Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/sF0y3dZ-N80mSHEgx6HG9E9ESdo.roa
File:                     sF0y3dZ-N80mSHEgx6HG9E9ESdo.roa (raw, json)
Hash identifier:          3zyu0qQ8GY7sXr+0UcPTLuVn3Nlr1uBLPTXKGDGAt1A=
Subject key identifier:   B0:5D:32:DD:D6:7E:37:CD:26:48:71:20:C7:A1:C6:F4:4F:44:49:DA
Certificate issuer:       /CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
Certificate serial:       018CE854EA7DA7FB43BDD80502F2A7174BBE
Authority key identifier: 99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/sF0y3dZ-N80mSHEgx6HG9E9ESdo.roa
Signing time:             Mon 08 Jan 2024 09:08:48 +0000
ROA not before:           Mon 08 Jan 2024 09:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48175
IP address blocks:        185.254.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:54:ea:7d:a7:fb:43:bd:d8:05:02:f2:a7:17:4b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
        Validity
            Not Before: Jan  8 09:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b05d32ddd67e37cd26487120c7a1c6f44f4449da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a7:97:0b:63:2c:92:68:28:ca:23:e6:43:9f:
                    2d:2e:ab:b8:7c:03:71:23:bc:04:f8:95:a5:0b:d1:
                    36:1b:b5:8b:fd:14:1f:70:60:32:ec:f5:73:b3:ac:
                    3f:f4:24:11:c8:fb:15:54:5d:a8:25:78:56:74:7f:
                    2f:90:51:54:77:7e:c4:99:89:11:43:93:06:85:bf:
                    bc:dd:0c:33:bd:c8:d6:bf:03:12:cd:c6:13:8f:49:
                    ab:df:2a:53:fb:78:c2:95:c4:de:91:98:56:6b:ca:
                    1c:66:f5:17:c8:2b:0a:ac:63:48:af:44:e2:2b:bb:
                    3f:d1:33:bc:89:19:33:b0:87:e6:7c:35:05:76:96:
                    44:2b:e8:77:ce:31:e5:12:09:ce:26:c6:72:f8:2e:
                    9f:b3:25:cf:cb:2d:05:db:b3:09:29:65:de:8d:04:
                    30:f4:4c:66:67:3e:12:28:21:6e:8b:13:fd:3e:d3:
                    ec:b4:18:65:55:24:6f:09:ca:54:c9:e9:a1:6c:57:
                    f7:63:9e:df:f0:13:be:f7:0d:13:65:a3:4e:f0:e2:
                    e2:2c:f5:c6:0e:15:ef:03:d7:7a:2e:2a:3f:2c:9e:
                    c4:8f:a7:f9:e4:ee:b2:a0:ae:ce:5b:f9:07:90:d5:
                    58:95:bd:8c:7a:ed:a0:07:85:5a:b5:70:d7:f4:5e:
                    5e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5D:32:DD:D6:7E:37:CD:26:48:71:20:C7:A1:C6:F4:4F:44:49:DA
            X509v3 Authority Key Identifier:
                keyid:99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/sF0y3dZ-N80mSHEgx6HG9E9ESdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:bc:da:b9:b8:d6:7b:92:80:a2:99:3f:7e:91:e2:6d:eb:cd:
         c8:0f:4e:18:21:25:99:5e:7c:40:cb:17:4d:4e:7f:77:ca:6d:
         89:06:3c:08:64:d1:1d:1a:d9:1a:2a:03:bf:6f:0b:ce:c7:9f:
         e6:06:c7:e8:e8:87:15:2e:41:e4:c3:78:66:a9:03:a1:ef:1c:
         20:c8:82:6b:b2:4c:61:00:77:ec:38:93:ae:02:10:48:16:fb:
         1f:f9:07:77:6f:a4:6d:cb:58:55:ce:82:fb:db:22:2f:70:28:
         02:ff:dd:6a:24:14:e0:d1:84:4b:6f:a3:8b:5b:15:46:5d:f1:
         be:b7:f8:cf:a2:87:c0:3b:43:34:d9:fa:0f:23:a5:63:cf:50:
         77:2a:25:b0:9d:99:90:90:68:94:24:2b:06:80:80:3e:e1:52:
         e7:a1:b3:c8:cf:d3:52:00:8d:33:73:ec:19:11:e0:53:bd:1a:
         ee:c7:a6:5e:0c:d1:d9:39:f0:f5:b6:d3:c2:ad:6a:e5:81:ce:
         29:74:46:aa:45:a7:2e:20:27:f6:8d:e1:2e:82:63:84:6c:f1:
         62:cb:2f:51:14:8d:87:2d:e6:67:8c:cc:34:00:0b:4b:3e:25:
         18:92:e8:ff:ef:2a:0d:6a:68:4b:1d:b6:35:bb:af:1e:ab:c2:
         28:3d:2f:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzoVOp9p/tDvdgFAvKnF0u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjM4MTJhMTU5N2U5NjA1ZTJhOWJmNDlhY2Y4ZDYzODk4
MWE1ZjQwHhcNMjQwMTA4MDkwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVkMzJkZGQ2N2UzN2NkMjY0ODcxMjBjN2ExYzZmNDRmNDQ0OWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqeXC2MskmgoyiPmQ58tLqu4fANx
I7wE+JWlC9E2G7WL/RQfcGAy7PVzs6w/9CQRyPsVVF2oJXhWdH8vkFFUd37EmYkR
Q5MGhb+83QwzvcjWvwMSzcYTj0mr3ypT+3jClcTekZhWa8ocZvUXyCsKrGNIr0Ti
K7s/0TO8iRkzsIfmfDUFdpZEK+h3zjHlEgnOJsZy+C6fsyXPyy0F27MJKWXejQQw
9ExmZz4SKCFuixP9PtPstBhlVSRvCcpUyemhbFf3Y57f8BO+9w0TZaNO8OLiLPXG
DhXvA9d6Lio/LJ7Ej6f55O6yoK7OW/kHkNVYlb2Meu2gB4VatXDX9F5eKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBdMt3WfjfNJkhxIMehxvRPREnaMB8GA1UdIwQY
MBaAFJkjgSoVl+lgXiqb9JrPjWOJgaX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQt
NmIxNmM3ODhhOTBmLzEvc0YweTNkWi1OODBtU0hFZ3g2SEc5RTlFU2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQtNmIxNmM3ODhhOTBm
LzEvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf5UMA0G
CSqGSIb3DQEBCwUAA4IBAQBUvNq5uNZ7koCimT9+keJt683ID04YISWZXnxAyxdN
Tn93ym2JBjwIZNEdGtkaKgO/bwvOx5/mBsfo6IcVLkHkw3hmqQOh7xwgyIJrskxh
AHfsOJOuAhBIFvsf+Qd3b6Rty1hVzoL72yIvcCgC/91qJBTg0YRLb6OLWxVGXfG+
t/jPoofAO0M02foPI6Vjz1B3KiWwnZmQkGiUJCsGgIA+4VLnobPIz9NSAI0zc+wZ
EeBTvRrux6ZeDNHZOfD1ttPCrWrlgc4pdEaqRacuICf2jeEugmOEbPFiyy9RFI2H
LeZnjMw0AAtLPiUYkuj/7yoNamhLHbY1u68eq8IoPS9j
-----END CERTIFICATE-----