Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/bzdvwM3zvPTlrp9p85MffVoJbdk.roa
File:                     bzdvwM3zvPTlrp9p85MffVoJbdk.roa (raw, json)
Hash identifier:          j3uF8izn7xo/mvZCdovUnP8cFSSE/YygDIJYvdB0yyw=
Subject key identifier:   6F:37:6F:C0:CD:F3:BC:F4:E5:AE:9F:69:F3:93:1F:7D:5A:09:6D:D9
Certificate issuer:       /CN=a2893a4b284acb5d8a4164289045492109511688
Certificate serial:       018CC8712BA73503BAF3020017051FA58BE2
Authority key identifier: A2:89:3A:4B:28:4A:CB:5D:8A:41:64:28:90:45:49:21:09:51:16:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/bzdvwM3zvPTlrp9p85MffVoJbdk.roa
Signing time:             Tue 02 Jan 2024 04:31:49 +0000
ROA not before:           Tue 02 Jan 2024 04:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44459
IP address blocks:        185.182.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:2b:a7:35:03:ba:f3:02:00:17:05:1f:a5:8b:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2893a4b284acb5d8a4164289045492109511688
        Validity
            Not Before: Jan  2 04:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f376fc0cdf3bcf4e5ae9f69f3931f7d5a096dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:16:a8:bd:d5:90:c2:c8:fa:80:7d:be:e5:87:
                    17:75:a2:93:45:3d:a0:dc:ef:8b:18:39:66:fc:b1:
                    15:dc:31:a3:b3:cb:99:68:2c:40:13:09:86:8b:f2:
                    01:5d:65:dc:34:b7:15:9f:f5:47:07:70:00:4e:0e:
                    b5:72:b7:2f:b1:eb:31:49:4e:29:82:f1:da:82:b0:
                    92:8f:49:92:dd:0c:6d:d0:1f:75:35:2f:9e:98:99:
                    3c:46:28:b4:d1:2a:cd:ff:44:7b:3e:a7:bf:7f:bc:
                    0a:5c:90:96:70:f2:8e:90:cc:f4:04:b3:2e:94:ff:
                    59:b5:09:59:25:1a:b6:f3:76:b3:05:98:78:f3:3b:
                    6a:d1:6b:cf:e8:44:02:7b:91:08:67:2f:cf:b9:6f:
                    5b:e4:d7:f9:92:71:f4:fb:0f:79:3f:fd:1a:b2:f0:
                    27:58:fa:f3:04:dc:45:d8:29:89:5a:e1:3c:41:1e:
                    0d:06:d5:d3:56:06:d6:8b:61:1d:f2:7d:e1:0d:b3:
                    c4:07:58:37:8a:10:ac:a7:be:00:fb:d1:5f:f0:c5:
                    45:67:37:58:ae:72:53:81:96:10:8c:21:27:05:6f:
                    19:17:88:b7:f8:bb:bf:56:11:14:68:95:eb:c9:20:
                    bf:28:c7:0a:ca:11:f7:c4:57:ca:53:ef:07:b8:c4:
                    88:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:37:6F:C0:CD:F3:BC:F4:E5:AE:9F:69:F3:93:1F:7D:5A:09:6D:D9
            X509v3 Authority Key Identifier:
                keyid:A2:89:3A:4B:28:4A:CB:5D:8A:41:64:28:90:45:49:21:09:51:16:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/bzdvwM3zvPTlrp9p85MffVoJbdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:b0:9d:71:da:08:41:0b:70:3e:cb:67:58:96:fc:c5:c0:82:
         46:08:2a:7d:9c:da:27:a9:4a:15:5b:87:e7:d3:4b:cd:b0:37:
         16:78:46:f3:9e:d4:9c:e7:54:ad:7e:f2:9d:48:5b:ff:c1:5c:
         93:4a:f1:e0:f1:b8:6a:18:c5:d1:fa:e4:31:2f:51:8e:f2:17:
         28:9f:5d:18:f7:12:fd:07:b5:92:8c:28:97:b6:e8:0c:66:f2:
         f8:ee:b8:dc:d7:bf:3e:49:5c:ad:cc:ba:ed:c7:ba:6e:57:7f:
         3e:08:2d:04:09:8c:56:c2:32:e7:4f:fe:8c:4b:13:de:18:e6:
         55:40:ee:9f:37:f1:53:54:34:27:23:7e:c1:d5:04:41:b8:94:
         f0:62:35:d6:3d:8d:cc:b9:32:56:68:e0:68:9d:fb:66:13:b6:
         1d:87:3b:b8:2c:29:4a:50:83:78:b9:66:1b:08:e6:ff:bd:f4:
         91:3a:72:6d:1f:c8:5d:cb:4b:46:03:ed:1b:e7:8c:54:97:38:
         c0:ea:60:ed:51:16:c6:7a:b8:4d:6a:78:24:b2:9e:4b:2a:5b:
         77:03:38:0c:4c:32:fa:54:cc:2c:2d:2d:5f:3a:bd:25:01:14:
         ce:6d:82:b0:71:15:ec:47:41:9f:91:c4:b2:a8:eb:59:b6:31:
         d1:a4:f8:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcSunNQO68wIAFwUfpYviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyODkzYTRiMjg0YWNiNWQ4YTQxNjQyODkwNDU0OTIxMDk1
MTE2ODgwHhcNMjQwMTAyMDQzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM3NmZjMGNkZjNiY2Y0ZTVhZTlmNjlmMzkzMWY3ZDVhMDk2ZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRaovdWQwsj6gH2+5YcXdaKTRT2g
3O+LGDlm/LEV3DGjs8uZaCxAEwmGi/IBXWXcNLcVn/VHB3AATg61crcvsesxSU4p
gvHagrCSj0mS3Qxt0B91NS+emJk8Rii00SrN/0R7Pqe/f7wKXJCWcPKOkMz0BLMu
lP9ZtQlZJRq283azBZh48ztq0WvP6EQCe5EIZy/PuW9b5Nf5knH0+w95P/0asvAn
WPrzBNxF2CmJWuE8QR4NBtXTVgbWi2Ed8n3hDbPEB1g3ihCsp74A+9Ff8MVFZzdY
rnJTgZYQjCEnBW8ZF4i3+Lu/VhEUaJXrySC/KMcKyhH3xFfKU+8HuMSIgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG83b8DN87z05a6fafOTH31aCW3ZMB8GA1UdIwQY
MBaAFKKJOksoSstdikFkKJBFSSEJURaIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb29rNlN5aEt5MTJLUVdRb2tFVkpJUWxSRm9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iNDg3YWItNWUzMS00MTE3LWFkYTgt
YTVkM2NiOTE4MjA2LzEvYnpkdndNM3p2UFRscnA5cDg1TWZmVm9KYmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iNDg3YWItNWUzMS00MTE3LWFkYTgtYTVkM2NiOTE4MjA2
LzEvb29rNlN5aEt5MTJLUVdRb2tFVkpJUWxSRm9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubbwMA0G
CSqGSIb3DQEBCwUAA4IBAQB1sJ1x2ghBC3A+y2dYlvzFwIJGCCp9nNonqUoVW4fn
00vNsDcWeEbzntSc51StfvKdSFv/wVyTSvHg8bhqGMXR+uQxL1GO8hcon10Y9xL9
B7WSjCiXtugMZvL47rjc178+SVytzLrtx7puV38+CC0ECYxWwjLnT/6MSxPeGOZV
QO6fN/FTVDQnI37B1QRBuJTwYjXWPY3MuTJWaOBonftmE7Ydhzu4LClKUIN4uWYb
COb/vfSROnJtH8hdy0tGA+0b54xUlzjA6mDtURbGerhNangksp5LKlt3AzgMTDL6
VMwsLS1fOr0lARTObYKwcRXsR0GfkcSyqOtZtjHRpPi0
-----END CERTIFICATE-----