Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3FkmfE1hkIoFEj2XUOMT1kPjzOw.roa
File:                     3FkmfE1hkIoFEj2XUOMT1kPjzOw.roa (raw, json)
Hash identifier:          TCWNs6T22NgYuWbk77u210ztpu/yX0IqUA9SKdW+yLo=
Subject key identifier:   DC:59:26:7C:4D:61:90:8A:05:12:3D:97:50:E3:13:D6:43:E3:CC:EC
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0190D9FB8B14D8FFE6E1F9F7ABD28B85D581
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3FkmfE1hkIoFEj2XUOMT1kPjzOw.roa
Signing time:             Mon 22 Jul 2024 10:27:39 +0000
ROA not before:           Mon 22 Jul 2024 10:27:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     264825
IP address blocks:        185.181.32.0/22 maxlen: 22
                          185.181.32.0/23 maxlen: 23
                          185.181.32.0/24 maxlen: 24
                          185.181.34.0/23 maxlen: 23
                          185.181.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:fb:8b:14:d8:ff:e6:e1:f9:f7:ab:d2:8b:85:d5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul 22 10:27:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc59267c4d61908a05123d9750e313d643e3ccec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:96:45:f6:15:9f:24:11:16:ec:8c:d1:ca:93:
                    e8:84:db:ac:3e:bc:7e:51:29:cf:e2:c0:b4:01:96:
                    95:64:36:e3:03:71:35:67:ad:bb:18:3a:17:fa:97:
                    2c:1d:1e:ce:a2:d3:f5:7e:7b:e1:bb:1c:b6:01:38:
                    dc:f1:bf:a8:80:4a:61:7f:2e:56:19:f9:78:5c:32:
                    df:88:db:ef:b8:99:d7:4f:1e:f7:76:99:89:61:fb:
                    10:e2:99:76:c5:39:4e:41:f4:a0:1d:f7:4f:31:f9:
                    4c:7b:e8:b9:b2:5c:44:7b:28:fe:06:a4:b3:cf:c6:
                    74:fb:ef:5b:05:54:6d:e9:0c:23:b8:ca:81:4e:28:
                    ac:0d:c3:eb:26:38:11:48:3a:64:10:88:70:9c:58:
                    58:48:a2:8a:16:5c:7d:fb:7e:0f:4a:54:0a:48:e6:
                    4c:d5:c0:2a:35:ed:c0:2e:10:52:5b:ca:31:3a:fd:
                    99:b8:6c:fc:76:da:e4:2a:b1:19:28:e5:fe:37:b8:
                    d3:e2:85:e2:79:bb:a3:da:6f:d2:8e:40:75:25:f8:
                    ae:17:01:b2:80:12:ec:2e:0a:f9:c7:43:5e:c0:9b:
                    af:7b:65:5f:c5:db:9c:02:32:a1:8f:37:e2:83:4d:
                    64:e2:e6:82:73:d3:4f:02:e7:71:66:cc:77:3e:25:
                    c8:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:59:26:7C:4D:61:90:8A:05:12:3D:97:50:E3:13:D6:43:E3:CC:EC
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3FkmfE1hkIoFEj2XUOMT1kPjzOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:3d:54:4d:46:a3:d2:3d:34:03:7c:12:57:6e:9b:0d:b6:8d:
         97:83:2c:81:70:4a:98:54:a7:b0:12:8b:6f:48:de:76:6a:a1:
         1a:02:d9:3c:f2:59:6b:e3:de:e5:60:c1:7b:ce:f9:4b:60:b6:
         6c:b6:65:9f:74:65:bb:10:ef:5f:c7:f1:94:5c:40:d2:c2:70:
         6f:6c:7c:f8:19:35:09:c4:45:1e:c4:ea:21:18:df:c8:47:6a:
         08:cc:12:93:27:8b:af:49:ae:1c:0a:0b:95:7e:58:b6:29:d9:
         eb:e8:45:e5:f7:79:02:13:fe:9e:85:26:ec:b1:96:1f:1f:fe:
         3b:f6:bf:f4:56:35:4f:90:46:da:d6:4b:d2:60:5a:da:53:c0:
         34:21:2e:f3:2b:32:f1:81:d0:5d:e4:3a:4f:09:7b:b3:b2:f3:
         3c:c1:b0:8b:f0:4f:a9:23:9e:7e:d9:98:e8:8b:a9:95:31:30:
         a1:13:64:a3:78:dd:2c:ae:83:c8:d6:be:3c:41:95:b1:82:3c:
         49:94:8d:c5:60:4d:bc:ef:33:09:52:e5:45:40:58:18:ae:b2:
         2f:e0:c9:5f:9e:d4:2e:36:60:a1:26:7e:fc:7f:85:ec:16:a2:
         1e:1b:13:fc:37:29:3e:bc:69:2b:bb:26:d3:4a:50:58:67:a8:
         67:df:10:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZ+4sU2P/m4fn3q9KLhdWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNzIyMTAyNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU5MjY3YzRkNjE5MDhhMDUxMjNkOTc1MGUzMTNkNjQzZTNjY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZZF9hWfJBEW7IzRypPohNusPrx+
USnP4sC0AZaVZDbjA3E1Z627GDoX+pcsHR7OotP1fnvhuxy2ATjc8b+ogEphfy5W
Gfl4XDLfiNvvuJnXTx73dpmJYfsQ4pl2xTlOQfSgHfdPMflMe+i5slxEeyj+BqSz
z8Z0++9bBVRt6QwjuMqBTiisDcPrJjgRSDpkEIhwnFhYSKKKFlx9+34PSlQKSOZM
1cAqNe3ALhBSW8oxOv2ZuGz8dtrkKrEZKOX+N7jT4oXiebuj2m/SjkB1JfiuFwGy
gBLsLgr5x0NewJuve2VfxducAjKhjzfig01k4uaCc9NPAudxZsx3PiXIywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxZJnxNYZCKBRI9l1DjE9ZD48zsMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvM0ZrbWZFMWhrSW9GRWoyWFVPTVQxa1Bqek93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubUgMA0G
CSqGSIb3DQEBCwUAA4IBAQBIPVRNRqPSPTQDfBJXbpsNto2XgyyBcEqYVKewEotv
SN52aqEaAtk88llr497lYMF7zvlLYLZstmWfdGW7EO9fx/GUXEDSwnBvbHz4GTUJ
xEUexOohGN/IR2oIzBKTJ4uvSa4cCguVfli2Kdnr6EXl93kCE/6ehSbssZYfH/47
9r/0VjVPkEba1kvSYFraU8A0IS7zKzLxgdBd5DpPCXuzsvM8wbCL8E+pI55+2Zjo
i6mVMTChE2SjeN0sroPI1r48QZWxgjxJlI3FYE287zMJUuVFQFgYrrIv4MlfntQu
NmChJn78f4XsFqIeGxP8Nyk+vGkruybTSlBYZ6hn3xBs
-----END CERTIFICATE-----