Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/sCAfZlaxrSgzwfCw6tKV5eiKrpU.roa
File:                     sCAfZlaxrSgzwfCw6tKV5eiKrpU.roa (raw, json)
Hash identifier:          ZalRWsrsecaukS+UbCuHZN7n1IDYm2r2cOKAwhXt76o=
Subject key identifier:   B0:20:1F:66:56:B1:AD:28:33:C1:F0:B0:EA:D2:95:E5:E8:8A:AE:95
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       018CC727484CC84DE409448778D68EA6A6CF
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/sCAfZlaxrSgzwfCw6tKV5eiKrpU.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25003
IP address blocks:        192.115.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:4c:c8:4d:e4:09:44:87:78:d6:8e:a6:a6:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0201f6656b1ad2833c1f0b0ead295e5e88aae95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f4:b7:3c:c2:ba:84:0d:11:81:ef:4d:94:64:
                    b6:ae:1b:91:1c:40:06:4f:97:b8:d3:6e:60:eb:fa:
                    d8:55:50:3c:35:0d:aa:77:64:ba:62:28:13:0d:9f:
                    59:bd:f5:d7:53:74:92:22:46:a8:0d:b3:2b:9b:52:
                    97:7f:27:23:6d:f6:f4:f4:43:b9:e2:62:01:19:9b:
                    93:a7:4c:fc:5d:b9:dd:a4:53:d2:f4:0e:9e:51:f7:
                    11:0f:e8:15:9c:d2:96:8a:6a:c3:e6:5a:f9:ef:37:
                    2c:5c:31:40:8f:00:b4:37:1a:38:c3:bd:a8:2c:78:
                    37:1d:30:68:0b:18:47:71:41:d6:a8:13:e6:c4:95:
                    98:1c:81:90:e9:a1:da:54:94:75:bb:67:d0:15:12:
                    05:d3:3b:50:c8:bf:77:5d:93:17:f1:c8:92:e2:7c:
                    5b:ed:62:e1:13:84:fe:30:a6:72:65:39:8a:14:99:
                    72:46:1e:98:53:e8:f6:8b:0c:b8:af:7d:96:11:48:
                    d9:97:49:19:5c:75:9a:86:39:73:d1:e9:bf:17:bc:
                    15:79:b7:20:82:08:4b:ea:fc:b8:ea:82:1d:5a:da:
                    88:9b:e0:ea:5a:2c:42:4a:ba:f8:a9:97:e5:74:11:
                    37:96:4c:6d:5a:a6:8a:f2:12:3f:89:4d:0c:96:46:
                    3f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:20:1F:66:56:B1:AD:28:33:C1:F0:B0:EA:D2:95:E5:E8:8A:AE:95
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/sCAfZlaxrSgzwfCw6tKV5eiKrpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.115.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:3a:4c:62:a5:2a:a4:b7:71:c1:8f:8e:aa:2c:1b:6f:c7:7a:
         1d:10:d9:7a:78:21:53:9a:98:af:be:b6:58:95:4f:6b:d4:29:
         da:87:f5:a5:aa:e4:5e:6c:61:04:da:39:0f:a8:7f:85:3b:35:
         6c:88:7b:d6:55:13:b5:ac:f2:e8:8f:2d:d5:3f:c4:f9:d8:6c:
         81:bf:60:12:1e:bc:31:5f:43:37:59:e5:be:9f:5a:ac:76:67:
         fc:ca:58:4b:f5:8f:31:fd:c8:52:db:f7:56:02:22:ba:f2:63:
         97:80:3e:ff:e0:97:7a:0f:ab:8b:e0:8b:d6:0c:8f:36:ab:6a:
         2c:85:3f:8f:1a:12:cd:dc:3e:87:ca:61:0b:80:c8:f7:af:e2:
         49:e2:5a:3b:34:19:55:91:9f:8f:94:18:2c:e8:f2:6e:9a:0f:
         f0:2b:2a:96:f8:3b:87:da:02:c7:6b:fd:7a:ba:09:38:18:f9:
         76:b1:b8:b6:ac:4d:2d:ab:02:ab:42:7d:65:c6:42:07:74:42:
         0f:00:2a:0f:37:97:63:ea:5d:e9:00:77:6a:c2:ca:a1:97:5a:
         71:9e:16:a4:1b:b9:cf:f7:10:43:00:ef:3d:ef:3b:b7:90:94:
         ca:d6:b2:c3:b3:96:c0:4e:46:a8:9f:72:60:27:17:33:19:d7:
         5f:bd:ac:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0hMyE3kCUSHeNaOpqbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDIwMWY2NjU2YjFhZDI4MzNjMWYwYjBlYWQyOTVlNWU4OGFhZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/S3PMK6hA0Rge9NlGS2rhuRHEAG
T5e4025g6/rYVVA8NQ2qd2S6YigTDZ9ZvfXXU3SSIkaoDbMrm1KXfycjbfb09EO5
4mIBGZuTp0z8XbndpFPS9A6eUfcRD+gVnNKWimrD5lr57zcsXDFAjwC0Nxo4w72o
LHg3HTBoCxhHcUHWqBPmxJWYHIGQ6aHaVJR1u2fQFRIF0ztQyL93XZMX8ciS4nxb
7WLhE4T+MKZyZTmKFJlyRh6YU+j2iwy4r32WEUjZl0kZXHWahjlz0em/F7wVebcg
gghL6vy46oIdWtqIm+DqWixCSrr4qZfldBE3lkxtWqaK8hI/iU0MlkY/KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAgH2ZWsa0oM8HwsOrSleXoiq6VMB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvc0NBZlpsYXhyU2d6d2ZDdzZ0S1Y1ZWlLcnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwHMsMA0G
CSqGSIb3DQEBCwUAA4IBAQCXOkxipSqkt3HBj46qLBtvx3odENl6eCFTmpivvrZY
lU9r1Cnah/WlquRebGEE2jkPqH+FOzVsiHvWVRO1rPLojy3VP8T52GyBv2ASHrwx
X0M3WeW+n1qsdmf8ylhL9Y8x/chS2/dWAiK68mOXgD7/4Jd6D6uL4IvWDI82q2os
hT+PGhLN3D6HymELgMj3r+JJ4lo7NBlVkZ+PlBgs6PJumg/wKyqW+DuH2gLHa/16
ugk4GPl2sbi2rE0tqwKrQn1lxkIHdEIPACoPN5dj6l3pAHdqwsqhl1pxnhakG7nP
9xBDAO897zu3kJTK1rLDs5bATkaon3JgJxczGddfvayx
-----END CERTIFICATE-----