Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/3GjCQVWzGhZ9clnIHVfAC4ZIBOE.roa
File:                     3GjCQVWzGhZ9clnIHVfAC4ZIBOE.roa (raw, json)
Hash identifier:          KddN6Fiv6XXI/LXB7saLFxICYbtQ5ela92BIg1jwFaE=
Subject key identifier:   DC:68:C2:41:55:B3:1A:16:7D:72:59:C8:1D:57:C0:0B:86:48:04:E1
Certificate issuer:       /CN=217b491dccb5632216d80b48f8d6286b1effd8d7
Certificate serial:       018CC56E177884A50DFE173874EDB12E953D
Authority key identifier: 21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/3GjCQVWzGhZ9clnIHVfAC4ZIBOE.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211145
IP address blocks:        185.244.177.0/24 maxlen: 24
                          185.244.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:78:84:a5:0d:fe:17:38:74:ed:b1:2e:95:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b491dccb5632216d80b48f8d6286b1effd8d7
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc68c24155b31a167d7259c81d57c00b864804e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:12:96:9f:54:f8:47:fa:c8:f6:20:43:c8:c9:
                    00:35:77:96:dd:8c:2d:f5:80:f4:aa:29:0e:d6:4b:
                    64:c2:3a:9e:e5:da:54:45:45:64:33:ed:d5:30:02:
                    a6:31:c5:c7:16:dc:b8:1e:f9:9f:81:e0:74:1e:68:
                    ef:33:d6:62:dd:62:8c:11:c2:a3:72:65:fe:03:12:
                    f7:bc:78:4c:03:65:d4:e9:f6:20:28:38:d6:2d:06:
                    cd:b0:81:61:ab:72:2b:2e:08:e6:2e:81:43:1e:83:
                    e6:8a:f7:f7:52:86:99:84:8c:1f:07:27:b8:2f:25:
                    1a:55:42:4f:b2:be:3a:f4:ee:e5:29:68:b4:56:f3:
                    7e:3c:b1:32:2e:25:5c:3c:8c:2e:75:78:62:c8:46:
                    d7:df:19:8c:a9:74:4c:01:a9:0f:a0:65:a3:15:96:
                    b7:ef:6d:4e:8f:b4:27:93:4a:38:d3:9a:8e:3d:2f:
                    09:95:51:3e:68:a1:7e:fc:55:25:df:de:c3:4b:a5:
                    f2:7e:42:ee:b4:44:32:03:dc:7a:c2:ac:54:e7:c7:
                    a5:be:b3:a1:1d:c4:91:8a:d6:c3:cc:b8:7e:f8:41:
                    fc:ed:98:c9:38:76:6b:2b:37:90:84:25:1d:39:0c:
                    7e:e5:a9:79:e6:98:51:ae:31:38:7f:6d:6e:0d:5a:
                    22:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:68:C2:41:55:B3:1A:16:7D:72:59:C8:1D:57:C0:0B:86:48:04:E1
            X509v3 Authority Key Identifier:
                keyid:21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/3GjCQVWzGhZ9clnIHVfAC4ZIBOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:bf:7e:e9:58:ff:b3:0b:a1:36:61:c7:40:48:6b:92:c4:66:
         0d:5e:88:26:d9:d4:4b:ad:2e:63:96:89:af:ca:70:00:2d:36:
         9d:57:d8:7f:73:3a:50:13:9b:78:92:66:e9:b4:85:b7:0e:e1:
         42:13:5d:27:2a:4c:82:65:8c:d4:b7:13:be:3c:51:39:84:d7:
         a9:fa:23:a2:ee:75:d6:1d:eb:50:d6:ce:59:d8:4f:45:64:2a:
         2a:de:09:b4:e6:1a:e3:d2:2e:02:37:59:64:4d:c7:e0:04:2f:
         d6:17:84:cc:3d:4b:59:5a:44:98:90:82:30:c7:e8:8c:45:25:
         96:7e:88:ef:11:5f:ff:a3:a0:d7:f4:9f:45:4b:ea:34:f8:f0:
         36:79:cc:3d:ca:8a:7c:4d:1f:8c:0a:18:cd:40:4d:11:74:99:
         9f:80:93:c7:90:d4:cc:9d:75:b4:35:5f:f7:55:08:18:da:d9:
         8d:cb:83:5b:5b:fb:f6:f0:39:a6:d0:a2:b6:e4:a3:2b:9a:ce:
         1d:ad:d6:f2:6a:0e:59:86:ea:86:ab:a0:1e:70:5c:d2:e7:45:
         ad:97:3e:0b:43:14:5e:b6:f5:9f:54:cc:f1:b0:f1:59:c0:5c:
         6d:2a:7c:e7:ef:53:aa:2b:1d:6e:07:37:73:e4:fc:24:b2:03:
         fd:39:0d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhd4hKUN/hc4dO2xLpU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I0OTFkY2NiNTYzMjIxNmQ4MGI0OGY4ZDYyODZiMWVm
ZmQ4ZDcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY4YzI0MTU1YjMxYTE2N2Q3MjU5YzgxZDU3YzAwYjg2NDgwNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxKWn1T4R/rI9iBDyMkANXeW3Ywt
9YD0qikO1ktkwjqe5dpURUVkM+3VMAKmMcXHFty4HvmfgeB0HmjvM9Zi3WKMEcKj
cmX+AxL3vHhMA2XU6fYgKDjWLQbNsIFhq3IrLgjmLoFDHoPmivf3UoaZhIwfBye4
LyUaVUJPsr469O7lKWi0VvN+PLEyLiVcPIwudXhiyEbX3xmMqXRMAakPoGWjFZa3
721Oj7Qnk0o405qOPS8JlVE+aKF+/FUl397DS6XyfkLutEQyA9x6wqxU58elvrOh
HcSRitbDzLh++EH87ZjJOHZrKzeQhCUdOQx+5al55phRrjE4f21uDVoiHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxowkFVsxoWfXJZyB1XwAuGSAThMB8GA1UdIwQY
MBaAFCF7SR3MtWMiFtgLSPjWKGse/9jXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAt
NmRlMDVhMzE2MjM5LzEvM0dqQ1FWV3pHaFo5Y2xuSUhWZkFDNFpJQk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAtNmRlMDVhMzE2MjM5
LzEvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufSwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCv37pWP+zC6E2YcdASGuSxGYNXogm2dRLrS5jlomv
ynAALTadV9h/czpQE5t4kmbptIW3DuFCE10nKkyCZYzUtxO+PFE5hNep+iOi7nXW
HetQ1s5Z2E9FZCoq3gm05hrj0i4CN1lkTcfgBC/WF4TMPUtZWkSYkIIwx+iMRSWW
fojvEV//o6DX9J9FS+o0+PA2ecw9yop8TR+MChjNQE0RdJmfgJPHkNTMnXW0NV/3
VQgY2tmNy4NbW/v28Dmm0KK25KMrms4drdbyag5ZhuqGq6AecFzS50Wtlz4LQxRe
tvWfVMzxsPFZwFxtKnzn71OqKx1uBzdz5PwksgP9OQ1q
-----END CERTIFICATE-----