Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3kAP1CaDUrekr4SJtHdiZCGGDcg.roa
File:                     3kAP1CaDUrekr4SJtHdiZCGGDcg.roa (raw, json)
Hash identifier:          W0+ICfAynQpg0feOn+/KfSE1brSEPavrKelx218tAPw=
Subject key identifier:   DE:40:0F:D4:26:83:52:B7:A4:AF:84:89:B4:77:62:64:21:86:0D:C8
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0DAF1151F554D47EF5FB1D7474CA
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3kAP1CaDUrekr4SJtHdiZCGGDcg.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.244.235.0/24 maxlen: 24
                          185.227.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:af:11:51:f5:54:d4:7e:f5:fb:1d:74:74:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de400fd4268352b7a4af8489b477626421860dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:01:a5:f0:28:34:4c:23:9e:82:ed:27:b2:55:
                    10:55:8f:e5:9b:2a:6e:68:ae:b1:6a:0f:07:16:05:
                    c8:c3:8d:9f:ff:dd:ad:88:a1:ac:c6:23:31:68:21:
                    4a:d2:66:2f:9f:72:67:00:d5:47:5d:1a:12:40:62:
                    40:4e:1b:b7:52:57:4f:b7:4d:d2:d0:07:00:89:c4:
                    6c:a6:1e:f7:67:9f:45:f1:97:c6:c8:ee:f9:b5:9a:
                    c3:ac:1b:ae:4b:77:4a:3b:89:4d:02:2d:c1:d8:39:
                    ca:6c:31:26:03:4e:b1:74:79:02:35:8c:23:5b:af:
                    a9:70:24:88:30:27:cb:8d:9f:c4:af:2d:02:db:6c:
                    ab:76:ff:eb:f2:f6:55:d7:a5:52:f7:c7:8e:c5:ac:
                    12:86:00:6a:62:ad:00:84:d5:1d:dc:4f:26:77:6f:
                    69:58:96:6b:08:bd:f6:bc:1e:7e:1f:9f:13:98:26:
                    c4:04:65:51:71:a3:04:0e:bd:47:56:a0:12:ee:27:
                    46:73:31:bd:7e:d0:c9:70:08:e9:3b:6b:15:79:bc:
                    93:fa:09:9b:3d:2e:5b:36:7e:e8:c3:d3:b1:ee:be:
                    1e:49:e4:ab:93:6d:15:18:61:88:cb:e8:95:8a:de:
                    99:a6:c3:2b:2f:16:4e:9f:83:81:15:45:56:21:7a:
                    2d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:40:0F:D4:26:83:52:B7:A4:AF:84:89:B4:77:62:64:21:86:0D:C8
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3kAP1CaDUrekr4SJtHdiZCGGDcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.102.0/24
                  185.244.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:24:ae:61:c7:d5:cc:80:47:26:db:e1:49:9b:f2:66:db:2e:
         67:5d:fc:1e:e5:af:21:f3:b0:42:b8:ec:ba:ef:67:21:37:5c:
         87:d2:70:75:55:95:3b:47:e2:e9:23:ba:e0:c4:fe:66:6b:2c:
         9a:25:4b:26:f5:f6:a4:43:94:81:8a:38:b2:d3:6c:d8:1d:16:
         5f:d7:b7:e5:1d:a2:5a:61:bc:ca:f3:28:95:6c:31:13:48:70:
         79:9b:f5:01:f5:7d:6d:17:0b:73:1a:fc:8b:ff:81:ca:a9:87:
         21:be:2e:0b:3d:dc:9c:8b:a8:9b:37:02:9e:46:c4:2d:12:4c:
         67:33:7d:30:83:63:80:5a:de:85:d4:2c:c9:58:f6:ca:04:87:
         95:95:46:00:1f:93:f0:e2:c9:19:e3:f0:dc:d6:4d:f2:fa:12:
         84:b6:83:a2:99:09:ab:51:60:5d:fa:9e:ae:0a:8e:4b:c4:72:
         ab:7a:75:3a:27:32:f4:0f:57:f5:7b:da:c2:e6:9f:0b:15:cb:
         c0:2e:94:e8:c3:a0:68:84:59:a7:c3:6d:01:3c:58:18:84:aa:
         15:70:9b:bd:db:1a:64:79:25:7b:d6:22:e7:99:af:d0:45:16:
         c7:a8:b2:1c:89:3e:40:8d:09:2f:5b:4f:eb:d1:25:54:4f:12:
         d4:bc:73:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbg2vEVH1VNR+9fsddHTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQwMGZkNDI2ODM1MmI3YTRhZjg0ODliNDc3NjI2NDIxODYwZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAGl8Cg0TCOegu0nslUQVY/lmypu
aK6xag8HFgXIw42f/92tiKGsxiMxaCFK0mYvn3JnANVHXRoSQGJAThu3UldPt03S
0AcAicRsph73Z59F8ZfGyO75tZrDrBuuS3dKO4lNAi3B2DnKbDEmA06xdHkCNYwj
W6+pcCSIMCfLjZ/Ery0C22yrdv/r8vZV16VS98eOxawShgBqYq0AhNUd3E8md29p
WJZrCL32vB5+H58TmCbEBGVRcaMEDr1HVqAS7idGczG9ftDJcAjpO2sVebyT+gmb
PS5bNn7ow9Ox7r4eSeSrk20VGGGIy+iVit6ZpsMrLxZOn4OBFUVWIXotDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN5AD9Qmg1K3pK+EibR3YmQhhg3IMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvM2tBUDFDYURVcmVrcjRTSnRIZGlaQ0dHRGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueNmAwQA
ufTrMA0GCSqGSIb3DQEBCwUAA4IBAQCfJK5hx9XMgEcm2+FJm/Jm2y5nXfwe5a8h
87BCuOy672chN1yH0nB1VZU7R+LpI7rgxP5mayyaJUsm9fakQ5SBijiy02zYHRZf
17flHaJaYbzK8yiVbDETSHB5m/UB9X1tFwtzGvyL/4HKqYchvi4LPdyci6ibNwKe
RsQtEkxnM30wg2OAWt6F1CzJWPbKBIeVlUYAH5Pw4skZ4/Dc1k3y+hKEtoOimQmr
UWBd+p6uCo5LxHKrenU6JzL0D1f1e9rC5p8LFcvALpTow6BohFmnw20BPFgYhKoV
cJu92xpkeSV71iLnma/QRRbHqLIciT5AjQkvW0/r0SVUTxLUvHOs
-----END CERTIFICATE-----