Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/tJmaU_8MK0aMA95XAsLisvttvnI.roa
File:                     tJmaU_8MK0aMA95XAsLisvttvnI.roa (raw, json)
Hash identifier:          Bjr00zJRI9ZW+iHEJNa+a5rA8F8n3/lBrtZFiQ8Wz3g=
Subject key identifier:   B4:99:9A:53:FF:0C:2B:46:8C:03:DE:57:02:C2:E2:B2:FB:6D:BE:72
Certificate issuer:       /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial:       018CC7274EDB2FBC9C3A858002094E75423C
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/tJmaU_8MK0aMA95XAsLisvttvnI.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200491
IP address blocks:        185.75.151.0/24 maxlen: 24
                          2a03:4b27:e000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:db:2f:bc:9c:3a:85:80:02:09:4e:75:42:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4999a53ff0c2b468c03de5702c2e2b2fb6dbe72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f4:06:8d:c4:98:fb:c6:c4:16:0f:b9:19:c5:
                    f8:b7:d4:b2:3c:75:90:41:bb:7e:d4:16:83:78:92:
                    69:25:53:59:53:a3:da:01:b5:d7:06:31:77:6c:98:
                    b9:17:de:be:61:64:7d:e6:07:10:5f:87:12:e6:34:
                    b4:46:18:2b:cc:7b:7e:8c:03:78:fc:25:47:37:87:
                    bd:d5:ed:8c:1e:e9:a9:75:e7:f0:c9:59:39:5d:c9:
                    d2:21:1d:02:37:87:ae:f0:2c:23:9b:b2:84:8d:1e:
                    99:ae:86:e5:87:af:36:d6:72:50:cf:36:0e:e3:61:
                    9a:7b:1e:1a:56:8e:da:4a:59:9d:8e:a2:9b:a7:d8:
                    59:25:73:06:a0:66:20:b2:6c:87:23:6e:40:14:2d:
                    cd:da:48:ca:75:55:be:4c:2c:e5:b4:0e:a3:a5:08:
                    f6:a8:76:82:24:98:f9:93:09:bd:57:a4:f9:65:bb:
                    79:d3:a6:d4:d0:67:85:90:0a:88:80:7e:c0:df:c0:
                    3f:47:28:52:54:c4:e5:ed:ef:10:31:53:1d:49:87:
                    4f:43:01:dc:b0:21:26:51:3e:a8:0f:3b:f9:55:45:
                    97:46:88:52:44:55:7f:a2:ae:ef:75:1f:ea:2f:48:
                    86:04:ef:79:bf:65:d5:64:c7:8a:4b:ba:c8:eb:f6:
                    b9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:99:9A:53:FF:0C:2B:46:8C:03:DE:57:02:C2:E2:B2:FB:6D:BE:72
            X509v3 Authority Key Identifier:
                keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/tJmaU_8MK0aMA95XAsLisvttvnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.151.0/24
                IPv6:
                  2a03:4b27:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         78:ed:c6:86:d7:ef:73:4d:a1:24:5b:70:99:81:24:ea:d9:77:
         89:17:83:30:48:83:f9:43:8b:7e:e8:0e:55:29:ee:f7:6e:fb:
         57:a9:c8:7c:ed:22:da:35:39:ea:4c:89:58:91:6d:dc:e3:33:
         ec:c2:cc:99:47:ec:5f:61:b7:fd:49:2c:ee:85:d8:f0:19:a1:
         02:2c:27:dd:67:31:4f:d8:88:60:26:07:61:b5:07:aa:9f:24:
         74:46:c9:da:61:06:05:30:6f:2d:d6:6c:58:6c:4a:04:a5:a0:
         8f:86:f4:a9:f0:f7:11:2d:6d:28:2e:0d:92:70:3c:85:6f:58:
         c1:a8:8b:07:4e:18:0d:dd:e4:1e:b8:e9:c9:d2:c8:30:5b:fe:
         78:09:b3:36:e6:b1:8f:cf:3e:6b:94:3d:27:c5:5c:52:fa:9a:
         de:ae:58:e3:36:67:11:54:fa:cc:cf:14:0d:3d:7c:85:7a:77:
         48:51:36:f8:08:50:16:68:93:ab:7c:a6:02:42:eb:df:51:b2:
         3e:50:98:49:46:21:a4:3f:ce:99:96:83:6d:75:19:3c:0a:7b:
         1d:8c:48:02:53:3c:4f:93:25:8b:15:2f:86:81:98:ae:9b:e3:
         df:86:81:59:5a:a3:10:84:3e:f4:17:36:d9:44:7e:0f:1c:d9:
         f5:7b:5c:3e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJ07bL7ycOoWAAglOdUI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDk5OWE1M2ZmMGMyYjQ2OGMwM2RlNTcwMmMyZTJiMmZiNmRiZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/QGjcSY+8bEFg+5GcX4t9SyPHWQ
Qbt+1BaDeJJpJVNZU6PaAbXXBjF3bJi5F96+YWR95gcQX4cS5jS0RhgrzHt+jAN4
/CVHN4e91e2MHumpdefwyVk5XcnSIR0CN4eu8Cwjm7KEjR6Zroblh6821nJQzzYO
42Gaex4aVo7aSlmdjqKbp9hZJXMGoGYgsmyHI25AFC3N2kjKdVW+TCzltA6jpQj2
qHaCJJj5kwm9V6T5Zbt506bU0GeFkAqIgH7A38A/RyhSVMTl7e8QMVMdSYdPQwHc
sCEmUT6oDzv5VUWXRohSRFV/oq7vdR/qL0iGBO95v2XVZMeKS7rI6/a54wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLSZmlP/DCtGjAPeVwLC4rL7bb5yMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvdEptYVVfOE1LMGFNQTk1WEFzTGlzdnR0dm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuUuXMA4E
AgACMAgDBgQqA0sn4DANBgkqhkiG9w0BAQsFAAOCAQEAeO3Ghtfvc02hJFtwmYEk
6tl3iReDMEiD+UOLfugOVSnu9277V6nIfO0i2jU56kyJWJFt3OMz7MLMmUfsX2G3
/Uks7oXY8BmhAiwn3WcxT9iIYCYHYbUHqp8kdEbJ2mEGBTBvLdZsWGxKBKWgj4b0
qfD3ES1tKC4NknA8hW9YwaiLB04YDd3kHrjpydLIMFv+eAmzNuaxj88+a5Q9J8Vc
Uvqa3q5Y4zZnEVT6zM8UDT18hXp3SFE2+AhQFmiTq3ymAkLr31GyPlCYSUYhpD/O
mZaDbXUZPAp7HYxIAlM8T5MlixUvhoGYrpvj34aBWVqjEIQ+9Bc22UR+DxzZ9Xtc
Pg==
-----END CERTIFICATE-----