Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/0mtyofaROf_Fsx9u0yDgYPhonuo.roa
File:                     0mtyofaROf_Fsx9u0yDgYPhonuo.roa (raw, json)
Hash identifier:          cZ7Zn4BzotiG+HiJ0SZmf8LxiqB7/zGg5Nc6UZszvOQ=
Subject key identifier:   D2:6B:72:A1:F6:91:39:FF:C5:B3:1F:6E:D3:20:E0:60:F8:68:9E:EA
Certificate issuer:       /CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
Certificate serial:       018F0F9EAEFBB3311E82386C7FABAEB69897
Authority key identifier: BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/0mtyofaROf_Fsx9u0yDgYPhonuo.roa
Signing time:             Wed 24 Apr 2024 10:20:08 +0000
ROA not before:           Wed 24 Apr 2024 10:20:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15659
IP address blocks:        185.127.100.0/23 maxlen: 23
                          2a03:96e0::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:9e:ae:fb:b3:31:1e:82:38:6c:7f:ab:ae:b6:98:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
        Validity
            Not Before: Apr 24 10:20:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d26b72a1f69139ffc5b31f6ed320e060f8689eea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e2:73:59:2b:88:94:6b:d4:10:20:52:84:ad:
                    70:63:c5:df:47:32:c9:ff:8c:d8:76:8c:02:c8:a3:
                    08:c0:8d:0b:ec:73:f7:e2:6f:88:c2:4c:2c:e0:a8:
                    a8:b5:ca:32:95:73:90:27:c3:7d:c1:41:4f:f4:cd:
                    68:48:0f:e9:b6:0f:9c:b7:73:da:71:b5:8c:6b:e8:
                    1b:87:59:a9:b0:b5:b9:58:2a:76:d6:fd:f4:64:a4:
                    9e:d9:00:dc:41:93:9b:ef:75:31:5b:7f:81:e5:82:
                    14:46:30:35:f4:13:19:ae:4d:f9:f5:8f:ba:85:33:
                    b9:51:1e:41:cc:67:3d:ae:e8:8f:70:24:99:00:ff:
                    3f:4f:c1:b1:c5:18:92:67:dc:05:1a:7f:fe:76:62:
                    4a:cf:c4:3d:8e:70:97:50:b6:a6:b9:3e:1c:62:e0:
                    62:c1:b5:14:fc:cd:43:e9:4d:3e:ae:29:70:8f:02:
                    aa:00:86:ab:b7:db:42:9a:0a:5e:58:01:d1:84:bd:
                    93:c1:5d:eb:c1:58:65:61:ad:82:51:b4:a7:e5:d7:
                    3c:e2:a3:01:62:36:f1:8a:73:61:2d:7f:b7:e0:f1:
                    68:ab:e0:5d:2d:40:75:35:dd:36:84:10:54:fe:a9:
                    db:33:a3:00:cb:c1:3b:36:33:79:8d:71:08:89:d4:
                    b8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6B:72:A1:F6:91:39:FF:C5:B3:1F:6E:D3:20:E0:60:F8:68:9E:EA
            X509v3 Authority Key Identifier:
                keyid:BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/0mtyofaROf_Fsx9u0yDgYPhonuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.100.0/23
                IPv6:
                  2a03:96e0::/33

    Signature Algorithm: sha256WithRSAEncryption
         02:d2:1a:1c:13:01:b1:b7:7f:ff:ca:23:ab:a4:a9:1b:4a:6b:
         a7:26:76:1f:61:05:0c:47:97:4f:9c:a7:77:db:f1:a9:bd:80:
         1c:2a:20:03:d5:af:c1:d2:10:2c:1b:83:69:fc:b2:d2:53:5e:
         e1:ab:80:27:53:9f:f9:e6:7e:00:db:c6:69:3e:d8:e6:19:94:
         45:3b:21:84:81:15:00:cc:fb:c3:78:a0:39:a9:d4:4b:e2:b6:
         63:44:da:74:91:b7:72:e6:74:56:ec:37:97:4c:ad:c1:8e:d4:
         d1:e2:cc:a4:01:dd:ec:e3:d5:d4:e7:fa:2f:ec:78:21:f4:4e:
         7b:f2:72:54:2f:fe:55:17:17:4b:24:3f:07:65:bb:c0:a8:18:
         8f:c7:65:de:aa:35:08:9c:dc:cb:fd:df:50:67:0d:29:9c:2d:
         a4:53:a5:2e:a6:54:ef:3d:18:13:68:e1:02:a2:08:6b:6a:55:
         c9:87:50:6c:0d:72:90:99:be:d5:3a:50:aa:14:9a:26:08:da:
         d9:5a:49:37:9b:88:89:5c:a9:c7:92:c8:6a:ac:cc:d6:e6:73:
         69:53:12:ff:67:bd:47:4b:24:07:da:68:95:51:aa:a2:8d:db:
         a5:15:b3:15:21:d1:5f:ac:1c:f3:62:d8:16:d4:e0:92:c8:83:
         1f:5f:58:a8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY8Pnq77szEegjhsf6uutpiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNWMwODMyM2FjMjdhYjY1NTNhNWE2OWE3M2E1OGY4MDI0
MjNkNjgwHhcNMjQwNDI0MTAyMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjZiNzJhMWY2OTEzOWZmYzViMzFmNmVkMzIwZTA2MGY4Njg5ZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+JzWSuIlGvUECBShK1wY8XfRzLJ
/4zYdowCyKMIwI0L7HP34m+Iwkws4KiotcoylXOQJ8N9wUFP9M1oSA/ptg+ct3Pa
cbWMa+gbh1mpsLW5WCp21v30ZKSe2QDcQZOb73UxW3+B5YIURjA19BMZrk359Y+6
hTO5UR5BzGc9ruiPcCSZAP8/T8GxxRiSZ9wFGn/+dmJKz8Q9jnCXULamuT4cYuBi
wbUU/M1D6U0+rilwjwKqAIart9tCmgpeWAHRhL2TwV3rwVhlYa2CUbSn5dc84qMB
YjbxinNhLX+34PFoq+BdLUB1Nd02hBBU/qnbM6MAy8E7NjN5jXEIidS4WwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNJrcqH2kTn/xbMfbtMg4GD4aJ7qMB8GA1UdIwQY
MBaAFL1cCDI6wnq2VTpaaac6WPgCQj1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMt
NDY0MWFiNmU0YmZiLzEvMG10eW9mYVJPZl9Gc3g5dTB5RGdZUGhvbnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMtNDY0MWFiNmU0YmZi
LzEvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuX9kMA4E
AgACMAgDBgcqA5bgADANBgkqhkiG9w0BAQsFAAOCAQEAAtIaHBMBsbd//8ojq6Sp
G0prpyZ2H2EFDEeXT5ynd9vxqb2AHCogA9WvwdIQLBuDafyy0lNe4auAJ1Of+eZ+
ANvGaT7Y5hmURTshhIEVAMz7w3igOanUS+K2Y0TadJG3cuZ0Vuw3l0ytwY7U0eLM
pAHd7OPV1Of6L+x4IfROe/JyVC/+VRcXSyQ/B2W7wKgYj8dl3qo1CJzcy/3fUGcN
KZwtpFOlLqZU7z0YE2jhAqIIa2pVyYdQbA1ykJm+1TpQqhSaJgja2VpJN5uIiVyp
x5LIaqzM1uZzaVMS/2e9R0skB9polVGqoo3bpRWzFSHRX6wc82LYFtTgksiDH19Y
qA==
-----END CERTIFICATE-----