Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/Qb3FAUbk1aF5-dyUMJf1EzywmTo.roa
File:                     Qb3FAUbk1aF5-dyUMJf1EzywmTo.roa (raw, json)
Hash identifier:          l74va17Ec5C8SUJ3gC+WIdRSYWJcTwnwKFb8Cu9WLQo=
Subject key identifier:   41:BD:C5:01:46:E4:D5:A1:79:F9:DC:94:30:97:F5:13:3C:B0:99:3A
Certificate issuer:       /CN=b15e3dc0ebfb10ebb94197454732ef786ac75b70
Certificate serial:       018CC6B80BAB00844535B76EDFC0931DBB8F
Authority key identifier: B1:5E:3D:C0:EB:FB:10:EB:B9:41:97:45:47:32:EF:78:6A:C7:5B:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sV49wOv7EOu5QZdFRzLveGrHW3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/Qb3FAUbk1aF5-dyUMJf1EzywmTo.roa
Signing time:             Mon 01 Jan 2024 20:29:59 +0000
ROA not before:           Mon 01 Jan 2024 20:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42073
IP address blocks:        194.169.233.0/24 maxlen: 24
                          185.64.92.0/22 maxlen: 22
                          194.102.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/sV49wOv7EOu5QZdFRzLveGrHW3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/sV49wOv7EOu5QZdFRzLveGrHW3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sV49wOv7EOu5QZdFRzLveGrHW3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:0b:ab:00:84:45:35:b7:6e:df:c0:93:1d:bb:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b15e3dc0ebfb10ebb94197454732ef786ac75b70
        Validity
            Not Before: Jan  1 20:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41bdc50146e4d5a179f9dc943097f5133cb0993a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:eb:bb:3c:98:e6:7c:3f:65:4e:91:b2:9a:cd:
                    97:8a:65:0b:59:d5:4d:6e:4b:62:19:d5:e3:3d:48:
                    ff:62:62:86:92:31:32:6e:06:bd:2a:d7:63:81:f5:
                    bf:19:82:7f:48:6f:7c:37:0f:fe:94:5a:7c:69:b0:
                    c8:78:87:de:4b:3a:6c:cb:df:21:6f:90:29:54:63:
                    6e:73:1b:f8:e4:8c:3e:53:33:75:88:4a:26:aa:ed:
                    51:76:29:b5:c4:21:2b:06:3b:68:af:f0:5b:e3:77:
                    23:4a:fe:a1:2e:49:eb:28:e0:fb:e0:4f:3b:c4:16:
                    2d:7b:27:5e:a0:4d:79:17:4c:1f:c9:e3:bb:e0:e0:
                    bb:44:32:56:cb:06:8d:c3:2e:d6:ee:22:0f:cf:e5:
                    dd:7d:f0:21:25:5f:12:84:0f:36:c5:b0:5e:b9:97:
                    66:dc:af:cf:dc:2c:26:43:43:d0:04:f2:ab:f3:b4:
                    4a:b6:11:28:8c:56:78:40:cb:07:f7:7e:6e:17:6c:
                    bd:19:89:9b:1e:ae:4c:48:61:77:13:e4:b5:aa:a3:
                    53:df:8b:ab:2d:05:eb:8b:64:b0:85:d2:94:d6:c4:
                    07:18:1f:b8:66:9d:e4:b6:53:02:48:35:93:c2:e9:
                    2e:93:d4:63:3c:d6:9f:e1:e4:86:71:c7:f0:c5:9e:
                    c5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BD:C5:01:46:E4:D5:A1:79:F9:DC:94:30:97:F5:13:3C:B0:99:3A
            X509v3 Authority Key Identifier:
                keyid:B1:5E:3D:C0:EB:FB:10:EB:B9:41:97:45:47:32:EF:78:6A:C7:5B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sV49wOv7EOu5QZdFRzLveGrHW3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/Qb3FAUbk1aF5-dyUMJf1EzywmTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/4adc3b-3bd3-4547-8006-1d007be9cdd8/1/sV49wOv7EOu5QZdFRzLveGrHW3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.92.0/22
                  194.102.202.0/24
                  194.169.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c8:b4:24:54:e0:91:17:2a:0a:84:95:d2:24:69:39:bf:a6:
         e4:00:e9:d3:b2:f4:ef:72:dc:fd:9c:05:76:d2:3a:f1:ea:eb:
         0b:0e:a1:fd:3e:85:37:9b:db:30:3e:99:43:22:38:e7:b6:cf:
         18:2e:6c:9d:01:22:93:89:86:37:bc:0d:2e:35:32:bf:e1:7d:
         cb:c0:36:5f:57:a6:2b:1e:1c:29:25:74:ec:c1:76:46:40:d2:
         a2:d2:cd:2b:03:b9:91:53:55:5d:ab:29:07:9c:5f:f0:7e:e7:
         e5:1c:37:aa:cf:59:ab:54:d4:ba:81:99:f8:8f:9b:d2:80:7f:
         68:47:93:02:61:3f:eb:ff:52:51:58:f6:47:12:2a:6b:bb:4f:
         c6:85:f0:be:99:67:cf:ed:3d:60:7d:8b:00:cb:88:6d:06:a0:
         77:fc:09:ff:e8:16:99:e6:ef:f6:d6:aa:8b:3b:2d:f2:43:c6:
         27:1c:03:d5:0e:90:59:05:bd:1d:18:b7:4a:82:99:63:f7:81:
         8c:f5:ae:0c:2b:6b:d4:93:d7:cb:d9:1d:5d:38:c5:6e:be:dc:
         b0:e9:1c:16:d4:5d:f3:52:53:ba:76:5a:d7:3f:a9:85:09:c5:
         b4:67:af:b2:ba:ab:a4:5b:5a:ff:1e:68:33:81:da:95:f9:de:
         aa:34:a3:f1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuAurAIRFNbdu38CTHbuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNWUzZGMwZWJmYjEwZWJiOTQxOTc0NTQ3MzJlZjc4NmFj
NzViNzAwHhcNMjQwMTAxMjAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJkYzUwMTQ2ZTRkNWExNzlmOWRjOTQzMDk3ZjUxMzNjYjA5OTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOu7PJjmfD9lTpGyms2XimULWdVN
bktiGdXjPUj/YmKGkjEybga9KtdjgfW/GYJ/SG98Nw/+lFp8abDIeIfeSzpsy98h
b5ApVGNucxv45Iw+UzN1iEomqu1Rdim1xCErBjtor/Bb43cjSv6hLknrKOD74E87
xBYteydeoE15F0wfyeO74OC7RDJWywaNwy7W7iIPz+XdffAhJV8ShA82xbBeuZdm
3K/P3CwmQ0PQBPKr87RKthEojFZ4QMsH935uF2y9GYmbHq5MSGF3E+S1qqNT34ur
LQXri2SwhdKU1sQHGB+4Zp3ktlMCSDWTwukuk9RjPNaf4eSGccfwxZ7FJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEG9xQFG5NWhefnclDCX9RM8sJk6MB8GA1UdIwQY
MBaAFLFePcDr+xDruUGXRUcy73hqx1twMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1Y0OXdPdjdFT3U1UVpkRlJ6THZlR3JIVzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80YWRjM2ItM2JkMy00NTQ3LTgwMDYt
MWQwMDdiZTljZGQ4LzEvUWIzRkFVYmsxYUY1LWR5VU1KZjFFenl3bVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80YWRjM2ItM2JkMy00NTQ3LTgwMDYtMWQwMDdiZTljZGQ4
LzEvc1Y0OXdPdjdFT3U1UVpkRlJ6THZlR3JIVzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuUBcAwQA
wmbKAwQAwqnpMA0GCSqGSIb3DQEBCwUAA4IBAQA2yLQkVOCRFyoKhJXSJGk5v6bk
AOnTsvTvctz9nAV20jrx6usLDqH9PoU3m9swPplDIjjnts8YLmydASKTiYY3vA0u
NTK/4X3LwDZfV6YrHhwpJXTswXZGQNKi0s0rA7mRU1VdqykHnF/wfuflHDeqz1mr
VNS6gZn4j5vSgH9oR5MCYT/r/1JRWPZHEipru0/GhfC+mWfP7T1gfYsAy4htBqB3
/An/6BaZ5u/21qqLOy3yQ8YnHAPVDpBZBb0dGLdKgplj94GM9a4MK2vUk9fL2R1d
OMVuvtyw6RwW1F3zUlO6dlrXP6mFCcW0Z6+yuqukW1r/HmgzgdqV+d6qNKPx
-----END CERTIFICATE-----