Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/Pk3rT_LrAIL8eoa8iay3qtAt7Ws.roa
File:                     Pk3rT_LrAIL8eoa8iay3qtAt7Ws.roa (raw, json)
Hash identifier:          qBIGBHmo+nUWMpB5ZRg16jd45LbyLoyy1ZI3KBGsIRU=
Subject key identifier:   3E:4D:EB:4F:F2:EB:00:82:FC:7A:86:BC:89:AC:B7:AA:D0:2D:ED:6B
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018DC20B11E72710D9CAB808836821CB5541
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/Pk3rT_LrAIL8eoa8iay3qtAt7Ws.roa
Signing time:             Mon 19 Feb 2024 15:45:21 +0000
ROA not before:           Mon 19 Feb 2024 15:45:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208864
IP address blocks:        193.151.184.0/23 maxlen: 23
                          193.151.186.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:0b:11:e7:27:10:d9:ca:b8:08:83:68:21:cb:55:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb 19 15:45:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e4deb4ff2eb0082fc7a86bc89acb7aad02ded6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:28:27:1b:8f:e8:8e:86:36:6d:93:a2:de:df:
                    1f:e4:16:98:8f:a3:cd:d7:a8:45:9a:f6:6f:83:88:
                    87:e3:e5:77:1a:1c:77:03:d9:4a:0c:01:4c:9d:19:
                    d7:b9:d3:e2:15:b9:b1:8e:f6:98:44:92:f9:26:be:
                    dc:c4:5b:94:97:0a:6d:58:56:14:a7:72:84:f8:71:
                    43:d8:9f:15:f2:3d:62:25:d6:9e:57:4a:87:a4:25:
                    00:07:d0:ee:c9:ab:57:6d:ed:54:d4:16:0c:25:e0:
                    d9:64:bc:13:6b:cf:9e:9f:46:5b:28:83:02:51:4c:
                    1d:db:00:88:d9:dc:b7:50:cc:97:db:61:92:d9:68:
                    e7:0e:6b:07:00:4a:28:fe:6e:55:6e:2f:07:32:af:
                    37:7f:00:a8:12:ee:34:ba:3a:e7:62:44:da:73:92:
                    c3:12:60:e6:b1:10:7d:a6:c4:2a:e5:8c:15:5f:b1:
                    61:74:b8:7a:c3:ec:f0:63:02:da:85:65:46:22:58:
                    a8:3b:df:7d:90:fa:28:bd:5e:e7:47:1e:1a:21:55:
                    9f:68:ee:fc:41:2a:24:f4:f6:87:4b:c3:63:a4:fc:
                    12:69:71:85:99:48:52:3c:00:0f:cd:80:de:ef:3d:
                    af:58:ea:7f:c6:68:e0:f9:86:54:36:a3:9d:b2:cd:
                    7e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4D:EB:4F:F2:EB:00:82:FC:7A:86:BC:89:AC:B7:AA:D0:2D:ED:6B
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/Pk3rT_LrAIL8eoa8iay3qtAt7Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:23:cb:44:00:c0:13:94:f3:e4:26:f9:77:7a:c5:b2:5c:3a:
         60:f4:cf:72:77:7f:38:fe:9b:79:e5:c9:da:1a:b1:66:db:16:
         80:55:61:2b:ae:ad:d2:bf:a1:67:fa:33:78:e5:d7:37:cb:c1:
         95:41:63:6d:5d:81:6f:ba:04:84:1e:1b:37:29:8e:44:99:7a:
         df:b0:2e:52:11:52:54:11:29:40:86:cd:85:ce:60:ca:ca:32:
         6c:64:dd:87:c4:fc:5c:10:77:99:32:e4:e7:fc:c7:8f:2a:fa:
         cb:b1:63:de:d5:2e:ae:ef:35:aa:20:d6:81:96:e3:46:44:06:
         4f:80:c5:c9:09:1c:98:ad:20:fe:8d:09:fc:1a:a9:c6:7d:ab:
         7e:e6:a8:08:dc:24:7a:dd:96:da:2f:18:35:b6:17:21:01:7a:
         7d:c1:fe:53:e2:b5:90:69:90:a8:ac:f2:7c:0c:fa:10:52:a1:
         c1:03:b0:5d:d7:2a:81:56:64:2c:45:4b:d2:77:99:9e:df:c4:
         0c:4a:cc:1a:72:83:04:76:12:12:95:54:fa:3a:97:35:e0:79:
         59:36:54:c6:0b:2d:75:0d:fa:9f:3f:f2:da:a6:6f:5f:7f:ef:
         30:ce:54:0d:6c:70:d5:b5:87:fb:2c:81:0e:f8:dd:61:c0:93:
         dd:cb:85:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3CCxHnJxDZyrgIg2ghy1VBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMjE5MTU0NTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRkZWI0ZmYyZWIwMDgyZmM3YTg2YmM4OWFjYjdhYWQwMmRlZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCgnG4/ojoY2bZOi3t8f5BaYj6PN
16hFmvZvg4iH4+V3Ghx3A9lKDAFMnRnXudPiFbmxjvaYRJL5Jr7cxFuUlwptWFYU
p3KE+HFD2J8V8j1iJdaeV0qHpCUAB9DuyatXbe1U1BYMJeDZZLwTa8+en0ZbKIMC
UUwd2wCI2dy3UMyX22GS2WjnDmsHAEoo/m5Vbi8HMq83fwCoEu40ujrnYkTac5LD
EmDmsRB9psQq5YwVX7FhdLh6w+zwYwLahWVGIlioO999kPoovV7nRx4aIVWfaO78
QSok9PaHS8NjpPwSaXGFmUhSPAAPzYDe7z2vWOp/xmjg+YZUNqOdss1+1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5N60/y6wCC/HqGvImst6rQLe1rMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvUGszclRfTHJBSUw4ZW9hOGlheTNxdEF0N1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBbI8tEAMATlPPkJvl3esWyXDpg9M9yd384/pt55cna
GrFm2xaAVWErrq3Sv6Fn+jN45dc3y8GVQWNtXYFvugSEHhs3KY5EmXrfsC5SEVJU
ESlAhs2FzmDKyjJsZN2HxPxcEHeZMuTn/MePKvrLsWPe1S6u7zWqINaBluNGRAZP
gMXJCRyYrSD+jQn8GqnGfat+5qgI3CR63ZbaLxg1thchAXp9wf5T4rWQaZCorPJ8
DPoQUqHBA7Bd1yqBVmQsRUvSd5me38QMSswacoMEdhISlVT6Opc14HlZNlTGCy11
DfqfP/Lapm9ff+8wzlQNbHDVtYf7LIEO+N1hwJPdy4W5
-----END CERTIFICATE-----