Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/KmxmYXGNLWNVEmw3dp11buYqamY.roa
File:                     KmxmYXGNLWNVEmw3dp11buYqamY.roa (raw, json)
Hash identifier:          Li24zX4Nx0OSx9bjUP5f6Boyc/05lzsZx2iK+5Wjae4=
Subject key identifier:   2A:6C:66:61:71:8D:2D:63:55:12:6C:37:76:9D:75:6E:E6:2A:6A:66
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       0190B557E418D4DD628395203E215CAC3150
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/KmxmYXGNLWNVEmw3dp11buYqamY.roa
Signing time:             Mon 15 Jul 2024 07:42:34 +0000
ROA not before:           Mon 15 Jul 2024 07:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        185.146.216.0/22 maxlen: 22
                          2a07:52c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:57:e4:18:d4:dd:62:83:95:20:3e:21:5c:ac:31:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Jul 15 07:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a6c6661718d2d6355126c37769d756ee62a6a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:38:52:12:0e:85:bc:25:9e:89:8d:b9:f8:4f:
                    44:f9:30:96:d1:58:61:26:22:3c:2c:a4:c2:7e:23:
                    74:8c:f2:9b:a5:97:63:26:1c:08:c0:d9:00:07:25:
                    ca:7e:70:8e:b4:12:a1:7b:ed:67:7a:f4:12:a1:f7:
                    07:80:32:dc:87:4d:82:ce:6c:c2:2e:e8:a5:58:ad:
                    ce:91:90:a8:ad:c9:ce:58:6b:f0:37:1f:9a:c6:b5:
                    18:9f:49:bc:0f:a7:48:21:87:0d:38:53:bd:a8:16:
                    be:57:30:4b:d8:47:f1:5a:a7:c6:57:7b:72:f6:3f:
                    22:e6:3b:4f:8a:46:15:70:ed:8f:6f:ca:6e:9f:4d:
                    05:60:a3:5a:fa:7b:37:08:3e:5f:58:46:2d:8c:ca:
                    73:6f:09:66:22:9b:5a:f6:f1:3c:54:af:2d:b1:ff:
                    7c:d9:0c:63:93:a7:85:92:d0:61:82:40:ae:ff:2a:
                    b7:fe:d1:fd:8f:9f:1e:77:75:1d:ff:77:d9:dc:e9:
                    c6:01:1d:70:df:78:dc:3f:8b:72:97:01:46:37:e4:
                    f9:72:73:de:46:54:54:56:a5:4e:e0:3b:b7:b0:d9:
                    6a:49:75:d2:bf:0e:1c:81:26:fe:7e:80:05:08:cf:
                    4f:1c:4e:80:05:b8:ac:3e:c7:58:3a:04:7d:69:62:
                    97:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:6C:66:61:71:8D:2D:63:55:12:6C:37:76:9D:75:6E:E6:2A:6A:66
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/KmxmYXGNLWNVEmw3dp11buYqamY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.216.0/22
                IPv6:
                  2a07:52c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d9:ab:80:76:61:17:58:99:be:94:91:78:83:27:09:ef:6f:8b:
         d1:36:49:27:80:35:57:91:d3:72:56:2d:66:ac:f8:86:b7:4e:
         e6:0f:32:bf:7a:a1:d7:3e:2f:b1:e6:95:06:54:01:ee:6a:8e:
         76:47:ab:12:15:72:0c:33:1b:5c:0f:51:17:d8:d2:5f:5f:fa:
         13:2d:51:aa:93:4e:d9:dc:a6:54:02:bb:68:72:58:f8:f7:7b:
         4f:fa:4f:b3:e5:c6:58:56:00:80:13:35:0c:1a:bd:f1:7c:02:
         0c:e6:95:fc:02:c4:32:a9:31:b2:1b:66:b2:d9:9c:99:af:63:
         c8:d8:c4:39:5b:6a:0f:4f:06:0e:7a:8c:7d:3b:50:44:28:69:
         a6:fc:3f:d3:8c:b6:f8:0f:d8:78:fa:4c:ae:0f:ec:78:d1:d8:
         71:97:5b:71:e6:24:5d:51:77:e3:51:42:83:11:62:48:83:9e:
         86:e1:d2:5d:8c:20:28:c9:aa:d0:21:90:4f:4c:6e:44:35:1e:
         b5:61:3c:c2:5f:6b:c3:9d:b3:58:5e:ca:9c:3f:7e:2d:38:9e:
         20:9d:5f:ef:43:60:0b:8b:88:db:02:55:31:86:50:4f:2b:db:
         ea:32:1d:ce:a2:91:fc:a9:22:81:5a:b2:b2:75:ef:ad:92:4c:
         59:3c:45:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZC1V+QY1N1ig5UgPiFcrDFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjQwNzE1MDc0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTZjNjY2MTcxOGQyZDYzNTUxMjZjMzc3NjlkNzU2ZWU2MmE2YTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzhSEg6FvCWeiY25+E9E+TCW0Vhh
JiI8LKTCfiN0jPKbpZdjJhwIwNkAByXKfnCOtBKhe+1nevQSofcHgDLch02CzmzC
LuilWK3OkZCorcnOWGvwNx+axrUYn0m8D6dIIYcNOFO9qBa+VzBL2EfxWqfGV3ty
9j8i5jtPikYVcO2Pb8pun00FYKNa+ns3CD5fWEYtjMpzbwlmIpta9vE8VK8tsf98
2Qxjk6eFktBhgkCu/yq3/tH9j58ed3Ud/3fZ3OnGAR1w33jcP4tylwFGN+T5cnPe
RlRUVqVO4Du3sNlqSXXSvw4cgSb+foAFCM9PHE6ABbisPsdYOgR9aWKXHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCpsZmFxjS1jVRJsN3addW7mKmpmMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvS214bVlYR05MV05WRW13M2RwMTFidVlxYW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZLYMA0E
AgACMAcDBQMqB1LAMA0GCSqGSIb3DQEBCwUAA4IBAQDZq4B2YRdYmb6UkXiDJwnv
b4vRNkkngDVXkdNyVi1mrPiGt07mDzK/eqHXPi+x5pUGVAHuao52R6sSFXIMMxtc
D1EX2NJfX/oTLVGqk07Z3KZUArtoclj493tP+k+z5cZYVgCAEzUMGr3xfAIM5pX8
AsQyqTGyG2ay2ZyZr2PI2MQ5W2oPTwYOeox9O1BEKGmm/D/TjLb4D9h4+kyuD+x4
0dhxl1tx5iRdUXfjUUKDEWJIg56G4dJdjCAoyarQIZBPTG5ENR61YTzCX2vDnbNY
XsqcP34tOJ4gnV/vQ2ALi4jbAlUxhlBPK9vqMh3OopH8qSKBWrKyde+tkkxZPEVA
-----END CERTIFICATE-----