Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x3_X_lptYCE7KGxz6kgvXRm4S0w.roa
File:                     x3_X_lptYCE7KGxz6kgvXRm4S0w.roa (raw, json)
Hash identifier:          PuGekiPECO3Yo3B/29VS8ZPzoZxUe74DFcQn2PYungQ=
Subject key identifier:   C7:7F:D7:FE:5A:6D:60:21:3B:28:6C:73:EA:48:2F:5D:19:B8:4B:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCFB686C84572C353AE4F4088EC07A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x3_X_lptYCE7KGxz6kgvXRm4S0w.roa
Signing time:             Tue 02 Jan 2024 06:29:34 +0000
ROA not before:           Tue 02 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        185.216.68.0/24 maxlen: 24
                          2a00:1728:3f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:fb:68:6c:84:57:2c:35:3a:e4:f4:08:8e:c0:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c77fd7fe5a6d60213b286c73ea482f5d19b84b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:04:dd:62:fa:56:ea:bd:9c:14:91:e6:cd:56:
                    5a:ec:34:f8:89:34:d4:73:d7:c8:08:27:85:20:8e:
                    5c:6c:1f:39:0d:ef:7e:c5:57:4e:df:6d:76:3c:eb:
                    61:db:fb:f9:33:b1:0d:ac:5d:97:e2:f1:58:89:90:
                    2a:b0:11:35:ce:b2:25:c5:15:d0:06:78:5d:ce:75:
                    0e:f1:9f:38:ad:bd:ac:f1:2e:f6:49:4f:48:df:c2:
                    64:3b:18:37:20:d4:bb:62:0a:43:a9:7d:1c:28:2b:
                    c7:c1:51:42:72:f8:f0:1a:c3:37:1d:aa:02:f8:7c:
                    d7:9a:24:3a:8c:82:7b:ca:e2:a4:49:1a:51:ee:3d:
                    37:c8:ef:77:43:e1:63:79:8a:90:87:ab:6d:bb:b8:
                    0c:16:7c:a4:a4:2e:60:04:f6:76:50:77:a5:48:a0:
                    aa:b2:3e:77:42:5d:50:33:81:a5:52:c8:84:2f:aa:
                    fd:e2:84:20:63:97:7f:68:5c:3a:5a:3b:73:e2:63:
                    76:c3:8f:3f:dd:bf:4e:ef:6f:53:4e:d9:4a:8f:00:
                    fc:24:66:d8:cd:bd:ed:6a:86:df:0f:e7:17:71:81:
                    c9:cf:7d:52:cb:24:43:db:7a:e1:2c:85:94:54:29:
                    c1:f8:92:1c:6b:82:47:43:f3:4b:8b:4c:f0:eb:2b:
                    4b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7F:D7:FE:5A:6D:60:21:3B:28:6C:73:EA:48:2F:5D:19:B8:4B:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x3_X_lptYCE7KGxz6kgvXRm4S0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.68.0/24
                IPv6:
                  2a00:1728:3f::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:e1:7e:0f:62:ff:0a:2c:d4:ff:19:e3:6c:f2:2b:1b:9d:5a:
         a6:fa:1e:4d:19:d5:da:b9:af:69:64:b1:b8:b8:bc:5b:33:bb:
         4a:af:0c:93:0f:88:97:54:eb:7e:52:ab:2e:f2:f9:a4:79:4b:
         27:fc:bd:e3:30:f4:c1:c8:0d:9b:1c:27:f2:68:ce:be:d1:6a:
         55:cb:35:45:a4:3f:4f:c5:f2:98:01:b1:18:c1:01:32:84:0d:
         a0:e1:71:1c:33:67:64:b5:5e:41:01:ab:9f:b3:e2:b3:28:f0:
         9b:ba:e8:97:22:c9:b6:4c:8a:1c:ce:5a:df:f7:1b:41:70:6c:
         03:7a:69:5a:8c:92:af:b8:60:cf:ad:d4:33:c0:a8:4c:77:cf:
         5a:a0:28:ea:68:ca:16:e7:7c:cc:a1:6d:5d:45:ef:dc:ba:4e:
         3a:09:f4:02:b2:9f:75:d5:39:a3:4c:7f:07:b3:a4:11:b8:45:
         74:3f:05:f4:8e:e3:0a:bf:63:9b:b0:a7:68:4f:08:53:d8:50:
         de:d7:89:26:31:f1:6f:e5:98:b8:b3:bd:d1:80:8a:72:ef:21:
         60:d7:51:4b:b9:86:d5:82:67:be:45:98:15:d4:34:35:e1:9a:
         9a:a5:e3:d4:14:0b:61:71:44:78:08:86:ad:3d:7b:f8:71:ef:
         2b:93:3e:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3PtobIRXLDU65PQIjsB6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdmZDdmZTVhNmQ2MDIxM2IyODZjNzNlYTQ4MmY1ZDE5Yjg0YjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgTdYvpW6r2cFJHmzVZa7DT4iTTU
c9fICCeFII5cbB85De9+xVdO3212POth2/v5M7ENrF2X4vFYiZAqsBE1zrIlxRXQ
BnhdznUO8Z84rb2s8S72SU9I38JkOxg3INS7YgpDqX0cKCvHwVFCcvjwGsM3HaoC
+HzXmiQ6jIJ7yuKkSRpR7j03yO93Q+FjeYqQh6ttu7gMFnykpC5gBPZ2UHelSKCq
sj53Ql1QM4GlUsiEL6r94oQgY5d/aFw6Wjtz4mN2w48/3b9O729TTtlKjwD8JGbY
zb3taobfD+cXcYHJz31SyyRD23rhLIWUVCnB+JIca4JHQ/NLi0zw6ytLIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMd/1/5abWAhOyhsc+pIL10ZuEtMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveDNfWF9scHRZQ0U3S0d4ejZrZ3ZYUm00UzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAudhEMA8E
AgACMAkDBwAqABcoAD8wDQYJKoZIhvcNAQELBQADggEBAEDhfg9i/wos1P8Z42zy
KxudWqb6Hk0Z1dq5r2lksbi4vFszu0qvDJMPiJdU635Sqy7y+aR5Syf8veMw9MHI
DZscJ/Jozr7RalXLNUWkP0/F8pgBsRjBATKEDaDhcRwzZ2S1XkEBq5+z4rMo8Ju6
6JciybZMihzOWt/3G0FwbAN6aVqMkq+4YM+t1DPAqEx3z1qgKOpoyhbnfMyhbV1F
79y6TjoJ9AKyn3XVOaNMfwezpBG4RXQ/BfSO4wq/Y5uwp2hPCFPYUN7XiSYx8W/l
mLizvdGAinLvIWDXUUu5htWCZ75FmBXUNDXhmpql49QUC2FxRHgIhq09e/hx7yuT
Ph8=
-----END CERTIFICATE-----