Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/3gxBRJr1UFgeHXIHHRKJw9QNBWg.roa
File:                     3gxBRJr1UFgeHXIHHRKJw9QNBWg.roa (raw, json)
Hash identifier:          K7FiMPzxklSzZxrYsedH2TTx/dncdQ+q8G+C6YJthW8=
Subject key identifier:   DE:0C:41:44:9A:F5:50:58:1E:1D:72:07:1D:12:89:C3:D4:0D:05:68
Certificate issuer:       /CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
Certificate serial:       018CE8D14FF9A9884B29CD45A92D55995013
Authority key identifier: 99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/3gxBRJr1UFgeHXIHHRKJw9QNBWg.roa
Signing time:             Mon 08 Jan 2024 11:24:40 +0000
ROA not before:           Mon 08 Jan 2024 11:24:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50597
IP address blocks:        185.254.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:d1:4f:f9:a9:88:4b:29:cd:45:a9:2d:55:99:50:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
        Validity
            Not Before: Jan  8 11:24:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de0c41449af550581e1d72071d1289c3d40d0568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f5:5b:fc:ed:b1:3f:cc:f9:24:bd:15:df:bc:
                    a5:aa:d4:b4:41:e6:d3:b6:4c:97:45:bc:af:da:98:
                    45:06:88:f3:fd:3e:52:30:cb:7c:ff:dd:61:70:f2:
                    72:d4:4c:f0:1b:0b:53:5f:cb:8c:fa:c3:d6:7a:c3:
                    02:08:5e:a8:75:93:01:0c:9f:7a:17:31:2e:1c:53:
                    ef:be:54:58:d0:5f:9b:ff:78:66:d8:d2:dd:a2:c7:
                    e0:2b:ad:c7:7a:54:06:ef:c8:ec:d2:55:c5:2d:7f:
                    d5:fd:3e:6e:8d:e8:49:2d:89:87:ce:01:3d:6b:60:
                    6b:fe:85:15:50:8f:cd:dd:ce:18:89:db:63:2f:48:
                    50:8b:83:5d:22:24:86:ab:20:7c:87:02:f3:87:23:
                    4e:06:c6:4c:c8:f6:85:fb:69:49:60:66:a5:77:fe:
                    cc:95:d0:f9:31:b4:21:76:cd:d3:0c:97:05:b7:b0:
                    22:c9:bf:f5:2d:ba:4f:b9:71:29:c8:1b:13:2b:bc:
                    d8:8a:50:ac:7f:15:95:3b:65:d5:16:06:6c:85:17:
                    9c:84:68:d3:ac:72:46:8a:84:ed:27:02:e1:c9:39:
                    96:8f:d4:c6:67:67:48:1f:9f:8e:22:fa:0c:f3:43:
                    f8:3f:20:da:24:22:0e:7d:fb:65:87:27:cd:b0:c1:
                    d8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:0C:41:44:9A:F5:50:58:1E:1D:72:07:1D:12:89:C3:D4:0D:05:68
            X509v3 Authority Key Identifier:
                keyid:99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/3gxBRJr1UFgeHXIHHRKJw9QNBWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:bf:63:a6:a2:21:1b:9b:e1:38:52:39:8f:be:d9:fa:33:bc:
         cb:85:36:55:c0:74:9e:83:c6:da:72:b1:6c:ad:59:b3:03:e5:
         67:da:95:34:7d:d4:e4:5f:3b:06:e6:04:65:44:28:a2:ee:f8:
         d6:76:6a:b2:4e:8e:8c:ff:80:d8:6e:de:dc:60:0d:12:45:81:
         03:2d:7c:99:17:3d:be:52:8b:6c:24:47:7a:eb:5f:ef:21:23:
         0c:b5:74:dd:00:71:b6:d5:ae:3c:99:b2:9a:6c:b3:98:3b:f1:
         a5:79:1c:82:e2:a1:7f:f6:ef:d1:ab:2d:9b:f9:c4:2e:b3:5d:
         1d:f4:43:92:0b:91:37:ba:68:a0:3c:4b:e0:67:8c:6d:c8:6c:
         b2:17:a6:bf:e6:e7:50:ea:8d:4a:14:97:03:14:41:dd:43:9a:
         1c:df:64:34:a1:a9:1a:91:6e:30:1e:45:b1:fb:24:7c:c7:60:
         3f:c8:4e:9a:e9:ae:9d:d4:b7:bf:47:46:4d:6c:2c:3e:d1:a5:
         55:2c:a6:79:d9:56:70:3e:28:67:f8:21:a0:f7:75:d0:aa:9d:
         d5:0b:af:ff:fb:be:e4:06:f6:99:19:f3:f3:29:3a:7a:af:43:
         97:65:dd:5c:21:e9:ef:bb:d7:c2:0a:a8:62:71:61:94:23:80:
         ad:53:93:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzo0U/5qYhLKc1FqS1VmVATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjM4MTJhMTU5N2U5NjA1ZTJhOWJmNDlhY2Y4ZDYzODk4
MWE1ZjQwHhcNMjQwMTA4MTEyNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTBjNDE0NDlhZjU1MDU4MWUxZDcyMDcxZDEyODljM2Q0MGQwNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvVb/O2xP8z5JL0V37ylqtS0QebT
tkyXRbyv2phFBojz/T5SMMt8/91hcPJy1EzwGwtTX8uM+sPWesMCCF6odZMBDJ96
FzEuHFPvvlRY0F+b/3hm2NLdosfgK63HelQG78js0lXFLX/V/T5ujehJLYmHzgE9
a2Br/oUVUI/N3c4YidtjL0hQi4NdIiSGqyB8hwLzhyNOBsZMyPaF+2lJYGald/7M
ldD5MbQhds3TDJcFt7Aiyb/1LbpPuXEpyBsTK7zYilCsfxWVO2XVFgZshRechGjT
rHJGioTtJwLhyTmWj9TGZ2dIH5+OIvoM80P4PyDaJCIOfftlhyfNsMHYfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4MQUSa9VBYHh1yBx0SicPUDQVoMB8GA1UdIwQY
MBaAFJkjgSoVl+lgXiqb9JrPjWOJgaX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQt
NmIxNmM3ODhhOTBmLzEvM2d4QlJKcjFVRmdlSFhJSEhSS0p3OVFOQldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQtNmIxNmM3ODhhOTBm
LzEvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf5XMA0G
CSqGSIb3DQEBCwUAA4IBAQB/v2OmoiEbm+E4UjmPvtn6M7zLhTZVwHSeg8bacrFs
rVmzA+Vn2pU0fdTkXzsG5gRlRCii7vjWdmqyTo6M/4DYbt7cYA0SRYEDLXyZFz2+
UotsJEd661/vISMMtXTdAHG21a48mbKabLOYO/GleRyC4qF/9u/Rqy2b+cQus10d
9EOSC5E3umigPEvgZ4xtyGyyF6a/5udQ6o1KFJcDFEHdQ5oc32Q0oakakW4wHkWx
+yR8x2A/yE6a6a6d1Le/R0ZNbCw+0aVVLKZ52VZwPihn+CGg93XQqp3VC6//+77k
BvaZGfPzKTp6r0OXZd1cIenvu9fCCqhicWGUI4CtU5PH
-----END CERTIFICATE-----