Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/3WGFFKbxDWnSOYDlfS-skK7P4kg.roa
File:                     3WGFFKbxDWnSOYDlfS-skK7P4kg.roa (raw, json)
Hash identifier:          qZiyLcYe5hvedT+uAH6BaWoKc/lDqR34muNd9TOvbmg=
Subject key identifier:   DD:61:85:14:A6:F1:0D:69:D2:39:80:E5:7D:2F:AC:90:AE:CF:E2:48
Certificate issuer:       /CN=feedf2140674ae6ff3e464560c4956ab6e21adee
Certificate serial:       018CCA2B95272B866C049D2A247EC2A44EDA
Authority key identifier: FE:ED:F2:14:06:74:AE:6F:F3:E4:64:56:0C:49:56:AB:6E:21:AD:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_u3yFAZ0rm_z5GRWDElWq24hre4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/3WGFFKbxDWnSOYDlfS-skK7P4kg.roa
Signing time:             Tue 02 Jan 2024 12:35:02 +0000
ROA not before:           Tue 02 Jan 2024 12:35:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201285
IP address blocks:        185.196.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/_u3yFAZ0rm_z5GRWDElWq24hre4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/_u3yFAZ0rm_z5GRWDElWq24hre4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_u3yFAZ0rm_z5GRWDElWq24hre4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:95:27:2b:86:6c:04:9d:2a:24:7e:c2:a4:4e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feedf2140674ae6ff3e464560c4956ab6e21adee
        Validity
            Not Before: Jan  2 12:35:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd618514a6f10d69d23980e57d2fac90aecfe248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:d0:2f:fb:cd:fe:86:b4:4c:3b:0b:55:eb:
                    24:93:60:4a:b6:51:e1:7b:ef:2e:b4:fb:db:53:aa:
                    dd:55:6a:1b:a5:a2:9e:a4:39:04:dd:ae:9c:81:d0:
                    8e:5d:6e:df:de:d5:24:13:76:44:5a:eb:8f:69:c0:
                    41:cb:a9:77:3b:63:21:bd:81:1c:f5:5d:4b:d2:21:
                    33:90:3c:8c:23:44:cc:36:b2:55:6b:c7:30:70:63:
                    58:ba:70:80:95:f4:a4:d8:6e:f0:b0:6e:f3:7b:6d:
                    b0:8d:f5:91:3b:5f:29:94:ce:f1:37:18:84:2d:66:
                    f0:47:1a:13:49:66:94:fc:a0:dd:c7:08:47:4e:12:
                    87:07:ae:f6:f6:00:cc:a3:e2:e9:6a:c6:6f:23:41:
                    b1:85:be:8c:ff:c1:1f:6b:c3:36:92:c6:ed:72:4b:
                    42:6c:3a:2b:6d:2e:2f:d1:19:31:50:c2:a5:4e:9d:
                    19:36:e4:26:34:25:6c:ea:4c:32:51:08:8a:0b:b1:
                    90:5d:90:bf:b9:42:c3:69:97:6d:b4:ec:01:6f:88:
                    9f:e8:a6:ac:62:25:13:54:11:bc:f3:b9:9f:6e:b3:
                    d7:4a:80:10:4b:71:2e:7a:f2:71:50:9b:4e:22:21:
                    08:ae:2a:4a:cd:5d:8c:bc:93:a6:63:48:06:24:15:
                    7d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:61:85:14:A6:F1:0D:69:D2:39:80:E5:7D:2F:AC:90:AE:CF:E2:48
            X509v3 Authority Key Identifier:
                keyid:FE:ED:F2:14:06:74:AE:6F:F3:E4:64:56:0C:49:56:AB:6E:21:AD:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_u3yFAZ0rm_z5GRWDElWq24hre4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/3WGFFKbxDWnSOYDlfS-skK7P4kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/5562a1-e1a4-4174-9918-baa05c8190de/1/_u3yFAZ0rm_z5GRWDElWq24hre4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2b:0f:bb:5f:07:d4:fd:19:c8:13:e4:5f:8b:79:a0:4e:c9:
         b1:ce:53:a5:8d:0c:45:3b:c7:d9:7a:af:2f:b9:32:58:ae:94:
         4a:3f:a0:f5:a2:e8:1f:05:91:d2:b9:40:74:ab:41:80:92:86:
         84:30:20:9b:40:38:c9:e7:cf:62:a8:4e:57:0b:e5:df:51:54:
         f7:b4:46:28:28:81:b2:c2:f4:c3:b4:80:1d:14:47:46:04:21:
         ea:0b:e2:0c:33:38:2e:92:cd:ea:ac:b8:88:e8:55:de:a4:04:
         d1:69:84:c3:c5:bf:f9:d4:97:cb:63:9f:60:94:b2:33:92:a4:
         31:2b:7a:eb:94:da:34:e5:8f:37:2e:22:40:35:7b:65:03:a3:
         e2:0b:ce:61:2e:7a:06:7c:e4:86:14:ff:b4:d5:bd:55:60:ec:
         79:2e:e1:50:de:39:5f:dd:cd:1c:04:e3:67:52:a4:c8:63:cc:
         e8:95:ad:b3:2f:78:16:99:5c:21:6e:2a:34:5f:cd:5b:88:f0:
         fb:a8:5f:f5:84:0e:5c:31:01:8b:ae:de:59:4e:be:95:b2:0a:
         57:50:0c:7b:ab:c7:a9:d8:8e:47:26:51:8c:41:27:12:3a:fd:
         90:cf:34:73:b2:74:93:18:f6:76:25:65:14:22:78:22:ed:28:
         70:13:72:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5UnK4ZsBJ0qJH7CpE7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZWRmMjE0MDY3NGFlNmZmM2U0NjQ1NjBjNDk1NmFiNmUy
MWFkZWUwHhcNMjQwMTAyMTIzNTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDYxODUxNGE2ZjEwZDY5ZDIzOTgwZTU3ZDJmYWM5MGFlY2ZlMjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvprQL/vN/oa0TDsLVeskk2BKtlHh
e+8utPvbU6rdVWobpaKepDkE3a6cgdCOXW7f3tUkE3ZEWuuPacBBy6l3O2MhvYEc
9V1L0iEzkDyMI0TMNrJVa8cwcGNYunCAlfSk2G7wsG7ze22wjfWRO18plM7xNxiE
LWbwRxoTSWaU/KDdxwhHThKHB6729gDMo+LpasZvI0Gxhb6M/8Efa8M2ksbtcktC
bDorbS4v0RkxUMKlTp0ZNuQmNCVs6kwyUQiKC7GQXZC/uULDaZdttOwBb4if6Kas
YiUTVBG887mfbrPXSoAQS3EuevJxUJtOIiEIripKzV2MvJOmY0gGJBV9XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1hhRSm8Q1p0jmA5X0vrJCuz+JIMB8GA1UdIwQY
MBaAFP7t8hQGdK5v8+RkVgxJVqtuIa3uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3UzeUZBWjBybV96NUdSV0RFbFdxMjRocmU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC81NTYyYTEtZTFhNC00MTc0LTk5MTgt
YmFhMDVjODE5MGRlLzEvM1dHRkZLYnhEV25TT1lEbGZTLXNrSzdQNGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC81NTYyYTEtZTFhNC00MTc0LTk5MTgtYmFhMDVjODE5MGRl
LzEvX3UzeUZBWjBybV96NUdSV0RFbFdxMjRocmU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucQfMA0G
CSqGSIb3DQEBCwUAA4IBAQAFKw+7XwfU/RnIE+Rfi3mgTsmxzlOljQxFO8fZeq8v
uTJYrpRKP6D1ougfBZHSuUB0q0GAkoaEMCCbQDjJ589iqE5XC+XfUVT3tEYoKIGy
wvTDtIAdFEdGBCHqC+IMMzguks3qrLiI6FXepATRaYTDxb/51JfLY59glLIzkqQx
K3rrlNo05Y83LiJANXtlA6PiC85hLnoGfOSGFP+01b1VYOx5LuFQ3jlf3c0cBONn
UqTIY8zola2zL3gWmVwhbio0X81biPD7qF/1hA5cMQGLrt5ZTr6VsgpXUAx7q8ep
2I5HJlGMQScSOv2QzzRzsnSTGPZ2JWUUIngi7ShwE3IL
-----END CERTIFICATE-----