Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Zc3v3NMy5tofYffaMFCnoKxyAPQ.roa
File:                     Zc3v3NMy5tofYffaMFCnoKxyAPQ.roa (raw, json)
Hash identifier:          ZrcmHIjkJhtbx7rqBB1p1Pe1TfJeg2rROAdGWDbyOmo=
Subject key identifier:   65:CD:EF:DC:D3:32:E6:DA:1F:61:F7:DA:30:50:A7:A0:AC:72:00:F4
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B61F59EF83C562644C2A6FE717966
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Zc3v3NMy5tofYffaMFCnoKxyAPQ.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205512
IP address blocks:        185.122.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:61:f5:9e:f8:3c:56:26:44:c2:a6:fe:71:79:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65cdefdcd332e6da1f61f7da3050a7a0ac7200f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ff:3b:66:c4:d3:42:af:15:82:35:71:db:99:
                    3f:cf:25:67:d3:48:bb:ba:2e:68:69:b2:d6:87:9c:
                    0b:85:73:61:b5:94:8d:19:8b:9e:d3:5c:c8:c2:46:
                    7a:48:26:56:84:90:db:85:73:a1:ff:1e:da:e0:60:
                    5d:ec:da:8b:9c:84:35:30:c2:23:46:f9:81:81:7a:
                    7d:88:d2:64:f5:82:68:aa:1f:ad:b0:00:66:38:4c:
                    f5:7c:e2:82:5e:98:c8:16:18:81:98:93:19:5d:c3:
                    36:e0:20:14:ab:ed:c7:a6:bc:0c:33:ab:1a:9a:7f:
                    4b:c9:e3:00:2f:00:80:eb:ba:a1:c9:83:5c:46:f0:
                    aa:09:7a:87:9a:a2:f5:ba:b6:02:94:e7:7d:f7:ac:
                    87:d7:41:ee:0b:d0:a0:83:be:9f:63:49:da:75:22:
                    2f:0f:9f:68:bf:56:90:e4:da:44:ac:93:c2:42:55:
                    1c:2c:2e:71:17:2b:c7:15:5f:78:37:7a:9a:e6:14:
                    0f:11:05:77:17:9b:2f:77:6d:55:1c:02:dc:b9:67:
                    d4:1e:02:aa:18:dd:b5:4d:00:3e:5c:0f:7e:90:79:
                    a9:17:b6:b5:14:2d:a5:68:e9:79:80:db:68:74:eb:
                    6c:3d:42:7f:28:fd:31:f7:f4:64:c6:70:be:ce:5c:
                    52:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CD:EF:DC:D3:32:E6:DA:1F:61:F7:DA:30:50:A7:A0:AC:72:00:F4
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Zc3v3NMy5tofYffaMFCnoKxyAPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:15:84:c1:3a:ef:f9:94:99:12:89:2d:f9:a7:04:6d:1c:e2:
         f9:8d:d9:fa:ba:23:6d:d3:bb:36:c2:da:c5:72:e0:43:66:a5:
         d0:53:d3:8e:db:e9:a4:df:a8:66:eb:f8:59:a7:e2:8d:49:a2:
         40:36:70:c0:8f:43:74:4a:dc:cd:55:73:5e:8a:68:c7:12:f5:
         90:58:98:b6:c6:02:c4:56:10:25:cd:5c:68:2e:f9:fd:3a:53:
         8e:a3:0f:62:80:67:aa:e4:34:e8:49:0a:26:dc:c5:7a:68:53:
         0f:a7:12:ca:ff:c0:1a:d3:da:59:d6:e5:45:70:14:f3:c1:d2:
         17:09:9f:5e:81:2c:25:5a:5d:37:49:76:ca:15:b3:eb:f5:c0:
         3d:4a:c9:a0:7a:5a:5a:2e:bd:49:7e:7f:05:58:91:d8:b0:9f:
         f0:7e:bb:10:b8:34:76:84:b3:3c:62:ff:36:7d:24:a2:9e:06:
         87:41:c3:0a:46:bb:46:5f:0d:c1:8d:ca:41:a4:b5:c9:0c:62:
         13:58:02:b2:76:f3:a3:37:49:2c:d9:e9:41:c3:8c:11:50:33:
         19:c3:f9:77:8a:82:10:41:c6:49:c6:0a:d9:97:f5:f4:52:29:
         30:db:45:de:d9:e3:88:cf:38:c9:9f:a9:59:73:ac:ab:f6:5d:
         ed:83:00:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2H1nvg8ViZEwqb+cXlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNkZWZkY2QzMzJlNmRhMWY2MWY3ZGEzMDUwYTdhMGFjNzIwMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf87ZsTTQq8VgjVx25k/zyVn00i7
ui5oabLWh5wLhXNhtZSNGYue01zIwkZ6SCZWhJDbhXOh/x7a4GBd7NqLnIQ1MMIj
RvmBgXp9iNJk9YJoqh+tsABmOEz1fOKCXpjIFhiBmJMZXcM24CAUq+3HprwMM6sa
mn9LyeMALwCA67qhyYNcRvCqCXqHmqL1urYClOd996yH10HuC9Cgg76fY0nadSIv
D59ov1aQ5NpErJPCQlUcLC5xFyvHFV94N3qa5hQPEQV3F5svd21VHALcuWfUHgKq
GN21TQA+XA9+kHmpF7a1FC2laOl5gNtodOtsPUJ/KP0x9/RkxnC+zlxSpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXN79zTMubaH2H32jBQp6CscgD0MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvWmMzdjNOTXk1dG9mWWZmYU1GQ25vS3h5QVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXomMA0G
CSqGSIb3DQEBCwUAA4IBAQAhFYTBOu/5lJkSiS35pwRtHOL5jdn6uiNt07s2wtrF
cuBDZqXQU9OO2+mk36hm6/hZp+KNSaJANnDAj0N0StzNVXNeimjHEvWQWJi2xgLE
VhAlzVxoLvn9OlOOow9igGeq5DToSQom3MV6aFMPpxLK/8Aa09pZ1uVFcBTzwdIX
CZ9egSwlWl03SXbKFbPr9cA9SsmgelpaLr1Jfn8FWJHYsJ/wfrsQuDR2hLM8Yv82
fSSingaHQcMKRrtGXw3BjcpBpLXJDGITWAKydvOjN0ks2elBw4wRUDMZw/l3ioIQ
QcZJxgrZl/X0Uikw20Xe2eOIzzjJn6lZc6yr9l3tgwBN
-----END CERTIFICATE-----