Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/sNPKcHnt1JKw1AUvog3dXJMq_CM.roa
File:                     sNPKcHnt1JKw1AUvog3dXJMq_CM.roa (raw, json)
Hash identifier:          etTK3jaF4towcjGQiAc4a8lBObndpqO+VMh+DpUbmxc=
Subject key identifier:   B0:D3:CA:70:79:ED:D4:92:B0:D4:05:2F:A2:0D:DD:5C:93:2A:FC:23
Certificate issuer:       /CN=dbd7fc50548287deaea7ce92099e47a04a70d451
Certificate serial:       018CC50122C5CE01F92C1B59C9022AF8E062
Authority key identifier: DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/sNPKcHnt1JKw1AUvog3dXJMq_CM.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.73.224.0/24 maxlen: 24
                          2a10:f80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:22:c5:ce:01:f9:2c:1b:59:c9:02:2a:f8:e0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd7fc50548287deaea7ce92099e47a04a70d451
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0d3ca7079edd492b0d4052fa20ddd5c932afc23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c6:14:2b:68:25:df:19:a0:0d:50:c6:07:f6:
                    fc:b6:0b:ac:90:09:28:43:c4:28:cd:9e:21:61:d2:
                    d7:cd:ff:90:60:ea:53:60:70:cc:80:23:0a:8f:52:
                    71:fc:5a:64:6c:bb:7e:b2:d0:19:21:57:60:dc:b8:
                    6c:af:7d:bc:6c:58:e4:70:c9:00:7c:a3:ed:ea:56:
                    fd:7b:4d:11:df:ff:4b:fb:7b:98:46:f8:25:5c:48:
                    13:26:b1:1f:3d:28:f6:01:8d:ca:0e:eb:e7:1f:0c:
                    9f:f4:fd:8f:ef:1c:fd:c0:59:29:9f:ba:b7:55:fc:
                    50:be:29:55:ec:bb:9e:fe:d6:a6:66:09:6e:e2:e2:
                    6e:4f:72:8f:8b:54:ad:a4:db:9c:c5:dc:94:1c:c0:
                    04:5f:16:05:2c:23:cd:4c:48:3f:bd:0a:92:e6:79:
                    64:dc:08:df:79:88:f1:48:59:7b:09:30:c6:3d:d5:
                    b0:79:17:3f:b9:ec:05:ec:61:7a:6b:d4:30:4c:26:
                    36:19:c9:44:74:59:63:f1:b8:e1:95:bc:ac:b7:be:
                    4b:44:d4:45:0e:02:00:ef:0c:b6:57:a9:ed:97:71:
                    73:59:83:95:bb:b9:38:3d:46:49:18:ef:28:b1:18:
                    b6:74:6a:88:bf:37:87:93:40:08:86:c1:6f:54:93:
                    64:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D3:CA:70:79:ED:D4:92:B0:D4:05:2F:A2:0D:DD:5C:93:2A:FC:23
            X509v3 Authority Key Identifier:
                keyid:DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/sNPKcHnt1JKw1AUvog3dXJMq_CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.224.0/24
                IPv6:
                  2a10:f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:10:3f:f6:ee:c4:2a:b5:06:c9:4a:4e:7b:02:08:2f:0e:c9:
         b5:a6:46:fb:42:d7:68:aa:8b:c6:25:1c:fa:cb:09:4d:15:ac:
         67:cb:2c:b3:20:ba:67:f7:2f:46:d9:f4:83:de:f3:b5:e6:8e:
         a3:76:8f:93:a2:f7:b6:54:3e:8f:87:9a:d4:9b:2a:f0:a5:d0:
         48:f3:93:31:7c:01:f4:bb:86:34:d3:e5:6e:b7:07:9b:22:b9:
         e6:1a:b4:a2:be:63:24:f3:c9:d7:22:78:4f:99:13:f1:b4:05:
         45:79:dd:22:57:f7:da:0a:dc:02:8a:23:90:f2:04:15:a6:bc:
         16:b9:4b:eb:4e:d1:c1:3b:a9:6f:bc:93:2f:3e:6a:65:11:65:
         ce:6d:c7:09:22:af:18:d6:1e:c4:c7:6b:0a:7f:e1:b9:62:72:
         0c:49:6d:6b:a1:e5:f8:1c:1f:d7:fe:39:07:c1:48:53:2f:56:
         6f:1d:f1:f4:0c:41:0a:bc:6d:f4:7b:1e:8f:b2:c2:14:10:ac:
         7f:15:5a:80:15:09:d1:ab:b8:e4:b5:ef:f0:40:84:75:ee:ee:
         1a:91:02:98:79:94:28:2a:e6:22:59:66:bc:81:ad:01:ec:08:
         1a:5d:5b:4b:ae:79:ae:85:9d:b9:9c:62:fc:6b:51:8f:7c:d6:
         b7:d4:9f:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFASLFzgH5LBtZyQIq+OBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDdmYzUwNTQ4Mjg3ZGVhZWE3Y2U5MjA5OWU0N2EwNGE3
MGQ0NTEwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGQzY2E3MDc5ZWRkNDkyYjBkNDA1MmZhMjBkZGQ1YzkzMmFmYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8YUK2gl3xmgDVDGB/b8tguskAko
Q8QozZ4hYdLXzf+QYOpTYHDMgCMKj1Jx/FpkbLt+stAZIVdg3Lhsr328bFjkcMkA
fKPt6lb9e00R3/9L+3uYRvglXEgTJrEfPSj2AY3KDuvnHwyf9P2P7xz9wFkpn7q3
VfxQvilV7Lue/tamZglu4uJuT3KPi1StpNucxdyUHMAEXxYFLCPNTEg/vQqS5nlk
3AjfeYjxSFl7CTDGPdWweRc/uewF7GF6a9QwTCY2GclEdFlj8bjhlbyst75LRNRF
DgIA7wy2V6ntl3FzWYOVu7k4PUZJGO8osRi2dGqIvzeHk0AIhsFvVJNkTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLDTynB57dSSsNQFL6IN3VyTKvwjMB8GA1UdIwQY
MBaAFNvX/FBUgoferqfOkgmeR6BKcNRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEt
ZjI1NjA0YzRiZTgyLzEvc05QS2NIbnQxSkt3MUFVdm9nM2RYSk1xX0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEtZjI1NjA0YzRiZTgy
LzEvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUngMA0E
AgACMAcDBQAqEA+AMA0GCSqGSIb3DQEBCwUAA4IBAQBtED/27sQqtQbJSk57Aggv
Dsm1pkb7QtdoqovGJRz6ywlNFaxnyyyzILpn9y9G2fSD3vO15o6jdo+Tove2VD6P
h5rUmyrwpdBI85MxfAH0u4Y00+VutwebIrnmGrSivmMk88nXInhPmRPxtAVFed0i
V/faCtwCiiOQ8gQVprwWuUvrTtHBO6lvvJMvPmplEWXObccJIq8Y1h7Ex2sKf+G5
YnIMSW1roeX4HB/X/jkHwUhTL1ZvHfH0DEEKvG30ex6PssIUEKx/FVqAFQnRq7jk
te/wQIR17u4akQKYeZQoKuYiWWa8ga0B7AgaXVtLrnmuhZ25nGL8a1GPfNa31J+r
-----END CERTIFICATE-----