Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/_wQSHk03wW5Lf4blHA4JfIh1oYM.roa
File:                     _wQSHk03wW5Lf4blHA4JfIh1oYM.roa (raw, json)
Hash identifier:          Iq0RNI/RXnzo9CWG7STXxSecZ+twPEF2J+dlj2gvdKU=
Subject key identifier:   FF:04:12:1E:4D:37:C1:6E:4B:7F:86:E5:1C:0E:09:7C:88:75:A1:83
Certificate issuer:       /CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Certificate serial:       018CC3490E3BAFEE39D1B41D9B318AFC635A
Authority key identifier: B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/_wQSHk03wW5Lf4blHA4JfIh1oYM.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212346
IP address blocks:        194.147.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0e:3b:af:ee:39:d1:b4:1d:9b:31:8a:fc:63:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff04121e4d37c16e4b7f86e51c0e097c8875a183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:41:6c:71:ed:88:0a:8e:60:d6:a8:cc:f3:a9:
                    f4:dd:86:07:81:15:8e:2e:97:81:96:8e:ce:ea:fd:
                    ec:ec:e7:bc:25:e8:63:fb:30:b2:b4:43:cd:a1:23:
                    c1:0f:c0:16:95:d2:e3:11:c2:ab:05:f9:26:5e:7e:
                    a7:ad:d3:be:a6:7c:ac:b1:12:98:20:3d:83:3a:fa:
                    e3:f9:52:30:fb:06:fd:cb:fe:64:d8:4c:06:99:84:
                    3b:a4:f7:fd:d9:52:2b:9e:4f:ea:9a:9e:4c:e4:9b:
                    5b:ed:13:e4:f1:9e:8c:e7:99:a8:50:32:d3:4b:09:
                    f7:62:cc:94:bd:4e:56:c2:be:a3:d5:b1:15:8d:f0:
                    69:8b:c3:35:37:06:5a:dd:fa:b3:86:24:50:74:40:
                    96:e6:67:e6:d3:b4:43:b0:fa:18:38:d5:72:84:8b:
                    28:a6:45:dc:b9:8f:a3:6a:0a:5a:48:24:02:03:fe:
                    e5:8e:5b:bb:7c:15:11:4d:af:e2:04:2e:56:69:fe:
                    0b:33:64:17:63:15:74:55:20:84:74:97:e6:0b:0c:
                    2c:15:c5:3c:a8:9a:2d:a9:4c:ac:01:10:d8:a6:dd:
                    e2:99:1a:7d:82:8b:a2:66:0c:8d:e6:96:20:7a:5e:
                    6f:b4:93:67:6d:72:62:e4:25:ce:7d:9a:a7:b7:fd:
                    4b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:04:12:1E:4D:37:C1:6E:4B:7F:86:E5:1C:0E:09:7C:88:75:A1:83
            X509v3 Authority Key Identifier:
                keyid:B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/_wQSHk03wW5Lf4blHA4JfIh1oYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:cc:e3:35:04:85:ca:ba:ae:79:f1:2d:de:d6:13:26:70:b2:
         fa:96:a5:12:b0:6e:20:bd:a9:59:07:cd:b7:3a:7b:2f:de:d6:
         00:85:aa:50:91:b0:82:01:55:cb:97:ca:53:c4:e5:27:99:24:
         28:4f:d1:93:63:a1:ab:d3:66:89:b6:a0:f5:d5:e6:dd:58:cc:
         67:53:a1:93:fa:f0:d7:a4:98:71:77:be:0a:61:48:b7:a8:06:
         e0:23:74:36:54:15:78:59:65:f9:98:1b:d0:5b:68:2d:46:41:
         1d:9d:da:97:4c:c8:8d:69:42:e0:15:44:74:d3:29:0e:70:ec:
         65:77:4e:0f:e9:48:0a:70:33:f9:da:d0:5a:f6:71:92:f4:59:
         bd:1b:ff:77:6d:bb:d9:2d:93:ce:d7:51:c6:59:70:ea:f4:a0:
         df:f9:41:1e:7e:3c:80:48:40:e0:d0:a8:5e:4e:0b:89:c7:4c:
         22:2c:d1:46:2b:43:5b:55:e8:96:45:3f:c6:27:19:bf:ed:ac:
         3f:1c:4c:9d:98:15:00:a7:57:cd:a7:57:17:10:0f:21:b4:bb:
         a1:68:86:4e:ae:c8:27:3b:e4:12:4e:50:57:b2:a9:68:9e:9d:
         97:e7:1d:94:8a:da:b8:28:e0:77:d8:3f:bb:b1:b1:3d:31:45:
         1a:4d:e3:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQ47r+450bQdmzGK/GNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDVlYzE1MTZlZTZkYzE5ZDFlNWMzOTk4Y2I3ZTdhNjQ2
ZjcxNWEwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjA0MTIxZTRkMzdjMTZlNGI3Zjg2ZTUxYzBlMDk3Yzg4NzVhMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20Fsce2ICo5g1qjM86n03YYHgRWO
LpeBlo7O6v3s7Oe8Jehj+zCytEPNoSPBD8AWldLjEcKrBfkmXn6nrdO+pnyssRKY
ID2DOvrj+VIw+wb9y/5k2EwGmYQ7pPf92VIrnk/qmp5M5Jtb7RPk8Z6M55moUDLT
Swn3YsyUvU5Wwr6j1bEVjfBpi8M1NwZa3fqzhiRQdECW5mfm07RDsPoYONVyhIso
pkXcuY+jagpaSCQCA/7ljlu7fBURTa/iBC5Waf4LM2QXYxV0VSCEdJfmCwwsFcU8
qJotqUysARDYpt3imRp9gouiZgyN5pYgel5vtJNnbXJi5CXOfZqnt/1LlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8EEh5NN8FuS3+G5RwOCXyIdaGDMB8GA1UdIwQY
MBaAFLPV7BUW7m3BnR5cOZjLfnpkb3FaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEt
NmMzMDVhNmRiYWI5LzEvX3dRU0hrMDN3VzVMZjRibEhBNEpmSWgxb1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEtNmMzMDVhNmRiYWI5
LzEvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpPmMA0G
CSqGSIb3DQEBCwUAA4IBAQCyzOM1BIXKuq558S3e1hMmcLL6lqUSsG4gvalZB823
Onsv3tYAhapQkbCCAVXLl8pTxOUnmSQoT9GTY6Gr02aJtqD11ebdWMxnU6GT+vDX
pJhxd74KYUi3qAbgI3Q2VBV4WWX5mBvQW2gtRkEdndqXTMiNaULgFUR00ykOcOxl
d04P6UgKcDP52tBa9nGS9Fm9G/93bbvZLZPO11HGWXDq9KDf+UEefjyASEDg0Khe
TguJx0wiLNFGK0NbVeiWRT/GJxm/7aw/HEydmBUAp1fNp1cXEA8htLuhaIZOrsgn
O+QSTlBXsqlonp2X5x2Uitq4KOB32D+7sbE9MUUaTeNQ
-----END CERTIFICATE-----