Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/fR3UTSOO44UcMNs2i_e0JPMzjdk.roa
File:                     fR3UTSOO44UcMNs2i_e0JPMzjdk.roa (raw, json)
Hash identifier:          C6YLqXljpmeyZD+5z2fIFe0rv/FslXjOpceZVxffIcI=
Subject key identifier:   7D:1D:D4:4D:23:8E:E3:85:1C:30:DB:36:8B:F7:B4:24:F3:33:8D:D9
Certificate issuer:       /CN=2bcee4d9523f15291c57675fd26dc950a7cd5550
Certificate serial:       018CC9BB43588A0F3A45466AADB2216EC1A7
Authority key identifier: 2B:CE:E4:D9:52:3F:15:29:1C:57:67:5F:D2:6D:C9:50:A7:CD:55:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K87k2VI_FSkcV2df0m3JUKfNVVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/fR3UTSOO44UcMNs2i_e0JPMzjdk.roa
Signing time:             Tue 02 Jan 2024 10:32:22 +0000
ROA not before:           Tue 02 Jan 2024 10:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206606
IP address blocks:        185.177.160.0/22 maxlen: 22
                          2a0a:3e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/K87k2VI_FSkcV2df0m3JUKfNVVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/K87k2VI_FSkcV2df0m3JUKfNVVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K87k2VI_FSkcV2df0m3JUKfNVVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:43:58:8a:0f:3a:45:46:6a:ad:b2:21:6e:c1:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bcee4d9523f15291c57675fd26dc950a7cd5550
        Validity
            Not Before: Jan  2 10:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d1dd44d238ee3851c30db368bf7b424f3338dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:c7:ad:06:61:fe:1e:8d:a5:c7:a1:58:3f:
                    ce:0a:df:3a:8c:1e:fa:d6:a7:a2:93:f1:56:fc:f1:
                    08:75:32:a4:4b:41:a3:fd:c3:e5:f4:51:35:fb:39:
                    c7:06:64:bd:8a:07:fe:04:23:4f:3a:4c:3c:f5:f5:
                    a0:aa:63:83:fc:47:f0:aa:a6:d5:24:78:8d:4d:45:
                    5d:7c:8f:48:91:06:cd:1d:5d:d2:4c:b3:54:6e:36:
                    0d:f9:64:d0:a4:b0:58:8b:b6:b1:54:06:94:81:ab:
                    81:33:c4:2b:08:68:fd:49:0c:49:83:8e:31:bc:79:
                    54:0d:c1:56:da:7c:54:c9:1c:08:d8:9f:9d:6c:79:
                    0b:b4:74:c1:f3:f7:52:d6:eb:50:ea:9b:57:90:0d:
                    55:64:9b:84:03:5d:0c:d7:2d:75:55:bc:4f:38:c0:
                    97:7e:f1:5c:c4:6f:2d:b8:a4:ae:5f:85:2a:95:f8:
                    74:e6:56:16:2d:66:34:87:52:47:1c:32:a2:76:4d:
                    dc:dc:fc:f2:8a:b8:b2:0c:0c:94:a5:e4:c7:2e:42:
                    e5:3f:6c:73:4e:a0:50:90:3b:30:1a:42:ef:a1:44:
                    03:a3:7f:5b:51:63:de:77:2c:57:d6:c6:e7:d1:69:
                    71:26:95:f0:a9:8d:cc:13:e8:e3:b4:af:75:2a:09:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1D:D4:4D:23:8E:E3:85:1C:30:DB:36:8B:F7:B4:24:F3:33:8D:D9
            X509v3 Authority Key Identifier:
                keyid:2B:CE:E4:D9:52:3F:15:29:1C:57:67:5F:D2:6D:C9:50:A7:CD:55:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K87k2VI_FSkcV2df0m3JUKfNVVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/fR3UTSOO44UcMNs2i_e0JPMzjdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8bbc27-2088-4cc9-b8d3-a03169d68a19/1/K87k2VI_FSkcV2df0m3JUKfNVVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.160.0/22
                IPv6:
                  2a0a:3e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:52:2c:88:86:18:9e:c3:41:e9:d4:bf:95:0b:73:73:b0:db:
         ff:aa:3f:75:ea:0e:31:75:0b:27:cf:5f:42:1d:35:7e:02:b6:
         51:39:42:ad:7c:fc:b9:a0:f7:fc:64:63:68:14:33:8e:df:b0:
         7a:b2:65:8b:97:0d:b5:10:10:ac:b6:38:90:71:2f:4c:e3:7a:
         d6:7d:23:6f:32:e6:c1:6c:ab:33:f0:7a:92:2f:64:dd:59:3f:
         25:a5:af:11:00:7e:a0:3b:d1:36:7b:67:8f:29:e6:fe:b3:06:
         50:27:32:4e:f8:50:2b:c2:42:02:49:72:c6:c8:32:f4:7f:1a:
         a9:46:a8:50:a8:91:6d:1d:1c:dd:4b:a4:f6:d3:70:0c:4c:f1:
         82:32:e8:e7:53:f9:6f:44:1d:86:05:48:72:68:db:d8:c2:6b:
         bb:90:09:9d:e1:95:23:02:5b:4e:60:c6:da:47:91:1c:dc:14:
         9a:7e:6c:23:07:92:6a:4e:d0:09:fe:7c:ab:d7:c8:49:78:f0:
         ca:ff:4c:2f:0f:cf:d2:f7:90:d8:aa:ec:7c:ec:03:2e:70:13:
         15:7c:ef:43:67:e4:75:56:ac:c0:3b:a4:48:c7:86:ba:71:67:
         92:aa:0f:66:99:09:1b:f7:35:b6:31:ff:54:73:2f:12:39:f8:
         c0:62:74:dd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu0NYig86RUZqrbIhbsGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiY2VlNGQ5NTIzZjE1MjkxYzU3Njc1ZmQyNmRjOTUwYTdj
ZDU1NTAwHhcNMjQwMTAyMTAzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFkZDQ0ZDIzOGVlMzg1MWMzMGRiMzY4YmY3YjQyNGYzMzM4ZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ3HrQZh/h6NpcehWD/OCt86jB76
1qeik/FW/PEIdTKkS0Gj/cPl9FE1+znHBmS9igf+BCNPOkw89fWgqmOD/EfwqqbV
JHiNTUVdfI9IkQbNHV3STLNUbjYN+WTQpLBYi7axVAaUgauBM8QrCGj9SQxJg44x
vHlUDcFW2nxUyRwI2J+dbHkLtHTB8/dS1utQ6ptXkA1VZJuEA10M1y11VbxPOMCX
fvFcxG8tuKSuX4Uqlfh05lYWLWY0h1JHHDKidk3c3PzyiriyDAyUpeTHLkLlP2xz
TqBQkDswGkLvoUQDo39bUWPedyxX1sbn0WlxJpXwqY3ME+jjtK91KglSAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH0d1E0jjuOFHDDbNov3tCTzM43ZMB8GA1UdIwQY
MBaAFCvO5NlSPxUpHFdnX9JtyVCnzVVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzg3azJWSV9GU2tjVjJkZjBtM0pVS2ZOVlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84YmJjMjctMjA4OC00Y2M5LWI4ZDMt
YTAzMTY5ZDY4YTE5LzEvZlIzVVRTT080NFVjTU5zMmlfZTBKUE16amRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84YmJjMjctMjA4OC00Y2M5LWI4ZDMtYTAzMTY5ZDY4YTE5
LzEvSzg3azJWSV9GU2tjVjJkZjBtM0pVS2ZOVlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubGgMA0E
AgACMAcDBQMqCj6AMA0GCSqGSIb3DQEBCwUAA4IBAQB2UiyIhhiew0Hp1L+VC3Nz
sNv/qj916g4xdQsnz19CHTV+ArZROUKtfPy5oPf8ZGNoFDOO37B6smWLlw21EBCs
tjiQcS9M43rWfSNvMubBbKsz8HqSL2TdWT8lpa8RAH6gO9E2e2ePKeb+swZQJzJO
+FArwkICSXLGyDL0fxqpRqhQqJFtHRzdS6T203AMTPGCMujnU/lvRB2GBUhyaNvY
wmu7kAmd4ZUjAltOYMbaR5Ec3BSafmwjB5JqTtAJ/nyr18hJePDK/0wvD8/S95DY
qux87AMucBMVfO9DZ+R1VqzAO6RIx4a6cWeSqg9mmQkb9zW2Mf9Ucy8SOfjAYnTd
-----END CERTIFICATE-----