Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/MDIpdE3cIvDZ4ys9dmyxViT4NK8.roa
File:                     MDIpdE3cIvDZ4ys9dmyxViT4NK8.roa (raw, json)
Hash identifier:          3EBZBD2mvveL8x/k9u/M73utXrbbKt4HN7OeC5xMbpQ=
Subject key identifier:   30:32:29:74:4D:DC:22:F0:D9:E3:2B:3D:76:6C:B1:56:24:F8:34:AF
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       018CC8DF7425D61C7B21F87F9D3C65EF0B24
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/MDIpdE3cIvDZ4ys9dmyxViT4NK8.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197573
IP address blocks:        176.52.184.0/24 maxlen: 24
                          2a02:f181::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:74:25:d6:1c:7b:21:f8:7f:9d:3c:65:ef:0b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=303229744ddc22f0d9e32b3d766cb15624f834af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7c:45:7c:83:37:d9:5c:db:e4:34:ec:50:cb:
                    ba:29:f4:86:84:33:f2:b5:39:78:da:cf:cd:80:27:
                    66:ff:84:0b:84:3a:14:b3:32:87:51:07:bd:a7:0e:
                    d9:d8:f9:e7:e8:14:82:8a:53:40:fb:6c:a5:d9:b4:
                    87:38:5a:29:56:e0:ab:e8:41:5f:e7:83:0b:36:0a:
                    16:94:a0:4e:e5:4f:16:7d:03:0b:30:36:0e:4d:c9:
                    c1:2a:03:0c:2c:6d:3e:a1:8c:41:ea:4a:a5:59:97:
                    53:1f:6e:bc:fd:d9:34:e8:71:8d:5f:5f:7a:3b:0a:
                    91:b0:14:24:69:28:e0:ab:af:27:6d:56:4a:e4:37:
                    a8:4a:20:c5:96:89:85:cf:f2:3c:6f:49:b7:a2:5b:
                    f8:d8:83:8b:a5:c0:9d:4a:d4:59:f7:39:9e:83:52:
                    d2:20:c3:5e:48:a8:0b:3c:6a:f9:3c:94:bb:b7:fc:
                    bd:6f:3a:c9:4d:60:ec:60:4c:95:fd:1c:f7:5b:48:
                    34:5c:64:da:b7:cb:88:d1:15:00:fe:d6:1e:1b:7f:
                    9e:a3:34:62:71:f7:d4:24:3e:f8:b4:a0:fe:3a:09:
                    9d:fd:b0:e6:28:c2:58:e5:a5:04:b7:2d:09:c1:cd:
                    db:9d:3b:1e:1e:94:fd:36:4b:ed:f4:67:45:da:e4:
                    7a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:32:29:74:4D:DC:22:F0:D9:E3:2B:3D:76:6C:B1:56:24:F8:34:AF
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/MDIpdE3cIvDZ4ys9dmyxViT4NK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.184.0/24
                IPv6:
                  2a02:f181::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:01:51:e8:9a:83:48:ea:e4:01:b4:da:1c:1b:85:c1:e7:26:
         8b:f9:03:3e:26:f2:3c:9c:32:10:10:4a:4d:62:f2:66:46:7f:
         75:f3:73:76:2a:40:af:1b:a3:65:c5:b5:6b:46:bd:34:16:15:
         88:7e:36:69:88:0f:9e:c0:14:c1:75:90:de:c5:4e:f1:31:d7:
         a6:00:ef:cb:53:94:d9:3f:74:4b:71:81:ff:42:a3:34:50:38:
         03:fd:ba:d9:0a:4d:2d:dc:67:b9:e6:b6:e3:d6:fe:22:c7:91:
         7d:c1:5c:71:14:49:76:20:c1:22:2e:40:d0:c1:89:75:76:3b:
         9d:61:c1:6a:26:d0:43:c8:b1:3e:dd:da:54:5b:d0:02:fc:71:
         de:43:00:58:d5:3d:37:ad:70:71:0d:cb:37:74:60:13:76:3b:
         7e:70:f4:07:ac:de:18:e0:81:d3:37:e6:bc:a7:cc:fc:a7:f3:
         7d:07:2c:eb:b8:3a:72:79:41:e1:85:0a:2f:8f:3a:e0:98:9e:
         e4:1b:5c:b8:25:f7:fd:82:d9:d2:d6:f0:8f:54:59:ec:b0:41:
         2a:e7:e4:cb:01:7c:28:76:55:d1:a7:c5:1b:e1:a9:56:ff:e0:
         a0:b3:64:8d:eb:d5:d7:52:14:11:21:75:44:87:2d:30:fb:d4:
         b3:e9:02:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI33Ql1hx7Ifh/nTxl7wskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMyMjk3NDRkZGMyMmYwZDllMzJiM2Q3NjZjYjE1NjI0ZjgzNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nxFfIM32Vzb5DTsUMu6KfSGhDPy
tTl42s/NgCdm/4QLhDoUszKHUQe9pw7Z2Pnn6BSCilNA+2yl2bSHOFopVuCr6EFf
54MLNgoWlKBO5U8WfQMLMDYOTcnBKgMMLG0+oYxB6kqlWZdTH268/dk06HGNX196
OwqRsBQkaSjgq68nbVZK5DeoSiDFlomFz/I8b0m3olv42IOLpcCdStRZ9zmeg1LS
IMNeSKgLPGr5PJS7t/y9bzrJTWDsYEyV/Rz3W0g0XGTat8uI0RUA/tYeG3+eozRi
cffUJD74tKD+Ogmd/bDmKMJY5aUEty0Jwc3bnTseHpT9Nkvt9GdF2uR6YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDAyKXRN3CLw2eMrPXZssVYk+DSvMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvTURJcGRFM2NJdkRaNHlzOWRteXhWaVQ0Tks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsDS4MA8E
AgACMAkDBwAqAvGBAAAwDQYJKoZIhvcNAQELBQADggEBAFQBUeiag0jq5AG02hwb
hcHnJov5Az4m8jycMhAQSk1i8mZGf3Xzc3YqQK8bo2XFtWtGvTQWFYh+NmmID57A
FMF1kN7FTvEx16YA78tTlNk/dEtxgf9CozRQOAP9utkKTS3cZ7nmtuPW/iLHkX3B
XHEUSXYgwSIuQNDBiXV2O51hwWom0EPIsT7d2lRb0AL8cd5DAFjVPTetcHENyzd0
YBN2O35w9Aes3hjggdM35rynzPyn830HLOu4OnJ5QeGFCi+POuCYnuQbXLgl9/2C
2dLW8I9UWeywQSrn5MsBfCh2VdGnxRvhqVb/4KCzZI3r1ddSFBEhdUSHLTD71LPp
AhU=
-----END CERTIFICATE-----