Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/DBomSFjdsnGSdRSTAlH1YfT9Ejs.roa
File:                     DBomSFjdsnGSdRSTAlH1YfT9Ejs.roa (raw, json)
Hash identifier:          vXGy19cSvl4t7DXJkOiXI2Uq8cOcYunph6bONQ64hjk=
Subject key identifier:   0C:1A:26:48:58:DD:B2:71:92:75:14:93:02:51:F5:61:F4:FD:12:3B
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCD864C23298B9F93D497BA4752AEB
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/DBomSFjdsnGSdRSTAlH1YfT9Ejs.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50247
IP address blocks:        185.129.124.0/23 maxlen: 23
                          185.129.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 10:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d8:64:c2:32:98:b9:f9:3d:49:7b:a4:75:2a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c1a264858ddb271927514930251f561f4fd123b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:28:cf:17:86:85:88:a5:d5:6e:ab:0f:e4:db:
                    a6:4f:6f:84:c7:36:1c:50:90:1c:f8:cc:df:4e:5f:
                    5d:3c:de:69:68:ac:d1:57:4f:3d:af:86:03:7b:c7:
                    6c:04:39:12:0f:92:e8:eb:c0:16:c2:2f:d8:cb:b9:
                    21:df:d9:f0:74:e7:fb:51:0e:58:83:4d:08:eb:62:
                    ed:76:97:16:92:ea:89:63:e0:d5:04:f2:c1:62:99:
                    e3:83:5c:32:9b:1c:45:61:59:1c:88:6d:67:6b:c9:
                    e7:0e:88:7b:21:41:13:8c:d1:b6:f2:cc:f4:eb:16:
                    74:1c:ed:2b:95:f6:83:88:8a:ec:6c:6a:e0:9f:38:
                    bb:e8:0a:6e:cb:1e:c0:6d:6b:c9:5d:ad:94:d0:c0:
                    0e:ca:b6:49:f2:87:df:9b:60:0e:d4:4c:08:64:d4:
                    c0:39:f4:20:d0:24:58:45:33:a6:f9:df:8d:33:b1:
                    a8:b6:01:db:04:60:4d:12:d5:09:9f:12:2e:8a:a9:
                    83:9e:2d:62:46:59:27:0e:54:52:40:37:70:40:28:
                    73:19:51:5b:2a:39:08:b4:95:52:c6:15:eb:fd:75:
                    57:f0:f8:a1:ea:d1:e8:fb:e2:73:28:84:31:8d:2c:
                    65:61:6f:3a:1b:83:c4:02:89:13:ef:71:b2:2f:c3:
                    c4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:1A:26:48:58:DD:B2:71:92:75:14:93:02:51:F5:61:F4:FD:12:3B
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/DBomSFjdsnGSdRSTAlH1YfT9Ejs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:e6:ad:63:98:24:ec:6a:3a:18:16:95:92:e5:c2:ee:60:eb:
         6e:0e:c3:76:b0:8c:5a:1c:71:3d:56:e1:33:a3:73:d2:b8:68:
         35:18:ab:18:28:ba:7c:16:d9:62:0c:3d:13:b6:83:8a:1a:87:
         8e:52:69:32:63:d5:3b:0f:fa:dc:62:a9:44:f8:64:1c:03:45:
         1e:8e:e6:af:39:72:28:35:d6:93:1a:a8:91:1f:de:34:76:51:
         f7:1c:fe:bc:62:5a:f8:76:29:c8:45:7e:f9:51:5a:16:5e:d6:
         37:d4:03:c8:b8:17:03:7e:2e:a4:d6:cc:79:6f:de:90:b6:66:
         39:14:96:07:18:59:5d:93:e1:c5:0c:9a:0a:d6:42:b5:c5:f1:
         1c:50:4c:9e:79:46:13:2b:44:78:cb:45:53:28:1f:89:0a:7b:
         d0:97:e6:5e:91:e3:69:cb:bb:b2:eb:8d:99:c7:54:a5:b0:c6:
         64:17:20:ad:90:5d:eb:bf:dd:98:38:60:e1:a9:b9:f6:b2:31:
         f8:d3:8c:0b:48:38:8e:2c:b3:34:22:f7:92:56:b0:03:55:37:
         a3:88:8a:e3:d4:0e:7b:28:fa:fc:04:ba:48:a7:14:27:52:e7:
         96:3f:9e:3b:28:1c:e9:88:81:c3:b3:35:38:13:fb:66:80:28:
         b1:66:af:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NhkwjKYufk9SXukdSrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFhMjY0ODU4ZGRiMjcxOTI3NTE0OTMwMjUxZjU2MWY0ZmQxMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvijPF4aFiKXVbqsP5NumT2+ExzYc
UJAc+MzfTl9dPN5paKzRV089r4YDe8dsBDkSD5Lo68AWwi/Yy7kh39nwdOf7UQ5Y
g00I62LtdpcWkuqJY+DVBPLBYpnjg1wymxxFYVkciG1na8nnDoh7IUETjNG28sz0
6xZ0HO0rlfaDiIrsbGrgnzi76Apuyx7AbWvJXa2U0MAOyrZJ8offm2AO1EwIZNTA
OfQg0CRYRTOm+d+NM7GotgHbBGBNEtUJnxIuiqmDni1iRlknDlRSQDdwQChzGVFb
KjkItJVSxhXr/XVX8Pih6tHo++JzKIQxjSxlYW86G4PEAokT73GyL8PEGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwaJkhY3bJxknUUkwJR9WH0/RI7MB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvREJvbVNGamRzbkdTZFJTVEFsSDFZZlQ5RWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYF8MA0G
CSqGSIb3DQEBCwUAA4IBAQAm5q1jmCTsajoYFpWS5cLuYOtuDsN2sIxaHHE9VuEz
o3PSuGg1GKsYKLp8FtliDD0TtoOKGoeOUmkyY9U7D/rcYqlE+GQcA0UejuavOXIo
NdaTGqiRH940dlH3HP68Ylr4dinIRX75UVoWXtY31APIuBcDfi6k1sx5b96QtmY5
FJYHGFldk+HFDJoK1kK1xfEcUEyeeUYTK0R4y0VTKB+JCnvQl+ZekeNpy7uy642Z
x1SlsMZkFyCtkF3rv92YOGDhqbn2sjH404wLSDiOLLM0IveSVrADVTejiIrj1A57
KPr8BLpIpxQnUueWP547KBzpiIHDszU4E/tmgCixZq/b
-----END CERTIFICATE-----