Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/7gnv1kbDDZUgKhX_aweGMyzGbdM.roa
File:                     7gnv1kbDDZUgKhX_aweGMyzGbdM.roa (raw, json)
Hash identifier:          LLdlJCQ1xQDKHH8pGy8pBo5zdSBPEwmmzxTaObNRgBA=
Subject key identifier:   EE:09:EF:D6:46:C3:0D:95:20:2A:15:FF:6B:07:86:33:2C:C6:6D:D3
Certificate issuer:       /CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
Certificate serial:       018CC64B43094E1828059BF6B485EF3E797C
Authority key identifier: DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/7gnv1kbDDZUgKhX_aweGMyzGbdM.roa
Signing time:             Mon 01 Jan 2024 18:31:10 +0000
ROA not before:           Mon 01 Jan 2024 18:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215838
IP address blocks:        185.186.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:43:09:4e:18:28:05:9b:f6:b4:85:ef:3e:79:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
        Validity
            Not Before: Jan  1 18:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee09efd646c30d95202a15ff6b0786332cc66dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0b:bd:73:b3:9c:cf:83:28:3e:3b:5c:e8:d0:
                    7f:f7:79:02:ba:2e:b9:6d:eb:ad:13:16:6a:09:ad:
                    49:18:8a:30:27:db:ed:04:bd:6c:cc:c0:9a:2d:7d:
                    00:05:8c:e8:cf:e3:d7:29:a4:0f:2d:79:40:34:f9:
                    c7:bb:8c:3b:42:f5:e0:db:94:85:10:11:c8:80:0e:
                    f3:c2:34:a6:c5:07:cf:50:55:23:07:2b:d2:5d:be:
                    bf:c2:53:3c:e1:01:a4:90:21:40:a8:e0:51:db:d8:
                    0d:5c:4c:7a:2f:18:01:fd:5b:86:df:89:05:68:d6:
                    7b:ee:04:b0:33:f3:8d:cd:2b:d2:6d:dc:01:00:51:
                    2a:a9:cf:05:a8:b7:50:0f:13:a9:0e:89:62:f1:1a:
                    92:fb:81:f4:ec:11:24:b0:3f:63:25:77:a8:db:9d:
                    88:67:b8:f7:54:17:f4:fe:3f:2d:94:f2:2e:75:83:
                    ec:7d:37:6a:c1:b7:92:ec:1a:f0:ab:35:42:20:3e:
                    f2:41:68:3f:46:b1:12:fe:66:17:c4:79:55:c1:e3:
                    84:f9:c0:34:69:0c:c1:64:05:f6:f0:88:53:d9:26:
                    3b:57:53:fc:a1:68:e8:33:a1:19:9e:e7:7c:8f:55:
                    e0:fb:72:48:5e:07:eb:ab:50:0f:85:67:40:98:ba:
                    18:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:09:EF:D6:46:C3:0D:95:20:2A:15:FF:6B:07:86:33:2C:C6:6D:D3
            X509v3 Authority Key Identifier:
                keyid:DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/7gnv1kbDDZUgKhX_aweGMyzGbdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:aa:0b:ed:d3:f4:55:4a:60:5a:c9:10:ab:ad:7c:3a:30:f3:
         c6:5e:7c:7e:8e:6f:44:0a:df:df:3b:15:34:d1:a5:f8:96:41:
         62:73:cd:6c:0d:5f:f3:83:13:3c:09:76:e2:05:4f:e3:5d:f3:
         be:22:33:28:d4:6b:f0:10:65:0f:b1:86:5a:ae:d9:92:d0:87:
         47:89:5f:b1:f5:30:1e:da:57:d3:a1:d8:77:2f:ff:2a:0b:b7:
         1a:d5:85:0f:03:b5:7a:4d:27:ff:74:65:21:59:2e:a5:3c:78:
         13:ff:9a:7e:34:ab:c5:d5:65:db:76:bc:ab:af:49:25:af:74:
         75:97:bb:7c:8e:79:ce:fa:b8:77:23:92:30:06:31:da:de:2f:
         21:60:3b:1a:f9:62:f6:7b:0e:ad:cc:b0:8e:39:d3:34:ef:03:
         96:cc:e4:b3:b5:ef:15:f1:f7:e9:50:d4:0e:be:12:21:25:06:
         b0:17:2b:72:95:e2:37:55:92:84:c2:fb:4d:0b:5c:fa:d0:d3:
         6d:6a:02:f0:36:d7:1a:04:f8:1b:29:de:2a:90:18:9d:4d:f5:
         58:93:a8:e3:da:33:cb:3a:45:1c:bc:6d:43:31:72:1c:42:ff:
         58:56:14:11:77:02:e9:a1:e7:0f:fc:ca:b9:c9:92:57:97:3c:
         99:ed:95:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0MJThgoBZv2tIXvPnl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTBhZGIxYThiNzk3MDIwZjBlYzdhMjlhOWI1YWJhZDQw
YjY1M2UwHhcNMjQwMTAxMTgzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA5ZWZkNjQ2YzMwZDk1MjAyYTE1ZmY2YjA3ODYzMzJjYzY2ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgu9c7Ocz4MoPjtc6NB/93kCui65
beutExZqCa1JGIowJ9vtBL1szMCaLX0ABYzoz+PXKaQPLXlANPnHu4w7QvXg25SF
EBHIgA7zwjSmxQfPUFUjByvSXb6/wlM84QGkkCFAqOBR29gNXEx6LxgB/VuG34kF
aNZ77gSwM/ONzSvSbdwBAFEqqc8FqLdQDxOpDoli8RqS+4H07BEksD9jJXeo252I
Z7j3VBf0/j8tlPIudYPsfTdqwbeS7BrwqzVCID7yQWg/RrES/mYXxHlVweOE+cA0
aQzBZAX28IhT2SY7V1P8oWjoM6EZnud8j1Xg+3JIXgfrq1APhWdAmLoYtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4J79ZGww2VICoV/2sHhjMsxm3TMB8GA1UdIwQY
MBaAFNygrbGot5cCDw7HopqbWrrUC2U+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYt
M2UzNmNhOWEyZDY5LzEvN2dudjFrYkREWlVnS2hYX2F3ZUdNeXpHYmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYtM2UzNmNhOWEyZDY5
LzEvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuboaMA0G
CSqGSIb3DQEBCwUAA4IBAQAhqgvt0/RVSmBayRCrrXw6MPPGXnx+jm9ECt/fOxU0
0aX4lkFic81sDV/zgxM8CXbiBU/jXfO+IjMo1GvwEGUPsYZartmS0IdHiV+x9TAe
2lfTodh3L/8qC7ca1YUPA7V6TSf/dGUhWS6lPHgT/5p+NKvF1WXbdryrr0klr3R1
l7t8jnnO+rh3I5IwBjHa3i8hYDsa+WL2ew6tzLCOOdM07wOWzOSzte8V8ffpUNQO
vhIhJQawFytyleI3VZKEwvtNC1z60NNtagLwNtcaBPgbKd4qkBidTfVYk6jj2jPL
OkUcvG1DMXIcQv9YVhQRdwLpoecP/Mq5yZJXlzyZ7ZVZ
-----END CERTIFICATE-----