Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/SCx3ukgflvySBwSOl1CzoNGxp3w.roa
File:                     SCx3ukgflvySBwSOl1CzoNGxp3w.roa (raw, json)
Hash identifier:          Cr2DWKUjUFPpOZ/OzJUldu9ADxUfyWoPa4hRVbOdJOk=
Subject key identifier:   48:2C:77:BA:48:1F:96:FC:92:07:04:8E:97:50:B3:A0:D1:B1:A7:7C
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019221DC25FAE8D6D8378A8662FD0BDF62B3
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/SCx3ukgflvySBwSOl1CzoNGxp3w.roa
Signing time:             Tue 24 Sep 2024 02:28:48 +0000
ROA not before:           Tue 24 Sep 2024 02:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        185.243.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:21:dc:25:fa:e8:d6:d8:37:8a:86:62:fd:0b:df:62:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep 24 02:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=482c77ba481f96fc9207048e9750b3a0d1b1a77c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:11:7e:21:63:a0:a2:eb:c7:e9:a0:c4:0c:80:
                    c1:ff:59:3c:5d:3e:3a:70:2b:74:16:68:32:80:f2:
                    8b:2c:fd:b6:e4:19:7a:5a:de:44:f1:c8:19:e4:46:
                    4c:74:a8:14:25:f9:82:62:b3:54:fc:74:67:0b:fe:
                    2b:8f:7d:a6:f6:54:2e:d7:42:95:4d:53:c0:1b:35:
                    cf:44:9a:e0:0f:a6:2b:9b:26:72:7c:06:b6:65:c8:
                    7d:95:a8:0e:23:46:ed:1c:3c:6a:7d:45:4e:aa:1f:
                    9a:0a:23:bb:5f:e1:80:d4:96:ce:f9:1a:4c:46:92:
                    75:93:ec:cd:93:3f:c1:e4:c9:9e:04:97:a7:94:66:
                    f1:87:d9:5a:43:82:a5:2d:0b:fa:8f:8d:1c:40:5a:
                    64:8a:a6:45:9a:2a:80:1c:8f:eb:a2:fb:07:75:6b:
                    03:b0:c1:f4:5f:95:74:26:91:9e:7e:c6:1f:0d:55:
                    da:5d:22:2c:72:f1:55:bc:83:9c:2e:ec:c7:a4:f9:
                    16:9e:f4:bb:de:37:1a:39:fb:fc:e4:bb:95:64:3a:
                    fd:be:ca:02:6c:aa:5a:6e:73:17:40:ed:20:8f:ff:
                    c7:30:7c:da:4e:37:a4:55:1f:f7:4c:5d:15:af:57:
                    40:f5:5c:a2:d7:d4:18:5e:ec:46:0b:b6:6e:96:69:
                    e8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2C:77:BA:48:1F:96:FC:92:07:04:8E:97:50:B3:A0:D1:B1:A7:7C
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/SCx3ukgflvySBwSOl1CzoNGxp3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:4d:e7:f8:c4:a3:f6:b6:98:dd:1a:20:87:ee:33:c4:01:0f:
         1f:e8:95:7c:0c:9e:59:d0:bc:be:21:fa:87:ec:10:db:bb:f9:
         5a:7d:9a:be:04:7e:d3:d7:06:1c:60:33:44:e5:c0:eb:83:60:
         0e:8c:0a:77:59:ef:25:31:08:15:7c:38:24:32:03:bb:11:73:
         40:05:4d:53:e8:63:0c:82:8b:4e:70:22:4e:69:82:8c:a1:64:
         6d:d2:aa:62:fa:80:55:af:16:c8:fa:d4:de:28:1d:c8:30:32:
         8a:05:ef:4a:8e:f4:ad:8c:71:f7:c9:64:ae:bc:17:5f:a1:a2:
         60:f6:9a:77:cc:10:e2:fa:38:5f:bf:ff:e6:ff:a5:c7:4c:65:
         12:4e:bb:6d:a2:81:96:b9:df:7d:14:fe:b4:39:3a:e3:fa:18:
         09:94:d3:a5:06:f0:21:4e:b1:be:0c:9c:fd:b2:8e:fc:e8:0c:
         e9:65:db:f2:27:f5:0d:dc:30:30:09:b1:8c:67:cc:d2:1a:8b:
         d7:66:55:2a:f1:81:15:4b:7a:58:50:ab:b3:3a:3a:76:a7:31:
         c2:a7:dd:ff:d8:dc:cd:41:93:97:6b:44:7f:c8:c2:b5:90:b9:
         81:98:93:0a:20:e9:50:2c:6c:c2:ef:ba:89:58:47:bd:32:03:
         37:1e:ca:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIh3CX66NbYN4qGYv0L32KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTI0MDIyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJjNzdiYTQ4MWY5NmZjOTIwNzA0OGU5NzUwYjNhMGQxYjFhNzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhF+IWOgouvH6aDEDIDB/1k8XT46
cCt0FmgygPKLLP225Bl6Wt5E8cgZ5EZMdKgUJfmCYrNU/HRnC/4rj32m9lQu10KV
TVPAGzXPRJrgD6YrmyZyfAa2Zch9lagOI0btHDxqfUVOqh+aCiO7X+GA1JbO+RpM
RpJ1k+zNkz/B5MmeBJenlGbxh9laQ4KlLQv6j40cQFpkiqZFmiqAHI/rovsHdWsD
sMH0X5V0JpGefsYfDVXaXSIscvFVvIOcLuzHpPkWnvS73jcaOfv85LuVZDr9vsoC
bKpabnMXQO0gj//HMHzaTjekVR/3TF0Vr1dA9Vyi19QYXuxGC7ZulmnoCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgsd7pIH5b8kgcEjpdQs6DRsad8MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvU0N4M3VrZ2ZsdnlTQndTT2wxQ3pvTkd4cDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMFMA0G
CSqGSIb3DQEBCwUAA4IBAQAATef4xKP2tpjdGiCH7jPEAQ8f6JV8DJ5Z0Ly+IfqH
7BDbu/lafZq+BH7T1wYcYDNE5cDrg2AOjAp3We8lMQgVfDgkMgO7EXNABU1T6GMM
gotOcCJOaYKMoWRt0qpi+oBVrxbI+tTeKB3IMDKKBe9KjvStjHH3yWSuvBdfoaJg
9pp3zBDi+jhfv//m/6XHTGUSTrttooGWud99FP60OTrj+hgJlNOlBvAhTrG+DJz9
so786AzpZdvyJ/UN3DAwCbGMZ8zSGovXZlUq8YEVS3pYUKuzOjp2pzHCp93/2NzN
QZOXa0R/yMK1kLmBmJMKIOlQLGzC77qJWEe9MgM3Hsrm
-----END CERTIFICATE-----