Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/b3DUSUrwuD3fDDujIGgaUOaF51g.roa
File:                     b3DUSUrwuD3fDDujIGgaUOaF51g.roa (raw, json)
Hash identifier:          uAkuJp4ZVPHVG2CrUZbS5vNNDrF7n2qKNBLoQuDSOTg=
Subject key identifier:   6F:70:D4:49:4A:F0:B8:3D:DF:0C:3B:A3:20:68:1A:50:E6:85:E7:58
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7944015E91D18EC1D48FC8B412CF78B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/b3DUSUrwuD3fDDujIGgaUOaF51g.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12469
IP address blocks:        194.45.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:40:15:e9:1d:18:ec:1d:48:fc:8b:41:2c:f7:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f70d4494af0b83ddf0c3ba320681a50e685e758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c3:20:2b:0c:99:76:cb:8e:92:9e:ba:e6:ce:
                    ff:2f:8d:c4:79:da:2c:f0:83:ae:3b:43:13:4a:70:
                    38:e7:2b:29:68:59:8f:e2:e4:6e:f8:b4:fc:6c:70:
                    59:38:ea:58:f0:ab:8a:51:5b:93:fb:e6:43:1d:1e:
                    74:3a:28:14:16:1f:1f:fb:ce:b7:34:58:52:d1:d0:
                    c2:9b:4f:8a:bf:46:21:db:04:9c:e7:ff:51:fd:82:
                    b3:fd:63:e1:26:23:81:8e:7f:e0:3c:20:18:39:32:
                    2b:bd:6c:44:d3:74:31:84:f8:c7:2d:db:62:82:7e:
                    76:7e:b0:ca:a2:22:f9:db:49:5a:52:69:9e:05:61:
                    6a:0f:ff:4d:fb:f6:35:16:c3:9a:02:4b:c2:27:0c:
                    69:7d:17:5c:ba:43:1b:89:d6:33:0b:e9:11:35:e2:
                    be:da:84:17:51:8a:b3:c3:2c:be:e9:5e:0f:fd:48:
                    ae:4c:a2:79:b9:90:bd:2b:7b:fa:c3:dc:69:33:54:
                    25:40:8b:4a:26:87:9f:36:c1:11:2b:20:a1:77:0d:
                    88:b7:8a:c2:4c:f5:b6:a1:26:f0:04:82:cf:f6:6f:
                    dc:5d:ef:03:c7:f5:8d:d1:22:d3:9e:fe:6d:96:52:
                    a1:7d:fc:b8:f3:d4:2c:79:74:91:89:c5:c6:41:fa:
                    bd:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:70:D4:49:4A:F0:B8:3D:DF:0C:3B:A3:20:68:1A:50:E6:85:E7:58
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/b3DUSUrwuD3fDDujIGgaUOaF51g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b3:6c:55:37:5d:85:b3:cd:34:d6:06:d5:76:fc:06:20:3f:
         50:21:ca:b6:11:68:b4:1f:b9:21:c0:48:27:9a:0f:67:db:7a:
         9f:c7:02:ae:52:04:0c:9f:5b:db:c0:fa:e1:f8:c0:f3:62:ce:
         c6:30:6e:e0:7e:3a:d2:cd:ff:bb:33:64:73:37:7e:01:d6:be:
         8d:cd:02:e5:71:4a:ac:4f:da:61:42:ef:51:47:4b:fb:10:1d:
         08:3f:04:c4:d8:33:82:38:47:cd:af:75:16:b8:2a:d8:b9:f0:
         1f:0d:dd:89:e1:87:06:e8:a9:fa:61:48:42:b5:1e:bf:a6:6b:
         96:f8:45:e0:05:cd:00:e1:1a:a8:15:7c:69:45:28:7f:2f:d2:
         b4:19:34:3e:88:ce:78:6c:c1:57:61:ca:a7:65:c8:fd:cb:d4:
         c3:68:13:0b:ce:20:96:f5:75:4e:23:00:54:6c:f3:03:67:d5:
         4b:6c:b2:d8:db:2d:b8:a0:cf:29:fc:d8:62:6c:4e:16:e0:76:
         43:f4:f4:3c:da:c6:d3:c7:94:7f:67:ad:e5:d0:65:0b:0d:e0:
         2c:33:2d:96:1e:4e:f4:41:5c:e9:f2:da:ec:90:a3:8e:71:1e:
         d2:90:ab:d2:7d:30:4a:82:50:c7:5a:6c:f7:0c:5b:ef:92:07:
         96:97:1b:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEAV6R0Y7B1I/ItBLPeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjcwZDQ0OTRhZjBiODNkZGYwYzNiYTMyMDY4MWE1MGU2ODVlNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocMgKwyZdsuOkp665s7/L43Eedos
8IOuO0MTSnA45yspaFmP4uRu+LT8bHBZOOpY8KuKUVuT++ZDHR50OigUFh8f+863
NFhS0dDCm0+Kv0Yh2wSc5/9R/YKz/WPhJiOBjn/gPCAYOTIrvWxE03QxhPjHLdti
gn52frDKoiL520laUmmeBWFqD/9N+/Y1FsOaAkvCJwxpfRdcukMbidYzC+kRNeK+
2oQXUYqzwyy+6V4P/UiuTKJ5uZC9K3v6w9xpM1QlQItKJoefNsERKyChdw2It4rC
TPW2oSbwBILP9m/cXe8Dx/WN0SLTnv5tllKhffy489QseXSRicXGQfq9PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9w1ElK8Lg93ww7oyBoGlDmhedYMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYjNEVVNVcnd1RDNmRER1aklHZ2FVT2FGNTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwi23MA0G
CSqGSIb3DQEBCwUAA4IBAQArs2xVN12Fs8001gbVdvwGID9QIcq2EWi0H7khwEgn
mg9n23qfxwKuUgQMn1vbwPrh+MDzYs7GMG7gfjrSzf+7M2RzN34B1r6NzQLlcUqs
T9phQu9RR0v7EB0IPwTE2DOCOEfNr3UWuCrYufAfDd2J4YcG6Kn6YUhCtR6/pmuW
+EXgBc0A4RqoFXxpRSh/L9K0GTQ+iM54bMFXYcqnZcj9y9TDaBMLziCW9XVOIwBU
bPMDZ9VLbLLY2y24oM8p/NhibE4W4HZD9PQ82sbTx5R/Z63l0GULDeAsMy2WHk70
QVzp8trskKOOcR7SkKvSfTBKglDHWmz3DFvvkgeWlxs3
-----END CERTIFICATE-----