Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/3gGTvD3kpiSLpcaa45pSwbMGVtY.roa
File:                     3gGTvD3kpiSLpcaa45pSwbMGVtY.roa (raw, json)
Hash identifier:          53IV3WRRtIko03rUb0qG9+kV4wu4bu7GsrM6x3bsXmk=
Subject key identifier:   DE:01:93:BC:3D:E4:A6:24:8B:A5:C6:9A:E3:9A:52:C1:B3:06:56:D6
Certificate issuer:       /CN=20c0b9b33dce5eba0aea6489158d3fb27022ace7
Certificate serial:       018CC4939D5A45F1AF1C7892A9D2FB373DEA
Authority key identifier: 20:C0:B9:B3:3D:CE:5E:BA:0A:EA:64:89:15:8D:3F:B2:70:22:AC:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/3gGTvD3kpiSLpcaa45pSwbMGVtY.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36351
IP address blocks:        185.150.177.0/24 maxlen: 24
                          185.150.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9d:5a:45:f1:af:1c:78:92:a9:d2:fb:37:3d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c0b9b33dce5eba0aea6489158d3fb27022ace7
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de0193bc3de4a6248ba5c69ae39a52c1b30656d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d3:d9:ea:7c:59:33:6d:89:8b:f1:52:e2:6e:
                    ae:95:ba:cf:87:3a:ff:04:55:4b:e2:44:5a:90:26:
                    be:6d:ff:19:6b:3c:3a:1b:d2:8f:fb:87:63:46:92:
                    07:01:ae:1c:13:b8:e2:3b:e1:de:36:34:fa:a1:cf:
                    2d:de:52:de:80:f5:8a:64:5e:1b:4f:4b:32:53:81:
                    d1:ec:58:67:dc:92:5b:44:4a:4c:78:2f:21:1e:7b:
                    8b:39:8f:03:ea:29:64:48:01:89:85:9f:ce:44:37:
                    18:7a:91:d2:c1:ff:d3:0d:c9:88:69:8a:4c:3f:f7:
                    02:7c:0b:fb:86:28:a4:24:f3:df:e0:d6:9c:e9:ef:
                    66:86:d3:9b:28:b2:86:df:dd:0f:61:84:63:e2:ce:
                    33:d2:a5:c6:82:08:21:dd:2f:c2:8a:31:46:32:f1:
                    fd:18:c9:c6:0f:14:0d:af:e0:bb:e9:aa:89:6b:18:
                    be:5f:bc:b1:fc:aa:34:22:89:85:23:bb:bf:db:b5:
                    08:3e:a7:a1:52:c7:72:5d:d1:fc:10:6c:d3:2a:7c:
                    e6:fd:e4:3c:0d:88:ee:1d:9a:ef:6f:cb:73:ee:31:
                    40:65:f9:4f:80:5a:61:a6:6f:5a:45:26:8d:8a:79:
                    94:63:09:a8:93:bb:c9:10:8a:e2:d5:3d:3e:b0:82:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:01:93:BC:3D:E4:A6:24:8B:A5:C6:9A:E3:9A:52:C1:B3:06:56:D6
            X509v3 Authority Key Identifier:
                keyid:20:C0:B9:B3:3D:CE:5E:BA:0A:EA:64:89:15:8D:3F:B2:70:22:AC:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/3gGTvD3kpiSLpcaa45pSwbMGVtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:7d:d9:9b:ca:9e:b4:42:28:87:55:61:8e:ad:43:3d:64:85:
         36:77:63:46:a2:8c:4f:62:10:45:6a:60:55:1d:15:22:c7:cc:
         38:26:51:cd:b5:bb:44:8d:63:54:a6:69:ec:ff:98:3d:71:96:
         d1:61:40:e5:a1:8a:3f:76:17:e0:81:d7:c9:aa:be:7e:be:8b:
         6d:ad:7d:2d:f5:fe:e0:c8:9a:bf:15:96:9a:61:e7:09:25:f2:
         9d:33:3a:4a:2a:88:a1:0e:92:05:f4:fa:66:6f:54:d0:cb:5d:
         64:ce:fa:ac:2f:31:0d:81:4e:b8:22:65:8c:86:82:c6:fa:db:
         c4:10:1c:87:46:64:5b:b5:db:d1:e2:df:77:c9:22:c3:ef:e7:
         87:ac:6c:5e:76:73:7e:be:87:54:cb:e8:2a:9c:2e:d8:d3:47:
         c6:99:4b:64:6c:93:d7:6d:16:3f:ce:42:f9:4c:63:10:da:1c:
         29:1d:62:30:f1:47:54:2f:75:9f:a4:b9:bd:de:56:fa:0d:76:
         21:0a:82:da:a7:bb:8b:a1:c6:8d:97:af:83:ae:26:de:00:cf:
         a9:e8:b6:8d:2c:11:45:40:b3:d2:01:7a:aa:02:a1:38:dc:eb:
         b4:50:21:15:f2:2a:74:c4:3d:be:bf:b9:53:4f:22:fe:0c:93:
         63:53:89:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk51aRfGvHHiSqdL7Nz3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzBiOWIzM2RjZTVlYmEwYWVhNjQ4OTE1OGQzZmIyNzAy
MmFjZTcwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTAxOTNiYzNkZTRhNjI0OGJhNWM2OWFlMzlhNTJjMWIzMDY1NmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtPZ6nxZM22Ji/FS4m6ulbrPhzr/
BFVL4kRakCa+bf8Zazw6G9KP+4djRpIHAa4cE7jiO+HeNjT6oc8t3lLegPWKZF4b
T0syU4HR7Fhn3JJbREpMeC8hHnuLOY8D6ilkSAGJhZ/ORDcYepHSwf/TDcmIaYpM
P/cCfAv7hiikJPPf4Nac6e9mhtObKLKG390PYYRj4s4z0qXGgggh3S/CijFGMvH9
GMnGDxQNr+C76aqJaxi+X7yx/Ko0IomFI7u/27UIPqehUsdyXdH8EGzTKnzm/eQ8
DYjuHZrvb8tz7jFAZflPgFphpm9aRSaNinmUYwmok7vJEIri1T0+sII3XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4Bk7w95KYki6XGmuOaUsGzBlbWMB8GA1UdIwQY
MBaAFCDAubM9zl66CupkiRWNP7JwIqznMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1DNXN6M09Ycm9LNm1TSkZZMF9zbkFpck9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yMGJiNDktZTUwOS00YzdiLThlNWEt
OGQzZGNjMzNhZDBhLzEvM2dHVHZEM2twaVNMcGNhYTQ1cFN3Yk1HVnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yMGJiNDktZTUwOS00YzdiLThlNWEtOGQzZGNjMzNhZDBh
LzEvSU1DNXN6M09Ycm9LNm1TSkZZMF9zbkFpck9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZawMA0G
CSqGSIb3DQEBCwUAA4IBAQBBfdmbyp60QiiHVWGOrUM9ZIU2d2NGooxPYhBFamBV
HRUix8w4JlHNtbtEjWNUpmns/5g9cZbRYUDloYo/dhfggdfJqr5+vottrX0t9f7g
yJq/FZaaYecJJfKdMzpKKoihDpIF9Ppmb1TQy11kzvqsLzENgU64ImWMhoLG+tvE
EByHRmRbtdvR4t93ySLD7+eHrGxednN+vodUy+gqnC7Y00fGmUtkbJPXbRY/zkL5
TGMQ2hwpHWIw8UdUL3WfpLm93lb6DXYhCoLap7uLocaNl6+DribeAM+p6LaNLBFF
QLPSAXqqAqE43Ou0UCEV8ip0xD2+v7lTTyL+DJNjU4n+
-----END CERTIFICATE-----