Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/kB-E8xzmSjKzcyzEqs7joXHBCtA.roa
File:                     kB-E8xzmSjKzcyzEqs7joXHBCtA.roa (raw, json)
Hash identifier:          +1VJL/m7xXjxk8fCwsathTUCsZW7PEzA/sB18O4wkX0=
Subject key identifier:   90:1F:84:F3:1C:E6:4A:32:B3:73:2C:C4:AA:CE:E3:A1:71:C1:0A:D0
Certificate issuer:       /CN=237fe64d6848f80120abe695e31fac49ca5d07f3
Certificate serial:       0192843A14E83FC762DAAA3AE7915C811C13
Authority key identifier: 23:7F:E6:4D:68:48:F8:01:20:AB:E6:95:E3:1F:AC:49:CA:5D:07:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3_mTWhI-AEgq-aV4x-sScpdB_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/kB-E8xzmSjKzcyzEqs7joXHBCtA.roa
Signing time:             Sun 13 Oct 2024 04:54:11 +0000
ROA not before:           Sun 13 Oct 2024 04:54:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        185.105.192.0/22 maxlen: 22
                          2a06:3880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/I3_mTWhI-AEgq-aV4x-sScpdB_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/I3_mTWhI-AEgq-aV4x-sScpdB_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3_mTWhI-AEgq-aV4x-sScpdB_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:84:3a:14:e8:3f:c7:62:da:aa:3a:e7:91:5c:81:1c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237fe64d6848f80120abe695e31fac49ca5d07f3
        Validity
            Not Before: Oct 13 04:54:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=901f84f31ce64a32b3732cc4aacee3a171c10ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3c:06:c4:16:67:ac:1d:ab:aa:6f:ef:34:55:
                    0f:22:8e:5c:65:4c:3a:cf:67:58:ce:56:fb:7f:78:
                    b3:b6:37:23:7c:18:ff:42:5d:df:6b:54:d3:aa:0a:
                    16:12:f9:27:3f:dd:af:b6:0a:7a:4c:da:03:5e:d7:
                    15:c7:f0:51:68:15:b1:d8:48:b8:31:49:9d:7c:f3:
                    59:7a:ba:25:1b:7e:f7:dc:6e:52:db:02:70:ba:01:
                    0e:77:df:88:cf:7e:53:3d:6c:95:48:cf:d3:9c:97:
                    3d:f5:60:34:36:42:05:81:39:46:0b:a3:78:26:02:
                    c2:8d:92:89:35:01:90:24:90:e2:b5:d1:66:35:dd:
                    0b:24:25:74:79:e1:06:f2:30:5b:83:c9:e6:79:07:
                    02:3a:67:c3:48:c0:b8:7b:b3:8f:ee:5e:71:d7:d6:
                    ff:ee:ff:93:a3:80:f3:57:72:02:7f:39:71:72:0f:
                    c1:1d:66:88:c7:df:49:97:bd:3b:f8:e2:a4:cc:1b:
                    94:eb:0d:69:79:57:23:36:f7:ca:76:a9:ac:64:27:
                    bb:26:a6:a1:95:87:c6:02:51:a0:57:9a:ec:ff:6c:
                    c5:a7:7c:75:53:cd:26:c4:7a:92:b9:c9:70:ab:36:
                    c4:37:13:9f:28:74:a4:ab:8a:3a:6a:3a:67:ef:0b:
                    ab:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1F:84:F3:1C:E6:4A:32:B3:73:2C:C4:AA:CE:E3:A1:71:C1:0A:D0
            X509v3 Authority Key Identifier:
                keyid:23:7F:E6:4D:68:48:F8:01:20:AB:E6:95:E3:1F:AC:49:CA:5D:07:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3_mTWhI-AEgq-aV4x-sScpdB_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/kB-E8xzmSjKzcyzEqs7joXHBCtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/70c39f-5131-4002-b1fc-fd213722bff9/1/I3_mTWhI-AEgq-aV4x-sScpdB_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.192.0/22
                IPv6:
                  2a06:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:40:33:e4:cd:e4:4b:65:e1:aa:49:c4:29:bf:52:c5:74:61:
         80:21:4a:c5:8e:6b:88:9f:b7:e6:1a:f9:4a:aa:d8:bc:4b:e6:
         30:bf:79:3f:94:b9:22:18:18:57:8a:f4:13:6b:d0:75:db:69:
         29:2a:fb:75:28:c8:40:20:0c:88:6e:17:13:99:de:de:c1:18:
         31:f3:31:70:ec:80:c5:1e:f4:03:1f:86:2a:47:13:ad:e0:68:
         22:fa:62:15:2a:92:c2:1c:49:3f:44:a4:fa:65:dc:00:51:09:
         df:79:86:b3:f7:2d:5d:04:d5:00:7f:ce:78:47:6a:d8:9c:c0:
         27:12:d0:7f:ba:7e:0d:6d:4a:b3:ae:d4:8c:0c:21:5e:8e:86:
         79:b7:0d:20:59:09:52:ae:ee:64:83:ad:8d:26:3e:71:41:63:
         90:67:29:9d:54:ad:19:ce:73:ec:7d:42:80:23:f2:b4:c8:13:
         9e:07:3f:f1:a6:ab:63:8c:32:71:12:35:e1:af:e3:5d:b0:59:
         21:45:91:42:43:73:e0:c2:45:0c:cb:8d:6c:fc:c0:8c:e2:e2:
         0c:36:73:9b:87:98:7d:46:5d:3c:f8:1d:33:d3:5b:56:b8:cb:
         d2:c5:35:75:48:ce:2d:9d:d2:3c:4d:9c:e0:11:7d:89:98:69:
         8d:f5:6b:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKEOhToP8di2qo655FcgRwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzN2ZlNjRkNjg0OGY4MDEyMGFiZTY5NWUzMWZhYzQ5Y2E1
ZDA3ZjMwHhcNMjQxMDEzMDQ1NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFmODRmMzFjZTY0YTMyYjM3MzJjYzRhYWNlZTNhMTcxYzEwYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TwGxBZnrB2rqm/vNFUPIo5cZUw6
z2dYzlb7f3iztjcjfBj/Ql3fa1TTqgoWEvknP92vtgp6TNoDXtcVx/BRaBWx2Ei4
MUmdfPNZerolG3733G5S2wJwugEOd9+Iz35TPWyVSM/TnJc99WA0NkIFgTlGC6N4
JgLCjZKJNQGQJJDitdFmNd0LJCV0eeEG8jBbg8nmeQcCOmfDSMC4e7OP7l5x19b/
7v+To4DzV3ICfzlxcg/BHWaIx99Jl707+OKkzBuU6w1peVcjNvfKdqmsZCe7Jqah
lYfGAlGgV5rs/2zFp3x1U80mxHqSuclwqzbENxOfKHSkq4o6ajpn7wurUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJAfhPMc5koys3MsxKrO46FxwQrQMB8GA1UdIwQY
MBaAFCN/5k1oSPgBIKvmleMfrEnKXQfzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNfbVRXaEktQUVncS1hVjR4LXNTY3BkQl9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83MGMzOWYtNTEzMS00MDAyLWIxZmMt
ZmQyMTM3MjJiZmY5LzEva0ItRTh4em1Takt6Y3l6RXFzN2pvWEhCQ3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83MGMzOWYtNTEzMS00MDAyLWIxZmMtZmQyMTM3MjJiZmY5
LzEvSTNfbVRXaEktQUVncS1hVjR4LXNTY3BkQl9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWnAMA0E
AgACMAcDBQMqBjiAMA0GCSqGSIb3DQEBCwUAA4IBAQBKQDPkzeRLZeGqScQpv1LF
dGGAIUrFjmuIn7fmGvlKqti8S+Ywv3k/lLkiGBhXivQTa9B122kpKvt1KMhAIAyI
bhcTmd7ewRgx8zFw7IDFHvQDH4YqRxOt4Ggi+mIVKpLCHEk/RKT6ZdwAUQnfeYaz
9y1dBNUAf854R2rYnMAnEtB/un4NbUqzrtSMDCFejoZ5tw0gWQlSru5kg62NJj5x
QWOQZymdVK0ZznPsfUKAI/K0yBOeBz/xpqtjjDJxEjXhr+NdsFkhRZFCQ3PgwkUM
y41s/MCM4uIMNnObh5h9Rl08+B0z01tWuMvSxTV1SM4tndI8TZzgEX2JmGmN9WsS
-----END CERTIFICATE-----