Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/IyL6En_jTE3ZB_LYreJSsCikD0c.roa
File:                     IyL6En_jTE3ZB_LYreJSsCikD0c.roa (raw, json)
Hash identifier:          srWtx8BNp9AkDp70CEn4qlcKVqiJlUKu0oj/8+ZgEPs=
Subject key identifier:   23:22:FA:12:7F:E3:4C:4D:D9:07:F2:D8:AD:E2:52:B0:28:A4:0F:47
Certificate issuer:       /CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
Certificate serial:       018CC50069D9414A61003804B9E2D4FEAFE5
Authority key identifier: 50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/IyL6En_jTE3ZB_LYreJSsCikD0c.roa
Signing time:             Mon 01 Jan 2024 12:29:47 +0000
ROA not before:           Mon 01 Jan 2024 12:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34370
IP address blocks:        185.164.76.0/24 maxlen: 24
                          185.164.77.0/24 maxlen: 24
                          185.164.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:69:d9:41:4a:61:00:38:04:b9:e2:d4:fe:af:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
        Validity
            Not Before: Jan  1 12:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2322fa127fe34c4dd907f2d8ade252b028a40f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4b:ec:bd:ca:79:4d:c8:5c:07:52:64:c2:a5:
                    88:a6:cd:3f:7a:96:f6:63:87:dc:17:f2:e9:43:f9:
                    bf:32:ea:94:a4:f8:85:d0:6a:a5:aa:b8:61:3f:87:
                    43:c5:60:dd:09:4b:e2:3f:0b:c3:6c:67:f8:40:0b:
                    c6:07:f5:37:69:39:c1:1d:79:22:4f:2c:a8:f7:87:
                    c8:7f:4b:d5:1e:a3:9e:0e:1d:38:5b:3d:01:a1:bc:
                    32:bb:35:c7:a2:dd:ee:6f:a9:12:25:9c:90:46:66:
                    66:2f:2a:2e:9d:3b:c9:7f:e1:f2:49:74:a1:9b:db:
                    58:aa:8c:b6:2b:9d:1a:a2:48:f9:a0:a0:2d:70:65:
                    c8:0c:9d:fc:d5:e7:08:c1:3a:83:cf:cc:37:64:de:
                    90:ff:53:3e:96:29:bf:ba:34:ee:50:f6:df:6e:6e:
                    3d:05:ad:c8:27:ea:80:c5:75:7b:e8:49:b8:a3:91:
                    31:26:6d:70:b3:23:e7:f9:75:93:42:97:9f:a6:26:
                    01:95:83:2d:4f:9f:06:ed:d8:78:77:98:7f:d3:90:
                    bb:f5:d6:e0:01:a7:d2:de:da:9b:e1:ae:8a:cb:b3:
                    f2:3d:65:57:e1:60:2d:c7:6e:70:a3:2f:0c:90:3f:
                    69:f2:f5:30:18:d4:d3:71:46:31:33:65:4d:e0:4e:
                    a6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:22:FA:12:7F:E3:4C:4D:D9:07:F2:D8:AD:E2:52:B0:28:A4:0F:47
            X509v3 Authority Key Identifier:
                keyid:50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/IyL6En_jTE3ZB_LYreJSsCikD0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.76.0/23
                  185.164.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:5d:fd:6d:f7:50:c2:66:84:52:9e:13:07:9d:7f:3d:44:6b:
         53:83:f6:ba:8d:2b:a7:2e:44:b2:11:29:6a:8d:eb:86:18:0f:
         d2:e2:bc:13:55:6f:22:2d:cb:5a:72:8a:37:44:42:76:97:e0:
         96:b7:b4:88:8c:4d:20:3a:d9:ef:d9:fd:fa:df:25:17:97:3d:
         76:3e:19:40:c6:5e:dd:a9:0a:f8:c8:43:77:9e:d5:d5:3a:45:
         31:ef:eb:42:e5:d6:c2:e4:52:b9:8a:5b:e3:94:10:e6:70:35:
         93:2f:3f:d9:86:b3:fc:7b:cb:15:ff:cd:8c:d5:08:d0:5c:bc:
         50:54:da:7c:f1:c5:87:d5:a1:f0:ff:d7:8e:87:bc:ba:b3:03:
         1a:ed:bb:5a:67:f5:6b:2a:70:fd:83:50:6a:e0:9e:ef:6c:22:
         3d:c1:dd:83:64:a9:2c:7f:a3:bf:9d:e0:e3:a0:85:a4:b8:fb:
         6f:ab:01:96:97:be:cd:9d:1e:c1:78:4e:11:c2:12:3b:78:da:
         a4:fc:45:bd:52:9e:8c:9f:58:26:90:28:62:0b:fc:85:54:7a:
         1f:0f:bc:b9:a9:35:2f:b3:31:b4:e6:b1:48:bb:8e:65:5e:41:
         56:1b:d3:b0:70:f2:e8:d5:3a:a2:f5:a0:3b:77:e3:82:cf:a2:
         a9:fc:d4:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAGnZQUphADgEueLU/q/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWJjNjNlNjhjOTA5MzJiNGZjMjg5OTdmYzNiZjc4ZGUz
YjM3NDMwHhcNMjQwMTAxMTIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzIyZmExMjdmZTM0YzRkZDkwN2YyZDhhZGUyNTJiMDI4YTQwZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkvsvcp5TchcB1JkwqWIps0/epb2
Y4fcF/LpQ/m/MuqUpPiF0GqlqrhhP4dDxWDdCUviPwvDbGf4QAvGB/U3aTnBHXki
Tyyo94fIf0vVHqOeDh04Wz0BobwyuzXHot3ub6kSJZyQRmZmLyounTvJf+HySXSh
m9tYqoy2K50aokj5oKAtcGXIDJ381ecIwTqDz8w3ZN6Q/1M+lim/ujTuUPbfbm49
Ba3IJ+qAxXV76Em4o5ExJm1wsyPn+XWTQpefpiYBlYMtT58G7dh4d5h/05C79dbg
AafS3tqb4a6Ky7PyPWVX4WAtx25woy8MkD9p8vUwGNTTcUYxM2VN4E6maQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMi+hJ/40xN2Qfy2K3iUrAopA9HMB8GA1UdIwQY
MBaAFFCbxj5oyQkytPwomX/Dv3jeOzdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDkt
MTZlZDNjZDBjNzJhLzEvSXlMNkVuX2pURTNaQl9MWXJlSlNzQ2lrRDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDktMTZlZDNjZDBjNzJh
LzEvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuaRMAwQA
uaRPMA0GCSqGSIb3DQEBCwUAA4IBAQB/Xf1t91DCZoRSnhMHnX89RGtTg/a6jSun
LkSyESlqjeuGGA/S4rwTVW8iLctacoo3REJ2l+CWt7SIjE0gOtnv2f363yUXlz12
PhlAxl7dqQr4yEN3ntXVOkUx7+tC5dbC5FK5ilvjlBDmcDWTLz/ZhrP8e8sV/82M
1QjQXLxQVNp88cWH1aHw/9eOh7y6swMa7btaZ/VrKnD9g1Bq4J7vbCI9wd2DZKks
f6O/neDjoIWkuPtvqwGWl77NnR7BeE4RwhI7eNqk/EW9Up6Mn1gmkChiC/yFVHof
D7y5qTUvszG05rFIu45lXkFWG9OwcPLo1Tqi9aA7d+OCz6Kp/NTW
-----END CERTIFICATE-----