Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/3FiwUA_2cAENMnQMv4q2NdPB1-s.roa
File:                     3FiwUA_2cAENMnQMv4q2NdPB1-s.roa (raw, json)
Hash identifier:          1RcBAyUY8uI79qzV0d2yG+mjvWrs80A6sxUMlMb/weI=
Subject key identifier:   DC:58:B0:50:0F:F6:70:01:0D:32:74:0C:BF:8A:B6:35:D3:C1:D7:EB
Certificate issuer:       /CN=76a372b754e49208d646aa7859e348b475e526d2
Certificate serial:       0193622D82A3E2C51B036314F6703C2AB53C
Authority key identifier: 76:A3:72:B7:54:E4:92:08:D6:46:AA:78:59:E3:48:B4:75:E5:26:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/3FiwUA_2cAENMnQMv4q2NdPB1-s.roa
Signing time:             Mon 25 Nov 2024 07:16:09 +0000
ROA not before:           Mon 25 Nov 2024 07:16:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205647
IP address blocks:        185.211.86.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:62:2d:82:a3:e2:c5:1b:03:63:14:f6:70:3c:2a:b5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a372b754e49208d646aa7859e348b475e526d2
        Validity
            Not Before: Nov 25 07:16:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc58b0500ff670010d32740cbf8ab635d3c1d7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ea:07:3e:c1:ba:e8:ba:5b:86:86:ea:5b:09:
                    c9:0b:bb:2e:fd:c1:56:1e:29:22:12:18:90:09:4b:
                    7d:5a:67:40:c8:38:d2:ac:ac:ea:56:6a:1b:6f:d4:
                    7b:d6:76:3e:5d:7b:77:4e:54:12:02:7e:b5:a5:78:
                    28:70:b5:95:35:23:fd:6b:3d:32:d0:78:4d:53:1c:
                    b0:ba:74:32:ed:82:2d:45:eb:1a:de:5c:b1:af:37:
                    f8:ea:52:95:9d:e4:94:67:1c:29:c8:62:eb:34:b0:
                    be:95:f8:39:c9:c2:04:5e:c5:d0:74:1c:c8:1b:ea:
                    09:20:2a:1d:e4:5f:ce:50:3b:e9:f4:13:15:60:84:
                    f9:28:c7:c5:38:34:5f:bb:b6:ff:29:15:97:95:e9:
                    3f:87:0b:1c:65:7e:73:c9:de:d8:4a:f6:4a:3c:92:
                    2b:70:a0:2e:5f:12:ba:c0:26:11:e2:b5:b9:5c:3d:
                    e7:94:9e:74:98:7f:f4:1e:16:4c:70:e4:3f:35:2d:
                    33:65:3b:19:14:47:c3:99:7e:d2:b6:5d:48:a6:fa:
                    26:0f:0c:5a:13:10:21:e9:7a:93:87:82:0e:9f:2a:
                    9f:31:0c:54:41:f3:c2:25:ce:3d:28:a8:63:61:bf:
                    27:e4:16:37:d8:22:cc:ad:fb:0c:3b:84:ee:18:9b:
                    46:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:58:B0:50:0F:F6:70:01:0D:32:74:0C:BF:8A:B6:35:D3:C1:D7:EB
            X509v3 Authority Key Identifier:
                keyid:76:A3:72:B7:54:E4:92:08:D6:46:AA:78:59:E3:48:B4:75:E5:26:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqNyt1TkkgjWRqp4WeNItHXlJtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/3FiwUA_2cAENMnQMv4q2NdPB1-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/235fec-afc9-4d2f-8b59-a99ea91cb5b9/1/dqNyt1TkkgjWRqp4WeNItHXlJtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:ac:d0:91:16:fa:c7:b8:e1:c1:d6:78:1f:43:6c:c7:88:14:
         1d:a8:c0:f1:59:2a:fe:e1:31:c3:44:00:6b:4a:4a:45:a0:b6:
         05:f4:9f:ea:bc:06:93:ca:61:2f:71:33:21:bc:81:d7:ba:4a:
         c7:b1:d7:09:14:08:2c:11:fd:f3:07:5e:9e:0e:c7:41:4f:ec:
         35:64:8f:f9:91:a7:95:d0:89:22:91:95:8e:b8:e8:73:37:1a:
         cf:21:37:7d:9a:5a:9a:50:04:45:85:1b:42:1a:9f:02:74:47:
         8c:13:2e:97:7d:1d:47:65:97:51:e0:78:fb:c0:7f:40:f1:19:
         1a:71:27:1f:64:40:ff:ae:fe:ce:28:c2:c8:5f:7f:ee:90:7d:
         21:19:e7:b8:7b:f7:6a:29:5c:74:12:25:2d:ed:df:5c:e0:c6:
         a4:4e:15:1c:ce:dc:0e:7a:23:d0:39:13:02:38:e6:f9:63:66:
         45:ba:f9:da:4c:fb:fb:bf:89:34:b1:df:9f:27:47:fa:e7:7b:
         60:93:c1:4a:14:04:dd:c2:b4:64:2d:49:4b:50:6e:83:40:58:
         08:12:86:02:d8:b1:6e:40:11:0d:79:34:a7:c9:77:bd:6b:64:
         5b:41:dd:73:40:2b:e5:27:a0:f4:44:4e:30:60:29:70:de:00:
         7e:d8:41:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNiLYKj4sUbA2MU9nA8KrU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTM3MmI3NTRlNDkyMDhkNjQ2YWE3ODU5ZTM0OGI0NzVl
NTI2ZDIwHhcNMjQxMTI1MDcxNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU4YjA1MDBmZjY3MDAxMGQzMjc0MGNiZjhhYjYzNWQzYzFkN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuoHPsG66LpbhobqWwnJC7su/cFW
HikiEhiQCUt9WmdAyDjSrKzqVmobb9R71nY+XXt3TlQSAn61pXgocLWVNSP9az0y
0HhNUxywunQy7YItResa3lyxrzf46lKVneSUZxwpyGLrNLC+lfg5ycIEXsXQdBzI
G+oJICod5F/OUDvp9BMVYIT5KMfFODRfu7b/KRWXlek/hwscZX5zyd7YSvZKPJIr
cKAuXxK6wCYR4rW5XD3nlJ50mH/0HhZMcOQ/NS0zZTsZFEfDmX7Stl1IpvomDwxa
ExAh6XqTh4IOnyqfMQxUQfPCJc49KKhjYb8n5BY32CLMrfsMO4TuGJtGowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxYsFAP9nABDTJ0DL+KtjXTwdfrMB8GA1UdIwQY
MBaAFHajcrdU5JII1kaqeFnjSLR15SbSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFOeXQxVGtrZ2pXUnFwNFdlTkl0SFhsSnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yMzVmZWMtYWZjOS00ZDJmLThiNTkt
YTk5ZWE5MWNiNWI5LzEvM0Zpd1VBXzJjQUVOTW5RTXY0cTJOZFBCMS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yMzVmZWMtYWZjOS00ZDJmLThiNTktYTk5ZWE5MWNiNWI5
LzEvZHFOeXQxVGtrZ2pXUnFwNFdlTkl0SFhsSnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudNWMA0G
CSqGSIb3DQEBCwUAA4IBAQAKrNCRFvrHuOHB1ngfQ2zHiBQdqMDxWSr+4THDRABr
SkpFoLYF9J/qvAaTymEvcTMhvIHXukrHsdcJFAgsEf3zB16eDsdBT+w1ZI/5kaeV
0IkikZWOuOhzNxrPITd9mlqaUARFhRtCGp8CdEeMEy6XfR1HZZdR4Hj7wH9A8Rka
cScfZED/rv7OKMLIX3/ukH0hGee4e/dqKVx0EiUt7d9c4MakThUcztwOeiPQORMC
OOb5Y2ZFuvnaTPv7v4k0sd+fJ0f653tgk8FKFATdwrRkLUlLUG6DQFgIEoYC2LFu
QBENeTSnyXe9a2RbQd1zQCvlJ6D0RE4wYClw3gB+2EE5
-----END CERTIFICATE-----