Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/7ZkTJEwmFChnw7-INtyCqIV6M0E.roa
File:                     7ZkTJEwmFChnw7-INtyCqIV6M0E.roa (raw, json)
Hash identifier:          XdXTbKLehQ/KHz+GoxcTYB8mA5koi9ving37WweysQk=
Subject key identifier:   ED:99:13:24:4C:26:14:28:67:C3:BF:88:36:DC:82:A8:85:7A:33:41
Certificate issuer:       /CN=35b1cce4d5bad8d9c2edca400e2bfc54a24185bf
Certificate serial:       018CC26D36C40626CAF1219398784873FFCF
Authority key identifier: 35:B1:CC:E4:D5:BA:D8:D9:C2:ED:CA:40:0E:2B:FC:54:A2:41:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NbHM5NW62NnC7cpADiv8VKJBhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/7ZkTJEwmFChnw7-INtyCqIV6M0E.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206298
IP address blocks:        185.190.76.0/22 maxlen: 22
                          2a0a:5c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/NbHM5NW62NnC7cpADiv8VKJBhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/NbHM5NW62NnC7cpADiv8VKJBhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NbHM5NW62NnC7cpADiv8VKJBhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:c4:06:26:ca:f1:21:93:98:78:48:73:ff:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35b1cce4d5bad8d9c2edca400e2bfc54a24185bf
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed9913244c26142867c3bf8836dc82a8857a3341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2f:37:e7:ce:5c:d6:dc:7a:30:43:2c:2d:f2:
                    7f:c7:89:b8:52:98:3a:0f:b6:68:60:76:24:b7:af:
                    f5:ff:e5:5b:34:ce:1d:21:23:33:3d:11:58:8d:28:
                    0d:52:f5:04:b5:6d:2f:8f:d1:8c:27:a3:51:cf:02:
                    31:8e:fd:9f:b8:87:af:0b:65:de:37:61:95:6b:f5:
                    25:55:a2:f3:1b:5c:a4:9f:ca:cf:6a:1c:74:47:de:
                    a9:a4:73:02:04:65:ad:71:59:48:84:c2:74:d2:21:
                    ce:1a:c3:81:06:00:e9:66:99:2b:74:69:92:67:a0:
                    57:2c:52:ca:44:14:9d:7e:b0:a5:3c:24:cf:65:ad:
                    db:a5:3c:45:82:61:74:fc:3f:71:f6:cf:44:d8:c2:
                    d2:df:88:89:72:18:bb:ee:62:be:6a:a1:55:0a:1a:
                    75:5b:a8:9d:b9:e1:37:d5:93:8c:63:64:98:67:b7:
                    e0:49:92:c3:38:c2:1f:d2:cd:0f:38:73:b9:cc:d9:
                    a4:15:40:33:20:2d:ba:a0:b6:8b:6c:67:84:90:ee:
                    e2:13:91:43:e0:d4:85:1f:85:68:ed:22:03:7b:68:
                    d9:4b:a6:49:54:95:5f:1a:bf:e3:f3:96:a0:aa:c2:
                    8f:9d:de:b2:28:59:15:1c:fa:49:9d:cf:7a:91:01:
                    c3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:99:13:24:4C:26:14:28:67:C3:BF:88:36:DC:82:A8:85:7A:33:41
            X509v3 Authority Key Identifier:
                keyid:35:B1:CC:E4:D5:BA:D8:D9:C2:ED:CA:40:0E:2B:FC:54:A2:41:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NbHM5NW62NnC7cpADiv8VKJBhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/7ZkTJEwmFChnw7-INtyCqIV6M0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/303184-9f7e-4583-80ba-cfd3b53dc456/1/NbHM5NW62NnC7cpADiv8VKJBhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.76.0/22
                IPv6:
                  2a0a:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:61:3e:6f:db:5d:d4:7b:d5:7c:7b:65:ac:c8:f5:3c:3f:92:
         02:b0:0a:a9:8a:8e:d0:b7:6d:8e:05:a1:4c:71:a9:01:ea:0e:
         4f:37:9a:e2:45:1e:5f:84:6a:6f:33:d8:2f:af:b7:6e:09:98:
         87:2a:6f:21:f7:b2:37:54:38:b8:f4:7a:4a:97:1e:ec:9c:f7:
         21:dd:1c:91:c7:91:15:ef:c2:8a:5a:35:71:1f:75:37:e2:e2:
         60:f7:ca:45:46:8a:10:72:ae:c1:09:18:b9:b3:1f:a7:68:4a:
         eb:b7:88:80:a1:50:7c:ec:7a:7a:54:93:83:c1:0e:ed:8a:e1:
         69:24:95:10:c1:9d:37:f9:7a:2e:3d:18:be:f1:f9:53:6f:f8:
         46:4c:37:01:39:83:a6:be:54:c9:9c:a9:97:42:f3:ea:ee:53:
         03:e6:7d:87:d1:34:27:f3:d2:13:0c:8b:8a:fb:2b:59:26:65:
         ed:c1:e1:7a:f7:a2:f9:8b:45:32:24:f3:44:20:b9:1c:2c:3b:
         17:8d:dd:1c:cd:10:55:64:f7:d8:69:62:a3:0c:f8:e7:2d:08:
         29:e5:30:bb:a3:5d:6d:e1:3a:f1:1c:df:bf:f5:d0:36:f9:cc:
         51:e3:90:51:25:d6:c0:cc:15:63:cc:a4:36:13:4f:31:0d:5c:
         21:5c:b4:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbTbEBibK8SGTmHhIc//PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1YjFjY2U0ZDViYWQ4ZDljMmVkY2E0MDBlMmJmYzU0YTI0
MTg1YmYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk5MTMyNDRjMjYxNDI4NjdjM2JmODgzNmRjODJhODg1N2EzMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy83585c1tx6MEMsLfJ/x4m4Upg6
D7ZoYHYkt6/1/+VbNM4dISMzPRFYjSgNUvUEtW0vj9GMJ6NRzwIxjv2fuIevC2Xe
N2GVa/UlVaLzG1ykn8rPahx0R96ppHMCBGWtcVlIhMJ00iHOGsOBBgDpZpkrdGmS
Z6BXLFLKRBSdfrClPCTPZa3bpTxFgmF0/D9x9s9E2MLS34iJchi77mK+aqFVChp1
W6idueE31ZOMY2SYZ7fgSZLDOMIf0s0POHO5zNmkFUAzIC26oLaLbGeEkO7iE5FD
4NSFH4Vo7SIDe2jZS6ZJVJVfGr/j85agqsKPnd6yKFkVHPpJnc96kQHDkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO2ZEyRMJhQoZ8O/iDbcgqiFejNBMB8GA1UdIwQY
MBaAFDWxzOTVutjZwu3KQA4r/FSiQYW/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmJITTVOVzYyTm5DN2NwQURpdjhWS0pCaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zMDMxODQtOWY3ZS00NTgzLTgwYmEt
Y2ZkM2I1M2RjNDU2LzEvN1prVEpFd21GQ2hudzctSU50eUNxSVY2TTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zMDMxODQtOWY3ZS00NTgzLTgwYmEtY2ZkM2I1M2RjNDU2
LzEvTmJITTVOVzYyTm5DN2NwQURpdjhWS0pCaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub5MMA0E
AgACMAcDBQMqCgXAMA0GCSqGSIb3DQEBCwUAA4IBAQA+YT5v213Ue9V8e2WsyPU8
P5ICsAqpio7Qt22OBaFMcakB6g5PN5riRR5fhGpvM9gvr7duCZiHKm8h97I3VDi4
9HpKlx7snPch3RyRx5EV78KKWjVxH3U34uJg98pFRooQcq7BCRi5sx+naErrt4iA
oVB87Hp6VJODwQ7tiuFpJJUQwZ03+XouPRi+8flTb/hGTDcBOYOmvlTJnKmXQvPq
7lMD5n2H0TQn89ITDIuK+ytZJmXtweF696L5i0UyJPNEILkcLDsXjd0czRBVZPfY
aWKjDPjnLQgp5TC7o11t4TrxHN+/9dA2+cxR45BRJdbAzBVjzKQ2E08xDVwhXLSO
-----END CERTIFICATE-----