Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/bD3qheBjAa6fZbGQUaWlR8ALKaA.roa
File:                     bD3qheBjAa6fZbGQUaWlR8ALKaA.roa (raw, json)
Hash identifier:          S64nQe2H91rUKUGVFs+Fvn+tmdDHxB7+3RKTP5lNBMk=
Subject key identifier:   6C:3D:EA:85:E0:63:01:AE:9F:65:B1:90:51:A5:A5:47:C0:0B:29:A0
Certificate issuer:       /CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
Certificate serial:       018F1074EB58A75EC4643BDE38F4B52BA387
Authority key identifier: 0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/bD3qheBjAa6fZbGQUaWlR8ALKaA.roa
Signing time:             Wed 24 Apr 2024 14:14:08 +0000
ROA not before:           Wed 24 Apr 2024 14:14:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.97.224.0/24 maxlen: 24
                          185.97.225.0/24 maxlen: 24
                          185.97.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:74:eb:58:a7:5e:c4:64:3b:de:38:f4:b5:2b:a3:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
        Validity
            Not Before: Apr 24 14:14:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c3dea85e06301ae9f65b19051a5a547c00b29a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:34:a0:40:86:99:2a:5c:23:ee:ee:e2:d4:19:
                    c5:71:55:bb:ce:98:08:54:b9:57:35:c9:c3:97:9b:
                    74:53:74:88:0d:69:50:2e:05:f5:39:c9:ff:a1:40:
                    a3:cc:b2:9e:24:99:ff:43:95:ef:fa:75:f2:91:b3:
                    37:56:11:60:f2:42:c1:6d:9a:52:ca:ac:84:bf:57:
                    28:31:33:b0:33:a3:9f:32:5b:76:27:d5:fa:eb:77:
                    67:8c:f6:03:45:87:62:79:60:42:56:5e:2a:a9:14:
                    1b:86:bf:89:5d:28:28:05:18:47:d5:16:b5:19:28:
                    ed:16:bd:3e:57:e7:e1:27:c5:ba:a5:0d:15:1a:70:
                    a3:12:b7:60:53:78:00:4a:0c:fc:94:8e:ab:56:d1:
                    39:0d:ec:3d:a1:29:66:cb:3a:6a:bd:37:4b:05:73:
                    04:0c:11:b0:a3:af:bf:ec:6c:f3:8a:9a:3f:35:7d:
                    ce:b5:62:92:83:2c:ba:53:f6:b6:48:ec:6a:31:76:
                    1f:9e:f2:b3:62:cc:52:2f:83:61:de:ab:27:71:64:
                    18:6c:fc:8f:46:ef:4b:ce:b8:cf:64:bb:fc:dc:48:
                    ba:f5:a5:7b:d8:36:8f:a0:cb:83:01:63:b4:35:b9:
                    2b:ba:e0:1d:29:3e:e1:dc:bf:06:cb:b3:3e:ad:bd:
                    22:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:3D:EA:85:E0:63:01:AE:9F:65:B1:90:51:A5:A5:47:C0:0B:29:A0
            X509v3 Authority Key Identifier:
                keyid:0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/bD3qheBjAa6fZbGQUaWlR8ALKaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.224.0-185.97.226.255

    Signature Algorithm: sha256WithRSAEncryption
         65:07:c8:b2:c4:0f:ad:78:5d:98:54:1e:d0:58:e7:63:b8:7d:
         54:4b:ba:68:4c:b2:61:a5:a5:7f:6f:1d:a7:c2:15:7d:50:27:
         3e:02:9d:77:45:27:60:33:db:a5:fc:06:26:c6:ae:3f:20:b3:
         06:9f:84:1c:32:0c:5f:81:6c:d5:99:2e:86:3a:a9:39:a3:47:
         48:2d:84:79:d8:dc:73:4a:ed:d3:7d:19:86:0b:38:59:33:96:
         a9:46:75:47:05:14:f5:71:5a:10:9f:0c:39:ef:e8:f7:d8:18:
         2b:87:51:16:97:57:92:2a:9b:77:3c:dc:96:5c:4e:8f:5e:04:
         6d:16:cb:a5:61:87:66:ee:b1:91:3f:17:d4:55:e6:95:4b:49:
         10:22:76:a2:dd:74:ad:1d:fb:06:a4:96:b3:04:d6:94:7e:2a:
         66:98:5d:70:da:bf:d1:e0:47:66:63:5d:a4:98:2d:34:de:65:
         dc:69:8b:54:41:4e:c7:18:5e:f7:fb:07:68:c2:95:2a:18:5f:
         54:b3:0e:31:b3:5a:59:5a:bd:27:fc:69:b6:56:98:e2:be:2e:
         40:1d:db:21:1a:74:bc:b6:e3:85:7f:2a:90:41:2e:e1:57:22:
         76:27:3b:12:b1:6e:7d:18:06:c0:be:0d:42:04:85:25:aa:de:
         5e:62:a1:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8QdOtYp17EZDveOPS1K6OHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOTMwMmQ1NDZlMDY4YzJmZDc2NzdkOWQ1MjAwYWRkMzZj
OGJjZDUwHhcNMjQwNDI0MTQxNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzNkZWE4NWUwNjMwMWFlOWY2NWIxOTA1MWE1YTU0N2MwMGIyOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjSgQIaZKlwj7u7i1BnFcVW7zpgI
VLlXNcnDl5t0U3SIDWlQLgX1Ocn/oUCjzLKeJJn/Q5Xv+nXykbM3VhFg8kLBbZpS
yqyEv1coMTOwM6OfMlt2J9X663dnjPYDRYdieWBCVl4qqRQbhr+JXSgoBRhH1Ra1
GSjtFr0+V+fhJ8W6pQ0VGnCjErdgU3gASgz8lI6rVtE5Dew9oSlmyzpqvTdLBXME
DBGwo6+/7Gzzipo/NX3OtWKSgyy6U/a2SOxqMXYfnvKzYsxSL4Nh3qsncWQYbPyP
Ru9LzrjPZLv83Ei69aV72DaPoMuDAWO0NbkruuAdKT7h3L8Gy7M+rb0ilQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGw96oXgYwGun2WxkFGlpUfACymgMB8GA1UdIwQY
MBaAFA2TAtVG4GjC/XZ32dUgCt02yLzVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUt
NGJlZjQzZDNmYjE3LzEvYkQzcWhlQmpBYTZmWmJHUVVhV2xSOEFMS2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUtNGJlZjQzZDNmYjE3
LzEvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5YeAD
BAC5YeIwDQYJKoZIhvcNAQELBQADggEBAGUHyLLED614XZhUHtBY52O4fVRLumhM
smGlpX9vHafCFX1QJz4CnXdFJ2Az26X8BibGrj8gswafhBwyDF+BbNWZLoY6qTmj
R0gthHnY3HNK7dN9GYYLOFkzlqlGdUcFFPVxWhCfDDnv6PfYGCuHURaXV5Iqm3c8
3JZcTo9eBG0Wy6Vhh2busZE/F9RV5pVLSRAidqLddK0d+waklrME1pR+KmaYXXDa
v9HgR2ZjXaSYLTTeZdxpi1RBTscYXvf7B2jClSoYX1SzDjGzWllavSf8abZWmOK+
LkAd2yEadLy244V/KpBBLuFXInYnOxKxbn0YBsC+DUIEhSWq3l5ioWM=
-----END CERTIFICATE-----