Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/k3fagCc3bOhahQQMVkgzwRJr2zY.roa
File:                     k3fagCc3bOhahQQMVkgzwRJr2zY.roa (raw, json)
Hash identifier:          UFQMgK8euAAfI6kCRrQEjBwnu0wTn7Cx7tq2vVUa2e0=
Subject key identifier:   93:77:DA:80:27:37:6C:E8:5A:85:04:0C:56:48:33:C1:12:6B:DB:36
Certificate issuer:       /CN=3b94a1d881dd4beb2fd31b76fa0d5d585a9b238f
Certificate serial:       018CC3B71EE65469EE45A8F814855EF42925
Authority key identifier: 3B:94:A1:D8:81:DD:4B:EB:2F:D3:1B:76:FA:0D:5D:58:5A:9B:23:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/k3fagCc3bOhahQQMVkgzwRJr2zY.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39479
IP address blocks:        185.91.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1e:e6:54:69:ee:45:a8:f8:14:85:5e:f4:29:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b94a1d881dd4beb2fd31b76fa0d5d585a9b238f
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9377da8027376ce85a85040c564833c1126bdb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:de:d6:7e:a1:8b:f4:5d:e2:4e:cd:40:b5:64:
                    0a:f0:22:40:51:50:35:98:2b:c9:ac:f8:e8:aa:16:
                    59:7c:04:e7:f3:bd:9f:e1:0b:01:10:43:22:1d:d9:
                    fe:d7:73:6f:f1:b8:5c:1d:87:58:59:34:66:14:a7:
                    ac:d3:ee:8b:74:a9:20:69:c8:a2:d1:d7:38:85:e9:
                    f9:49:68:92:44:0a:a1:e0:1e:4e:a4:2a:14:f1:77:
                    b3:eb:b0:22:86:3f:85:dc:cc:d8:b7:57:5e:d1:93:
                    44:78:06:e1:90:c8:18:31:be:b8:a4:7e:7f:c4:7d:
                    82:93:70:d0:8a:34:b7:06:18:37:d2:a9:04:26:63:
                    60:0f:67:93:db:87:1c:78:54:f5:92:b4:81:62:f0:
                    cc:82:a5:3c:80:d7:d1:27:66:e8:f2:87:6a:4e:93:
                    76:8e:e7:fa:9f:30:82:38:72:cf:3e:90:05:e6:25:
                    ce:a8:34:8a:27:ed:a5:f0:e7:2f:c0:64:31:40:e2:
                    d9:f0:cb:38:a9:a0:9e:42:79:4a:a2:32:3b:60:38:
                    d7:c1:d9:14:45:c7:ec:2b:55:fb:66:c4:af:e3:b6:
                    c9:ba:f9:59:9c:61:09:db:fd:71:15:f9:bb:4f:c9:
                    aa:0b:31:ab:c6:17:32:a4:ab:ed:de:90:67:00:1a:
                    02:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:77:DA:80:27:37:6C:E8:5A:85:04:0C:56:48:33:C1:12:6B:DB:36
            X509v3 Authority Key Identifier:
                keyid:3B:94:A1:D8:81:DD:4B:EB:2F:D3:1B:76:FA:0D:5D:58:5A:9B:23:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/k3fagCc3bOhahQQMVkgzwRJr2zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:9e:25:4d:a1:73:38:b9:6e:a4:f6:36:a3:67:00:63:a3:4a:
         67:e3:bf:58:1e:51:48:84:37:82:3a:19:56:6c:5f:a6:2a:79:
         7a:a7:98:41:29:29:a0:a5:10:87:d2:bf:65:f8:ef:e8:48:9e:
         14:13:db:ef:16:6d:96:52:a3:93:e0:07:41:7b:f8:d3:f1:66:
         97:a1:14:fa:89:90:b3:b1:68:ba:66:9f:e0:6d:6f:c5:f8:85:
         94:51:6a:da:ed:97:48:a6:0e:a5:0b:75:f5:68:ff:4b:10:ea:
         79:cb:79:35:29:1a:d0:46:c6:e3:b6:10:e6:5b:e8:c3:8b:fd:
         fe:a9:39:9a:6e:15:de:69:77:2f:63:1a:70:99:16:be:4e:fa:
         4c:78:1e:d8:46:85:7f:4a:34:61:13:08:d2:1d:81:f8:8d:76:
         b1:cd:8a:11:5a:3d:c0:e9:fc:1a:ea:aa:58:a2:d7:36:50:1b:
         31:b0:ff:25:2a:b4:5f:af:0a:dd:a0:cb:40:b5:2a:6d:ea:b9:
         9f:5c:b8:37:90:3e:12:62:0c:07:d9:72:e9:4e:60:51:82:fe:
         32:70:1c:cc:01:ce:79:c8:3c:4f:df:67:2e:35:6e:ac:20:a2:
         d6:80:2a:45:45:b1:cf:43:27:2e:70:f0:d6:64:d5:df:61:c0:
         b1:9a:74:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx7mVGnuRaj4FIVe9CklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTRhMWQ4ODFkZDRiZWIyZmQzMWI3NmZhMGQ1ZDU4NWE5
YjIzOGYwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc3ZGE4MDI3Mzc2Y2U4NWE4NTA0MGM1NjQ4MzNjMTEyNmJkYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt7WfqGL9F3iTs1AtWQK8CJAUVA1
mCvJrPjoqhZZfATn872f4QsBEEMiHdn+13Nv8bhcHYdYWTRmFKes0+6LdKkgacii
0dc4hen5SWiSRAqh4B5OpCoU8Xez67Aihj+F3MzYt1de0ZNEeAbhkMgYMb64pH5/
xH2Ck3DQijS3Bhg30qkEJmNgD2eT24cceFT1krSBYvDMgqU8gNfRJ2bo8odqTpN2
juf6nzCCOHLPPpAF5iXOqDSKJ+2l8OcvwGQxQOLZ8Ms4qaCeQnlKojI7YDjXwdkU
RcfsK1X7ZsSv47bJuvlZnGEJ2/1xFfm7T8mqCzGrxhcypKvt3pBnABoCxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN32oAnN2zoWoUEDFZIM8ESa9s2MB8GA1UdIwQY
MBaAFDuUodiB3UvrL9MbdvoNXVhamyOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVTaDJJSGRTLXN2MHh0Mi1nMWRXRnFiSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS83YzZiMmQtYWM0Mi00ODdlLTljMTkt
MTYxODc3NmJkYWFlLzEvazNmYWdDYzNiT2hhaFFRTVZrZ3p3UkpyMnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS83YzZiMmQtYWM0Mi00ODdlLTljMTktMTYxODc3NmJkYWFl
LzEvTzVTaDJJSGRTLXN2MHh0Mi1nMWRXRnFiSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVugMA0G
CSqGSIb3DQEBCwUAA4IBAQCfniVNoXM4uW6k9jajZwBjo0pn479YHlFIhDeCOhlW
bF+mKnl6p5hBKSmgpRCH0r9l+O/oSJ4UE9vvFm2WUqOT4AdBe/jT8WaXoRT6iZCz
sWi6Zp/gbW/F+IWUUWra7ZdIpg6lC3X1aP9LEOp5y3k1KRrQRsbjthDmW+jDi/3+
qTmabhXeaXcvYxpwmRa+TvpMeB7YRoV/SjRhEwjSHYH4jXaxzYoRWj3A6fwa6qpY
otc2UBsxsP8lKrRfrwrdoMtAtSpt6rmfXLg3kD4SYgwH2XLpTmBRgv4ycBzMAc55
yDxP32cuNW6sIKLWgCpFRbHPQycucPDWZNXfYcCxmnSJ
-----END CERTIFICATE-----