Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/Pqvpql674hsl9tF0uC0MeHDn3uk.roa
File:                     Pqvpql674hsl9tF0uC0MeHDn3uk.roa (raw, json)
Hash identifier:          ZbMhBOkIVfAKL+W8X5wVRyZipgf/cqtKvjzOI4Kg00Y=
Subject key identifier:   3E:AB:E9:AA:5E:BB:E2:1B:25:F6:D1:74:B8:2D:0C:78:70:E7:DE:E9
Certificate issuer:       /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial:       018CC348CE896263B683F421D6D5DD3F98A6
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/Pqvpql674hsl9tF0uC0MeHDn3uk.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205953
IP address blocks:        185.93.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ce:89:62:63:b6:83:f4:21:d6:d5:dd:3f:98:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3eabe9aa5ebbe21b25f6d174b82d0c7870e7dee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:59:07:93:cb:4a:12:85:9a:fb:c3:25:a2:0a:
                    1d:7d:27:47:86:58:04:3a:b7:fa:89:27:7f:08:04:
                    ca:fb:62:ba:e6:11:83:a8:5a:db:60:12:d7:4a:1d:
                    e1:88:c2:10:ce:54:0d:da:64:77:c7:25:4e:f2:cd:
                    29:e9:0b:26:a6:e7:d0:07:48:2f:2f:49:6b:ab:ae:
                    47:94:cb:e2:1e:7e:c2:e8:04:d1:b5:13:09:ff:be:
                    35:a9:d1:e7:a7:60:cc:1b:d5:07:8a:de:07:6e:a9:
                    7c:73:13:b5:87:5a:b9:8f:99:f0:69:4a:d8:e0:56:
                    4b:b9:73:f5:01:b6:dc:93:62:68:74:0a:3f:14:37:
                    23:45:46:fd:4a:2d:bc:1c:59:0e:c9:17:9c:7b:3d:
                    41:af:d9:a8:82:a9:95:00:b8:e0:73:05:a4:ab:39:
                    05:3b:d2:ca:bd:9e:33:ae:38:29:bc:43:60:34:02:
                    59:db:e0:91:a3:23:10:ec:ae:f5:fc:68:a2:3a:9e:
                    80:ee:11:a8:7c:6b:44:42:f8:1d:bd:4f:3c:8c:de:
                    1e:b6:a4:9b:97:ed:b5:32:c3:78:ae:b8:15:72:c7:
                    d6:f9:ac:9b:b7:22:f0:ba:23:c7:50:27:17:d3:dd:
                    e9:9f:d1:a8:e7:12:69:97:82:b0:6f:5b:f9:dd:47:
                    4b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:AB:E9:AA:5E:BB:E2:1B:25:F6:D1:74:B8:2D:0C:78:70:E7:DE:E9
            X509v3 Authority Key Identifier:
                keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/Pqvpql674hsl9tF0uC0MeHDn3uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:7f:3d:0f:45:ab:40:23:53:ae:7d:86:24:af:f8:2b:fa:b3:
         a7:60:5b:8f:6c:99:34:e2:1a:09:7a:ff:01:9e:46:4e:46:f8:
         c8:5a:53:e9:08:0c:92:11:77:9a:d2:ca:fb:35:f2:94:8b:cb:
         8b:fd:0b:27:7b:4c:2b:2c:c9:f9:b9:93:7e:52:d2:ac:b4:ca:
         13:37:19:28:8c:94:d9:59:53:0c:3e:9d:93:bf:c5:63:75:a1:
         1b:4b:97:95:b6:dd:92:b4:c3:d2:7a:2f:0b:c0:8c:48:fb:40:
         e3:8f:cb:de:6f:a4:e4:14:69:e5:14:6e:90:92:1d:e0:4a:41:
         8a:f2:b8:fb:b1:78:aa:46:a9:2c:f7:4d:17:5c:6d:0b:8c:24:
         97:fe:9f:5f:c2:29:df:b4:9b:e7:6f:7b:47:c6:cf:19:1c:18:
         d9:8a:97:88:1a:6c:b0:81:ac:f0:2b:09:6e:30:8a:e4:4e:fa:
         c2:b5:c2:60:d6:91:c3:d4:9b:ca:df:63:e3:3d:90:57:c2:ed:
         f2:63:1d:cd:43:f0:fd:04:90:b5:bf:dd:db:c9:c6:03:0f:1a:
         47:09:d9:2e:90:3d:5e:96:c6:c1:db:d4:93:0b:e0:0a:ac:41:
         bf:7c:a2:5e:ae:b8:41:df:27:15:49:f2:13:ec:4f:fb:9a:19:
         a0:86:9c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSM6JYmO2g/Qh1tXdP5imMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWFiZTlhYTVlYmJlMjFiMjVmNmQxNzRiODJkMGM3ODcwZTdkZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1kHk8tKEoWa+8MlogodfSdHhlgE
Orf6iSd/CATK+2K65hGDqFrbYBLXSh3hiMIQzlQN2mR3xyVO8s0p6QsmpufQB0gv
L0lrq65HlMviHn7C6ATRtRMJ/741qdHnp2DMG9UHit4Hbql8cxO1h1q5j5nwaUrY
4FZLuXP1Abbck2JodAo/FDcjRUb9Si28HFkOyRecez1Br9mogqmVALjgcwWkqzkF
O9LKvZ4zrjgpvENgNAJZ2+CRoyMQ7K71/GiiOp6A7hGofGtEQvgdvU88jN4etqSb
l+21MsN4rrgVcsfW+aybtyLwuiPHUCcX093pn9Go5xJpl4Kwb1v53UdLswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6r6apeu+IbJfbRdLgtDHhw597pMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEvUHF2cHFsNjc0aHNsOXRGMHVDME1lSERuM3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV34MA0G
CSqGSIb3DQEBCwUAA4IBAQBjfz0PRatAI1OufYYkr/gr+rOnYFuPbJk04hoJev8B
nkZORvjIWlPpCAySEXea0sr7NfKUi8uL/Qsne0wrLMn5uZN+UtKstMoTNxkojJTZ
WVMMPp2Tv8VjdaEbS5eVtt2StMPSei8LwIxI+0Djj8veb6TkFGnlFG6Qkh3gSkGK
8rj7sXiqRqks900XXG0LjCSX/p9fwinftJvnb3tHxs8ZHBjZipeIGmywgazwKwlu
MIrkTvrCtcJg1pHD1JvK32PjPZBXwu3yYx3NQ/D9BJC1v93bycYDDxpHCdkukD1e
lsbB29STC+AKrEG/fKJerrhB3ycVSfIT7E/7mhmghpyr
-----END CERTIFICATE-----