Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/3lOvuPybr55iHVKwcWfoyz7Zyjo.roa
File:                     3lOvuPybr55iHVKwcWfoyz7Zyjo.roa (raw, json)
Hash identifier:          Wz6MBtI/3KrO30lJVoaHzCJQqqbl0pWAjMerQ8KLekQ=
Subject key identifier:   DE:53:AF:B8:FC:9B:AF:9E:62:1D:52:B0:71:67:E8:CB:3E:D9:CA:3A
Certificate issuer:       /CN=2f95a0589b2846ebfc7366c06c644b46a2d8d32b
Certificate serial:       0191E03A645A9FAD136F7D174735E10996F2
Authority key identifier: 2F:95:A0:58:9B:28:46:EB:FC:73:66:C0:6C:64:4B:46:A2:D8:D3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/3lOvuPybr55iHVKwcWfoyz7Zyjo.roa
Signing time:             Wed 11 Sep 2024 08:36:48 +0000
ROA not before:           Wed 11 Sep 2024 08:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.227.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e0:3a:64:5a:9f:ad:13:6f:7d:17:47:35:e1:09:96:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f95a0589b2846ebfc7366c06c644b46a2d8d32b
        Validity
            Not Before: Sep 11 08:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de53afb8fc9baf9e621d52b07167e8cb3ed9ca3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:04:ae:bd:46:73:85:09:4c:2b:c6:63:67:ab:
                    43:d6:ee:77:03:f4:92:65:fd:70:7e:67:a3:44:1d:
                    ba:35:4e:46:ff:f4:df:9a:bf:aa:87:18:cd:26:e1:
                    65:38:38:6b:7d:97:fb:16:b2:4e:31:a1:e3:ce:e1:
                    84:fa:a5:a9:94:37:05:55:a9:6d:6a:b7:a0:23:15:
                    d8:db:0a:76:18:50:ab:b2:43:90:c1:ff:57:2a:f0:
                    df:2c:cb:52:36:31:22:af:e8:c5:e1:f8:bc:3b:e3:
                    c1:18:ec:90:5c:a2:a5:42:be:69:a0:90:25:e1:96:
                    4e:64:c1:ff:c7:7d:fc:1d:44:a4:f7:94:3c:2b:03:
                    9f:1f:4b:cd:fc:83:f3:8d:08:8b:66:d5:47:4f:ab:
                    af:7d:8d:b8:3b:05:ec:7a:bb:13:a7:ea:0c:bb:60:
                    59:e0:28:41:48:a3:4f:30:f8:5d:b2:42:77:df:f3:
                    bd:d3:69:37:80:7e:a3:a5:90:ef:d9:e9:51:6d:63:
                    30:e4:be:a4:8a:e4:b8:58:c8:91:42:fb:d8:87:24:
                    dc:d2:45:e1:e8:fb:fd:96:d0:ba:cb:66:98:73:1e:
                    93:22:aa:43:9b:7c:f1:4c:cd:16:f7:8b:fe:75:88:
                    75:36:79:88:89:bf:23:50:28:16:db:7e:66:7b:ba:
                    e4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:53:AF:B8:FC:9B:AF:9E:62:1D:52:B0:71:67:E8:CB:3E:D9:CA:3A
            X509v3 Authority Key Identifier:
                keyid:2F:95:A0:58:9B:28:46:EB:FC:73:66:C0:6C:64:4B:46:A2:D8:D3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/3lOvuPybr55iHVKwcWfoyz7Zyjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:aa:24:ac:81:a1:79:4c:54:ad:a5:6e:47:5a:cd:2f:62:eb:
         81:26:c6:57:34:fa:10:c1:ca:78:ec:04:55:1b:63:b3:18:b5:
         9a:72:71:e3:a7:da:89:c7:69:6f:aa:be:a4:b8:73:1d:10:04:
         7e:9e:9f:e4:cf:52:00:c5:0e:ac:15:ad:52:6e:6e:dc:cc:09:
         a3:7b:a7:33:90:d2:ac:82:8f:01:f4:96:3d:64:bf:91:1f:41:
         33:d2:3e:ca:65:69:a2:0e:53:6f:94:e2:9e:f9:d0:23:45:72:
         a9:13:74:c2:61:b6:a5:ca:6c:bc:ec:a4:b1:ab:17:3c:40:17:
         1b:0b:62:cc:68:22:75:34:97:a5:34:60:ca:6d:32:53:4b:c1:
         66:f2:50:01:5d:5d:64:8c:12:a6:5f:3e:ee:f8:cd:e1:93:c3:
         1a:34:0b:31:e7:38:43:cc:b2:4d:0c:ce:d1:41:c1:21:2a:dd:
         2f:74:26:2a:49:16:71:a6:e2:64:9f:d2:c4:55:13:d7:1a:7e:
         d8:52:6b:72:e1:f4:cb:41:57:44:10:17:a6:13:33:ae:2d:70:
         b7:cd:38:b1:16:bc:ab:2f:7d:7d:d8:54:66:f6:ef:86:43:4c:
         fe:3f:09:3e:51:4b:e6:e1:e6:be:d1:92:73:21:5c:4b:32:27:
         68:e3:87:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHgOmRan60Tb30XRzXhCZbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTVhMDU4OWIyODQ2ZWJmYzczNjZjMDZjNjQ0YjQ2YTJk
OGQzMmIwHhcNMjQwOTExMDgzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTUzYWZiOGZjOWJhZjllNjIxZDUyYjA3MTY3ZThjYjNlZDljYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgSuvUZzhQlMK8ZjZ6tD1u53A/SS
Zf1wfmejRB26NU5G//Tfmr+qhxjNJuFlODhrfZf7FrJOMaHjzuGE+qWplDcFValt
aregIxXY2wp2GFCrskOQwf9XKvDfLMtSNjEir+jF4fi8O+PBGOyQXKKlQr5poJAl
4ZZOZMH/x338HUSk95Q8KwOfH0vN/IPzjQiLZtVHT6uvfY24OwXsersTp+oMu2BZ
4ChBSKNPMPhdskJ33/O902k3gH6jpZDv2elRbWMw5L6kiuS4WMiRQvvYhyTc0kXh
6Pv9ltC6y2aYcx6TIqpDm3zxTM0W94v+dYh1NnmIib8jUCgW235me7rkBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5Tr7j8m6+eYh1SsHFn6Ms+2co6MB8GA1UdIwQY
MBaAFC+VoFibKEbr/HNmwGxkS0ai2NMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVXZ1dKc29SdXY4YzJiQWJHUkxScUxZMHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9kNmE1NTItZTAzNS00NzIxLTllY2Yt
OTNmZTViZjZkYWZmLzEvM2xPdnVQeWJyNTVpSFZLd2NXZm95ejdaeWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9kNmE1NTItZTAzNS00NzIxLTllY2YtOTNmZTViZjZkYWZm
LzEvTDVXZ1dKc29SdXY4YzJiQWJHUkxScUxZMHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueOjMA0G
CSqGSIb3DQEBCwUAA4IBAQCjqiSsgaF5TFStpW5HWs0vYuuBJsZXNPoQwcp47ARV
G2OzGLWacnHjp9qJx2lvqr6kuHMdEAR+np/kz1IAxQ6sFa1Sbm7czAmje6czkNKs
go8B9JY9ZL+RH0Ez0j7KZWmiDlNvlOKe+dAjRXKpE3TCYbalymy87KSxqxc8QBcb
C2LMaCJ1NJelNGDKbTJTS8Fm8lABXV1kjBKmXz7u+M3hk8MaNAsx5zhDzLJNDM7R
QcEhKt0vdCYqSRZxpuJkn9LEVRPXGn7YUmty4fTLQVdEEBemEzOuLXC3zTixFryr
L3192FRm9u+GQ0z+Pwk+UUvm4ea+0ZJzIVxLMido44d1
-----END CERTIFICATE-----