Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/3T8e1f6L6xHSZDA7jy5jHQHP_TA.roa
File:                     3T8e1f6L6xHSZDA7jy5jHQHP_TA.roa (raw, json)
Hash identifier:          RHmhdFNNnp0S7IFoSKxPxfAv912QVgsvV2w6EGkd7cg=
Subject key identifier:   DD:3F:1E:D5:FE:8B:EB:11:D2:64:30:3B:8F:2E:63:1D:01:CF:FD:30
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F76E9367475BC30EC298BFF53C9145FC1
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/3T8e1f6L6xHSZDA7jy5jHQHP_TA.roa
Signing time:             Tue 14 May 2024 11:42:26 +0000
ROA not before:           Tue 14 May 2024 11:42:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204650
IP address blocks:        185.82.136.0/22 maxlen: 22
                          185.201.48.0/24 maxlen: 24
                          185.201.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e9:36:74:75:bc:30:ec:29:8b:ff:53:c9:14:5f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 14 11:42:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd3f1ed5fe8beb11d264303b8f2e631d01cffd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9a:3a:19:b8:ff:f0:b9:68:df:90:54:55:9d:
                    ba:13:7c:07:36:b1:76:41:9d:df:e3:80:4f:37:ab:
                    38:16:8f:a6:97:be:4b:f5:0e:99:45:48:d6:9d:2f:
                    8a:a3:9f:07:18:d1:81:44:29:dc:95:f4:7b:b4:ce:
                    4e:8e:7e:8a:f9:ab:60:5b:8f:cb:b2:43:bc:b9:69:
                    58:69:fe:21:37:6c:3f:98:73:30:16:8f:08:cb:5a:
                    b3:37:24:c5:e6:9b:e1:80:c0:2a:25:05:b4:d3:84:
                    b6:94:03:cb:8c:90:74:41:1d:50:1b:d4:f6:37:12:
                    5a:1d:79:12:0f:fe:0f:86:a7:2b:75:39:26:8e:9a:
                    de:e7:4c:4c:2b:f6:d8:12:88:fc:74:2b:42:a6:b4:
                    ba:1e:18:a7:24:90:e8:bf:e1:52:0d:83:f9:23:36:
                    0b:03:b7:5e:5b:79:21:ad:b0:20:22:ef:8a:e7:c7:
                    f0:46:63:ac:98:67:90:06:37:da:a4:23:33:b1:a5:
                    87:0f:3f:2e:3a:97:1b:68:ee:35:bd:a5:f7:2a:8b:
                    03:51:59:2b:bc:be:a5:51:e0:05:6e:8e:3a:fe:aa:
                    a2:b7:78:e3:73:10:b6:eb:7b:95:76:4c:31:59:16:
                    bd:b5:9b:95:d4:ad:32:b0:e6:84:e2:aa:96:70:eb:
                    ae:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3F:1E:D5:FE:8B:EB:11:D2:64:30:3B:8F:2E:63:1D:01:CF:FD:30
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/3T8e1f6L6xHSZDA7jy5jHQHP_TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.136.0/22
                  185.201.48.0/24
                  185.201.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:0e:1a:b4:dc:62:33:74:05:bd:15:98:cb:d6:d3:5a:71:39:
         cb:21:13:3b:8d:55:ab:37:2e:75:24:db:07:6c:22:50:b6:da:
         82:ea:bd:9d:f7:48:29:1a:45:6c:d8:95:94:63:e1:60:e5:03:
         2e:60:5f:65:b1:75:35:6b:c2:0f:dc:08:72:48:ac:2e:aa:62:
         74:74:23:37:f7:2e:6a:81:de:72:80:0b:30:04:87:f9:31:79:
         f8:45:78:2e:c2:61:ee:3c:78:22:b5:43:f5:e7:23:b2:6e:57:
         26:34:e9:4a:88:20:96:26:6a:52:23:3c:0b:f7:a5:c1:ba:a0:
         4c:48:6c:cb:5d:83:38:cc:b2:e2:fa:96:09:9f:2b:09:32:e0:
         4a:95:b7:ae:50:27:b4:6b:a4:04:00:12:24:8b:40:cd:d7:bd:
         7e:1e:b5:e0:61:50:d1:a3:1e:5a:af:8d:4d:c7:47:e5:84:2a:
         37:f8:4b:e4:f3:41:bb:52:5d:59:5e:e7:74:8e:15:4e:1e:a9:
         8d:bb:ef:d4:09:66:67:58:f8:04:83:a7:8c:56:08:56:6e:fa:
         c1:33:64:97:53:75:96:f2:04:6b:10:26:ae:62:39:fa:b4:4a:
         0e:30:5b:80:84:4b:50:c3:8a:9f:60:11:2a:54:f9:4d:c8:01:
         a0:d0:a6:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY926TZ0dbww7CmL/1PJFF/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTE0MTE0MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNmMWVkNWZlOGJlYjExZDI2NDMwM2I4ZjJlNjMxZDAxY2ZmZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopo6Gbj/8Llo35BUVZ26E3wHNrF2
QZ3f44BPN6s4Fo+ml75L9Q6ZRUjWnS+Ko58HGNGBRCnclfR7tM5Ojn6K+atgW4/L
skO8uWlYaf4hN2w/mHMwFo8Iy1qzNyTF5pvhgMAqJQW004S2lAPLjJB0QR1QG9T2
NxJaHXkSD/4PhqcrdTkmjpre50xMK/bYEoj8dCtCprS6HhinJJDov+FSDYP5IzYL
A7deW3khrbAgIu+K58fwRmOsmGeQBjfapCMzsaWHDz8uOpcbaO41vaX3KosDUVkr
vL6lUeAFbo46/qqit3jjcxC263uVdkwxWRa9tZuV1K0ysOaE4qqWcOuuXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN0/HtX+i+sR0mQwO48uYx0Bz/0wMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvM1Q4ZTFmNkw2eEhTWkRBN2p5NWpIUUhQX1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuVKIAwQA
uckwAwQAuckzMA0GCSqGSIb3DQEBCwUAA4IBAQBnDhq03GIzdAW9FZjL1tNacTnL
IRM7jVWrNy51JNsHbCJQttqC6r2d90gpGkVs2JWUY+Fg5QMuYF9lsXU1a8IP3Ahy
SKwuqmJ0dCM39y5qgd5ygAswBIf5MXn4RXguwmHuPHgitUP15yOyblcmNOlKiCCW
JmpSIzwL96XBuqBMSGzLXYM4zLLi+pYJnysJMuBKlbeuUCe0a6QEABIki0DN171+
HrXgYVDRox5ar41Nx0flhCo3+Evk80G7Ul1ZXud0jhVOHqmNu+/UCWZnWPgEg6eM
VghWbvrBM2SXU3WW8gRrECauYjn6tEoOMFuAhEtQw4qfYBEqVPlNyAGg0Kbl
-----END CERTIFICATE-----