Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/mKfB5cUG77rFTHIpfXX-obE9b08.roa
File:                     mKfB5cUG77rFTHIpfXX-obE9b08.roa (raw, json)
Hash identifier:          74RoOEEJngF976CiUo5e95q7QFic8Ntpj14Jeug9mTs=
Subject key identifier:   98:A7:C1:E5:C5:06:EF:BA:C5:4C:72:29:7D:75:FE:A1:B1:3D:6F:4F
Certificate issuer:       /CN=e6135d639768a3a63ed9c5ff40af5ed01df741cb
Certificate serial:       018CC2DB50BCD966C6CAA8185B3761AEFEFD
Authority key identifier: E6:13:5D:63:97:68:A3:A6:3E:D9:C5:FF:40:AF:5E:D0:1D:F7:41:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hNdY5doo6Y-2cX_QK9e0B33Qcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/mKfB5cUG77rFTHIpfXX-obE9b08.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57419
IP address blocks:        185.207.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/5hNdY5doo6Y-2cX_QK9e0B33Qcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/5hNdY5doo6Y-2cX_QK9e0B33Qcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hNdY5doo6Y-2cX_QK9e0B33Qcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:50:bc:d9:66:c6:ca:a8:18:5b:37:61:ae:fe:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6135d639768a3a63ed9c5ff40af5ed01df741cb
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98a7c1e5c506efbac54c72297d75fea1b13d6f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9a:b2:92:b8:d0:0c:b6:88:7a:cb:e7:ab:b8:
                    ba:81:fb:98:63:2a:8a:4e:7f:58:7f:7b:ed:16:7b:
                    83:28:0f:5e:04:8a:08:48:4b:6f:63:a7:87:38:05:
                    69:3e:12:69:93:3f:31:49:75:e8:b5:ad:61:b7:8e:
                    69:31:31:99:11:91:7a:f2:4d:07:5e:55:51:5a:4f:
                    5b:5f:ca:6b:66:63:87:a8:f3:9d:16:46:c5:52:bb:
                    ea:13:3f:5f:d9:bd:53:8d:fa:20:73:10:1d:77:5c:
                    88:2e:3d:4d:93:1b:a4:c9:08:25:7b:eb:f7:4a:6d:
                    1e:a9:57:4a:d6:0a:0c:13:a0:52:3c:dc:46:76:2a:
                    a0:9d:f2:ea:4f:e5:cb:21:56:10:6e:c3:e3:1e:01:
                    bb:0d:d3:29:6a:5f:a8:b2:7b:9d:b9:f1:65:7a:7d:
                    6d:03:58:2a:69:d4:4a:3c:fc:a4:e7:79:c4:00:63:
                    58:68:70:ca:8e:57:db:cf:2c:05:0c:71:09:87:a6:
                    f6:ca:36:f1:50:33:7f:29:55:19:51:63:5c:11:55:
                    78:4d:c0:89:6d:c6:a3:f9:46:bd:f9:b4:d2:32:92:
                    49:dc:a8:38:74:7a:4b:13:d2:d3:f6:5a:51:7b:02:
                    77:b5:43:92:19:fd:5d:84:0e:84:e2:27:95:db:b6:
                    a0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A7:C1:E5:C5:06:EF:BA:C5:4C:72:29:7D:75:FE:A1:B1:3D:6F:4F
            X509v3 Authority Key Identifier:
                keyid:E6:13:5D:63:97:68:A3:A6:3E:D9:C5:FF:40:AF:5E:D0:1D:F7:41:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hNdY5doo6Y-2cX_QK9e0B33Qcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/mKfB5cUG77rFTHIpfXX-obE9b08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/746a75-d361-4e91-873a-0a770f0c7608/1/5hNdY5doo6Y-2cX_QK9e0B33Qcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:be:3f:6c:7d:9a:cc:86:69:5b:53:eb:43:48:1b:52:31:2f:
         ad:c3:12:03:3c:51:95:eb:38:de:2b:2e:40:6e:d9:28:ed:91:
         39:12:6e:db:9d:1e:1c:70:89:27:55:67:9f:a5:83:14:cb:2e:
         82:1d:2e:2f:13:45:a4:0d:d9:51:89:0f:86:60:7c:a0:37:cf:
         bb:57:86:b2:3b:c0:0e:64:15:18:48:73:43:32:9c:78:c5:38:
         94:83:b2:7c:c7:e5:69:bc:3f:21:d8:39:3f:27:41:8c:3e:8c:
         f5:62:56:28:e7:10:80:98:af:38:74:4e:c8:e3:03:62:25:02:
         f1:ef:8d:eb:bf:d9:75:f1:53:90:7d:92:d2:ac:96:2a:a4:63:
         8c:e3:02:c0:99:34:d5:e4:88:22:71:9c:51:d1:4f:00:7d:18:
         f1:22:cc:3e:58:57:db:53:cb:9e:fe:b9:16:48:af:f0:23:85:
         25:2b:08:ad:b0:53:e8:32:a1:c2:de:f2:1e:30:7d:49:14:a2:
         1b:9f:52:9b:b5:cd:3a:61:a1:06:98:7e:98:3f:ac:de:b4:ad:
         79:fa:7e:21:bc:11:41:e6:d6:20:b1:2c:2e:21:63:f5:56:59:
         7b:91:3c:3a:7f:a1:d1:07:62:e0:6f:58:32:d5:67:75:d7:d0:
         40:37:33:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21C82WbGyqgYWzdhrv79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MTM1ZDYzOTc2OGEzYTYzZWQ5YzVmZjQwYWY1ZWQwMWRm
NzQxY2IwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGE3YzFlNWM1MDZlZmJhYzU0YzcyMjk3ZDc1ZmVhMWIxM2Q2ZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJqykrjQDLaIesvnq7i6gfuYYyqK
Tn9Yf3vtFnuDKA9eBIoISEtvY6eHOAVpPhJpkz8xSXXota1ht45pMTGZEZF68k0H
XlVRWk9bX8prZmOHqPOdFkbFUrvqEz9f2b1TjfogcxAdd1yILj1NkxukyQgle+v3
Sm0eqVdK1goME6BSPNxGdiqgnfLqT+XLIVYQbsPjHgG7DdMpal+osnudufFlen1t
A1gqadRKPPyk53nEAGNYaHDKjlfbzywFDHEJh6b2yjbxUDN/KVUZUWNcEVV4TcCJ
bcaj+Ua9+bTSMpJJ3Kg4dHpLE9LT9lpRewJ3tUOSGf1dhA6E4ieV27agLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJinweXFBu+6xUxyKX11/qGxPW9PMB8GA1UdIwQY
MBaAFOYTXWOXaKOmPtnF/0CvXtAd90HLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWhOZFk1ZG9vNlktMmNYX1FLOWUwQjMzUWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS83NDZhNzUtZDM2MS00ZTkxLTg3M2Et
MGE3NzBmMGM3NjA4LzEvbUtmQjVjVUc3N3JGVEhJcGZYWC1vYkU5YjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS83NDZhNzUtZDM2MS00ZTkxLTg3M2EtMGE3NzBmMGM3NjA4
LzEvNWhOZFk1ZG9vNlktMmNYX1FLOWUwQjMzUWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc8DMA0G
CSqGSIb3DQEBCwUAA4IBAQAxvj9sfZrMhmlbU+tDSBtSMS+twxIDPFGV6zjeKy5A
btko7ZE5Em7bnR4ccIknVWefpYMUyy6CHS4vE0WkDdlRiQ+GYHygN8+7V4ayO8AO
ZBUYSHNDMpx4xTiUg7J8x+VpvD8h2Dk/J0GMPoz1YlYo5xCAmK84dE7I4wNiJQLx
743rv9l18VOQfZLSrJYqpGOM4wLAmTTV5IgicZxR0U8AfRjxIsw+WFfbU8ue/rkW
SK/wI4UlKwitsFPoMqHC3vIeMH1JFKIbn1Kbtc06YaEGmH6YP6zetK15+n4hvBFB
5tYgsSwuIWP1Vll7kTw6f6HRB2Lgb1gy1Wd119BANzOm
-----END CERTIFICATE-----