Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/IGdMmviRCmy_t6x-wHMusjbjM6I.roa
File:                     IGdMmviRCmy_t6x-wHMusjbjM6I.roa (raw, json)
Hash identifier:          sj0IqPMDteadHm8SZwo+bQQ5S7Yi21X/PWew6NGU03M=
Subject key identifier:   20:67:4C:9A:F8:91:0A:6C:BF:B7:AC:7E:C0:73:2E:B2:36:E3:33:A2
Certificate issuer:       /CN=3da213f02a670b05370c55eccce90fe1ad70c49b
Certificate serial:       018CC5DC00977E8C1E8442E5C509C46AEBEF
Authority key identifier: 3D:A2:13:F0:2A:67:0B:05:37:0C:55:EC:CC:E9:0F:E1:AD:70:C4:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/IGdMmviRCmy_t6x-wHMusjbjM6I.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200924
IP address blocks:        185.50.122.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:00:97:7e:8c:1e:84:42:e5:c5:09:c4:6a:eb:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da213f02a670b05370c55eccce90fe1ad70c49b
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20674c9af8910a6cbfb7ac7ec0732eb236e333a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:17:1d:1a:1b:ed:e7:16:af:08:c3:bc:7b:95:
                    26:dc:71:e8:80:0e:5a:d8:25:de:9b:70:12:7f:08:
                    87:3b:74:a2:9b:51:51:0d:8b:db:25:69:4d:ec:8e:
                    40:8c:c0:78:57:ae:56:ab:d7:21:3b:ba:c3:23:9d:
                    89:79:2a:4c:b2:ba:79:bc:f6:05:67:ab:e8:3c:d5:
                    65:df:f5:04:25:b8:e8:ba:8b:6c:8e:23:65:8b:85:
                    e9:32:0b:ad:81:79:7d:ae:7f:e1:40:9f:60:71:55:
                    df:be:96:6d:d3:35:ec:3b:f4:ec:35:7c:96:8d:46:
                    35:95:5a:76:22:11:37:fd:9d:83:ca:ca:93:07:65:
                    e6:3e:2e:a4:c3:34:06:66:e2:97:3a:80:4d:25:01:
                    c1:d4:dd:f1:f2:99:31:e0:12:c8:53:bd:82:96:a7:
                    bc:1c:f5:98:cf:02:e3:62:6c:2f:da:08:8a:99:1d:
                    df:e9:bf:e1:c9:50:8f:4d:3f:83:5e:c3:87:30:57:
                    1f:4b:4e:c8:b3:5b:62:0e:5b:98:3d:4c:0b:d4:8a:
                    1e:48:3c:61:01:e7:ec:76:41:1b:0e:a1:b8:7a:75:
                    7a:d9:9f:6d:a9:92:d5:5d:d6:35:c3:af:72:81:86:
                    94:7a:bc:b5:c2:d7:a3:be:e7:be:f0:84:17:98:c5:
                    67:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:67:4C:9A:F8:91:0A:6C:BF:B7:AC:7E:C0:73:2E:B2:36:E3:33:A2
            X509v3 Authority Key Identifier:
                keyid:3D:A2:13:F0:2A:67:0B:05:37:0C:55:EC:CC:E9:0F:E1:AD:70:C4:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/IGdMmviRCmy_t6x-wHMusjbjM6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:74:fd:42:46:02:e6:16:16:73:50:e1:9e:7f:30:8e:12:9c:
         4a:89:49:b2:14:ff:20:bc:2e:7d:47:19:01:00:a3:99:98:50:
         5e:14:f4:c3:a1:34:32:53:57:4a:ea:a7:a7:92:7a:8b:b0:8a:
         28:20:c0:b7:04:08:a0:88:61:fb:df:86:8c:2a:2c:7d:60:ef:
         14:16:f9:30:e8:bf:56:12:36:b9:6f:c6:33:0c:96:74:47:fa:
         47:61:13:f8:c1:f3:04:1c:14:e5:32:83:fe:d6:b5:00:6b:ec:
         a2:96:0e:ee:0d:80:60:60:2b:74:74:e3:92:49:90:af:af:e2:
         4d:17:55:b6:5e:98:b6:4c:62:7f:05:0c:c9:b5:ed:44:a3:27:
         ae:e8:4c:fa:19:3f:75:4d:44:50:6d:12:ff:fa:41:6e:1b:9d:
         8c:4b:7a:63:87:83:88:ac:b6:a6:e0:20:fb:ab:ba:8a:06:10:
         b4:ea:4f:5f:b8:b4:45:19:65:06:81:9f:93:b8:28:a7:67:71:
         2b:f0:77:f2:67:e6:b4:09:7d:c9:91:92:f8:c3:3d:8f:92:91:
         e4:fb:d7:6e:26:99:a9:13:ec:fa:e5:c1:93:16:19:0b:90:ff:
         5c:97:56:3c:c2:b3:19:dc:26:9b:8f:37:15:20:a6:68:60:ca:
         11:5e:99:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ACXfowehELlxQnEauvvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTIxM2YwMmE2NzBiMDUzNzBjNTVlY2NjZTkwZmUxYWQ3
MGM0OWIwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDY3NGM5YWY4OTEwYTZjYmZiN2FjN2VjMDczMmViMjM2ZTMzM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBcdGhvt5xavCMO8e5Um3HHogA5a
2CXem3ASfwiHO3Sim1FRDYvbJWlN7I5AjMB4V65Wq9chO7rDI52JeSpMsrp5vPYF
Z6voPNVl3/UEJbjouotsjiNli4XpMgutgXl9rn/hQJ9gcVXfvpZt0zXsO/TsNXyW
jUY1lVp2IhE3/Z2DysqTB2XmPi6kwzQGZuKXOoBNJQHB1N3x8pkx4BLIU72Clqe8
HPWYzwLjYmwv2giKmR3f6b/hyVCPTT+DXsOHMFcfS07Is1tiDluYPUwL1IoeSDxh
AefsdkEbDqG4enV62Z9tqZLVXdY1w69ygYaUery1wtejvue+8IQXmMVnRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBnTJr4kQpsv7esfsBzLrI24zOiMB8GA1UdIwQY
MBaAFD2iE/AqZwsFNwxV7MzpD+GtcMSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFJVDhDcG5Dd1UzREZYc3pPa1A0YTF3eEpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lN2Y2YWEtNmVlNC00YjRjLTg2ODEt
N2RiOGViYTc5ZWYxLzEvSUdkTW12aVJDbXlfdDZ4LXdITXVzamJqTTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lN2Y2YWEtNmVlNC00YjRjLTg2ODEtN2RiOGViYTc5ZWYx
LzEvUGFJVDhDcG5Dd1UzREZYc3pPa1A0YTF3eEpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTJ6MA0G
CSqGSIb3DQEBCwUAA4IBAQB8dP1CRgLmFhZzUOGefzCOEpxKiUmyFP8gvC59RxkB
AKOZmFBeFPTDoTQyU1dK6qenknqLsIooIMC3BAigiGH734aMKix9YO8UFvkw6L9W
Eja5b8YzDJZ0R/pHYRP4wfMEHBTlMoP+1rUAa+yilg7uDYBgYCt0dOOSSZCvr+JN
F1W2Xpi2TGJ/BQzJte1Eoyeu6Ez6GT91TURQbRL/+kFuG52MS3pjh4OIrLam4CD7
q7qKBhC06k9fuLRFGWUGgZ+TuCinZ3Er8HfyZ+a0CX3JkZL4wz2PkpHk+9duJpmp
E+z65cGTFhkLkP9cl1Y8wrMZ3CabjzcVIKZoYMoRXplW
-----END CERTIFICATE-----