Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/fKpKS-UgC22TWRNX4VrlCnCOhms.roa
File:                     fKpKS-UgC22TWRNX4VrlCnCOhms.roa (raw, json)
Hash identifier:          IRNbz2C+Z3wElvVbFCUdvVnfpYwgRbO29fFIisck+u8=
Subject key identifier:   7C:AA:4A:4B:E5:20:0B:6D:93:59:13:57:E1:5A:E5:0A:70:8E:86:6B
Certificate issuer:       /CN=2906f026b1fe636c9a5da011dc7fd69c581d02b8
Certificate serial:       018CC2DAB72B6FF1C9E9EF950D457EEA8080
Authority key identifier: 29:06:F0:26:B1:FE:63:6C:9A:5D:A0:11:DC:7F:D6:9C:58:1D:02:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/fKpKS-UgC22TWRNX4VrlCnCOhms.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3491
IP address blocks:        185.152.51.0/24 maxlen: 24
                          185.152.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b7:2b:6f:f1:c9:e9:ef:95:0d:45:7e:ea:80:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2906f026b1fe636c9a5da011dc7fd69c581d02b8
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7caa4a4be5200b6d93591357e15ae50a708e866b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e6:e2:9c:55:46:9a:b8:a9:e1:d5:70:87:b7:
                    b1:45:43:a5:3b:7e:43:8e:a6:98:64:92:73:6e:d3:
                    32:2a:a1:e9:1e:d8:a9:0a:5c:34:19:10:c8:62:5e:
                    36:48:4a:38:c4:03:28:2d:b8:8a:91:45:3c:39:14:
                    53:b1:4d:ec:9c:08:ee:fd:a7:83:8c:aa:20:dc:fd:
                    3c:35:cd:57:39:26:5a:c1:8e:e0:29:53:ee:2e:f1:
                    b3:1c:14:7b:95:33:5d:36:e5:33:da:0b:cd:eb:10:
                    9b:58:72:06:5e:50:74:7e:95:d5:74:d4:7c:95:c4:
                    77:d0:7f:f0:ca:a0:e1:34:d7:d1:18:58:2f:b6:fb:
                    80:74:f5:eb:b5:22:18:9a:8c:92:af:b9:1e:e3:41:
                    98:fb:b4:1a:ec:72:af:c8:87:27:18:56:6a:61:1b:
                    83:f2:bd:84:81:b4:27:c9:40:8a:aa:e4:47:d4:a9:
                    05:24:dc:10:cd:2f:cf:cd:40:7a:1c:48:46:97:07:
                    56:d1:69:29:97:e7:91:06:cd:e7:a2:4f:d8:a3:f5:
                    0d:eb:cd:ba:f9:9d:23:50:b1:48:f2:ca:12:a7:22:
                    1c:98:ab:96:99:8e:8d:b0:d0:9c:40:29:21:05:24:
                    fc:62:1f:27:be:1d:8b:14:8f:40:e4:49:8a:be:5b:
                    6b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:AA:4A:4B:E5:20:0B:6D:93:59:13:57:E1:5A:E5:0A:70:8E:86:6B
            X509v3 Authority Key Identifier:
                keyid:29:06:F0:26:B1:FE:63:6C:9A:5D:A0:11:DC:7F:D6:9C:58:1D:02:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/fKpKS-UgC22TWRNX4VrlCnCOhms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:07:80:9c:c4:a7:43:38:7f:05:a8:df:58:69:d7:34:24:cf:
         b2:7a:2f:d5:c0:f1:4c:73:6a:a5:a4:98:39:a3:c6:b2:bf:16:
         58:e4:4f:ef:60:de:a0:c9:e2:03:54:6e:7f:2d:93:8e:84:72:
         16:64:15:ba:0e:78:6c:cd:99:70:53:b5:ba:dd:bc:1e:0f:5d:
         1f:0a:6f:5c:14:52:b7:2c:e2:4b:c3:46:ef:2b:29:ea:a3:a8:
         24:40:5f:28:c0:c4:02:bd:e1:28:14:06:9d:35:3d:ee:41:b6:
         a0:2b:e5:60:59:25:49:eb:2e:16:32:ba:5c:dc:f5:5d:6f:92:
         1a:14:5c:62:8d:e6:0f:c7:f1:71:cc:9d:d9:cc:82:27:d1:ed:
         3e:4e:af:12:d9:97:f2:16:9d:84:5a:8a:f6:7f:81:05:b4:f2:
         04:47:ee:40:0f:43:b8:c3:6c:f8:d3:bb:7a:b9:86:04:0a:d3:
         da:29:63:5d:09:4b:45:64:75:57:82:1a:bf:97:6f:96:16:01:
         06:41:12:55:ac:39:90:75:66:38:21:4d:82:eb:8f:dd:3e:45:
         72:20:9f:00:bc:d9:e5:19:93:4f:cd:bc:55:4d:58:05:bf:59:
         75:44:59:67:53:a9:8e:43:39:a3:fb:a2:4a:65:b8:27:d6:3f:
         3b:30:57:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rcrb/HJ6e+VDUV+6oCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDZmMDI2YjFmZTYzNmM5YTVkYTAxMWRjN2ZkNjljNTgx
ZDAyYjgwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2FhNGE0YmU1MjAwYjZkOTM1OTEzNTdlMTVhZTUwYTcwOGU4NjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+binFVGmrip4dVwh7exRUOlO35D
jqaYZJJzbtMyKqHpHtipClw0GRDIYl42SEo4xAMoLbiKkUU8ORRTsU3snAju/aeD
jKog3P08Nc1XOSZawY7gKVPuLvGzHBR7lTNdNuUz2gvN6xCbWHIGXlB0fpXVdNR8
lcR30H/wyqDhNNfRGFgvtvuAdPXrtSIYmoySr7ke40GY+7Qa7HKvyIcnGFZqYRuD
8r2EgbQnyUCKquRH1KkFJNwQzS/PzUB6HEhGlwdW0Wkpl+eRBs3nok/Yo/UN6826
+Z0jULFI8soSpyIcmKuWmY6NsNCcQCkhBST8Yh8nvh2LFI9A5EmKvltrTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyqSkvlIAttk1kTV+Fa5QpwjoZrMB8GA1UdIwQY
MBaAFCkG8Cax/mNsml2gEdx/1pxYHQK4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Fid0pySC1ZMnlhWGFBUjNIX1duRmdkQXJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82N2EzMmQtN2JmOC00YjA0LWFhMDUt
ODBhOTFiZTgzZTRiLzEvZktwS1MtVWdDMjJUV1JOWDRWcmxDbkNPaG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82N2EzMmQtN2JmOC00YjA0LWFhMDUtODBhOTFiZTgzZTRi
LzEvS1Fid0pySC1ZMnlhWGFBUjNIX1duRmdkQXJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZgwMA0G
CSqGSIb3DQEBCwUAA4IBAQC2B4CcxKdDOH8FqN9Yadc0JM+yei/VwPFMc2qlpJg5
o8ayvxZY5E/vYN6gyeIDVG5/LZOOhHIWZBW6DnhszZlwU7W63bweD10fCm9cFFK3
LOJLw0bvKynqo6gkQF8owMQCveEoFAadNT3uQbagK+VgWSVJ6y4WMrpc3PVdb5Ia
FFxijeYPx/FxzJ3ZzIIn0e0+Tq8S2ZfyFp2EWor2f4EFtPIER+5AD0O4w2z407t6
uYYECtPaKWNdCUtFZHVXghq/l2+WFgEGQRJVrDmQdWY4IU2C64/dPkVyIJ8AvNnl
GZNPzbxVTVgFv1l1RFlnU6mOQzmj+6JKZbgn1j87MFdx
-----END CERTIFICATE-----