Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/ARYuw0x1cJCNHW8wyOE-igAolJY.roa
File:                     ARYuw0x1cJCNHW8wyOE-igAolJY.roa (raw, json)
Hash identifier:          Jp6mb3rKNXCksBORu0/A0IUKBQRF70nbGZehppr8LsA=
Subject key identifier:   01:16:2E:C3:4C:75:70:90:8D:1D:6F:30:C8:E1:3E:8A:00:28:94:96
Certificate issuer:       /CN=3b778c7e0e59832527347c2e211fc48c547108cf
Certificate serial:       018CF3A75C8A240727936A8091F956190280
Authority key identifier: 3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/ARYuw0x1cJCNHW8wyOE-igAolJY.roa
Signing time:             Wed 10 Jan 2024 13:54:40 +0000
ROA not before:           Wed 10 Jan 2024 13:54:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.131.202.0/24 maxlen: 24
                          2a0b:5b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 19:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:a7:5c:8a:24:07:27:93:6a:80:91:f9:56:19:02:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b778c7e0e59832527347c2e211fc48c547108cf
        Validity
            Not Before: Jan 10 13:54:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01162ec34c7570908d1d6f30c8e13e8a00289496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c5:05:ab:a1:8d:4c:1d:99:0f:c9:ff:28:6d:
                    b4:da:5f:73:c6:45:8f:ca:99:5f:db:aa:7f:1d:a3:
                    6d:bd:dc:ff:95:bb:3b:54:74:56:02:d3:70:33:b4:
                    8e:30:c8:07:3d:e7:76:fa:13:8c:ed:c5:0e:52:ce:
                    81:a4:31:65:83:40:08:97:d6:e7:41:89:ac:28:ce:
                    e7:10:76:ac:72:f2:00:f4:32:98:b6:59:31:ad:99:
                    27:66:90:44:f4:d8:2c:85:b6:74:c1:1b:55:5c:40:
                    f4:4b:ed:2b:62:c0:3c:34:e4:6a:a5:61:2d:87:18:
                    8e:3c:28:27:da:4c:e7:a4:ae:20:e1:f1:18:a1:01:
                    5b:76:e4:be:65:e8:c6:21:3a:9c:cf:63:af:52:5b:
                    e7:0c:a5:15:21:bb:a8:fa:20:97:a6:0f:fb:97:43:
                    22:18:4a:9f:47:54:7f:1c:53:d8:5a:1a:21:8d:8c:
                    2e:5f:71:bc:5f:ed:72:c4:6b:d9:ca:25:7a:3f:fd:
                    37:ce:93:4f:d2:fc:48:19:80:87:89:7f:f0:67:d3:
                    5a:a8:8d:ed:60:6c:e4:d9:d1:f5:75:3c:e0:5d:19:
                    70:ba:a2:3c:b4:8d:b2:7b:08:cb:bb:fb:ad:49:dd:
                    99:5d:48:68:12:0a:ff:bf:93:d0:4d:b5:f9:a3:3e:
                    b4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:16:2E:C3:4C:75:70:90:8D:1D:6F:30:C8:E1:3E:8A:00:28:94:96
            X509v3 Authority Key Identifier:
                keyid:3B:77:8C:7E:0E:59:83:25:27:34:7C:2E:21:1F:C4:8C:54:71:08:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/ARYuw0x1cJCNHW8wyOE-igAolJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/085155-34f8-4162-ad64-0db7c3f2faa9/1/O3eMfg5ZgyUnNHwuIR_EjFRxCM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.202.0/24
                IPv6:
                  2a0b:5b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:be:59:74:ef:d8:28:f1:b9:a3:97:a1:c3:33:6d:c9:9c:9d:
         4a:27:97:4d:f5:47:cd:b8:0b:af:f0:65:f5:df:d1:5c:23:5e:
         b4:1b:17:e0:66:ee:68:d2:8a:ef:36:54:bd:b5:dc:4c:59:26:
         4d:d6:4d:5e:b9:3a:41:8b:75:35:7c:bd:59:f7:41:1c:dd:5d:
         79:7e:2a:11:0f:79:ad:2f:97:97:63:5c:65:59:38:88:30:fa:
         5a:6b:d1:d1:48:4b:91:61:fe:5e:41:af:1b:a4:90:c6:1d:06:
         6d:8c:ea:36:f3:8a:06:50:eb:5c:9f:9e:ec:36:2b:ad:a1:86:
         c3:48:db:73:eb:44:ae:4e:87:ab:2b:ce:2c:b7:bc:b2:c2:fd:
         c9:ff:cf:97:69:be:52:5c:27:99:aa:fe:73:d5:84:fc:f8:81:
         cc:fe:70:86:37:c4:78:37:dc:d7:d6:c6:4b:4b:bd:b9:ca:0e:
         26:b7:c1:43:97:ba:de:b4:bf:8f:e2:63:51:51:61:5d:4a:90:
         1e:3d:e9:45:58:97:6d:dd:4f:63:56:ff:48:79:d5:90:dc:a1:
         eb:cf:76:d1:65:e4:ac:e2:98:f5:99:93:40:d6:35:1e:26:b6:
         79:50:7f:e6:09:ba:64:f7:ee:bd:03:69:72:e9:d9:c7:43:78:
         9c:a0:ee:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzzp1yKJAcnk2qAkflWGQKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNzc4YzdlMGU1OTgzMjUyNzM0N2MyZTIxMWZjNDhjNTQ3
MTA4Y2YwHhcNMjQwMTEwMTM1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTE2MmVjMzRjNzU3MDkwOGQxZDZmMzBjOGUxM2U4YTAwMjg5NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcUFq6GNTB2ZD8n/KG202l9zxkWP
yplf26p/HaNtvdz/lbs7VHRWAtNwM7SOMMgHPed2+hOM7cUOUs6BpDFlg0AIl9bn
QYmsKM7nEHascvIA9DKYtlkxrZknZpBE9NgshbZ0wRtVXED0S+0rYsA8NORqpWEt
hxiOPCgn2kznpK4g4fEYoQFbduS+ZejGITqcz2OvUlvnDKUVIbuo+iCXpg/7l0Mi
GEqfR1R/HFPYWhohjYwuX3G8X+1yxGvZyiV6P/03zpNP0vxIGYCHiX/wZ9NaqI3t
YGzk2dH1dTzgXRlwuqI8tI2yewjLu/utSd2ZXUhoEgr/v5PQTbX5oz60JQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAEWLsNMdXCQjR1vMMjhPooAKJSWMB8GA1UdIwQY
MBaAFDt3jH4OWYMlJzR8LiEfxIxUcQjPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzNlTWZnNVpneVVuTkh3dUlSX0VqRlJ4Q004LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8wODUxNTUtMzRmOC00MTYyLWFkNjQt
MGRiN2MzZjJmYWE5LzEvQVJZdXcweDFjSkNOSFc4d3lPRS1pZ0FvbEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8wODUxNTUtMzRmOC00MTYyLWFkNjQtMGRiN2MzZjJmYWE5
LzEvTzNlTWZnNVpneVVuTkh3dUlSX0VqRlJ4Q004LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYPKMA0E
AgACMAcDBQMqC1sAMA0GCSqGSIb3DQEBCwUAA4IBAQCKvll079go8bmjl6HDM23J
nJ1KJ5dN9UfNuAuv8GX139FcI160GxfgZu5o0orvNlS9tdxMWSZN1k1euTpBi3U1
fL1Z90Ec3V15fioRD3mtL5eXY1xlWTiIMPpaa9HRSEuRYf5eQa8bpJDGHQZtjOo2
84oGUOtcn57sNiutoYbDSNtz60SuToerK84st7yywv3J/8+Xab5SXCeZqv5z1YT8
+IHM/nCGN8R4N9zX1sZLS725yg4mt8FDl7retL+P4mNRUWFdSpAePelFWJdt3U9j
Vv9IedWQ3KHrz3bRZeSs4pj1mZNA1jUeJrZ5UH/mCbpk9+69A2ly6dnHQ3icoO7j
-----END CERTIFICATE-----