Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/J1y3F9e6U0dH77am77zchEdJBQc.roa
File:                     J1y3F9e6U0dH77am77zchEdJBQc.roa (raw, json)
Hash identifier:          6BOepdIm1uxsg5VLKl5Z/tsxcFotv1bcemNhS5jW12Y=
Subject key identifier:   27:5C:B7:17:D7:BA:53:47:47:EF:B6:A6:EF:BC:DC:84:47:49:05:07
Certificate issuer:       /CN=603831a61bc8a8f4cb85887022fb6f86397345dc
Certificate serial:       018DEFF5EE075C5E7127FCFD2E9831300843
Authority key identifier: 60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/J1y3F9e6U0dH77am77zchEdJBQc.roa
Signing time:             Wed 28 Feb 2024 13:44:48 +0000
ROA not before:           Wed 28 Feb 2024 13:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60173
IP address blocks:        185.34.224.0/24 maxlen: 24
                          185.34.225.0/24 maxlen: 24
                          185.34.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:f5:ee:07:5c:5e:71:27:fc:fd:2e:98:31:30:08:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603831a61bc8a8f4cb85887022fb6f86397345dc
        Validity
            Not Before: Feb 28 13:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=275cb717d7ba534747efb6a6efbcdc8447490507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:09:bf:1f:88:b2:49:8d:e7:8f:c3:46:9b:
                    24:07:7f:20:8a:10:2f:8a:0d:6e:c3:f1:7c:07:85:
                    58:ae:dc:45:57:ef:3c:84:94:4d:f0:70:cb:f6:a3:
                    be:af:d7:be:fd:a6:9f:a5:00:f3:ca:d7:53:05:df:
                    0a:69:96:55:18:71:3d:1d:76:a7:4c:3a:a2:fe:73:
                    57:d8:62:2d:2d:d3:1a:2a:97:00:df:27:05:ca:89:
                    e0:06:71:6c:27:11:12:7d:b1:8f:c4:b7:e2:3b:2b:
                    ea:40:77:82:32:22:36:b9:e9:85:70:cd:18:e0:0a:
                    d4:17:8a:5a:44:b2:ce:06:25:73:ad:e8:27:d6:69:
                    fd:48:ff:f8:5b:06:91:82:58:b1:59:ad:1b:f1:5d:
                    27:e9:9a:f1:2a:42:03:8c:8a:ce:59:fc:73:ba:8d:
                    8f:44:b3:ed:8d:91:08:54:c9:ff:f4:7f:19:94:27:
                    7f:fe:19:35:a3:c9:2c:04:a1:7f:b8:3e:98:29:8e:
                    c4:0b:af:01:83:64:dd:d3:48:86:85:20:e0:ce:ef:
                    e5:29:71:d3:b7:82:67:65:4b:b8:25:48:93:8d:2c:
                    92:dc:91:e2:57:d3:fa:75:97:b6:cb:06:3d:08:79:
                    42:55:92:1b:e6:f7:c8:7d:d1:aa:f4:29:45:5a:f7:
                    a7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5C:B7:17:D7:BA:53:47:47:EF:B6:A6:EF:BC:DC:84:47:49:05:07
            X509v3 Authority Key Identifier:
                keyid:60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/J1y3F9e6U0dH77am77zchEdJBQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.224.0-185.34.226.255

    Signature Algorithm: sha256WithRSAEncryption
         af:c1:4b:1f:16:38:0b:0c:8a:b5:ac:a7:64:82:ac:6c:a0:aa:
         3f:41:a9:77:2b:ce:41:db:58:57:9c:b0:06:d8:8b:40:0c:04:
         b3:ec:5a:40:a1:c4:9a:93:c0:71:c4:63:0c:cb:ed:80:47:ff:
         02:cc:41:e2:76:43:71:eb:60:fe:17:44:2d:62:e2:61:2a:9c:
         cc:b5:81:2f:6d:eb:7b:e9:79:19:95:09:e3:f3:d4:da:75:62:
         34:ea:1c:7c:14:36:f9:89:de:22:66:1c:82:0b:49:f7:2a:86:
         03:3c:62:40:19:b2:78:7a:3b:24:b4:ea:6b:7d:5f:0d:ca:fb:
         3f:81:d9:8a:30:55:82:fe:ba:59:f4:9f:ca:fb:20:6c:22:33:
         33:da:91:bc:7a:1c:4c:81:06:da:98:70:41:bc:2b:a2:da:3c:
         dc:da:6f:1f:39:fb:64:09:0d:0e:35:0a:d9:fd:eb:99:e4:dc:
         cd:b0:16:4d:87:39:d9:fe:ff:9e:c1:f3:63:cb:9c:7c:d0:87:
         8d:e4:7d:af:7b:5f:98:50:32:5a:e2:71:1a:e2:60:ad:de:b2:
         7d:42:70:15:92:ca:c4:1e:3f:e5:ff:d9:7c:fc:37:a3:ab:6b:
         85:46:df:5a:bd:95:0d:84:2a:cb:3a:7c:0b:f5:88:d2:fa:de:
         e6:65:a7:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY3v9e4HXF5xJ/z9LpgxMAhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzgzMWE2MWJjOGE4ZjRjYjg1ODg3MDIyZmI2Zjg2Mzk3
MzQ1ZGMwHhcNMjQwMjI4MTM0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzVjYjcxN2Q3YmE1MzQ3NDdlZmI2YTZlZmJjZGM4NDQ3NDkwNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtIJvx+IskmN54/DRpskB38gihAv
ig1uw/F8B4VYrtxFV+88hJRN8HDL9qO+r9e+/aafpQDzytdTBd8KaZZVGHE9HXan
TDqi/nNX2GItLdMaKpcA3ycFyongBnFsJxESfbGPxLfiOyvqQHeCMiI2uemFcM0Y
4ArUF4paRLLOBiVzregn1mn9SP/4WwaRglixWa0b8V0n6ZrxKkIDjIrOWfxzuo2P
RLPtjZEIVMn/9H8ZlCd//hk1o8ksBKF/uD6YKY7EC68Bg2Td00iGhSDgzu/lKXHT
t4JnZUu4JUiTjSyS3JHiV9P6dZe2ywY9CHlCVZIb5vfIfdGq9ClFWvenBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCdctxfXulNHR++2pu+83IRHSQUHMB8GA1UdIwQY
MBaAFGA4MaYbyKj0y4WIcCL7b4Y5c0XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYt
OTgwODU0NTkzM2M5LzEvSjF5M0Y5ZTZVMGRINzdhbTc3emNoRWRKQlFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYtOTgwODU0NTkzM2M5
LzEvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5IuAD
BAC5IuIwDQYJKoZIhvcNAQELBQADggEBAK/BSx8WOAsMirWsp2SCrGygqj9BqXcr
zkHbWFecsAbYi0AMBLPsWkChxJqTwHHEYwzL7YBH/wLMQeJ2Q3HrYP4XRC1i4mEq
nMy1gS9t63vpeRmVCePz1Np1YjTqHHwUNvmJ3iJmHIILSfcqhgM8YkAZsnh6OyS0
6mt9Xw3K+z+B2YowVYL+uln0n8r7IGwiMzPakbx6HEyBBtqYcEG8K6LaPNzabx85
+2QJDQ41Ctn965nk3M2wFk2HOdn+/57B82PLnHzQh43kfa97X5hQMlricRriYK3e
sn1CcBWSysQeP+X/2Xz8N6Ora4VG31q9lQ2EKss6fAv1iNL63uZlp0Y=
-----END CERTIFICATE-----