Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/3x_owtmZuH3dgE8OURI3XNGh9UI.roa
File:                     3x_owtmZuH3dgE8OURI3XNGh9UI.roa (raw, json)
Hash identifier:          34Q5yBNnavDlL56d4PxeMGkjp0RiJNEUb1BOnB5KwGE=
Subject key identifier:   DF:1F:E8:C2:D9:99:B8:7D:DD:80:4F:0E:51:12:37:5C:D1:A1:F5:42
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018FA664000E7B0D96D1B4D55B211E3EE836
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/3x_owtmZuH3dgE8OURI3XNGh9UI.roa
Signing time:             Thu 23 May 2024 16:58:42 +0000
ROA not before:           Thu 23 May 2024 16:58:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199707
IP address blocks:        185.115.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a6:64:00:0e:7b:0d:96:d1:b4:d5:5b:21:1e:3e:e8:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: May 23 16:58:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df1fe8c2d999b87ddd804f0e5112375cd1a1f542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:78:bd:67:71:cc:d5:4a:e4:7a:94:c6:6d:
                    98:d8:80:2b:68:fe:3a:fd:04:7c:6a:f2:fd:c9:f6:
                    4c:9c:4d:18:80:a6:73:c7:c3:4c:7c:af:f0:3f:ba:
                    93:2e:6b:22:a7:a7:44:b4:a2:be:90:a7:9d:0b:7c:
                    58:52:ca:b3:d2:49:8a:e4:c1:3a:cc:19:e9:a3:07:
                    2d:57:8f:c5:c1:0a:c8:70:5c:cd:f8:3e:cc:26:1b:
                    43:b0:17:6f:22:f7:50:64:8a:43:32:0e:cc:e1:2e:
                    e3:1d:57:07:c1:dc:e9:61:87:cc:4d:53:a1:f6:5d:
                    2e:76:11:4c:62:84:d9:29:e4:7b:cd:5e:11:ad:39:
                    e3:c6:31:ef:cf:bd:f5:f9:2c:d9:46:69:b6:1a:06:
                    42:b3:4e:c4:22:48:41:86:bc:c2:c7:95:25:4b:15:
                    b3:16:3f:b2:37:62:fd:31:88:b8:22:71:98:fe:5d:
                    57:d1:1e:6d:05:b5:01:b7:0c:9b:70:46:1a:fa:13:
                    15:b3:e9:df:cd:9a:08:b6:5c:8f:c6:8f:5f:de:95:
                    dd:9d:95:f6:38:da:6c:d0:26:6b:99:39:d3:f7:66:
                    6e:b2:7d:4d:9a:be:b5:64:3f:03:a7:35:f9:8a:cd:
                    bb:78:5f:aa:6f:70:e1:4e:0e:98:49:f8:38:c3:38:
                    08:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1F:E8:C2:D9:99:B8:7D:DD:80:4F:0E:51:12:37:5C:D1:A1:F5:42
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/3x_owtmZuH3dgE8OURI3XNGh9UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:e4:85:b2:d8:ab:3b:ce:f4:cf:c8:35:34:c4:59:2f:50:67:
         c2:95:5c:c5:14:32:56:9e:a3:9f:92:b9:90:0f:2d:ff:1f:a6:
         9a:0c:93:14:8b:00:81:8d:16:45:05:ec:32:31:31:ae:cb:55:
         bb:b5:b3:15:ea:60:4d:20:14:bc:fc:5b:43:ff:85:80:52:37:
         a2:85:6c:bb:7a:45:2d:b7:62:89:84:f3:f6:85:1a:e5:e9:21:
         0b:ed:1b:4c:32:8a:d7:e8:77:c9:ee:ee:00:25:4f:fc:2f:4c:
         e1:63:41:7d:5f:9f:e7:68:ed:61:29:48:4c:58:e0:e1:c7:3f:
         9e:63:5b:55:46:5c:50:05:ba:28:a5:98:26:60:17:11:58:9d:
         ae:c5:b9:18:4f:63:70:6f:bc:17:6a:0e:01:d1:e3:e4:0e:f2:
         80:9a:6f:e1:b5:3d:33:41:69:65:5b:eb:79:1e:e8:83:85:4c:
         b9:ec:be:b6:e4:86:b6:4c:60:76:e5:a6:42:cc:94:8f:77:77:
         ab:31:03:97:60:c2:9d:2a:07:65:ff:28:67:ac:bc:fb:38:85:
         66:a7:59:fb:7d:68:76:0c:d0:c6:72:2a:37:1e:e7:e3:24:8d:
         4b:51:71:5a:a6:d5:a4:7a:2c:23:ea:1b:e3:93:f8:10:fb:e5:
         4b:73:13:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+mZAAOew2W0bTVWyEePug2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwNTIzMTY1ODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFmZThjMmQ5OTliODdkZGQ4MDRmMGU1MTEyMzc1Y2QxYTFmNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtF4vWdxzNVK5HqUxm2Y2IAraP46
/QR8avL9yfZMnE0YgKZzx8NMfK/wP7qTLmsip6dEtKK+kKedC3xYUsqz0kmK5ME6
zBnpowctV4/FwQrIcFzN+D7MJhtDsBdvIvdQZIpDMg7M4S7jHVcHwdzpYYfMTVOh
9l0udhFMYoTZKeR7zV4RrTnjxjHvz731+SzZRmm2GgZCs07EIkhBhrzCx5UlSxWz
Fj+yN2L9MYi4InGY/l1X0R5tBbUBtwybcEYa+hMVs+nfzZoItlyPxo9f3pXdnZX2
ONps0CZrmTnT92Zusn1Nmr61ZD8DpzX5is27eF+qb3DhTg6YSfg4wzgIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8f6MLZmbh93YBPDlESN1zRofVCMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvM3hfb3d0bVp1SDNkZ0U4T1VSSTNYTkdoOVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXPPMA0G
CSqGSIb3DQEBCwUAA4IBAQAt5IWy2Ks7zvTPyDU0xFkvUGfClVzFFDJWnqOfkrmQ
Dy3/H6aaDJMUiwCBjRZFBewyMTGuy1W7tbMV6mBNIBS8/FtD/4WAUjeihWy7ekUt
t2KJhPP2hRrl6SEL7RtMMorX6HfJ7u4AJU/8L0zhY0F9X5/naO1hKUhMWODhxz+e
Y1tVRlxQBboopZgmYBcRWJ2uxbkYT2Nwb7wXag4B0ePkDvKAmm/htT0zQWllW+t5
HuiDhUy57L625Ia2TGB25aZCzJSPd3erMQOXYMKdKgdl/yhnrLz7OIVmp1n7fWh2
DNDGcio3HufjJI1LUXFaptWkeiwj6hvjk/gQ++VLcxPT
-----END CERTIFICATE-----