Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/zC3g7VR4gscaz3smpksqj9RjIJA.roa
File:                     zC3g7VR4gscaz3smpksqj9RjIJA.roa (raw, json)
Hash identifier:          To8UonYhzLxjGWz3d9UPHwq03/giHnAA6QHH09++Y+8=
Subject key identifier:   CC:2D:E0:ED:54:78:82:C7:1A:CF:7B:26:A6:4B:2A:8F:D4:63:20:90
Certificate issuer:       /CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
Certificate serial:       018CC64B41B2BBF3BAC929C77D14F9861C1F
Authority key identifier: DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/zC3g7VR4gscaz3smpksqj9RjIJA.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        185.186.24.0/24 maxlen: 24
                          2a0b:6c80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:41:b2:bb:f3:ba:c9:29:c7:7d:14:f9:86:1c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca0adb1a8b797020f0ec7a29a9b5abad40b653e
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc2de0ed547882c71acf7b26a64b2a8fd4632090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:54:f3:fb:4e:61:7e:f9:6d:aa:10:16:98:1e:
                    44:42:c1:6c:43:57:00:fb:9f:f6:f0:07:f0:ce:de:
                    7b:e9:b8:4e:d9:f4:53:bd:3b:ea:38:de:4b:d5:3e:
                    1f:ce:9e:c7:d3:fa:31:a0:f1:f2:42:82:23:5f:08:
                    98:e3:f3:72:3c:6b:e3:ea:0f:fa:3c:69:42:d2:a0:
                    85:29:ac:0b:41:c4:32:12:5a:cd:c1:fa:06:9b:13:
                    30:2e:b0:28:62:a4:5c:c0:c2:51:7a:76:0d:65:11:
                    a4:5a:d5:b5:2f:ee:30:99:e5:e8:18:16:9e:4a:43:
                    d5:19:12:89:a6:d6:f2:ef:d2:29:8a:a1:27:de:09:
                    60:08:03:77:b7:c8:fc:22:b9:de:3a:57:fc:b8:89:
                    33:04:9b:5c:a8:29:a2:4f:23:4f:07:60:da:76:a4:
                    09:e0:1f:9a:d2:e1:86:44:1e:e6:2d:34:44:68:d1:
                    c0:63:f8:4f:85:56:e6:cb:77:40:3f:19:96:29:15:
                    8d:f7:7a:ea:28:cc:c5:40:09:a9:ec:57:dc:5e:94:
                    3d:b8:16:cb:0e:4c:0b:1e:91:59:00:0a:3f:b3:82:
                    01:6c:a4:61:82:3b:89:13:a6:be:75:f7:8d:c7:9f:
                    d3:f1:b5:82:87:00:5f:80:10:8a:2a:af:c2:b0:d1:
                    24:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2D:E0:ED:54:78:82:C7:1A:CF:7B:26:A6:4B:2A:8F:D4:63:20:90
            X509v3 Authority Key Identifier:
                keyid:DC:A0:AD:B1:A8:B7:97:02:0F:0E:C7:A2:9A:9B:5A:BA:D4:0B:65:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KCtsai3lwIPDseimptautQLZT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/zC3g7VR4gscaz3smpksqj9RjIJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/846bd3-0373-4190-adff-3e36ca9a2d69/1/3KCtsai3lwIPDseimptautQLZT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.24.0/24
                IPv6:
                  2a0b:6c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:42:e2:38:f7:70:0a:c1:54:82:af:bf:42:52:5f:94:bb:4a:
         02:51:65:f0:5d:cc:a2:9a:7a:b4:41:d8:7b:be:dc:fc:d4:85:
         fd:f4:ed:28:7f:6a:d3:27:49:c1:35:fd:f6:5f:0e:ea:ec:f6:
         f3:cc:05:7c:f5:59:91:39:37:53:ec:6b:08:2f:4f:71:92:ca:
         83:ed:7c:af:ff:a7:21:03:03:96:0a:60:05:f3:8f:2c:28:0c:
         57:2b:82:63:94:fa:dd:68:6b:27:85:35:57:de:be:63:84:c0:
         99:0d:78:48:43:e9:05:a3:26:b3:c6:62:bf:24:0c:33:45:d0:
         a4:5f:71:5e:c3:62:56:f5:2d:eb:6c:8c:d9:ee:98:e1:08:14:
         39:bb:43:8b:38:5e:6d:24:30:a8:36:cc:0a:ef:72:1d:4c:31:
         c5:69:96:56:c5:9e:e9:5c:01:69:23:37:ed:d2:7b:57:af:ba:
         be:77:c3:b0:ed:c3:4e:18:68:e4:53:6b:82:0b:0c:a1:74:36:
         cb:9f:9e:82:66:e2:a7:c9:c1:36:ce:84:fa:56:2a:9d:c7:a9:
         c6:1d:9f:a5:ec:65:b6:a6:26:89:da:71:3c:9a:ca:80:a5:41:
         e7:92:7a:19:39:49:f0:b2:34:22:49:0a:5d:07:4b:45:4c:46:
         a6:0c:51:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS0Gyu/O6ySnHfRT5hhwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTBhZGIxYThiNzk3MDIwZjBlYzdhMjlhOWI1YWJhZDQw
YjY1M2UwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJkZTBlZDU0Nzg4MmM3MWFjZjdiMjZhNjRiMmE4ZmQ0NjMyMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFTz+05hfvltqhAWmB5EQsFsQ1cA
+5/28Afwzt576bhO2fRTvTvqON5L1T4fzp7H0/oxoPHyQoIjXwiY4/NyPGvj6g/6
PGlC0qCFKawLQcQyElrNwfoGmxMwLrAoYqRcwMJRenYNZRGkWtW1L+4wmeXoGBae
SkPVGRKJptby79IpiqEn3glgCAN3t8j8IrneOlf8uIkzBJtcqCmiTyNPB2DadqQJ
4B+a0uGGRB7mLTREaNHAY/hPhVbmy3dAPxmWKRWN93rqKMzFQAmp7FfcXpQ9uBbL
DkwLHpFZAAo/s4IBbKRhgjuJE6a+dfeNx5/T8bWChwBfgBCKKq/CsNEkxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMwt4O1UeILHGs97JqZLKo/UYyCQMB8GA1UdIwQY
MBaAFNygrbGot5cCDw7HopqbWrrUC2U+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYt
M2UzNmNhOWEyZDY5LzEvekMzZzdWUjRnc2NhejNzbXBrc3FqOVJqSUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84NDZiZDMtMDM3My00MTkwLWFkZmYtM2UzNmNhOWEyZDY5
LzEvM0tDdHNhaTNsd0lQRHNlaW1wdGF1dFFMWlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuboYMA0E
AgACMAcDBQAqC2yAMA0GCSqGSIb3DQEBCwUAA4IBAQBAQuI493AKwVSCr79CUl+U
u0oCUWXwXcyimnq0Qdh7vtz81IX99O0of2rTJ0nBNf32Xw7q7PbzzAV89VmROTdT
7GsIL09xksqD7Xyv/6chAwOWCmAF848sKAxXK4JjlPrdaGsnhTVX3r5jhMCZDXhI
Q+kFoyazxmK/JAwzRdCkX3Few2JW9S3rbIzZ7pjhCBQ5u0OLOF5tJDCoNswK73Id
TDHFaZZWxZ7pXAFpIzft0ntXr7q+d8Ow7cNOGGjkU2uCCwyhdDbLn56CZuKnycE2
zoT6Viqdx6nGHZ+l7GW2piaJ2nE8msqApUHnknoZOUnwsjQiSQpdB0tFTEamDFFX
-----END CERTIFICATE-----