Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/j0KYkRXiZdQR9rdT3AtTIXL1Vxw.roa
File:                     j0KYkRXiZdQR9rdT3AtTIXL1Vxw.roa (raw, json)
Hash identifier:          0WbQfcSdvBPyBmGRk6mPgTDrRIDmQcI8ElOsIdIUCT8=
Subject key identifier:   8F:42:98:91:15:E2:65:D4:11:F6:B7:53:DC:0B:53:21:72:F5:57:1C
Certificate issuer:       /CN=3be4761d44d806c3f9e4e76b79c8f2296cc7bbcf
Certificate serial:       018CC26D70F9024C8A3C8ABD43AE4362A1DA
Authority key identifier: 3B:E4:76:1D:44:D8:06:C3:F9:E4:E7:6B:79:C8:F2:29:6C:C7:BB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/j0KYkRXiZdQR9rdT3AtTIXL1Vxw.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202234
IP address blocks:        185.49.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:f9:02:4c:8a:3c:8a:bd:43:ae:43:62:a1:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be4761d44d806c3f9e4e76b79c8f2296cc7bbcf
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f42989115e265d411f6b753dc0b532172f5571c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9c:f1:a1:09:8e:a5:7d:1f:14:aa:6d:2e:95:
                    0a:d2:6a:78:4a:9b:e6:4e:a9:cf:12:2e:2a:b6:dd:
                    5e:43:f6:eb:26:e0:d7:f7:b2:05:e4:a8:9b:b1:4d:
                    f3:c8:fc:12:95:1d:34:b8:60:f7:18:4f:fe:5e:42:
                    70:a3:14:eb:fd:d9:a9:8e:02:7b:6a:16:30:0b:c2:
                    74:1e:a5:cb:90:85:69:a0:05:78:d7:f5:e6:f6:85:
                    31:4b:87:dd:a2:80:9f:d9:8e:f9:0c:97:ba:95:d6:
                    4c:ce:c3:b5:d8:21:2a:0d:83:fa:09:9a:b1:4a:33:
                    fd:89:fe:8f:f9:25:75:4f:7e:64:af:7a:52:7f:98:
                    10:76:96:58:27:87:61:f0:15:18:a6:b3:8f:5d:34:
                    89:6a:51:7c:24:a3:05:ce:58:1d:34:fe:75:10:e6:
                    2d:0f:35:61:5b:7c:cf:23:99:59:fe:c9:10:bb:83:
                    e7:2a:65:98:1c:72:13:55:9a:57:ee:35:b6:2b:4c:
                    67:37:c5:e8:6c:9a:6d:46:7f:12:09:4f:28:ba:d8:
                    ee:49:a5:c2:df:91:20:cf:c7:ff:dd:1f:49:24:4e:
                    d8:13:8a:99:f4:aa:d2:13:28:cd:79:67:57:19:22:
                    c7:fd:07:3c:79:56:0a:da:04:bc:53:b1:1a:76:56:
                    1e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:42:98:91:15:E2:65:D4:11:F6:B7:53:DC:0B:53:21:72:F5:57:1C
            X509v3 Authority Key Identifier:
                keyid:3B:E4:76:1D:44:D8:06:C3:F9:E4:E7:6B:79:C8:F2:29:6C:C7:BB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/j0KYkRXiZdQR9rdT3AtTIXL1Vxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:05:01:17:71:e2:ab:0a:ec:15:ef:1e:b7:20:bf:4c:29:3c:
         a1:dc:eb:8a:df:49:2d:ba:95:40:b8:0f:62:84:b7:eb:e7:23:
         b1:30:e3:81:7f:f8:79:41:4c:f7:70:14:db:eb:bb:90:51:5a:
         d8:12:f3:f7:bb:05:ce:09:ad:ce:56:51:16:2c:5a:0c:d5:17:
         a2:60:58:63:9b:e3:28:30:5a:d0:7a:68:d5:c1:90:d9:45:62:
         87:ab:66:2e:3b:ad:95:58:29:de:c0:a8:17:4f:21:82:f7:d9:
         5c:20:54:84:dc:19:ad:49:d5:38:85:cd:55:dc:9d:3f:4d:1d:
         3c:79:2b:28:34:a2:81:f3:60:5d:65:5a:61:4d:b8:03:6f:94:
         2a:32:8a:4d:f6:ce:41:92:68:06:14:da:d6:30:11:63:13:98:
         a4:62:37:e4:7d:4d:c9:74:c3:a1:b7:86:2f:50:8c:d7:c1:cb:
         15:25:02:b3:d5:07:c7:da:4f:fc:29:3f:65:38:d4:9f:b5:a9:
         bb:d8:fb:88:c3:4b:1c:60:c5:5c:f2:8e:7f:03:fe:e7:18:3c:
         a5:df:f7:b5:34:c1:02:1c:66:1b:20:61:db:57:f0:2f:bb:f7:
         80:e1:e2:a5:5c:5c:9d:34:9b:d8:47:8b:6d:9d:13:ca:14:15:
         5a:c4:0a:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXD5AkyKPIq9Q65DYqHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTQ3NjFkNDRkODA2YzNmOWU0ZTc2Yjc5YzhmMjI5NmNj
N2JiY2YwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjQyOTg5MTE1ZTI2NWQ0MTFmNmI3NTNkYzBiNTMyMTcyZjU1NzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5zxoQmOpX0fFKptLpUK0mp4Spvm
TqnPEi4qtt1eQ/brJuDX97IF5KibsU3zyPwSlR00uGD3GE/+XkJwoxTr/dmpjgJ7
ahYwC8J0HqXLkIVpoAV41/Xm9oUxS4fdooCf2Y75DJe6ldZMzsO12CEqDYP6CZqx
SjP9if6P+SV1T35kr3pSf5gQdpZYJ4dh8BUYprOPXTSJalF8JKMFzlgdNP51EOYt
DzVhW3zPI5lZ/skQu4PnKmWYHHITVZpX7jW2K0xnN8XobJptRn8SCU8outjuSaXC
35Egz8f/3R9JJE7YE4qZ9KrSEyjNeWdXGSLH/Qc8eVYK2gS8U7EadlYeNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9CmJEV4mXUEfa3U9wLUyFy9VccMB8GA1UdIwQY
MBaAFDvkdh1E2AbD+eTna3nI8ilsx7vPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1SMkhVVFlCc1A1NU9kcmVjanlLV3pIdTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kMmMzOGUtMGFhZi00ZTNiLThlZDgt
YjU0YWU2ZjA4ZjRmLzEvajBLWWtSWGlaZFFSOXJkVDNBdFRJWEwxVnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kMmMzOGUtMGFhZi00ZTNiLThlZDgtYjU0YWU2ZjA4ZjRm
LzEvTy1SMkhVVFlCc1A1NU9kcmVjanlLV3pIdTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTFsMA0G
CSqGSIb3DQEBCwUAA4IBAQA7BQEXceKrCuwV7x63IL9MKTyh3OuK30ktupVAuA9i
hLfr5yOxMOOBf/h5QUz3cBTb67uQUVrYEvP3uwXOCa3OVlEWLFoM1ReiYFhjm+Mo
MFrQemjVwZDZRWKHq2YuO62VWCnewKgXTyGC99lcIFSE3BmtSdU4hc1V3J0/TR08
eSsoNKKB82BdZVphTbgDb5QqMopN9s5BkmgGFNrWMBFjE5ikYjfkfU3JdMOht4Yv
UIzXwcsVJQKz1QfH2k/8KT9lONSftam72PuIw0scYMVc8o5/A/7nGDyl3/e1NMEC
HGYbIGHbV/Avu/eA4eKlXFydNJvYR4ttnRPKFBVaxAoi
-----END CERTIFICATE-----