Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/1-be0yyBKCKWxtn5-HCjwF_OAUbk.roa
File:                     1-be0yyBKCKWxtn5-HCjwF_OAUbk.roa (raw, json)
Hash identifier:          PG2IRU73mz3HkJpAE/tq4+CtuJWNV7FeLzj3BDXzRrU=
Subject key identifier:   F9:B7:B4:CB:20:4A:08:A5:B1:B6:7E:7E:1C:28:F0:17:F3:80:51:B9
Certificate issuer:       /CN=424ab8c7cf7403b5620a1b813e6ad1da0dacb44d
Certificate serial:       0191E5111971F03265ABD6278467AE051E78
Authority key identifier: 42:4A:B8:C7:CF:74:03:B5:62:0A:1B:81:3E:6A:D1:DA:0D:AC:B4:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/1-be0yyBKCKWxtn5-HCjwF_OAUbk.roa
Signing time:             Thu 12 Sep 2024 07:09:48 +0000
ROA not before:           Thu 12 Sep 2024 07:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60522
IP address blocks:        185.188.108.0/22 maxlen: 24
                          2a0b:bf80::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:11:19:71:f0:32:65:ab:d6:27:84:67:ae:05:1e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424ab8c7cf7403b5620a1b813e6ad1da0dacb44d
        Validity
            Not Before: Sep 12 07:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9b7b4cb204a08a5b1b67e7e1c28f017f38051b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ed:1a:17:99:f1:43:2d:47:82:2f:af:97:b8:
                    ca:28:59:b7:cc:03:97:b2:ba:ff:ff:61:11:89:44:
                    94:43:6a:95:68:1a:da:fe:50:5b:78:33:4e:b8:1a:
                    c8:25:74:bc:18:71:33:72:5c:6e:a2:ec:df:93:30:
                    3a:57:38:76:5a:96:77:fc:07:49:4a:ac:5a:8a:af:
                    54:fd:ca:2f:d3:9a:a7:62:d1:1f:c7:23:df:cb:fb:
                    2c:28:ad:00:e0:be:dc:a6:9a:48:bc:d3:ae:31:7e:
                    62:99:c3:91:f5:96:19:98:57:fb:cb:0c:15:6e:28:
                    24:1c:fe:04:4f:7f:be:d8:0d:b8:4c:a2:b6:86:6d:
                    c0:5b:20:1f:90:b8:1d:32:83:96:3d:ec:70:67:4a:
                    13:74:cb:2d:be:dd:11:29:c4:02:23:60:ab:9c:00:
                    19:df:22:99:fc:be:96:b2:84:ef:23:6d:63:f1:fd:
                    a3:41:0e:2f:d2:95:9d:f2:ca:86:da:c5:0b:a8:14:
                    bb:d0:52:55:07:0a:19:29:02:92:e5:51:65:a5:22:
                    a0:9f:fe:bd:2b:13:2e:05:bc:b0:ad:b7:0f:93:f7:
                    a1:da:e2:70:c4:90:a7:98:9f:66:b8:36:8b:96:5f:
                    1b:1b:da:47:1c:0d:c9:28:70:b7:f5:4d:23:8c:e0:
                    d3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B7:B4:CB:20:4A:08:A5:B1:B6:7E:7E:1C:28:F0:17:F3:80:51:B9
            X509v3 Authority Key Identifier:
                keyid:42:4A:B8:C7:CF:74:03:B5:62:0A:1B:81:3E:6A:D1:DA:0D:AC:B4:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/1-be0yyBKCKWxtn5-HCjwF_OAUbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.108.0/22
                IPv6:
                  2a0b:bf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:73:ee:73:f0:df:3b:f9:d5:85:40:91:ce:b6:b0:8e:e8:93:
         44:c3:8c:e6:36:d4:d3:38:3c:ed:31:40:41:3f:cf:d1:ba:77:
         76:03:23:08:12:96:8e:c4:ec:a4:21:c7:df:57:f3:db:68:40:
         66:be:af:0d:d8:b5:31:0f:57:e4:9a:8f:c7:98:e5:16:c0:ba:
         4f:e8:f1:fa:f9:d4:27:51:e9:d6:2d:50:1c:f9:fc:f7:c9:32:
         e0:1c:5b:11:a3:03:5a:17:68:9f:10:87:63:b9:6c:ec:73:75:
         99:7c:27:76:a7:9f:c0:70:ac:37:9f:7b:36:b1:df:7e:0d:95:
         57:d9:09:d9:bc:6c:21:76:eb:ac:1a:2b:ac:0f:bf:18:3e:33:
         0b:28:22:71:9a:60:14:bd:6f:c7:50:b1:f8:0f:7c:6e:29:58:
         fa:ee:72:9e:91:df:ed:d9:39:f2:c3:c8:11:3a:d1:c8:f8:d3:
         40:5a:e7:a1:e5:71:49:94:92:f5:d3:d6:e6:c6:59:b0:8b:9a:
         94:b1:67:58:c6:7a:b1:99:8f:99:85:7f:65:27:fb:6a:68:1f:
         c3:ca:c1:4a:08:72:11:ad:96:b0:6a:99:86:13:26:6b:d3:fe:
         58:4b:0b:6c:e9:2d:56:2c:8d:dc:48:51:02:89:6c:d2:60:69:
         74:68:d9:e1
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZHlERlx8DJlq9YnhGeuBR54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGFiOGM3Y2Y3NDAzYjU2MjBhMWI4MTNlNmFkMWRhMGRh
Y2I0NGQwHhcNMjQwOTEyMDcwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI3YjRjYjIwNGEwOGE1YjFiNjdlN2UxYzI4ZjAxN2YzODA1MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO0aF5nxQy1Hgi+vl7jKKFm3zAOX
srr//2ERiUSUQ2qVaBra/lBbeDNOuBrIJXS8GHEzclxuouzfkzA6Vzh2WpZ3/AdJ
Sqxaiq9U/cov05qnYtEfxyPfy/ssKK0A4L7cpppIvNOuMX5imcOR9ZYZmFf7ywwV
bigkHP4ET3++2A24TKK2hm3AWyAfkLgdMoOWPexwZ0oTdMstvt0RKcQCI2CrnAAZ
3yKZ/L6WsoTvI21j8f2jQQ4v0pWd8sqG2sULqBS70FJVBwoZKQKS5VFlpSKgn/69
KxMuBbywrbcPk/eh2uJwxJCnmJ9muDaLll8bG9pHHA3JKHC39U0jjODTgwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPm3tMsgSgilsbZ+fhwo8BfzgFG5MB8GA1UdIwQY
MBaAFEJKuMfPdAO1YgobgT5q0doNrLRNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtxNHg4OTBBN1ZpQ2h1QlBtclIyZzJzdEUwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zYjMyMTUtNTcyMS00MzQ1LTg0MWIt
MmFkOTMwOGYxZjZjLzEvMS1iZTB5eUJLQ0tXeHRuNS1IQ2p3Rl9PQVViay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2QvM2IzMjE1LTU3MjEtNDM0NS04NDFiLTJhZDkzMDhmMWY2
Yy8xL1FrcTR4ODkwQTdWaUNodUJQbXJSMmcyc3RFMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArm8bDAN
BAIAAjAHAwUAKgu/gDANBgkqhkiG9w0BAQsFAAOCAQEAR3Puc/DfO/nVhUCRzraw
juiTRMOM5jbU0zg87TFAQT/P0bp3dgMjCBKWjsTspCHH31fz22hAZr6vDdi1MQ9X
5JqPx5jlFsC6T+jx+vnUJ1Hp1i1QHPn898ky4BxbEaMDWhdonxCHY7ls7HN1mXwn
dqefwHCsN597NrHffg2VV9kJ2bxsIXbrrBorrA+/GD4zCygicZpgFL1vx1Cx+A98
bilY+u5ynpHf7dk58sPIETrRyPjTQFrnoeVxSZSS9dPW5sZZsIualLFnWMZ6sZmP
mYV/ZSf7amgfw8rBSghyEa2WsGqZhhMma9P+WEsLbOktViyN3EhRAols0mBpdGjZ
4Q==
-----END CERTIFICATE-----