Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/SY6jVp5Kv4BauFptaGgaKDy75qU.roa
File:                     SY6jVp5Kv4BauFptaGgaKDy75qU.roa (raw, json)
Hash identifier:          0CZ6XNHKr/XmnTa6sYo+p/5Tb8GEXsoMDjIJ99ZeJnY=
Subject key identifier:   49:8E:A3:56:9E:4A:BF:80:5A:B8:5A:6D:68:68:1A:28:3C:BB:E6:A5
Certificate issuer:       /CN=3eb470fd4d674212ffc82a9936f3fe254becce66
Certificate serial:       018CCA29BCFE7EEBF564C76FCD55A454A77D
Authority key identifier: 3E:B4:70:FD:4D:67:42:12:FF:C8:2A:99:36:F3:FE:25:4B:EC:CE:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrRw_U1nQhL_yCqZNvP-JUvszmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/SY6jVp5Kv4BauFptaGgaKDy75qU.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48360
IP address blocks:        185.77.104.0/22 maxlen: 24
                          2a05:62c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/PrRw_U1nQhL_yCqZNvP-JUvszmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/PrRw_U1nQhL_yCqZNvP-JUvszmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrRw_U1nQhL_yCqZNvP-JUvszmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:bc:fe:7e:eb:f5:64:c7:6f:cd:55:a4:54:a7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb470fd4d674212ffc82a9936f3fe254becce66
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=498ea3569e4abf805ab85a6d68681a283cbbe6a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a8:52:7d:9f:a2:86:c9:b2:e4:5e:d7:fc:20:
                    09:95:16:3a:63:15:08:0c:1b:09:fb:ba:4e:77:6c:
                    50:f4:ab:0a:8a:45:c2:38:04:c7:66:81:cd:4d:8a:
                    3c:5d:f2:94:be:81:82:f5:d7:c4:41:c2:79:90:3e:
                    36:31:ea:4e:83:18:a0:96:4d:0e:35:81:ea:46:c8:
                    a8:1a:ae:04:98:2f:c4:d9:43:30:c6:a7:13:bf:38:
                    ee:4c:75:86:39:4a:34:23:88:37:fb:2b:03:93:1b:
                    1b:99:4d:49:20:ac:7a:19:76:47:bb:60:8c:ac:f4:
                    a9:c7:79:3c:2a:4d:c1:54:b2:0f:c6:a6:a7:fe:86:
                    18:fc:81:01:1c:04:f8:a6:71:63:8e:52:d3:e2:76:
                    76:4a:d9:f5:3a:8b:5f:cc:6c:fc:7b:ef:c3:ad:29:
                    87:25:91:91:38:8e:0a:b7:5d:c5:3f:96:63:6e:e8:
                    a4:01:da:0c:ad:65:dd:2c:ad:4c:a9:8c:24:9e:3d:
                    9a:df:3f:0b:ce:16:cb:bc:30:bc:6b:e5:21:19:c0:
                    33:ac:c0:3a:f6:31:27:92:ca:08:5e:f6:45:66:05:
                    37:a8:22:fe:7c:7c:22:64:77:18:f3:c0:4b:84:7d:
                    dd:dd:b1:81:32:14:ec:68:92:12:61:03:fd:dc:11:
                    03:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:8E:A3:56:9E:4A:BF:80:5A:B8:5A:6D:68:68:1A:28:3C:BB:E6:A5
            X509v3 Authority Key Identifier:
                keyid:3E:B4:70:FD:4D:67:42:12:FF:C8:2A:99:36:F3:FE:25:4B:EC:CE:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrRw_U1nQhL_yCqZNvP-JUvszmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/SY6jVp5Kv4BauFptaGgaKDy75qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/744e53-8de6-4671-9f80-5f015730d811/1/PrRw_U1nQhL_yCqZNvP-JUvszmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.104.0/22
                IPv6:
                  2a05:62c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:9a:3a:3b:39:2f:aa:8f:55:67:ea:87:41:1c:e2:a7:c7:70:
         5a:9e:c5:69:77:3d:61:89:ba:45:5a:a0:88:ad:38:d8:a4:ba:
         e8:c4:9f:42:19:c8:02:63:77:2e:9d:97:66:52:1f:1d:9c:84:
         d9:ab:c2:33:e0:05:2a:3c:eb:06:87:b1:58:a4:3c:4c:18:e7:
         a4:ad:b7:7c:47:ec:8e:27:24:af:f8:fe:68:4e:5a:ad:39:56:
         13:33:f2:52:44:74:bb:50:bf:da:de:2f:1f:dd:a3:af:3c:ef:
         0e:02:03:6b:ee:85:af:91:ce:f6:b2:1f:33:52:0c:a1:74:70:
         ad:1b:ba:68:b2:10:c5:2c:a5:c6:a5:ad:d5:42:0d:7d:ea:08:
         40:06:64:58:eb:9c:cd:13:2d:6c:ae:c9:1a:dd:93:92:0c:48:
         3d:75:3a:f9:8c:4f:d1:46:de:ec:d8:02:42:f3:6d:a7:03:69:
         1d:e8:bb:cf:fd:73:35:5f:10:45:19:10:75:31:f0:9f:e9:b6:
         31:a0:e6:c8:1f:08:52:44:13:12:d2:55:a6:33:2e:3b:62:2f:
         13:6e:47:fd:3f:bb:10:50:6c:de:f9:7b:c9:65:38:01:af:a3:
         04:31:6e:3d:92:d5:29:18:26:43:cb:e3:b2:24:0b:b7:3b:b7:
         70:8d:06:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKbz+fuv1ZMdvzVWkVKd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjQ3MGZkNGQ2NzQyMTJmZmM4MmE5OTM2ZjNmZTI1NGJl
Y2NlNjYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OThlYTM1NjllNGFiZjgwNWFiODVhNmQ2ODY4MWEyODNjYmJlNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6hSfZ+ihsmy5F7X/CAJlRY6YxUI
DBsJ+7pOd2xQ9KsKikXCOATHZoHNTYo8XfKUvoGC9dfEQcJ5kD42MepOgxiglk0O
NYHqRsioGq4EmC/E2UMwxqcTvzjuTHWGOUo0I4g3+ysDkxsbmU1JIKx6GXZHu2CM
rPSpx3k8Kk3BVLIPxqan/oYY/IEBHAT4pnFjjlLT4nZ2Stn1OotfzGz8e+/DrSmH
JZGROI4Kt13FP5ZjbuikAdoMrWXdLK1MqYwknj2a3z8LzhbLvDC8a+UhGcAzrMA6
9jEnksoIXvZFZgU3qCL+fHwiZHcY88BLhH3d3bGBMhTsaJISYQP93BED8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEmOo1aeSr+AWrhabWhoGig8u+alMB8GA1UdIwQY
MBaAFD60cP1NZ0IS/8gqmTbz/iVL7M5mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJSd19VMW5RaExfeUNxWk52UC1KVXZzem1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83NDRlNTMtOGRlNi00NjcxLTlmODAt
NWYwMTU3MzBkODExLzEvU1k2alZwNUt2NEJhdUZwdGFHZ2FLRHk3NXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83NDRlNTMtOGRlNi00NjcxLTlmODAtNWYwMTU3MzBkODEx
LzEvUHJSd19VMW5RaExfeUNxWk52UC1KVXZzem1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU1oMA0E
AgACMAcDBQMqBWLAMA0GCSqGSIb3DQEBCwUAA4IBAQAkmjo7OS+qj1Vn6odBHOKn
x3BansVpdz1hibpFWqCIrTjYpLroxJ9CGcgCY3cunZdmUh8dnITZq8Iz4AUqPOsG
h7FYpDxMGOekrbd8R+yOJySv+P5oTlqtOVYTM/JSRHS7UL/a3i8f3aOvPO8OAgNr
7oWvkc72sh8zUgyhdHCtG7poshDFLKXGpa3VQg196ghABmRY65zNEy1srska3ZOS
DEg9dTr5jE/RRt7s2AJC822nA2kd6LvP/XM1XxBFGRB1MfCf6bYxoObIHwhSRBMS
0lWmMy47Yi8Tbkf9P7sQUGze+XvJZTgBr6MEMW49ktUpGCZDy+OyJAu3O7dwjQZS
-----END CERTIFICATE-----