Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/sNENqlIXDtFaJXv6KcCc8zIwbf0.roa
File:                     sNENqlIXDtFaJXv6KcCc8zIwbf0.roa (raw, json)
Hash identifier:          FqrzPXvJFP3Cj3qyLDzqRywDdosW1V5u0pQm39ACGHI=
Subject key identifier:   B0:D1:0D:AA:52:17:0E:D1:5A:25:7B:FA:29:C0:9C:F3:32:30:6D:FD
Certificate issuer:       /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial:       018CC2DB386B0414FC9A9A77BB751C481D25
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/sNENqlIXDtFaJXv6KcCc8zIwbf0.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48763
IP address blocks:        185.173.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:6b:04:14:fc:9a:9a:77:bb:75:1c:48:1d:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0d10daa52170ed15a257bfa29c09cf332306dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8e:cf:9d:2a:f6:06:db:ae:f0:20:6f:c3:d4:
                    5d:84:bc:32:53:d8:31:8b:6e:dd:e8:e9:d7:2b:9b:
                    34:b1:e7:df:66:dc:28:50:9f:e5:ff:44:61:03:a0:
                    c8:db:5d:48:43:cb:36:2d:67:89:40:1e:22:93:60:
                    2c:ab:e6:ae:d6:90:a4:1a:a7:a1:0a:88:b4:42:06:
                    15:47:d2:76:72:e3:7d:51:3d:1f:62:f9:7a:ae:4c:
                    a3:d3:15:bc:e3:49:7d:96:10:42:d1:51:85:35:61:
                    ce:4d:94:f2:6c:3d:fd:96:26:94:90:ea:74:c7:16:
                    7e:02:20:ac:15:30:e3:bc:85:cc:17:d4:c0:d7:9c:
                    22:7c:8e:c3:09:d8:db:9a:f7:9f:6d:6c:4e:09:ef:
                    9e:00:76:90:90:b2:bd:82:6c:8b:fa:08:f0:a2:8c:
                    57:00:e5:56:0d:c0:a4:f8:ad:7b:e1:e5:45:e6:07:
                    3b:d4:67:fb:61:ea:9c:c7:eb:2e:57:25:e8:51:f3:
                    ea:36:6f:4a:74:34:b7:ae:89:27:4e:b3:ff:1a:d0:
                    9c:3e:e0:15:62:c8:9e:1a:6b:55:7b:f3:0d:50:43:
                    dc:9b:c4:0a:3c:78:a3:43:96:e0:76:d9:d7:08:e2:
                    3c:c4:ee:4d:13:21:fc:f9:cb:e6:ee:f7:3b:7c:c8:
                    ee:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D1:0D:AA:52:17:0E:D1:5A:25:7B:FA:29:C0:9C:F3:32:30:6D:FD
            X509v3 Authority Key Identifier:
                keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/sNENqlIXDtFaJXv6KcCc8zIwbf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e2:5b:1e:bc:05:b7:d5:c6:78:02:ed:31:7d:6c:fd:fe:22:
         45:c4:17:df:32:fc:07:7c:7e:29:06:7a:00:df:9c:58:49:a2:
         05:7a:7c:4f:1f:16:d9:cc:fd:24:6a:8a:d0:ed:dc:5e:b1:3a:
         88:4a:da:13:8f:45:a6:06:2c:41:b0:2b:99:5e:f2:c0:48:f7:
         8f:55:a6:dd:67:59:97:a7:93:cd:5e:ee:ba:b8:5d:0e:54:00:
         26:c8:2e:0d:2a:ee:91:62:ac:1d:ea:ce:af:0e:3a:e0:de:4d:
         44:4f:01:05:58:ec:b7:02:5f:65:8b:8d:2d:7f:b9:f4:6d:df:
         76:b7:87:38:b6:f1:39:c6:0a:d6:c6:40:7c:d6:39:8d:4c:63:
         5b:a8:17:53:5d:ea:fb:16:84:d6:6a:10:a1:ad:08:82:0b:ab:
         dc:cd:30:4f:5d:3c:d3:09:d7:d1:2b:e6:9e:7d:f7:a7:19:d6:
         50:75:1e:f8:4a:f3:d3:a8:8a:3d:a5:ad:36:be:ff:98:e8:ab:
         a3:6e:0d:28:ed:49:b5:26:50:b5:a5:31:1d:45:92:b8:36:e5:
         e1:d8:63:e5:29:d8:ee:0e:1b:c3:3b:10:db:bb:76:f7:f8:98:
         ad:7a:e6:89:f7:77:d2:92:81:cb:7a:0e:6e:fa:65:65:b2:46:
         28:21:eb:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zhrBBT8mpp3u3UcSB0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZGQzNWNjZmY2YzJiODZhMWZhZDhmMTAzYmMyMDA3MGQw
OWU1MGQwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGQxMGRhYTUyMTcwZWQxNWEyNTdiZmEyOWMwOWNmMzMyMzA2ZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx47PnSr2Btuu8CBvw9RdhLwyU9gx
i27d6OnXK5s0seffZtwoUJ/l/0RhA6DI211IQ8s2LWeJQB4ik2Asq+au1pCkGqeh
Coi0QgYVR9J2cuN9UT0fYvl6rkyj0xW840l9lhBC0VGFNWHOTZTybD39liaUkOp0
xxZ+AiCsFTDjvIXMF9TA15wifI7DCdjbmvefbWxOCe+eAHaQkLK9gmyL+gjwooxX
AOVWDcCk+K174eVF5gc71Gf7Yeqcx+suVyXoUfPqNm9KdDS3roknTrP/GtCcPuAV
YsieGmtVe/MNUEPcm8QKPHijQ5bgdtnXCOI8xO5NEyH8+cvm7vc7fMju+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDRDapSFw7RWiV7+inAnPMyMG39MB8GA1UdIwQY
MBaAFLPdNcz/bCuGofrY8QO8IAcNCeUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEt
MmIxMDUwNTFiYTU5LzEvc05FTnFsSVhEdEZhSlh2NktjQ2M4ekl3YmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEtMmIxMDUwNTFiYTU5
LzEvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua2dMA0G
CSqGSIb3DQEBCwUAA4IBAQAE4lsevAW31cZ4Au0xfWz9/iJFxBffMvwHfH4pBnoA
35xYSaIFenxPHxbZzP0kaorQ7dxesTqIStoTj0WmBixBsCuZXvLASPePVabdZ1mX
p5PNXu66uF0OVAAmyC4NKu6RYqwd6s6vDjrg3k1ETwEFWOy3Al9li40tf7n0bd92
t4c4tvE5xgrWxkB81jmNTGNbqBdTXer7FoTWahChrQiCC6vczTBPXTzTCdfRK+ae
ffenGdZQdR74SvPTqIo9pa02vv+Y6Kujbg0o7Um1JlC1pTEdRZK4NuXh2GPlKdju
DhvDOxDbu3b3+JiteuaJ93fSkoHLeg5u+mVlskYoIevk
-----END CERTIFICATE-----