Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/m_3Epat8o5j4rjSS4rTNgUTeMh0.roa
File:                     m_3Epat8o5j4rjSS4rTNgUTeMh0.roa (raw, json)
Hash identifier:          CUAJ5sgq1olpZGDoQ6cIaUd1tb420tkyc7IKDSPUuMA=
Subject key identifier:   9B:FD:C4:A5:AB:7C:A3:98:F8:AE:34:92:E2:B4:CD:81:44:DE:32:1D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018E991AE5C837B501F8E731F8836E76829C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/m_3Epat8o5j4rjSS4rTNgUTeMh0.roa
Signing time:             Mon 01 Apr 2024 10:01:00 +0000
ROA not before:           Mon 01 Apr 2024 10:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47418
IP address blocks:        147.45.35.0/24 maxlen: 24
                          193.233.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:99:1a:e5:c8:37:b5:01:f8:e7:31:f8:83:6e:76:82:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr  1 10:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bfdc4a5ab7ca398f8ae3492e2b4cd8144de321d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d2:ec:4e:98:79:e8:e1:72:bd:fb:fe:03:bd:
                    e1:2b:87:b7:92:7d:9b:be:55:74:c6:c5:3d:ed:22:
                    38:4a:0a:a0:c2:7e:03:ca:f8:f2:cc:8c:4f:77:f0:
                    3c:51:a0:72:dd:b1:56:00:a1:21:a1:f2:98:b7:8d:
                    4d:cb:ed:df:dd:c0:dd:9b:60:d0:43:17:29:5d:6c:
                    7a:6d:36:85:92:6d:d4:e4:ec:47:f2:62:ad:7d:7b:
                    aa:9c:50:38:9c:4a:36:88:5f:21:2b:cb:c4:10:56:
                    fc:38:38:d1:66:14:29:a7:8b:92:8c:12:01:67:e8:
                    6e:96:52:f4:63:bf:40:a7:22:76:27:a6:61:23:ab:
                    fc:c7:17:53:ce:be:ed:d3:2b:be:d1:3d:89:af:e6:
                    44:b5:ec:4d:dc:64:3d:5a:2c:f7:78:4a:1a:6d:90:
                    26:e5:56:2f:b3:02:79:10:f0:5a:7b:07:82:81:67:
                    1a:0e:fc:5b:0d:30:92:e4:57:41:6c:13:18:3d:9f:
                    ed:f2:18:8f:4d:08:a2:93:ef:1f:70:19:6d:2b:9e:
                    68:98:14:e1:32:d8:ce:96:12:8f:e4:01:9e:fc:b7:
                    26:5e:4c:62:b6:ca:0d:dd:1e:7d:39:24:4b:64:65:
                    86:3c:99:c6:6f:3c:da:b6:ad:13:1c:f4:93:ef:00:
                    f0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FD:C4:A5:AB:7C:A3:98:F8:AE:34:92:E2:B4:CD:81:44:DE:32:1D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/m_3Epat8o5j4rjSS4rTNgUTeMh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.35.0/24
                  193.233.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:7b:00:a6:b5:0a:67:e2:80:5e:2d:ff:04:11:72:c9:0f:6b:
         c9:99:bc:2c:4d:63:95:cc:ec:a3:80:5c:61:90:8d:90:3c:a8:
         90:1d:2b:6b:fd:e1:61:b7:e6:df:5f:4e:10:fd:64:91:e5:d0:
         d4:74:82:3e:fe:31:77:fa:26:78:1f:67:60:ff:8b:18:fe:c1:
         10:a9:08:3b:6e:05:8a:5a:ab:e7:d3:2f:04:cb:28:4e:ea:2a:
         ae:7f:66:34:81:c1:23:a8:4f:a0:19:c9:9e:68:af:bc:a7:e8:
         94:ed:03:96:51:b0:60:2f:51:8e:20:7d:9c:01:c5:d3:59:6d:
         61:cd:bd:07:07:73:fb:ec:c2:cb:e3:03:4e:34:3e:cc:06:3e:
         29:9a:15:e6:4a:74:a6:cb:17:96:fc:19:db:a6:eb:6d:28:1b:
         53:f1:6a:6b:d2:ec:b2:e5:e9:cd:e4:c7:4f:be:a1:8a:9f:19:
         e3:b1:77:1c:4c:84:a1:1b:a6:c4:86:7f:5b:91:15:70:3b:ca:
         d7:77:96:c1:6e:44:7d:b1:fe:fb:e5:ef:b2:03:f2:e0:e5:ff:
         46:ad:02:81:65:aa:24:c2:86:91:15:c6:53:95:3e:18:e9:e7:
         11:b2:4d:89:50:e0:74:51:2e:e9:57:62:c2:c2:46:e7:a8:13:
         a2:7a:55:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ZGuXIN7UB+Ocx+INudoKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDAxMTAwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZkYzRhNWFiN2NhMzk4ZjhhZTM0OTJlMmI0Y2Q4MTQ0ZGUzMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNLsTph56OFyvfv+A73hK4e3kn2b
vlV0xsU97SI4Sgqgwn4DyvjyzIxPd/A8UaBy3bFWAKEhofKYt41Ny+3f3cDdm2DQ
QxcpXWx6bTaFkm3U5OxH8mKtfXuqnFA4nEo2iF8hK8vEEFb8ODjRZhQpp4uSjBIB
Z+hullL0Y79ApyJ2J6ZhI6v8xxdTzr7t0yu+0T2Jr+ZEtexN3GQ9Wiz3eEoabZAm
5VYvswJ5EPBaeweCgWcaDvxbDTCS5FdBbBMYPZ/t8hiPTQiik+8fcBltK55omBTh
MtjOlhKP5AGe/LcmXkxitsoN3R59OSRLZGWGPJnGbzzatq0THPST7wDwYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJv9xKWrfKOY+K40kuK0zYFE3jIdMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbV8zRXBhdDhvNWo0cmpTUzRyVE5nVVRlTWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky0jAwQA
wenrMA0GCSqGSIb3DQEBCwUAA4IBAQASewCmtQpn4oBeLf8EEXLJD2vJmbwsTWOV
zOyjgFxhkI2QPKiQHStr/eFht+bfX04Q/WSR5dDUdII+/jF3+iZ4H2dg/4sY/sEQ
qQg7bgWKWqvn0y8EyyhO6iquf2Y0gcEjqE+gGcmeaK+8p+iU7QOWUbBgL1GOIH2c
AcXTWW1hzb0HB3P77MLL4wNOND7MBj4pmhXmSnSmyxeW/BnbputtKBtT8Wpr0uyy
5enN5MdPvqGKnxnjsXccTIShG6bEhn9bkRVwO8rXd5bBbkR9sf775e+yA/Lg5f9G
rQKBZaokwoaRFcZTlT4Y6ecRsk2JUOB0US7pV2LCwkbnqBOielWj
-----END CERTIFICATE-----