Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/3MxwO3NLgz_ZyjXa9ZHPb8ZH5U8.roa
File:                     3MxwO3NLgz_ZyjXa9ZHPb8ZH5U8.roa (raw, json)
Hash identifier:          7bIZJJohyIjVweEed3PMZVid92QB25j6/KZAqNvXW80=
Subject key identifier:   DC:CC:70:3B:73:4B:83:3F:D9:CA:35:DA:F5:91:CF:6F:C6:47:E5:4F
Certificate issuer:       /CN=61c5ed0ded8625b32b6533207229f2c467259848
Certificate serial:       018CC4252E4689030264743520376E745A6C
Authority key identifier: 61:C5:ED:0D:ED:86:25:B3:2B:65:33:20:72:29:F2:C4:67:25:98:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YcXtDe2GJbMrZTMgcinyxGclmEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/3MxwO3NLgz_ZyjXa9ZHPb8ZH5U8.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204400
IP address blocks:        185.234.204.0/24 maxlen: 24
                          185.234.204.0/22 maxlen: 22
                          185.234.206.0/24 maxlen: 24
                          185.234.205.0/24 maxlen: 24
                          185.234.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/YcXtDe2GJbMrZTMgcinyxGclmEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/YcXtDe2GJbMrZTMgcinyxGclmEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YcXtDe2GJbMrZTMgcinyxGclmEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2e:46:89:03:02:64:74:35:20:37:6e:74:5a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61c5ed0ded8625b32b6533207229f2c467259848
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dccc703b734b833fd9ca35daf591cf6fc647e54f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2d:9a:5b:c0:85:e2:c5:48:34:79:af:95:55:
                    72:09:31:1a:18:c7:bd:d3:5f:95:fe:1f:7e:6f:b2:
                    f6:38:71:ce:be:03:ce:43:13:9b:ee:c1:39:2e:7e:
                    0a:48:ee:e9:e2:2e:ba:6a:5b:a6:85:44:09:00:aa:
                    23:07:5f:01:38:cc:6e:95:8b:f6:70:c2:0e:4b:5f:
                    28:da:12:5d:75:01:d7:f9:a4:92:61:e8:7c:50:d2:
                    6d:70:41:2f:57:93:2b:3d:80:19:ed:16:3e:df:92:
                    74:39:0a:da:1b:82:96:95:f1:ce:79:de:4f:b7:f7:
                    7a:79:2b:61:96:d1:2e:5b:53:12:58:ea:db:61:69:
                    b7:a9:25:cb:2f:9b:bc:cd:4e:1c:94:1e:bd:21:da:
                    ce:1e:2a:6f:e8:14:1a:3c:e0:42:79:22:02:f2:7b:
                    6c:ad:15:e9:5a:be:c7:53:47:ac:5e:1f:f8:0b:7c:
                    ba:5b:e3:c5:17:f2:69:1b:7c:07:21:7b:38:20:8c:
                    d3:a3:db:c6:cc:ea:f8:98:71:01:a4:3b:63:3e:5d:
                    c6:8b:29:a6:9a:40:73:62:06:b9:5a:03:d6:e8:12:
                    b9:03:6b:c2:5a:55:bc:bf:88:4c:3d:6a:b5:cf:8b:
                    67:06:c5:1b:1c:3b:91:e1:83:a8:14:c8:c7:23:31:
                    70:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CC:70:3B:73:4B:83:3F:D9:CA:35:DA:F5:91:CF:6F:C6:47:E5:4F
            X509v3 Authority Key Identifier:
                keyid:61:C5:ED:0D:ED:86:25:B3:2B:65:33:20:72:29:F2:C4:67:25:98:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YcXtDe2GJbMrZTMgcinyxGclmEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/3MxwO3NLgz_ZyjXa9ZHPb8ZH5U8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/YcXtDe2GJbMrZTMgcinyxGclmEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:05:bd:8b:d1:9d:fb:68:3b:94:a8:f8:f3:e3:22:af:9c:89:
         cf:92:94:e3:41:6c:34:72:8a:c3:6c:52:62:46:72:c6:25:b9:
         96:d3:d6:c8:16:bd:7c:43:67:de:93:e6:c9:bb:93:e4:f5:87:
         8b:6b:2d:8b:21:88:bb:85:f8:91:06:89:52:05:42:fa:60:78:
         63:e2:0d:2e:af:4c:df:3e:9a:1e:21:55:31:5f:bd:41:9f:41:
         66:4b:14:e2:dd:53:de:b4:d4:75:bb:e1:e8:65:41:39:f1:ca:
         c4:9c:86:d7:6a:21:92:1a:6a:64:0c:8f:62:46:80:fe:45:d1:
         1a:fe:ff:68:70:4b:1c:6e:3f:85:65:1b:5d:d9:ac:9b:4d:00:
         8f:bd:42:91:28:f6:48:c3:96:ff:00:a2:b8:9f:30:fe:32:a8:
         e7:7c:86:21:d2:6a:ec:e9:bf:65:44:1f:0b:1e:3c:c0:32:64:
         af:68:29:79:58:a0:62:ad:e8:89:01:88:0e:ff:31:4d:15:18:
         63:5d:55:4c:7a:00:b5:98:97:5e:c7:7d:03:ac:e6:eb:61:86:
         e1:78:f6:cf:b0:a2:8e:38:fb:7b:52:7a:3b:a6:7a:39:1a:ce:
         ec:fc:5f:3f:04:02:7c:ff:7d:f2:13:db:e7:b3:a4:cf:71:db:
         9a:ba:0d:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJS5GiQMCZHQ1IDdudFpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYzVlZDBkZWQ4NjI1YjMyYjY1MzMyMDcyMjlmMmM0Njcy
NTk4NDgwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2NjNzAzYjczNGI4MzNmZDljYTM1ZGFmNTkxY2Y2ZmM2NDdlNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgi2aW8CF4sVINHmvlVVyCTEaGMe9
01+V/h9+b7L2OHHOvgPOQxOb7sE5Ln4KSO7p4i66alumhUQJAKojB18BOMxulYv2
cMIOS18o2hJddQHX+aSSYeh8UNJtcEEvV5MrPYAZ7RY+35J0OQraG4KWlfHOed5P
t/d6eSthltEuW1MSWOrbYWm3qSXLL5u8zU4clB69IdrOHipv6BQaPOBCeSIC8nts
rRXpWr7HU0esXh/4C3y6W+PFF/JpG3wHIXs4IIzTo9vGzOr4mHEBpDtjPl3Giymm
mkBzYga5WgPW6BK5A2vCWlW8v4hMPWq1z4tnBsUbHDuR4YOoFMjHIzFw/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzMcDtzS4M/2co12vWRz2/GR+VPMB8GA1UdIwQY
MBaAFGHF7Q3thiWzK2UzIHIp8sRnJZhIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWNYdERlMkdKYk1yWlRNZ2Npbnl4R2NsbUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82MDYyYWYtNTNiYy00MzVkLWI1ZmIt
YTExODQ5ODMyNWY3LzEvM014d08zTkxnel9aeWpYYTlaSFBiOFpINVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82MDYyYWYtNTNiYy00MzVkLWI1ZmItYTExODQ5ODMyNWY3
LzEvWWNYdERlMkdKYk1yWlRNZ2Npbnl4R2NsbUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuerMMA0G
CSqGSIb3DQEBCwUAA4IBAQBqBb2L0Z37aDuUqPjz4yKvnInPkpTjQWw0corDbFJi
RnLGJbmW09bIFr18Q2fek+bJu5Pk9YeLay2LIYi7hfiRBolSBUL6YHhj4g0ur0zf
PpoeIVUxX71Bn0FmSxTi3VPetNR1u+HoZUE58crEnIbXaiGSGmpkDI9iRoD+RdEa
/v9ocEscbj+FZRtd2aybTQCPvUKRKPZIw5b/AKK4nzD+MqjnfIYh0mrs6b9lRB8L
HjzAMmSvaCl5WKBireiJAYgO/zFNFRhjXVVMegC1mJdex30DrObrYYbhePbPsKKO
OPt7Uno7pno5Gs7s/F8/BAJ8/33yE9vns6TPcduaug0b
-----END CERTIFICATE-----