Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/3V2Ma2AfIH1LZEb3EXjptV7wsAM.roa
File:                     3V2Ma2AfIH1LZEb3EXjptV7wsAM.roa (raw, json)
Hash identifier:          CCXFMJu33/V6gjnTBpFlWWG5RPRO0pePTzNwXUFluMY=
Subject key identifier:   DD:5D:8C:6B:60:1F:20:7D:4B:64:46:F7:11:78:E9:B5:5E:F0:B0:03
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018FC432037371525424FCA3E68CE4A353E6
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/3V2Ma2AfIH1LZEb3EXjptV7wsAM.roa
Signing time:             Wed 29 May 2024 11:52:42 +0000
ROA not before:           Wed 29 May 2024 11:52:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        185.198.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:32:03:73:71:52:54:24:fc:a3:e6:8c:e4:a3:53:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May 29 11:52:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd5d8c6b601f207d4b6446f71178e9b55ef0b003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f7:ce:4b:ac:db:57:50:5e:90:cc:51:81:9c:
                    03:c1:dd:2c:e3:51:01:f4:06:8c:d0:89:67:81:49:
                    8d:ab:ca:cd:c8:4a:80:da:7c:f4:b4:e9:8a:f3:4e:
                    5e:96:a7:6e:3b:eb:0f:be:0d:15:37:6c:a5:31:35:
                    66:25:7d:eb:4b:65:85:c5:94:39:ca:e5:c1:d2:03:
                    8d:28:5e:91:03:9d:c3:2d:ca:6a:25:36:bc:1d:d7:
                    ef:6e:ba:6a:8b:cb:11:9e:ce:70:e1:b2:f3:6e:d9:
                    2e:56:3b:87:9b:57:7b:4c:5e:30:05:63:5f:08:4a:
                    7e:8a:1d:a7:de:25:18:5e:4d:88:b7:7d:3a:9d:eb:
                    29:8b:84:dc:be:63:a5:0f:55:5a:40:18:2e:cf:44:
                    07:2f:c8:e4:0a:f5:92:34:e9:c7:f1:25:3c:be:2d:
                    ad:24:a6:d3:f3:af:b5:a0:03:ec:b8:39:7d:f6:9f:
                    9a:7d:18:7e:db:50:61:8a:84:92:63:2c:3c:f9:c0:
                    75:52:19:57:b8:c6:d8:2d:6f:74:16:1e:dc:e4:6d:
                    99:e2:d4:6e:56:03:21:ec:b7:b0:55:a4:0c:af:9f:
                    f8:98:a0:94:a1:ff:60:06:5d:a3:3d:5e:81:e1:26:
                    fc:12:74:12:c9:98:66:4b:5e:4f:45:b5:1d:72:ab:
                    d7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5D:8C:6B:60:1F:20:7D:4B:64:46:F7:11:78:E9:B5:5E:F0:B0:03
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/3V2Ma2AfIH1LZEb3EXjptV7wsAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:08:a4:1e:da:85:7a:3e:e1:92:e7:e9:14:f5:5e:52:f9:fd:
         79:74:ad:49:c3:68:46:cb:f0:ec:4c:4f:8c:04:fe:5c:46:58:
         87:ba:f0:2b:ce:f2:b1:66:87:3d:66:d2:f5:f9:f6:d2:64:02:
         a2:25:e7:2f:50:2c:ad:9b:de:5d:55:ec:b2:4a:3c:60:e5:84:
         e7:02:f2:74:c9:65:59:50:92:fc:36:1a:07:e9:58:73:3a:fb:
         8e:0b:03:63:52:9f:a8:23:b5:16:ef:c0:c0:2a:f4:b9:c0:1d:
         50:99:88:b1:89:62:87:31:26:9e:20:8c:5f:e7:e6:6c:dd:3d:
         cc:11:d6:26:a7:c2:b5:3b:76:a4:a5:8b:f2:51:3f:f5:cf:da:
         c5:50:c8:b3:ab:5c:01:e8:ad:8e:07:a3:72:dd:51:66:67:c5:
         26:37:1a:e8:9b:b7:b7:f0:7b:b1:ad:ad:58:2a:02:d3:44:4f:
         d0:b7:24:f2:ee:9d:e3:71:f2:e0:b1:7b:11:ce:26:ab:6b:dc:
         46:62:2d:06:46:af:bf:fc:a5:4e:5f:6b:e1:23:45:fe:81:d6:
         88:77:b2:01:9d:b2:c1:32:8c:ae:bd:10:d8:a3:9e:4f:82:dc:
         65:fe:36:eb:d5:7c:9a:73:72:83:0d:3f:fd:6f:d1:c1:5c:4f:
         ae:52:f7:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/EMgNzcVJUJPyj5ozko1PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNTI5MTE1MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVkOGM2YjYwMWYyMDdkNGI2NDQ2ZjcxMTc4ZTliNTVlZjBiMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPfOS6zbV1BekMxRgZwDwd0s41EB
9AaM0IlngUmNq8rNyEqA2nz0tOmK805elqduO+sPvg0VN2ylMTVmJX3rS2WFxZQ5
yuXB0gONKF6RA53DLcpqJTa8Hdfvbrpqi8sRns5w4bLzbtkuVjuHm1d7TF4wBWNf
CEp+ih2n3iUYXk2It306nespi4TcvmOlD1VaQBguz0QHL8jkCvWSNOnH8SU8vi2t
JKbT86+1oAPsuDl99p+afRh+21BhioSSYyw8+cB1UhlXuMbYLW90Fh7c5G2Z4tRu
VgMh7LewVaQMr5/4mKCUof9gBl2jPV6B4Sb8EnQSyZhmS15PRbUdcqvXtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1djGtgHyB9S2RG9xF46bVe8LADMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvM1YyTWEyQWZJSDFMWkViM0VYanB0Vjd3c0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucbqMA0G
CSqGSIb3DQEBCwUAA4IBAQB4CKQe2oV6PuGS5+kU9V5S+f15dK1Jw2hGy/DsTE+M
BP5cRliHuvArzvKxZoc9ZtL1+fbSZAKiJecvUCytm95dVeyySjxg5YTnAvJ0yWVZ
UJL8NhoH6VhzOvuOCwNjUp+oI7UW78DAKvS5wB1QmYixiWKHMSaeIIxf5+Zs3T3M
EdYmp8K1O3akpYvyUT/1z9rFUMizq1wB6K2OB6Ny3VFmZ8UmNxrom7e38Huxra1Y
KgLTRE/QtyTy7p3jcfLgsXsRziara9xGYi0GRq+//KVOX2vhI0X+gdaId7IBnbLB
MoyuvRDYo55Pgtxl/jbr1Xyac3KDDT/9b9HBXE+uUvf7
-----END CERTIFICATE-----