Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/BdRM9K7TQEUBCm8mNqXxpNBvQRM.roa
File:                     BdRM9K7TQEUBCm8mNqXxpNBvQRM.roa (raw, json)
Hash identifier:          sA7GqgsjxyxNsUOgslcoSdUFbKdxg5wZV3FNIpn9GlY=
Subject key identifier:   05:D4:4C:F4:AE:D3:40:45:01:0A:6F:26:36:A5:F1:A4:D0:6F:41:13
Certificate issuer:       /CN=60ceeb253845c6dca190d3616dba23f37d8b6397
Certificate serial:       018CC9BC10B2E07D605B6E26985E423CBBF5
Authority key identifier: 60:CE:EB:25:38:45:C6:DC:A1:90:D3:61:6D:BA:23:F3:7D:8B:63:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YM7rJThFxtyhkNNhbboj832LY5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/BdRM9K7TQEUBCm8mNqXxpNBvQRM.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1836
IP address blocks:        185.38.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/YM7rJThFxtyhkNNhbboj832LY5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/YM7rJThFxtyhkNNhbboj832LY5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YM7rJThFxtyhkNNhbboj832LY5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:10:b2:e0:7d:60:5b:6e:26:98:5e:42:3c:bb:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ceeb253845c6dca190d3616dba23f37d8b6397
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05d44cf4aed34045010a6f2636a5f1a4d06f4113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:57:c2:1f:03:5f:91:a7:26:c8:5c:80:78:ad:
                    b6:54:ce:13:80:6a:cd:68:ba:9f:5f:88:6b:5d:29:
                    64:f8:0c:5a:aa:e6:80:79:f2:1f:12:72:a6:fd:9e:
                    f1:4f:74:a3:d6:fd:54:ac:a0:e1:f1:39:8d:2d:86:
                    22:95:ed:d4:39:43:0e:6c:87:c4:b8:45:76:2d:69:
                    1d:8c:38:b0:60:ea:ae:b7:e0:6c:6b:5b:1f:b7:0e:
                    03:53:ae:b0:ee:67:40:b5:1f:65:27:0b:c0:16:2f:
                    37:46:d3:60:e3:dd:75:2d:20:68:19:b1:c5:99:60:
                    53:60:61:ff:ae:13:20:bf:b3:d1:c5:d8:32:97:2d:
                    65:2c:02:dd:e4:0b:92:98:8d:cf:02:7f:1c:11:a4:
                    8d:af:bd:f6:4a:bd:87:c9:da:13:b4:d6:4d:67:ae:
                    16:63:75:06:7c:85:a3:3a:d9:6c:7d:31:bb:9e:99:
                    a8:b4:ed:c5:e4:dc:d7:14:18:39:a8:17:07:12:43:
                    8d:1f:3b:89:37:01:49:ad:59:45:e2:d3:33:6c:a0:
                    e7:82:9e:f7:29:5e:db:8f:a6:82:4f:67:85:c9:d9:
                    0d:12:50:8b:ba:10:f1:2c:9f:5c:f1:ea:c9:f5:36:
                    5f:9a:4e:5b:07:18:5c:40:54:82:bd:4d:66:7d:ae:
                    7c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D4:4C:F4:AE:D3:40:45:01:0A:6F:26:36:A5:F1:A4:D0:6F:41:13
            X509v3 Authority Key Identifier:
                keyid:60:CE:EB:25:38:45:C6:DC:A1:90:D3:61:6D:BA:23:F3:7D:8B:63:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YM7rJThFxtyhkNNhbboj832LY5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/BdRM9K7TQEUBCm8mNqXxpNBvQRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/261514-a15d-4661-9c55-9f9322d6732b/1/YM7rJThFxtyhkNNhbboj832LY5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:65:f6:95:e7:9b:f0:03:4f:ef:a7:84:0a:d6:af:a3:85:79:
         f1:67:74:6a:ac:a6:9c:93:16:9e:0d:00:ae:40:d2:dd:7e:8a:
         4f:2f:b2:66:30:6e:e8:55:d8:81:12:84:85:5b:63:f6:b5:15:
         50:cb:8e:ef:e7:29:d4:af:f7:db:5f:f2:37:a5:22:c6:4d:8a:
         ef:62:a8:60:b4:dd:82:36:3b:d4:c2:08:ec:d5:b7:6f:43:48:
         10:bc:9f:1b:bd:df:06:04:a4:5a:95:73:be:9d:03:18:15:0f:
         c9:07:c9:d1:7a:1c:e5:7a:43:16:75:2e:7c:4a:30:bc:f9:8a:
         80:d0:9b:f9:45:30:d6:65:8d:ce:07:3a:a1:75:c3:b9:e0:ad:
         3d:6e:11:9b:f8:1b:89:cf:20:85:7e:9f:f1:17:b0:ec:d7:c5:
         02:43:64:f3:06:ba:99:67:7a:87:4e:f8:b7:1e:b3:02:6b:f7:
         65:c3:5b:ac:1e:2f:96:3d:2f:90:d4:02:39:46:3f:76:32:a6:
         ec:1b:e4:52:14:ef:d8:21:6c:ec:5f:4f:7b:9e:3c:eb:57:3a:
         07:14:56:3d:a6:93:96:4e:dc:d1:17:08:4e:6b:3a:bf:ec:be:
         16:75:61:35:22:36:11:cb:54:50:8c:91:56:be:71:7e:1b:b0:
         b3:7c:0c:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvBCy4H1gW24mmF5CPLv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwY2VlYjI1Mzg0NWM2ZGNhMTkwZDM2MTZkYmEyM2YzN2Q4
YjYzOTcwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQ0NGNmNGFlZDM0MDQ1MDEwYTZmMjYzNmE1ZjFhNGQwNmY0MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlfCHwNfkacmyFyAeK22VM4TgGrN
aLqfX4hrXSlk+AxaquaAefIfEnKm/Z7xT3Sj1v1UrKDh8TmNLYYile3UOUMObIfE
uEV2LWkdjDiwYOqut+Bsa1sftw4DU66w7mdAtR9lJwvAFi83RtNg4911LSBoGbHF
mWBTYGH/rhMgv7PRxdgyly1lLALd5AuSmI3PAn8cEaSNr732Sr2HydoTtNZNZ64W
Y3UGfIWjOtlsfTG7npmotO3F5NzXFBg5qBcHEkONHzuJNwFJrVlF4tMzbKDngp73
KV7bj6aCT2eFydkNElCLuhDxLJ9c8erJ9TZfmk5bBxhcQFSCvU1mfa58GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXUTPSu00BFAQpvJjal8aTQb0ETMB8GA1UdIwQY
MBaAFGDO6yU4RcbcoZDTYW26I/N9i2OXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU03ckpUaEZ4dHloa05OaGJib2o4MzJMWTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yNjE1MTQtYTE1ZC00NjYxLTljNTUt
OWY5MzIyZDY3MzJiLzEvQmRSTTlLN1RRRVVCQ204bU5xWHhwTkJ2UVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yNjE1MTQtYTE1ZC00NjYxLTljNTUtOWY5MzIyZDY3MzJi
LzEvWU03ckpUaEZ4dHloa05OaGJib2o4MzJMWTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSZCMA0G
CSqGSIb3DQEBCwUAA4IBAQCZZfaV55vwA0/vp4QK1q+jhXnxZ3RqrKackxaeDQCu
QNLdfopPL7JmMG7oVdiBEoSFW2P2tRVQy47v5ynUr/fbX/I3pSLGTYrvYqhgtN2C
NjvUwgjs1bdvQ0gQvJ8bvd8GBKRalXO+nQMYFQ/JB8nRehzlekMWdS58SjC8+YqA
0Jv5RTDWZY3OBzqhdcO54K09bhGb+BuJzyCFfp/xF7Ds18UCQ2TzBrqZZ3qHTvi3
HrMCa/dlw1usHi+WPS+Q1AI5Rj92MqbsG+RSFO/YIWzsX097njzrVzoHFFY9ppOW
TtzRFwhOazq/7L4WdWE1IjYRy1RQjJFWvnF+G7CzfAxL
-----END CERTIFICATE-----