Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/S3o-bkK1F9rvq2-xPTn1Gd5eQ3Q.roa
File:                     S3o-bkK1F9rvq2-xPTn1Gd5eQ3Q.roa (raw, json)
Hash identifier:          wev6Z+HBEmjPjPP6rlwv3ces9MjrBONw7VISCE+w+3k=
Subject key identifier:   4B:7A:3E:6E:42:B5:17:DA:EF:AB:6F:B1:3D:39:F5:19:DE:5E:43:74
Certificate issuer:       /CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
Certificate serial:       018CC6B9269CBAC727EB2838509976692CFF
Authority key identifier: 7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/S3o-bkK1F9rvq2-xPTn1Gd5eQ3Q.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64433
IP address blocks:        185.117.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:26:9c:ba:c7:27:eb:28:38:50:99:76:69:2c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7a3e6e42b517daefab6fb13d39f519de5e4374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6f:22:18:99:42:95:23:22:68:e4:3e:9d:c5:
                    fe:63:86:04:81:12:a7:47:c3:23:2a:d9:3f:61:89:
                    58:83:52:c8:37:a9:b6:43:6a:19:b9:ec:58:7e:dd:
                    fe:0d:0d:91:2e:6e:40:4b:f2:38:a9:d9:86:2f:a7:
                    e4:32:b9:dc:66:6b:b0:20:0a:8f:27:c1:6f:c2:a9:
                    c8:0f:1c:b5:31:18:b2:4e:0e:17:20:80:87:b4:c4:
                    d2:88:40:dd:4d:c6:6d:a3:b4:1c:c6:0d:98:2d:ab:
                    b7:81:a7:48:0b:b0:55:e7:62:ce:a5:51:a2:4d:47:
                    5d:30:97:59:15:71:a4:ac:89:68:a5:68:e9:ee:62:
                    93:f7:a6:4a:a4:fc:e0:1a:13:38:5b:66:48:a0:42:
                    1e:cf:8e:44:62:d8:b6:df:40:73:69:30:9c:b4:3d:
                    cb:6b:5a:13:2e:bf:4e:0d:7b:f6:5f:95:9a:aa:dd:
                    8b:7c:3f:8f:bc:17:54:7a:a2:c9:81:59:d0:4b:2f:
                    f8:43:b0:32:e5:f0:32:10:b3:97:39:9f:e1:91:bf:
                    ec:ae:0d:8c:fa:d4:62:58:67:4d:75:6f:67:25:31:
                    52:92:57:1a:8d:80:91:92:14:17:be:00:5d:c1:c1:
                    b3:89:ba:71:29:21:0c:be:43:d4:d1:23:40:5e:6d:
                    5d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7A:3E:6E:42:B5:17:DA:EF:AB:6F:B1:3D:39:F5:19:DE:5E:43:74
            X509v3 Authority Key Identifier:
                keyid:7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/S3o-bkK1F9rvq2-xPTn1Gd5eQ3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b3:65:6d:fe:d2:d6:2d:25:e7:6e:63:01:50:d7:a3:f6:c8:
         0e:f6:4d:f5:ac:30:cb:55:f7:a7:bb:45:05:b3:cf:88:ae:0f:
         62:ff:56:ac:e0:83:8c:eb:31:b1:c7:96:d7:f6:ca:33:39:c9:
         7d:c8:6a:e6:09:25:52:5d:8d:28:3e:a1:41:0a:d9:02:67:7c:
         6a:67:0b:24:ae:7b:51:99:76:92:e0:32:3d:de:d2:c0:96:0a:
         2d:11:73:25:c4:63:57:84:b0:ed:d9:aa:55:f5:61:ad:fd:08:
         fb:7c:70:ee:2c:18:25:6b:46:a2:0b:ea:10:7d:26:b2:2f:b6:
         9c:04:ed:c7:c3:ed:26:10:1d:e1:00:7b:f7:e1:72:93:36:9f:
         84:84:8c:4f:23:66:71:c0:90:38:f3:2b:91:33:45:4e:48:52:
         35:3d:da:c0:7c:68:08:c8:9d:46:82:56:da:a3:18:4d:86:c1:
         1f:fc:cd:18:81:69:09:d9:88:75:9b:e1:44:99:ec:8f:86:06:
         8f:cb:31:25:25:72:09:d8:8d:fb:79:e2:fb:4a:8c:40:db:00:
         29:dd:71:31:70:fa:61:9d:56:d0:c0:bd:38:e6:61:50:05:5f:
         01:3d:1e:6c:0e:85:69:8b:23:aa:fe:d4:f3:c1:88:7d:9b:ef:
         44:c7:87:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSacuscn6yg4UJl2aSz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTVjMGY5NWFiN2JlOGI4NWY3MTFmYTQzMzY2NWMxNGU2
ZTkzNTkwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdhM2U2ZTQyYjUxN2RhZWZhYjZmYjEzZDM5ZjUxOWRlNWU0Mzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm8iGJlClSMiaOQ+ncX+Y4YEgRKn
R8MjKtk/YYlYg1LIN6m2Q2oZuexYft3+DQ2RLm5AS/I4qdmGL6fkMrncZmuwIAqP
J8FvwqnIDxy1MRiyTg4XIICHtMTSiEDdTcZto7Qcxg2YLau3gadIC7BV52LOpVGi
TUddMJdZFXGkrIlopWjp7mKT96ZKpPzgGhM4W2ZIoEIez45EYti230BzaTCctD3L
a1oTLr9ODXv2X5Waqt2LfD+PvBdUeqLJgVnQSy/4Q7Ay5fAyELOXOZ/hkb/srg2M
+tRiWGdNdW9nJTFSklcajYCRkhQXvgBdwcGzibpxKSEMvkPU0SNAXm1dzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt6Pm5CtRfa76tvsT059RneXkN0MB8GA1UdIwQY
MBaAFH7lwPlat76LhfcR+kM2ZcFObpNZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEt
OTAxOTRiZDY4NDI4LzEvUzNvLWJrSzFGOXJ2cTIteFBUbjFHZDVlUTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEtOTAxOTRiZDY4NDI4
LzEvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXUdMA0G
CSqGSIb3DQEBCwUAA4IBAQCes2Vt/tLWLSXnbmMBUNej9sgO9k31rDDLVfenu0UF
s8+Irg9i/1as4IOM6zGxx5bX9sozOcl9yGrmCSVSXY0oPqFBCtkCZ3xqZwskrntR
mXaS4DI93tLAlgotEXMlxGNXhLDt2apV9WGt/Qj7fHDuLBgla0aiC+oQfSayL7ac
BO3Hw+0mEB3hAHv34XKTNp+EhIxPI2ZxwJA48yuRM0VOSFI1PdrAfGgIyJ1Gglba
oxhNhsEf/M0YgWkJ2Yh1m+FEmeyPhgaPyzElJXIJ2I37eeL7SoxA2wAp3XExcPph
nVbQwL045mFQBV8BPR5sDoVpiyOq/tTzwYh9m+9Ex4f1
-----END CERTIFICATE-----