Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/P3cWEPmQpfA61BJ4QZWBM6D0tzI.roa
File:                     P3cWEPmQpfA61BJ4QZWBM6D0tzI.roa (raw, json)
Hash identifier:          j7Cm+OUpiWYbTjf/6nUGJBdBMQD4YDqUoxHKIvZ0UII=
Subject key identifier:   3F:77:16:10:F9:90:A5:F0:3A:D4:12:78:41:95:81:33:A0:F4:B7:32
Certificate issuer:       /CN=7de98f48e988790d0e0793537941b413d2e60306
Certificate serial:       018CC3B6915D4F613D9C335991506D8B109F
Authority key identifier: 7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/P3cWEPmQpfA61BJ4QZWBM6D0tzI.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44092
IP address blocks:        185.178.252.0/22 maxlen: 24
                          185.178.252.0/24 maxlen: 24
                          185.178.253.0/24 maxlen: 24
                          185.178.255.0/24 maxlen: 24
                          185.178.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:91:5d:4f:61:3d:9c:33:59:91:50:6d:8b:10:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7de98f48e988790d0e0793537941b413d2e60306
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f771610f990a5f03ad4127841958133a0f4b732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6a:72:3c:95:f6:96:0a:2c:2f:73:df:13:81:
                    24:1e:df:0a:6c:6e:db:b6:db:89:76:7f:7d:92:36:
                    fa:99:8b:ce:25:5b:81:95:e8:84:53:09:98:0d:23:
                    b2:21:c6:7b:92:f5:9a:e9:37:4b:e4:97:4c:5d:ad:
                    1c:a9:8f:c3:6d:30:ff:81:a7:1f:8c:2b:e9:2f:2c:
                    67:fa:e0:83:14:5b:b2:c0:cc:b1:81:f4:fe:f3:b2:
                    5a:ca:e1:82:dd:2f:e7:0b:93:0e:6f:22:37:84:fe:
                    d7:8f:2e:6f:92:8f:b2:9b:ab:3e:c2:ac:6f:88:5f:
                    e3:45:e2:84:a2:99:75:29:f7:de:c7:fc:f7:85:b5:
                    1e:52:67:8d:6b:1e:c0:b2:f8:2c:80:f9:a6:a1:5a:
                    62:2e:15:b4:e2:6b:a9:28:b2:59:04:5b:e7:59:9a:
                    b3:ba:45:d6:6a:a2:5c:90:bf:9e:cf:78:14:d9:21:
                    f4:dd:6a:08:7f:f1:4b:64:37:30:b8:a1:32:21:f7:
                    a0:57:26:d8:f4:00:ee:e6:5e:de:9f:b9:fa:dc:1b:
                    c2:9d:23:68:cb:f3:d8:0a:12:28:67:51:5e:ee:36:
                    b2:39:c8:61:3a:4f:f7:68:67:67:bd:a4:fd:dc:e1:
                    e1:37:d2:cf:c8:a6:63:29:1f:cc:d1:99:82:d4:bd:
                    e8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:77:16:10:F9:90:A5:F0:3A:D4:12:78:41:95:81:33:A0:F4:B7:32
            X509v3 Authority Key Identifier:
                keyid:7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/P3cWEPmQpfA61BJ4QZWBM6D0tzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:cf:b9:a8:e7:84:31:49:d5:2b:b0:22:ee:47:68:a1:32:a0:
         35:a9:28:d3:71:0a:4c:13:e5:f3:12:03:fc:b1:d7:bf:54:6c:
         eb:3a:f2:d6:02:25:b5:d3:cd:ad:fe:35:3a:65:c0:f3:5a:ee:
         83:3b:d9:fb:bd:03:08:8b:79:4a:c1:47:7d:1e:d5:0c:9c:3d:
         76:20:79:58:81:af:93:dc:fe:dc:a0:a6:1f:d4:db:58:a2:3c:
         07:30:07:e0:d6:e1:37:36:64:e8:40:26:95:40:ef:75:15:22:
         ec:05:ae:b5:23:b2:a0:60:bf:2f:2f:80:ec:f4:7e:42:1d:bb:
         e2:99:7a:84:e9:e8:61:57:dc:b6:e9:76:b6:c7:d9:c2:c5:d0:
         01:37:86:17:0f:26:9c:72:8e:6a:eb:d5:94:74:0c:51:f9:24:
         77:e8:6b:4b:cb:03:2f:47:c4:16:0a:70:f3:73:2a:e0:dc:b9:
         f4:32:9d:80:ad:c0:bf:fd:fc:de:fa:74:6c:9a:38:06:bd:61:
         56:24:16:97:66:98:7b:0d:d6:d8:99:f8:d1:45:32:da:c2:dc:
         36:6d:a4:51:8d:72:c4:a5:0b:36:41:41:dc:92:73:29:ff:d2:
         a9:8e:35:00:fb:05:28:24:e7:15:a1:f5:28:b9:65:93:7b:2e:
         17:48:87:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpFdT2E9nDNZkVBtixCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZTk4ZjQ4ZTk4ODc5MGQwZTA3OTM1Mzc5NDFiNDEzZDJl
NjAzMDYwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc3MTYxMGY5OTBhNWYwM2FkNDEyNzg0MTk1ODEzM2EwZjRiNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGpyPJX2lgosL3PfE4EkHt8KbG7b
ttuJdn99kjb6mYvOJVuBleiEUwmYDSOyIcZ7kvWa6TdL5JdMXa0cqY/DbTD/gacf
jCvpLyxn+uCDFFuywMyxgfT+87JayuGC3S/nC5MObyI3hP7Xjy5vko+ym6s+wqxv
iF/jReKEopl1Kffex/z3hbUeUmeNax7AsvgsgPmmoVpiLhW04mupKLJZBFvnWZqz
ukXWaqJckL+ez3gU2SH03WoIf/FLZDcwuKEyIfegVybY9ADu5l7en7n63BvCnSNo
y/PYChIoZ1Fe7jayOchhOk/3aGdnvaT93OHhN9LPyKZjKR/M0ZmC1L3o6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD93FhD5kKXwOtQSeEGVgTOg9LcyMB8GA1UdIwQY
MBaAFH3pj0jpiHkNDgeTU3lBtBPS5gMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4Yjkt
NDc2MzJjYjViODU0LzEvUDNjV0VQbVFwZkE2MUJKNFFaV0JNNkQwdHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4YjktNDc2MzJjYjViODU0
LzEvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubL8MA0G
CSqGSIb3DQEBCwUAA4IBAQCSz7mo54QxSdUrsCLuR2ihMqA1qSjTcQpME+XzEgP8
sde/VGzrOvLWAiW1082t/jU6ZcDzWu6DO9n7vQMIi3lKwUd9HtUMnD12IHlYga+T
3P7coKYf1NtYojwHMAfg1uE3NmToQCaVQO91FSLsBa61I7KgYL8vL4Ds9H5CHbvi
mXqE6ehhV9y26Xa2x9nCxdABN4YXDyacco5q69WUdAxR+SR36GtLywMvR8QWCnDz
cyrg3Ln0Mp2ArcC//fze+nRsmjgGvWFWJBaXZph7DdbYmfjRRTLawtw2baRRjXLE
pQs2QUHcknMp/9KpjjUA+wUoJOcVofUouWWTey4XSIcT
-----END CERTIFICATE-----