Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/DYONRSc-MWtDHdz9xgPdsqNzmCk.roa
File:                     DYONRSc-MWtDHdz9xgPdsqNzmCk.roa (raw, json)
Hash identifier:          dYyzAkQ7hsc7xIqdS4M+f2GSTvS993sfUQVWeS01aXE=
Subject key identifier:   0D:83:8D:45:27:3E:31:6B:43:1D:DC:FD:C6:03:DD:B2:A3:73:98:29
Certificate issuer:       /CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
Certificate serial:       018CC2DAB97E34A64A55E2B9E21A43088D00
Authority key identifier: 5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/DYONRSc-MWtDHdz9xgPdsqNzmCk.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210731
IP address blocks:        185.129.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b9:7e:34:a6:4a:55:e2:b9:e2:1a:43:08:8d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d838d45273e316b431ddcfdc603ddb2a3739829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:62:9b:b2:54:0b:99:37:31:c7:7a:a5:29:
                    ae:5d:ca:67:bc:be:84:7f:bb:8e:0c:84:80:c1:79:
                    c6:14:30:c6:83:0f:14:1a:64:dd:bd:91:09:51:09:
                    0d:da:d3:d8:76:e4:10:e9:c8:83:9a:63:83:80:38:
                    38:07:29:17:93:07:c5:23:d5:e2:b0:bd:31:ce:20:
                    06:ca:3d:ef:e6:e1:46:88:38:dd:e5:3b:b4:cb:3a:
                    2f:50:48:c9:0a:e9:1f:9d:8b:72:e6:1a:49:b7:8e:
                    e5:66:db:c4:9a:74:ca:62:bb:5d:5b:42:54:de:1b:
                    c8:2d:e2:5b:a1:b4:8b:65:0d:8e:2a:7f:15:b9:e4:
                    3e:a6:e7:b7:a0:f8:6a:6c:8d:f8:4c:c4:b2:29:6f:
                    2a:22:da:5b:11:44:12:2c:21:34:f6:11:e1:34:ea:
                    d6:87:15:d7:97:41:8c:4c:8b:fb:28:52:d1:77:c4:
                    99:f5:97:3e:e2:6c:92:cb:43:49:8b:89:f6:22:02:
                    aa:f1:c9:2b:25:e9:95:72:34:48:17:62:39:f9:d9:
                    a9:92:1c:b1:bf:b1:d6:da:47:8d:fd:1a:88:4c:c7:
                    05:95:24:10:ed:c9:a5:38:11:c5:7e:18:58:64:28:
                    7e:c7:c2:53:e7:a7:f5:a0:af:23:d2:11:9c:74:a3:
                    44:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:83:8D:45:27:3E:31:6B:43:1D:DC:FD:C6:03:DD:B2:A3:73:98:29
            X509v3 Authority Key Identifier:
                keyid:5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/DYONRSc-MWtDHdz9xgPdsqNzmCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:17:d3:c9:37:4a:d0:49:c6:d9:b3:81:26:6a:ef:13:85:f8:
         4a:cf:27:63:c4:5d:d1:22:3c:b5:00:3f:da:94:0f:64:4c:03:
         d7:fa:e2:14:e1:4b:4c:c8:bc:54:fa:cf:df:fc:21:81:96:3a:
         75:b5:bd:2f:f6:90:a8:33:49:0c:8f:1d:e6:6f:d0:bc:b9:d9:
         e7:34:6d:73:c5:77:5f:28:9b:b1:cf:43:11:d8:19:d2:1f:12:
         b2:bb:ad:72:a1:8b:2b:a3:2c:3d:bb:6f:cc:6c:5f:39:c5:36:
         79:5d:74:92:af:7a:44:cc:06:65:50:f5:2e:9f:c8:13:91:6d:
         2e:65:00:e8:51:98:d0:b4:b4:9c:3c:22:51:bf:d4:f8:c6:31:
         64:84:f4:72:06:e4:ad:fb:f5:60:46:6a:f2:86:dd:de:d8:2f:
         d1:50:79:26:fa:d1:3c:7d:53:05:ee:47:4f:ff:2d:66:93:1e:
         4f:12:fe:80:76:4e:b1:60:4f:94:a5:e2:37:97:a6:ec:ee:57:
         f8:c5:54:36:24:f3:bc:bf:94:28:5e:57:a3:db:0f:db:a2:58:
         51:35:11:b8:d2:91:f1:47:71:84:c7:fd:af:d2:57:b6:70:0d:
         a8:fa:d4:7b:8a:19:47:3f:9e:00:7a:69:28:2c:7f:c7:2d:53:
         25:1b:bb:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rl+NKZKVeK54hpDCI0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDIzYzdhYzZlNjgyZmJjNTNiZTFhMGU5MzE4ZjZjY2Fl
NzE5M2QwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDgzOGQ0NTI3M2UzMTZiNDMxZGRjZmRjNjAzZGRiMmEzNzM5ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspFim7JUC5k3Mcd6pSmuXcpnvL6E
f7uODISAwXnGFDDGgw8UGmTdvZEJUQkN2tPYduQQ6ciDmmODgDg4BykXkwfFI9Xi
sL0xziAGyj3v5uFGiDjd5Tu0yzovUEjJCukfnYty5hpJt47lZtvEmnTKYrtdW0JU
3hvILeJbobSLZQ2OKn8VueQ+pue3oPhqbI34TMSyKW8qItpbEUQSLCE09hHhNOrW
hxXXl0GMTIv7KFLRd8SZ9Zc+4mySy0NJi4n2IgKq8ckrJemVcjRIF2I5+dmpkhyx
v7HW2keN/RqITMcFlSQQ7cmlOBHFfhhYZCh+x8JT56f1oK8j0hGcdKNEYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2DjUUnPjFrQx3c/cYD3bKjc5gpMB8GA1UdIwQY
MBaAFF3SPHrG5oL7xTvhoOkxj2zK5xk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWIt
ZWJlMjMzMmNhZjFjLzEvRFlPTlJTYy1NV3RESGR6OXhnUGRzcU56bUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWItZWJlMjMzMmNhZjFj
LzEvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYE9MA0G
CSqGSIb3DQEBCwUAA4IBAQAUF9PJN0rQScbZs4Emau8ThfhKzydjxF3RIjy1AD/a
lA9kTAPX+uIU4UtMyLxU+s/f/CGBljp1tb0v9pCoM0kMjx3mb9C8udnnNG1zxXdf
KJuxz0MR2BnSHxKyu61yoYsroyw9u2/MbF85xTZ5XXSSr3pEzAZlUPUun8gTkW0u
ZQDoUZjQtLScPCJRv9T4xjFkhPRyBuSt+/VgRmryht3e2C/RUHkm+tE8fVMF7kdP
/y1mkx5PEv6Adk6xYE+UpeI3l6bs7lf4xVQ2JPO8v5QoXlej2w/bolhRNRG40pHx
R3GEx/2v0le2cA2o+tR7ihlHP54AemkoLH/HLVMlG7vZ
-----END CERTIFICATE-----