Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/7fMGD9Tib5NvN5MTsdlXKun_64c.roa
File:                     7fMGD9Tib5NvN5MTsdlXKun_64c.roa (raw, json)
Hash identifier:          NTBzPQc//ZnHm37vd6vSJmTvcGKxoLXr5jNgren8pc8=
Subject key identifier:   ED:F3:06:0F:D4:E2:6F:93:6F:37:93:13:B1:D9:57:2A:E9:FF:EB:87
Certificate issuer:       /CN=6f4dbbc069669f2e7e8822f6398f6b36c449345c
Certificate serial:       018CCA286DBCE240B178FEB40FD7141501FD
Authority key identifier: 6F:4D:BB:C0:69:66:9F:2E:7E:88:22:F6:39:8F:6B:36:C4:49:34:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b027wGlmny5-iCL2OY9rNsRJNFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/7fMGD9Tib5NvN5MTsdlXKun_64c.roa
Signing time:             Tue 02 Jan 2024 12:31:36 +0000
ROA not before:           Tue 02 Jan 2024 12:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48390
IP address blocks:        185.20.3.0/24 maxlen: 24
                          2a0c:d0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/b027wGlmny5-iCL2OY9rNsRJNFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/b027wGlmny5-iCL2OY9rNsRJNFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b027wGlmny5-iCL2OY9rNsRJNFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6d:bc:e2:40:b1:78:fe:b4:0f:d7:14:15:01:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f4dbbc069669f2e7e8822f6398f6b36c449345c
        Validity
            Not Before: Jan  2 12:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edf3060fd4e26f936f379313b1d9572ae9ffeb87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d0:f1:a2:d9:d4:30:fb:a9:3f:50:62:9b:bb:
                    99:62:a0:73:6a:b2:38:5f:e4:2c:53:3d:f8:77:64:
                    85:6b:6d:a7:e5:cf:a7:35:37:2d:8f:da:ce:4e:4e:
                    c0:c3:9a:f8:44:d3:be:d7:d0:26:25:eb:11:8d:fd:
                    33:ef:5b:2e:6a:49:24:b1:4a:92:1f:a5:b4:7f:51:
                    83:fe:e9:8a:c9:c7:25:72:39:26:cd:2f:43:64:91:
                    38:01:08:ca:fb:82:58:80:8a:42:e7:35:83:6f:6e:
                    48:66:02:c1:87:fa:1d:1e:59:68:ca:0b:24:7c:4f:
                    14:53:41:be:d6:d2:6e:4a:f4:e1:0e:aa:a3:f1:82:
                    76:05:be:9a:ca:94:45:c2:c3:5c:2b:fc:67:43:d9:
                    ec:39:0b:3e:0f:6c:62:67:54:2f:61:ef:26:48:c1:
                    b4:3a:6c:db:d5:83:92:c3:05:3e:41:0c:37:97:2d:
                    32:04:b5:a9:8c:b8:eb:12:d2:f2:30:5f:be:19:47:
                    82:14:75:50:05:ff:7b:d9:e1:b2:ee:f2:69:ff:e6:
                    8f:8b:cf:5a:6d:05:03:53:8b:80:e2:d4:74:e6:f6:
                    35:95:e8:62:45:78:d6:f9:f8:db:82:a9:47:7b:56:
                    a3:5c:2a:c9:fa:79:b5:67:80:53:2a:10:31:26:4e:
                    64:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:F3:06:0F:D4:E2:6F:93:6F:37:93:13:B1:D9:57:2A:E9:FF:EB:87
            X509v3 Authority Key Identifier:
                keyid:6F:4D:BB:C0:69:66:9F:2E:7E:88:22:F6:39:8F:6B:36:C4:49:34:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b027wGlmny5-iCL2OY9rNsRJNFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/7fMGD9Tib5NvN5MTsdlXKun_64c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/e73436-2251-49b4-b357-984c957a353e/1/b027wGlmny5-iCL2OY9rNsRJNFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.3.0/24
                IPv6:
                  2a0c:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:df:fd:7f:fa:f2:bc:a7:f7:24:2b:0b:34:a6:8a:05:23:46:
         90:ed:86:93:9a:97:0f:3b:ac:5d:24:3e:37:16:d4:52:dc:f2:
         ad:3e:84:cd:39:06:0b:71:94:40:52:7e:88:ee:6e:32:2e:2e:
         a8:19:14:cc:5c:22:28:b9:5d:4a:71:41:06:8b:39:68:69:b8:
         1b:64:d2:4e:0f:f9:56:fd:cb:3d:48:bc:3c:78:a8:81:f6:4f:
         9a:a9:0a:00:ff:c4:e5:27:c5:33:1b:a8:92:7a:a6:b1:e3:8a:
         5f:1d:ec:3b:2c:3c:e4:d7:a3:ab:97:00:75:e1:51:45:a7:cd:
         06:ae:97:89:d1:f8:63:40:9a:6d:f9:7a:9c:77:ee:5f:1b:77:
         b3:19:2e:0c:c2:ae:99:e7:71:f8:e8:74:33:6f:33:27:61:91:
         c3:1b:9b:75:aa:67:7e:76:8e:1d:ab:a7:cf:46:f5:42:6b:60:
         88:0d:15:d4:27:d2:ed:3c:5c:38:44:38:97:d7:82:78:a5:55:
         26:b6:e9:e2:02:32:1d:6b:f1:c7:cd:ab:ec:ef:2c:cd:e7:e5:
         86:f0:23:6f:31:93:c1:c7:7a:b2:41:2f:af:fb:3b:41:91:e3:
         ec:f2:b5:50:a5:97:d8:48:2c:2f:18:6d:51:cc:a9:37:08:90:
         cf:ed:5f:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKG284kCxeP60D9cUFQH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNGRiYmMwNjk2NjlmMmU3ZTg4MjJmNjM5OGY2YjM2YzQ0
OTM0NWMwHhcNMjQwMTAyMTIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGYzMDYwZmQ0ZTI2ZjkzNmYzNzkzMTNiMWQ5NTcyYWU5ZmZlYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNDxotnUMPupP1Bim7uZYqBzarI4
X+QsUz34d2SFa22n5c+nNTctj9rOTk7Aw5r4RNO+19AmJesRjf0z71suakkksUqS
H6W0f1GD/umKycclcjkmzS9DZJE4AQjK+4JYgIpC5zWDb25IZgLBh/odHlloygsk
fE8UU0G+1tJuSvThDqqj8YJ2Bb6aypRFwsNcK/xnQ9nsOQs+D2xiZ1QvYe8mSMG0
Omzb1YOSwwU+QQw3ly0yBLWpjLjrEtLyMF++GUeCFHVQBf972eGy7vJp/+aPi89a
bQUDU4uA4tR05vY1lehiRXjW+fjbgqlHe1ajXCrJ+nm1Z4BTKhAxJk5kywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO3zBg/U4m+TbzeTE7HZVyrp/+uHMB8GA1UdIwQY
MBaAFG9Nu8BpZp8ufogi9jmPazbESTRcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjAyN3dHbG1ueTUtaUNMMk9ZOXJOc1JKTkZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9lNzM0MzYtMjI1MS00OWI0LWIzNTct
OTg0Yzk1N2EzNTNlLzEvN2ZNR0Q5VGliNU52TjVNVHNkbFhLdW5fNjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9lNzM0MzYtMjI1MS00OWI0LWIzNTctOTg0Yzk1N2EzNTNl
LzEvYjAyN3dHbG1ueTUtaUNMMk9ZOXJOc1JKTkZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRQDMA0E
AgACMAcDBQMqDNDAMA0GCSqGSIb3DQEBCwUAA4IBAQCe3/1/+vK8p/ckKws0pooF
I0aQ7YaTmpcPO6xdJD43FtRS3PKtPoTNOQYLcZRAUn6I7m4yLi6oGRTMXCIouV1K
cUEGizloabgbZNJOD/lW/cs9SLw8eKiB9k+aqQoA/8TlJ8UzG6iSeqax44pfHew7
LDzk16OrlwB14VFFp80GrpeJ0fhjQJpt+Xqcd+5fG3ezGS4Mwq6Z53H46HQzbzMn
YZHDG5t1qmd+do4dq6fPRvVCa2CIDRXUJ9LtPFw4RDiX14J4pVUmtuniAjIda/HH
zavs7yzN5+WG8CNvMZPBx3qyQS+v+ztBkePs8rVQpZfYSCwvGG1RzKk3CJDP7V8F
-----END CERTIFICATE-----