Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/3gLtSDLEe6rtZLYjTGS-p898gGg.roa
File:                     3gLtSDLEe6rtZLYjTGS-p898gGg.roa (raw, json)
Hash identifier:          MNsiVtjxGnS+4S66O4z33HHRr03ktwKBRe32ALWdmQc=
Subject key identifier:   DE:02:ED:48:32:C4:7B:AA:ED:64:B6:23:4C:64:BE:A7:CF:7C:80:68
Certificate issuer:       /CN=5393ab93e85701a73ef4d5e00ed6eb9893937394
Certificate serial:       018CC6B93F32E9AA25CC55F327D7E4CF4232
Authority key identifier: 53:93:AB:93:E8:57:01:A7:3E:F4:D5:E0:0E:D6:EB:98:93:93:73:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U5Ork-hXAac-9NXgDtbrmJOTc5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/3gLtSDLEe6rtZLYjTGS-p898gGg.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31638
IP address blocks:        185.77.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/U5Ork-hXAac-9NXgDtbrmJOTc5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/U5Ork-hXAac-9NXgDtbrmJOTc5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U5Ork-hXAac-9NXgDtbrmJOTc5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3f:32:e9:aa:25:cc:55:f3:27:d7:e4:cf:42:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5393ab93e85701a73ef4d5e00ed6eb9893937394
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de02ed4832c47baaed64b6234c64bea7cf7c8068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e6:ab:83:74:87:fe:b2:70:3a:99:12:e1:68:
                    02:58:6b:e6:37:a8:98:71:eb:3c:d2:10:4a:31:ca:
                    b1:f5:77:6c:8c:10:56:29:a1:45:d6:71:3f:50:51:
                    20:0f:bc:05:3a:60:8a:39:25:d9:d8:3d:60:23:06:
                    5c:c8:c0:e0:a4:47:4a:80:52:2a:69:1c:8e:52:e8:
                    05:70:c0:d3:e7:13:64:e6:1b:1e:be:08:01:0e:b1:
                    cf:f0:5a:b5:ad:3d:4e:d3:f0:9c:a6:dc:b9:d3:3f:
                    aa:96:4a:e9:22:55:68:b5:99:5a:9f:53:fd:1c:76:
                    00:62:02:c9:7e:8b:8e:80:7b:28:bb:6b:23:66:37:
                    57:b2:9e:0c:4f:41:43:21:0d:31:5a:2d:d6:d3:84:
                    06:ab:b2:2f:2d:c1:e2:52:fa:cb:99:2b:c6:58:96:
                    a0:34:68:d6:13:b6:b0:67:e4:b0:d3:30:80:21:a3:
                    cc:a6:6f:86:69:99:72:f9:29:59:80:a7:ad:fe:a2:
                    df:0f:d6:ce:be:c8:6a:06:58:76:25:93:09:a5:63:
                    3d:ee:cf:3e:64:07:a2:60:54:77:fd:72:b4:f1:bc:
                    a5:7c:e2:e5:2b:e0:c0:9b:d8:81:c0:96:ae:f1:33:
                    86:2c:a8:90:91:a5:b9:11:79:94:3b:2a:55:d2:f5:
                    6e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:02:ED:48:32:C4:7B:AA:ED:64:B6:23:4C:64:BE:A7:CF:7C:80:68
            X509v3 Authority Key Identifier:
                keyid:53:93:AB:93:E8:57:01:A7:3E:F4:D5:E0:0E:D6:EB:98:93:93:73:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U5Ork-hXAac-9NXgDtbrmJOTc5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/3gLtSDLEe6rtZLYjTGS-p898gGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ad7662-73ff-4594-8e30-59a7efd384c0/1/U5Ork-hXAac-9NXgDtbrmJOTc5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:9d:45:73:fa:21:8c:2b:ca:53:60:96:bd:b4:13:d2:b3:9d:
         12:41:b8:48:52:1d:43:a6:b6:9e:16:42:90:11:be:55:91:73:
         f2:32:8a:11:29:84:36:13:c8:bf:e9:95:e6:da:f3:c6:10:9b:
         9e:43:46:73:d5:b0:32:37:9d:4e:77:9e:98:78:73:d0:07:14:
         8e:be:43:1b:1c:5d:14:8b:1b:0b:e4:e1:8d:4e:84:60:de:85:
         f9:07:47:d1:2e:d4:06:ef:5f:77:89:c7:65:01:4f:25:8f:f1:
         92:d7:ba:27:fd:3d:33:21:27:67:33:3c:c1:96:e3:48:66:29:
         44:0d:28:01:99:58:07:07:f0:22:ad:95:d0:26:bd:50:34:7f:
         ec:8e:a5:ee:18:b1:28:7b:4b:25:50:69:4b:33:f9:45:01:ec:
         2a:a3:01:6a:02:a2:ad:2f:65:91:41:ae:2f:20:93:9d:c1:ce:
         ec:84:60:5a:25:3f:c6:5f:a3:79:75:e5:41:f9:91:9b:30:66:
         29:45:84:77:0f:be:e5:68:87:ce:4b:aa:35:8b:90:d0:38:c6:
         31:b0:11:bf:21:dd:ff:9b:5d:83:fd:aa:f4:0d:3b:2b:71:27:
         49:ee:36:9e:4b:20:a4:0d:9a:51:d3:dd:d7:4e:1d:1b:9b:ae:
         47:eb:6c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT8y6aolzFXzJ9fkz0IyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzOTNhYjkzZTg1NzAxYTczZWY0ZDVlMDBlZDZlYjk4OTM5
MzczOTQwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTAyZWQ0ODMyYzQ3YmFhZWQ2NGI2MjM0YzY0YmVhN2NmN2M4MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOarg3SH/rJwOpkS4WgCWGvmN6iY
ces80hBKMcqx9XdsjBBWKaFF1nE/UFEgD7wFOmCKOSXZ2D1gIwZcyMDgpEdKgFIq
aRyOUugFcMDT5xNk5hsevggBDrHP8Fq1rT1O0/Ccpty50z+qlkrpIlVotZlan1P9
HHYAYgLJfouOgHsou2sjZjdXsp4MT0FDIQ0xWi3W04QGq7IvLcHiUvrLmSvGWJag
NGjWE7awZ+Sw0zCAIaPMpm+GaZly+SlZgKet/qLfD9bOvshqBlh2JZMJpWM97s8+
ZAeiYFR3/XK08bylfOLlK+DAm9iBwJau8TOGLKiQkaW5EXmUOypV0vVuGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4C7UgyxHuq7WS2I0xkvqfPfIBoMB8GA1UdIwQY
MBaAFFOTq5PoVwGnPvTV4A7W65iTk3OUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTVPcmstaFhBYWMtOU5YZ0R0YnJtSk9UYzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9hZDc2NjItNzNmZi00NTk0LThlMzAt
NTlhN2VmZDM4NGMwLzEvM2dMdFNETEVlNnJ0WkxZalRHUy1wODk4Z0dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9hZDc2NjItNzNmZi00NTk0LThlMzAtNTlhN2VmZDM4NGMw
LzEvVTVPcmstaFhBYWMtOU5YZ0R0YnJtSk9UYzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU2hMA0G
CSqGSIb3DQEBCwUAA4IBAQBinUVz+iGMK8pTYJa9tBPSs50SQbhIUh1DpraeFkKQ
Eb5VkXPyMooRKYQ2E8i/6ZXm2vPGEJueQ0Zz1bAyN51Od56YeHPQBxSOvkMbHF0U
ixsL5OGNToRg3oX5B0fRLtQG7193icdlAU8lj/GS17on/T0zISdnMzzBluNIZilE
DSgBmVgHB/AirZXQJr1QNH/sjqXuGLEoe0slUGlLM/lFAewqowFqAqKtL2WRQa4v
IJOdwc7shGBaJT/GX6N5deVB+ZGbMGYpRYR3D77laIfOS6o1i5DQOMYxsBG/Id3/
m12D/ar0DTsrcSdJ7jaeSyCkDZpR093XTh0bm65H62wi
-----END CERTIFICATE-----