Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/03BIb_94Q6Xa3lAvLF_-V7v-uak.roa
File:                     03BIb_94Q6Xa3lAvLF_-V7v-uak.roa (raw, json)
Hash identifier:          M/As7BdtCPtQ7t0CeQe0s1rcooK74B7SEUoMmkwOtoo=
Subject key identifier:   D3:70:48:6F:FF:78:43:A5:DA:DE:50:2F:2C:5F:FE:57:BB:FE:B9:A9
Certificate issuer:       /CN=fcb8983e529fc949b89fab3703b795b78b1a875c
Certificate serial:       018CC42529CA7AABBDB85F99F4A71C4F0798
Authority key identifier: FC:B8:98:3E:52:9F:C9:49:B8:9F:AB:37:03:B7:95:B7:8B:1A:87:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_LiYPlKfyUm4n6s3A7eVt4sah1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/03BIb_94Q6Xa3lAvLF_-V7v-uak.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206376
IP address blocks:        185.188.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/_LiYPlKfyUm4n6s3A7eVt4sah1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/_LiYPlKfyUm4n6s3A7eVt4sah1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_LiYPlKfyUm4n6s3A7eVt4sah1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:29:ca:7a:ab:bd:b8:5f:99:f4:a7:1c:4f:07:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcb8983e529fc949b89fab3703b795b78b1a875c
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d370486fff7843a5dade502f2c5ffe57bbfeb9a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:39:83:7f:fd:a8:25:47:c3:a6:50:ab:82:
                    84:0a:b6:f5:be:bc:38:fa:ef:27:1d:90:c7:c1:5e:
                    88:02:47:7a:7d:d1:ab:5d:f4:23:93:59:29:a1:6a:
                    3d:aa:7d:fc:7d:68:5a:89:e6:01:2c:80:b7:84:8a:
                    6b:4c:d2:8b:71:78:43:61:c7:77:ba:06:6e:85:ef:
                    b1:0b:7e:75:4c:c1:f5:a1:e3:c3:72:36:c5:d9:8d:
                    80:08:38:9a:96:2e:33:78:40:d5:36:3b:99:88:4d:
                    9d:65:09:4c:c6:62:50:4b:bb:2e:5b:5f:77:98:21:
                    78:90:3f:a5:b8:b4:32:c3:3c:85:f6:f6:5e:d2:4f:
                    fd:79:b2:af:44:cd:36:f0:ec:2b:71:c2:84:92:c3:
                    7e:b4:f6:0f:6c:26:61:94:8f:8c:02:20:09:5e:8a:
                    32:3d:30:a6:58:37:7b:ce:2c:00:d8:08:9c:bf:0c:
                    c7:99:32:80:bc:0c:3d:0b:7e:11:ff:0b:bb:2a:dd:
                    dd:e6:3e:d0:63:c6:2e:5b:88:d7:3e:c6:75:c9:1e:
                    40:ce:48:91:c9:49:c7:ce:cb:b5:35:c4:3e:4f:79:
                    df:99:98:15:c8:72:ba:ae:6e:e4:be:a7:c3:25:c9:
                    fb:23:f3:44:fc:6d:83:47:ad:f3:a5:f2:ba:9d:02:
                    f7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:70:48:6F:FF:78:43:A5:DA:DE:50:2F:2C:5F:FE:57:BB:FE:B9:A9
            X509v3 Authority Key Identifier:
                keyid:FC:B8:98:3E:52:9F:C9:49:B8:9F:AB:37:03:B7:95:B7:8B:1A:87:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_LiYPlKfyUm4n6s3A7eVt4sah1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/03BIb_94Q6Xa3lAvLF_-V7v-uak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4f10a3-6b21-4805-8e03-931ff3d9df41/1/_LiYPlKfyUm4n6s3A7eVt4sah1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:16:97:1f:c5:cc:0a:7f:b0:ba:b9:f6:ce:fc:72:1d:f3:b2:
         5e:24:5a:57:7d:91:54:c4:8e:b0:a3:5a:aa:e7:06:bb:30:23:
         23:2b:5a:ad:1b:1f:48:ca:17:f4:e5:06:1a:84:3c:c9:5f:51:
         76:28:95:4f:e6:7a:f8:22:39:5e:21:b9:83:d7:9d:1b:d7:bf:
         c1:b9:4c:83:0e:6a:30:e1:d8:d1:63:72:b9:af:dd:0f:50:b7:
         fd:f1:17:cb:8b:74:67:44:3d:e0:fa:ca:2b:43:60:ba:3d:4f:
         27:5f:21:c3:a3:2d:0e:8f:c2:2d:2f:fc:d9:19:7b:cc:8c:87:
         42:8d:29:67:23:a9:f4:a4:39:e0:5a:56:82:70:a9:82:7d:ed:
         64:e1:eb:2a:fc:6f:d6:c7:bf:ee:25:0a:f0:e6:06:a4:e4:e6:
         42:1e:3a:4d:fd:b5:a4:76:bb:cf:b6:c9:56:d6:a9:f3:db:75:
         0d:50:6f:cc:f5:47:87:c3:f7:f6:45:10:25:53:c8:e6:1a:20:
         f6:24:0c:1b:d4:46:43:05:7e:a3:48:db:a8:f9:c3:11:94:26:
         b8:36:40:a2:73:19:24:49:a0:07:1f:d6:eb:47:c5:79:55:31:
         db:4a:18:78:68:33:62:26:73:50:4a:50:af:62:5a:44:75:a9:
         1f:e3:41:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSnKequ9uF+Z9KccTweYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYjg5ODNlNTI5ZmM5NDliODlmYWIzNzAzYjc5NWI3OGIx
YTg3NWMwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzcwNDg2ZmZmNzg0M2E1ZGFkZTUwMmYyYzVmZmU1N2JiZmViOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9E5g3/9qCVHw6ZQq4KECrb1vrw4
+u8nHZDHwV6IAkd6fdGrXfQjk1kpoWo9qn38fWhaieYBLIC3hIprTNKLcXhDYcd3
ugZuhe+xC351TMH1oePDcjbF2Y2ACDiali4zeEDVNjuZiE2dZQlMxmJQS7suW193
mCF4kD+luLQywzyF9vZe0k/9ebKvRM028OwrccKEksN+tPYPbCZhlI+MAiAJXooy
PTCmWDd7ziwA2AicvwzHmTKAvAw9C34R/wu7Kt3d5j7QY8YuW4jXPsZ1yR5AzkiR
yUnHzsu1NcQ+T3nfmZgVyHK6rm7kvqfDJcn7I/NE/G2DR63zpfK6nQL3zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNwSG//eEOl2t5QLyxf/le7/rmpMB8GA1UdIwQY
MBaAFPy4mD5Sn8lJuJ+rNwO3lbeLGodcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0xpWVBsS2Z5VW00bjZzM0E3ZVZ0NHNhaDF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZjEwYTMtNmIyMS00ODA1LThlMDMt
OTMxZmYzZDlkZjQxLzEvMDNCSWJfOTRRNlhhM2xBdkxGXy1WN3YtdWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZjEwYTMtNmIyMS00ODA1LThlMDMtOTMxZmYzZDlkZjQx
LzEvX0xpWVBsS2Z5VW00bjZzM0E3ZVZ0NHNhaDF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubx8MA0G
CSqGSIb3DQEBCwUAA4IBAQBmFpcfxcwKf7C6ufbO/HId87JeJFpXfZFUxI6wo1qq
5wa7MCMjK1qtGx9Iyhf05QYahDzJX1F2KJVP5nr4IjleIbmD150b17/BuUyDDmow
4djRY3K5r90PULf98RfLi3RnRD3g+sorQ2C6PU8nXyHDoy0Oj8ItL/zZGXvMjIdC
jSlnI6n0pDngWlaCcKmCfe1k4esq/G/Wx7/uJQrw5gak5OZCHjpN/bWkdrvPtslW
1qnz23UNUG/M9UeHw/f2RRAlU8jmGiD2JAwb1EZDBX6jSNuo+cMRlCa4NkCicxkk
SaAHH9brR8V5VTHbShh4aDNiJnNQSlCvYlpEdakf40Hx
-----END CERTIFICATE-----