Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/doSMAB-bfku3VZ0a3Ij3OTo6H8U.roa
File:                     doSMAB-bfku3VZ0a3Ij3OTo6H8U.roa (raw, json)
Hash identifier:          LrzYz8vH+KDAviOpoR29WRaxIniwerIIKyD9CCSIwJQ=
Subject key identifier:   76:84:8C:00:1F:9B:7E:4B:B7:55:9D:1A:DC:88:F7:39:3A:3A:1F:C5
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0192D28EF48E099B21932D4B8A0435D23E13
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/doSMAB-bfku3VZ0a3Ij3OTo6H8U.roa
Signing time:             Mon 28 Oct 2024 09:57:16 +0000
ROA not before:           Mon 28 Oct 2024 09:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.210.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:8e:f4:8e:09:9b:21:93:2d:4b:8a:04:35:d2:3e:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Oct 28 09:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76848c001f9b7e4bb7559d1adc88f7393a3a1fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a4:5d:b2:f5:2e:f5:36:5d:6c:43:7d:21:42:
                    92:61:de:34:2c:c7:90:9b:cf:a4:c6:a6:f4:b3:9b:
                    3a:60:8c:0f:e1:b7:c0:a3:ba:7a:30:ab:bd:d0:c7:
                    fb:fd:54:b4:c5:4a:9f:6e:de:66:e7:6f:d3:07:a4:
                    12:43:15:24:87:b7:68:5c:af:92:ad:ab:54:a4:22:
                    33:c7:2d:59:04:b5:a7:70:21:ab:44:39:96:5f:63:
                    e6:df:2c:18:08:36:1d:7d:b7:db:1b:be:b8:67:6f:
                    2f:c2:62:8a:8f:ff:95:36:39:f1:c9:c7:78:d7:08:
                    85:f9:8c:42:f1:d7:1a:e1:89:46:c9:71:ce:6c:7a:
                    7a:62:61:26:87:4a:af:96:aa:8f:07:4b:7f:03:93:
                    57:dc:ae:34:51:fd:b0:96:a7:02:e1:99:d1:1a:33:
                    bf:21:0d:f9:a2:d2:9e:d4:fe:f3:3a:cc:92:23:b4:
                    5f:ba:17:e7:27:7f:47:be:aa:15:0d:93:97:44:a0:
                    40:0b:22:00:77:a0:51:af:06:7f:df:6e:f5:3d:25:
                    79:82:4a:ee:e4:06:f2:8a:81:7f:aa:84:02:d9:15:
                    43:c5:0c:4a:15:44:b9:c4:44:67:e7:95:6c:21:72:
                    5c:a4:0a:08:29:20:d6:71:84:5e:4a:db:a9:6d:74:
                    56:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:84:8C:00:1F:9B:7E:4B:B7:55:9D:1A:DC:88:F7:39:3A:3A:1F:C5
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/doSMAB-bfku3VZ0a3Ij3OTo6H8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:e6:c9:55:3f:0b:54:3b:3a:88:fd:b5:70:cd:f3:18:24:54:
         c9:f3:5a:89:eb:ce:24:cb:4f:84:65:17:22:22:02:e0:cb:bb:
         4e:29:0a:9d:93:44:44:4a:83:ed:78:c6:6f:ab:8b:c3:ad:ff:
         d7:92:e9:89:42:7d:ff:02:8e:f0:88:1d:bb:e9:ba:8c:70:d2:
         78:47:e4:17:8f:aa:11:e5:54:28:5b:2f:4f:84:cd:ac:b8:69:
         2e:de:38:e0:b5:e1:b7:7d:bb:b4:1d:ea:84:61:ac:91:c7:53:
         3c:43:36:09:d6:81:07:c6:39:90:37:1b:96:87:ff:5e:fc:c0:
         e6:31:72:1d:00:37:33:ca:8a:a5:a2:2d:7a:e2:b6:aa:8c:72:
         1c:b2:aa:3e:25:ba:2e:73:26:c1:ed:75:02:40:93:c8:b3:a0:
         4a:48:f3:9d:fc:8b:8d:83:34:57:6d:4e:12:04:c8:a6:79:d1:
         b7:96:d2:c8:a5:1b:a5:60:c1:54:92:fc:bb:99:02:d8:32:9a:
         01:cd:7a:c4:4a:c4:52:9c:f4:b8:74:d9:12:f3:66:05:ad:13:
         af:df:dc:06:7f:d0:8f:1d:45:05:e5:58:0a:8e:ae:a3:6a:9b:
         55:8e:c6:2a:27:7d:f2:33:93:fb:a9:5d:03:84:7a:67:6b:bd:
         12:cd:f9:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLSjvSOCZshky1LigQ10j4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQxMDI4MDk1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg0OGMwMDFmOWI3ZTRiYjc1NTlkMWFkYzg4ZjczOTNhM2ExZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KRdsvUu9TZdbEN9IUKSYd40LMeQ
m8+kxqb0s5s6YIwP4bfAo7p6MKu90Mf7/VS0xUqfbt5m52/TB6QSQxUkh7doXK+S
ratUpCIzxy1ZBLWncCGrRDmWX2Pm3ywYCDYdfbfbG764Z28vwmKKj/+VNjnxycd4
1wiF+YxC8dca4YlGyXHObHp6YmEmh0qvlqqPB0t/A5NX3K40Uf2wlqcC4ZnRGjO/
IQ35otKe1P7zOsySI7RfuhfnJ39HvqoVDZOXRKBACyIAd6BRrwZ/3271PSV5gkru
5AbyioF/qoQC2RVDxQxKFUS5xERn55VsIXJcpAoIKSDWcYReStupbXRWtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaEjAAfm35Lt1WdGtyI9zk6Oh/FMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvZG9TTUFCLWJma3UzVlowYTNJajNPVG82SDhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKoMA0G
CSqGSIb3DQEBCwUAA4IBAQB75slVPwtUOzqI/bVwzfMYJFTJ81qJ684ky0+EZRci
IgLgy7tOKQqdk0RESoPteMZvq4vDrf/XkumJQn3/Ao7wiB276bqMcNJ4R+QXj6oR
5VQoWy9PhM2suGku3jjgteG3fbu0HeqEYayRx1M8QzYJ1oEHxjmQNxuWh/9e/MDm
MXIdADczyoqloi164raqjHIcsqo+JboucybB7XUCQJPIs6BKSPOd/IuNgzRXbU4S
BMimedG3ltLIpRulYMFUkvy7mQLYMpoBzXrESsRSnPS4dNkS82YFrROv39wGf9CP
HUUF5VgKjq6japtVjsYqJ33yM5P7qV0DhHpna70Szfnb
-----END CERTIFICATE-----