00:19:ec:f8:34:
         91:8a:1c:df:ad:8c:71:64:50:a6:03:f3:40:42:07:63:2d:3c:
         3f:ef:98:bc:a5:3b:43:a0:60:a5:7d:b9:8c:96:45:da:ad:42:
         85:66:e0:c1:8c:c9:65:3a:ef:0f:74:63:b3:3d:28:09:18:e5:
         fd:75:29:35:76:e9:37:f6:d9:b2:e2:70:ac:62:87:ca:a4:dd:
         ce:fb:90:06:ae:5f:ff:4d:d8:a3:86:84:8e:3d:a0:44:54:9a:
         52:eb:6f:b6:6b:0b:1e:c0:15:51:66:23:14:06:1b:93:c6:be:
         27:97:04:3a:ef:c0:ef:68:99:16:e9:0b:95:f1:fa:f0:7a:19:
         08:d6:e2:3e:81:e9:25:5f:c7:18:9b:23:84:3b:f1:a9:44:b6:
         c0:79:0a:0f:aa:c1:37:76:c1:46:b8:4f:3c:cd:7c:56:7a:2a:
         15:be:42:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFbiS8+2S1i5+66V7KK8CtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZGFjZjcwMzY3ZDBhYzMwNWE1YWMxYWJiYWYyMzk4YjI2
ZDkzNTUwHhcNMjQwODE2MTQxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY2MTgxMWIyMmYxMWFjNTViZDkxNmE4MzQzM2Y4YmFkYjcxZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5ACshKTbuT8EahmWpx7/P1nJYdZ
9A1N31EzXYfNpTcKM2E89Y4gEkB45Yd/n4DJCjAjeTklCHASYRXeUwPgy9Y+7OqH
CcvXg99G+KtILjQN1s3R6Yqsa3I3HaK/zW3pUPztRtFxVlj4yVakKOmKeQuXoXHz
TCY6MnX0wysOH9PVIzK0aPkckCHoYUJPa7JixDlcl796pW71qUZrpHnA2JVyMMmO
HQgvqw78lAdG/kQnGKNUhsyWjRtBeLC7UFuRJH2VerGcmctZgPa+B/1hX11oBis+
etwWSwuBbohSLNPNMWT4J9pr2McOMPzmU54DX/B2giBWZ363L4ErkNXydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX2GBGyLxGsVb2RaoNDP4uttx1aMB8GA1UdIwQY
MBaAFDXaz3A2fQrDBaWsGruvI5iybZNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmRyUGNEWjlDc01GcGF3YXU2OGptTEp0azFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9mNjg5MmYtNTFiNi00ZTRhLWIxZTAt
ZmQzZmQxODAzMjk0LzEvMWZZWUViSXZFYXhWdlpGcWcwTV9pNjIzSFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9mNjg5MmYtNTFiNi00ZTRhLWIxZTAtZmQzZmQxODAzMjk0
LzEvTmRyUGNEWjlDc01GcGF3YXU2OGptTEp0azFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuahMMA0G
CSqGSIb3DQEBCwUAA4IBAQCedgeZ0H/LkkLj5uMDSXc+Q4KqwBxniuil3AUbnDro
TXsvTMp8O1eE6NnZJdk3nAex5/S8RoeRgpc2vIJdlRfvfwgY2feN6TK5zX8ilnOD
/CCG0u4LABns+DSRihzfrYxxZFCmA/NAQgdjLTw/75i8pTtDoGClfbmMlkXarUKF
ZuDBjMllOu8PdGOzPSgJGOX9dSk1duk39tmy4nCsYofKpN3O+5AGrl//TdijhoSO
PaBEVJpS62+2awsewBVRZiMUBhuTxr4nlwQ678DvaJkW6QuV8frwehkI1uI+gekl
X8cYmyOEO/GpRLbAeQoPqsE3dsFGuE88zXxWeioVvkL/
-----END CERTIFICATE-----