Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/uFOZgLSom-ONcOyVV8GVuuSUKPc.roa
File:                     uFOZgLSom-ONcOyVV8GVuuSUKPc.roa (raw, json)
Hash identifier:          xxqhrMfm1zunOvT8BapcB0EsA6MzoV4AS6AzLBkFLnI=
Subject key identifier:   B8:53:99:80:B4:A8:9B:E3:8D:70:EC:95:57:C1:95:BA:E4:94:28:F7
Certificate issuer:       /CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Certificate serial:       018CC2DAE38C58C7F5EBFE0BB039827E81C5
Authority key identifier: 66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/uFOZgLSom-ONcOyVV8GVuuSUKPc.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        185.208.88.0/22 maxlen: 24
                          2a0b:32c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 10:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:8c:58:c7:f5:eb:fe:0b:b0:39:82:7e:81:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8539980b4a89be38d70ec9557c195bae49428f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9d:03:2e:97:c3:21:58:05:d1:e8:54:2f:34:
                    7c:90:cd:1e:07:72:00:9f:b5:b6:a1:a0:aa:64:28:
                    03:5b:19:ec:02:15:53:a4:33:26:5d:e7:e7:fc:f7:
                    f1:b7:6f:37:05:0d:e8:d7:a1:6a:d8:7d:d7:b8:14:
                    62:12:ed:24:da:0f:45:05:92:3a:f3:99:1b:0d:f2:
                    10:fd:25:35:30:3b:68:22:fa:cd:55:a0:6b:4b:e1:
                    75:94:55:20:ec:c4:7d:cb:5d:f1:85:58:f1:af:28:
                    1e:ef:c9:58:2d:13:42:b9:15:e7:61:1e:eb:8e:28:
                    6c:2c:69:5e:94:89:98:19:61:c2:e7:0a:ae:08:00:
                    e9:ed:f7:ff:5c:33:a4:4b:ea:6a:01:e4:6b:ec:84:
                    8e:98:55:12:d6:a5:77:86:b1:26:6b:f0:e3:11:47:
                    27:a7:49:27:fe:a9:e0:55:02:67:23:6e:01:e9:9c:
                    7f:f3:3f:55:9a:7e:c4:23:2f:3e:dc:77:7d:e9:17:
                    3d:1b:7e:35:4b:93:af:ac:8d:61:1d:22:bf:ad:f9:
                    3f:22:a8:41:68:22:ff:4d:25:12:95:55:1b:d4:56:
                    dc:5d:a2:5e:48:5b:3d:b1:3d:72:32:09:ae:13:29:
                    80:a7:b3:e0:59:f6:96:35:69:e8:b3:73:de:28:22:
                    19:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:53:99:80:B4:A8:9B:E3:8D:70:EC:95:57:C1:95:BA:E4:94:28:F7
            X509v3 Authority Key Identifier:
                keyid:66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/uFOZgLSom-ONcOyVV8GVuuSUKPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.88.0/22
                IPv6:
                  2a0b:32c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:16:c6:52:86:da:c3:b8:21:76:70:98:59:6a:99:db:e9:21:
         1b:10:c5:6c:a8:31:0b:33:6c:77:92:61:fc:c5:76:e8:4b:c0:
         64:1f:fd:db:a5:42:e8:de:0a:37:4f:06:80:c0:ba:da:61:6b:
         3f:a5:26:c0:ef:b3:95:12:20:b2:ed:7f:fa:b1:2e:e0:1e:c0:
         ce:7b:45:04:43:e5:3c:d5:01:a9:08:e2:b5:fa:5d:fe:89:c1:
         fe:fa:94:f1:be:50:64:e4:55:3b:bd:6c:76:4a:96:13:ff:9f:
         3b:17:6b:e3:78:5d:2f:0d:fa:74:d9:78:30:ca:11:fe:eb:ad:
         8b:14:42:7b:1a:ec:fb:63:f0:fc:01:10:80:5b:88:20:f6:03:
         82:4d:7e:9c:96:38:bd:10:d8:ea:c6:62:53:27:95:4c:1d:75:
         8a:33:00:d2:da:b5:53:de:d9:09:44:9a:8d:45:e8:a7:5d:66:
         b5:b6:96:a8:02:c1:61:1d:02:91:3e:0e:30:da:e7:61:91:24:
         ac:b8:95:4d:2f:bb:4d:84:08:b8:3b:f0:3b:75:98:17:b2:10:
         97:93:aa:9b:90:fb:ac:06:b3:4c:1a:7f:25:c3:2a:92:88:60:
         f8:4b:b2:fb:ca:2d:14:41:ef:42:d9:67:26:84:6c:59:74:97:
         95:37:5f:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2uOMWMf16/4LsDmCfoHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjM0ZjE0NTg2ZTM5OWNkMzgwMmQ5Yzg4YjFlNjdkOGRk
YjAzYTgwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODUzOTk4MGI0YTg5YmUzOGQ3MGVjOTU1N2MxOTViYWU0OTQyOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ0DLpfDIVgF0ehULzR8kM0eB3IA
n7W2oaCqZCgDWxnsAhVTpDMmXefn/Pfxt283BQ3o16Fq2H3XuBRiEu0k2g9FBZI6
85kbDfIQ/SU1MDtoIvrNVaBrS+F1lFUg7MR9y13xhVjxryge78lYLRNCuRXnYR7r
jihsLGlelImYGWHC5wquCADp7ff/XDOkS+pqAeRr7ISOmFUS1qV3hrEma/DjEUcn
p0kn/qngVQJnI24B6Zx/8z9Vmn7EIy8+3Hd96Rc9G341S5OvrI1hHSK/rfk/IqhB
aCL/TSUSlVUb1FbcXaJeSFs9sT1yMgmuEymAp7PgWfaWNWnos3PeKCIZtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLhTmYC0qJvjjXDslVfBlbrklCj3MB8GA1UdIwQY
MBaAFGZjTxRYbjmc04AtnIix5n2N2wOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDct
MTcxZGI0NjkwYzBhLzEvdUZPWmdMU29tLU9OY095VlY4R1Z1dVNVS1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDctMTcxZGI0NjkwYzBh
LzEvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudBYMA0E
AgACMAcDBQMqCzLAMA0GCSqGSIb3DQEBCwUAA4IBAQAOFsZShtrDuCF2cJhZapnb
6SEbEMVsqDELM2x3kmH8xXboS8BkH/3bpULo3go3TwaAwLraYWs/pSbA77OVEiCy
7X/6sS7gHsDOe0UEQ+U81QGpCOK1+l3+icH++pTxvlBk5FU7vWx2SpYT/587F2vj
eF0vDfp02XgwyhH+662LFEJ7Guz7Y/D8ARCAW4gg9gOCTX6clji9ENjqxmJTJ5VM
HXWKMwDS2rVT3tkJRJqNReinXWa1tpaoAsFhHQKRPg4w2udhkSSsuJVNL7tNhAi4
O/A7dZgXshCXk6qbkPusBrNMGn8lwyqSiGD4S7L7yi0UQe9C2WcmhGxZdJeVN19N
-----END CERTIFICATE-----