Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/V3bef9298fn7YtXzH9sNDdrUXaU.roa
File:                     V3bef9298fn7YtXzH9sNDdrUXaU.roa (raw, json)
Hash identifier:          qACxYertAD5VWzZVUlJhoCAPWcYOxREwhj/Jj+2Z7LQ=
Subject key identifier:   57:76:DE:7F:DD:BD:F1:F9:FB:62:D5:F3:1F:DB:0D:0D:DA:D4:5D:A5
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726EDB8F31FEB9DA05A32DDBE8ED6B2
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/V3bef9298fn7YtXzH9sNDdrUXaU.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212825
IP address blocks:        194.44.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ed:b8:f3:1f:eb:9d:a0:5a:32:dd:be:8e:d6:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5776de7fddbdf1f9fb62d5f31fdb0d0ddad45da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b2:b3:77:48:63:81:df:e1:aa:d1:42:66:cf:
                    b6:9a:36:8f:22:41:74:4a:02:b9:34:d1:66:6d:c6:
                    1d:97:3a:81:e5:90:78:62:f6:8c:7d:3c:70:79:60:
                    1c:d6:b3:b1:3a:d0:27:01:e6:bc:eb:a0:39:3d:bf:
                    83:bf:54:66:10:78:53:76:e4:db:01:26:19:b9:a6:
                    dc:e9:90:69:8a:84:f0:0a:96:5f:f3:b1:22:83:d8:
                    42:7b:f7:7b:5a:73:ac:3c:30:a3:2b:79:29:17:d9:
                    03:82:6b:53:4d:da:96:ce:46:78:03:a8:dd:16:a6:
                    78:f8:d4:4c:85:03:9a:7c:cd:b2:21:cf:fe:97:93:
                    0a:a3:a5:00:51:38:d6:86:2f:e0:42:95:c7:37:7c:
                    62:e7:ea:1f:76:6e:8d:66:96:a1:50:fa:7f:95:47:
                    4f:e5:8b:9f:53:d2:d5:b0:81:af:11:e5:2c:99:69:
                    fe:3d:73:ca:d6:34:9c:f4:c9:0f:c4:64:d9:f0:0d:
                    fb:45:c9:20:db:99:3e:1f:c4:53:26:41:c8:d2:01:
                    f9:63:d0:cf:9d:47:45:a6:73:7f:49:44:7a:f9:00:
                    c0:f1:3b:85:66:cb:cb:01:09:70:95:3c:b8:27:12:
                    de:fa:57:f4:dd:4b:ef:35:e2:ba:3f:ee:5f:5b:13:
                    c4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:76:DE:7F:DD:BD:F1:F9:FB:62:D5:F3:1F:DB:0D:0D:DA:D4:5D:A5
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/V3bef9298fn7YtXzH9sNDdrUXaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:80:a0:2f:53:39:30:4c:54:68:46:f7:75:40:45:c4:3c:05:
         45:09:42:0e:63:32:a6:db:21:9e:29:cb:70:e2:f5:4f:34:aa:
         ea:4c:60:a1:01:8f:49:47:83:e5:7d:94:d2:1f:ea:b7:a0:e4:
         4f:ad:cf:1c:19:d3:9e:06:2a:52:00:92:7a:f6:4d:6b:78:a6:
         9b:37:7b:ec:df:25:ec:56:41:68:d0:3f:04:84:73:fd:0e:28:
         12:9c:23:da:44:57:6b:56:e2:6f:70:7d:99:5e:0c:b6:4e:78:
         3c:f7:21:f0:47:59:b3:8c:0a:c1:51:d9:65:11:9f:2d:c6:26:
         d6:c4:bf:74:43:95:e7:f3:64:bd:c7:75:ec:71:76:7b:69:f5:
         87:45:8b:b4:72:55:4a:ab:f6:6a:cb:18:75:8f:0c:7d:b4:ba:
         05:bb:6a:1a:5a:ae:26:9f:83:4a:ea:4a:2c:b2:39:f4:b8:5a:
         1b:0f:8b:3c:4a:87:0e:2e:cb:f5:d6:6e:a7:40:c6:85:35:13:
         03:11:8e:71:b0:dc:fa:1b:24:4e:69:9f:36:a4:86:18:a2:f9:
         0f:f5:ab:c2:7f:06:37:29:0f:d5:4b:bd:bd:17:55:ff:31:16:
         0c:bf:e0:3a:05:7b:48:c0:4b:60:4a:d9:6e:46:fb:f7:9e:ff:
         0c:bf:ef:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJu248x/rnaBaMt2+jtayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Nzc2ZGU3ZmRkYmRmMWY5ZmI2MmQ1ZjMxZmRiMGQwZGRhZDQ1ZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LKzd0hjgd/hqtFCZs+2mjaPIkF0
SgK5NNFmbcYdlzqB5ZB4YvaMfTxweWAc1rOxOtAnAea866A5Pb+Dv1RmEHhTduTb
ASYZuabc6ZBpioTwCpZf87Eig9hCe/d7WnOsPDCjK3kpF9kDgmtTTdqWzkZ4A6jd
FqZ4+NRMhQOafM2yIc/+l5MKo6UAUTjWhi/gQpXHN3xi5+ofdm6NZpahUPp/lUdP
5YufU9LVsIGvEeUsmWn+PXPK1jSc9MkPxGTZ8A37Rckg25k+H8RTJkHI0gH5Y9DP
nUdFpnN/SUR6+QDA8TuFZsvLAQlwlTy4JxLe+lf03UvvNeK6P+5fWxPEewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFd23n/dvfH5+2LV8x/bDQ3a1F2lMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvVjNiZWY5Mjk4Zm43WXRYekg5c05EZHJVWGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiywMA0G
CSqGSIb3DQEBCwUAA4IBAQAkgKAvUzkwTFRoRvd1QEXEPAVFCUIOYzKm2yGeKctw
4vVPNKrqTGChAY9JR4PlfZTSH+q3oORPrc8cGdOeBipSAJJ69k1reKabN3vs3yXs
VkFo0D8EhHP9DigSnCPaRFdrVuJvcH2ZXgy2Tng89yHwR1mzjArBUdllEZ8txibW
xL90Q5Xn82S9x3XscXZ7afWHRYu0clVKq/Zqyxh1jwx9tLoFu2oaWq4mn4NK6kos
sjn0uFobD4s8SocOLsv11m6nQMaFNRMDEY5xsNz6GyROaZ82pIYYovkP9avCfwY3
KQ/VS729F1X/MRYMv+A6BXtIwEtgStluRvv3nv8Mv+/J
-----END CERTIFICATE-----