Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/d98Fz-stE9kgCe0dVWTwZguI0Qg.roa
File:                     d98Fz-stE9kgCe0dVWTwZguI0Qg.roa (raw, json)
Hash identifier:          QsOo7VDOl7r+fNK1r87Gr9x21ZhoOpl619/vMHT1ZiM=
Subject key identifier:   77:DF:05:CF:EB:2D:13:D9:20:09:ED:1D:55:64:F0:66:0B:88:D1:08
Certificate issuer:       /CN=c612adfabf915df33198935808cf0df9738dca87
Certificate serial:       018DEF1EC7F4A25E1E038D776C7C73D35B2D
Authority key identifier: C6:12:AD:FA:BF:91:5D:F3:31:98:93:58:08:CF:0D:F9:73:8D:CA:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhKt-r-RXfMxmJNYCM8N-XONyoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/d98Fz-stE9kgCe0dVWTwZguI0Qg.roa
Signing time:             Wed 28 Feb 2024 09:49:48 +0000
ROA not before:           Wed 28 Feb 2024 09:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        185.145.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/xhKt-r-RXfMxmJNYCM8N-XONyoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/xhKt-r-RXfMxmJNYCM8N-XONyoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhKt-r-RXfMxmJNYCM8N-XONyoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:1e:c7:f4:a2:5e:1e:03:8d:77:6c:7c:73:d3:5b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c612adfabf915df33198935808cf0df9738dca87
        Validity
            Not Before: Feb 28 09:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77df05cfeb2d13d92009ed1d5564f0660b88d108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:70:aa:d7:ef:39:00:d8:da:a3:e1:91:eb:ff:
                    4f:2f:76:77:bc:52:11:0e:13:4a:a7:e5:22:44:ef:
                    d8:85:60:a9:19:bb:c6:68:07:77:f1:cb:f9:25:26:
                    d3:a4:91:ec:1d:33:15:00:18:be:23:00:5e:1e:03:
                    6a:83:6c:be:e5:06:07:3c:fa:5a:c6:10:30:d9:a6:
                    b1:5d:cc:e4:de:37:28:fa:33:fc:c2:9b:90:2b:f0:
                    3c:1a:6b:18:8d:27:2e:10:e5:a0:f9:97:8e:52:4e:
                    1c:98:a8:5a:87:73:70:2a:7c:52:e0:55:e0:40:d0:
                    d3:a9:57:83:46:c0:4b:1c:4a:0c:a1:8f:75:fd:7b:
                    12:14:41:e1:f3:46:b2:9e:50:62:fd:05:3f:29:6d:
                    be:f9:b0:21:ae:aa:27:af:4a:9c:3e:db:52:a1:58:
                    75:5b:83:30:13:3a:72:ab:be:3d:c7:6a:6a:a0:4a:
                    4c:c5:22:4b:51:67:3e:9e:65:13:aa:af:ee:c2:07:
                    7b:07:c5:71:45:ed:14:c7:3f:f8:ff:b4:9b:a6:ee:
                    24:f7:fc:51:71:8e:9e:ab:df:63:b7:c0:1d:84:eb:
                    f6:e8:ea:36:57:26:78:b8:9e:25:ca:20:89:60:a0:
                    b2:f5:82:3f:07:cb:37:d4:43:ae:6f:1d:37:cb:77:
                    b1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DF:05:CF:EB:2D:13:D9:20:09:ED:1D:55:64:F0:66:0B:88:D1:08
            X509v3 Authority Key Identifier:
                keyid:C6:12:AD:FA:BF:91:5D:F3:31:98:93:58:08:CF:0D:F9:73:8D:CA:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhKt-r-RXfMxmJNYCM8N-XONyoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/d98Fz-stE9kgCe0dVWTwZguI0Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/30ab18-d379-4ac7-a908-81a46f4f6d5a/1/xhKt-r-RXfMxmJNYCM8N-XONyoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:74:ee:19:f3:ba:21:8a:3f:c5:40:91:d8:a7:2b:2d:91:fc:
         be:37:47:df:b8:64:29:28:8d:6b:51:e4:e4:67:a4:9a:23:7f:
         c6:7e:fb:3e:ef:5f:e3:5e:f0:5c:6f:a7:91:20:50:7f:01:82:
         d8:ff:76:f9:fa:e0:c4:84:13:8c:96:f7:43:ea:23:7e:ef:f5:
         13:19:64:79:a5:24:8a:ab:e4:b7:55:c2:e6:a6:43:bb:e8:32:
         90:60:79:8f:92:06:c0:75:2b:db:95:6d:e0:1c:69:7d:da:2c:
         7c:28:fb:a2:fe:ba:60:41:52:73:45:21:38:2e:85:ab:36:a8:
         51:63:8c:34:12:69:bf:29:3f:3c:21:13:1b:41:34:23:30:20:
         e7:90:5f:fe:81:14:f0:05:02:bf:4b:72:51:36:dd:44:68:71:
         25:cc:ea:df:8d:7f:d7:f3:4e:94:29:24:62:f9:56:65:2d:21:
         64:62:c0:b6:c0:ce:d7:3e:d8:e8:a4:cb:6c:59:84:5a:b1:a5:
         60:f7:f3:5c:3b:e2:2a:7b:35:71:2a:df:3d:5e:72:62:3e:71:
         77:d4:28:30:27:d1:5b:74:06:5d:b1:3d:87:10:8a:2e:17:e6:
         0e:78:76:15:1e:86:b5:e1:2a:b6:55:14:70:f7:78:23:29:1a:
         95:56:c1:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3vHsf0ol4eA413bHxz01stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTJhZGZhYmY5MTVkZjMzMTk4OTM1ODA4Y2YwZGY5NzM4
ZGNhODcwHhcNMjQwMjI4MDk0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2RmMDVjZmViMmQxM2Q5MjAwOWVkMWQ1NTY0ZjA2NjBiODhkMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Cq1+85ANjao+GR6/9PL3Z3vFIR
DhNKp+UiRO/YhWCpGbvGaAd38cv5JSbTpJHsHTMVABi+IwBeHgNqg2y+5QYHPPpa
xhAw2aaxXczk3jco+jP8wpuQK/A8GmsYjScuEOWg+ZeOUk4cmKhah3NwKnxS4FXg
QNDTqVeDRsBLHEoMoY91/XsSFEHh80aynlBi/QU/KW2++bAhrqonr0qcPttSoVh1
W4MwEzpyq749x2pqoEpMxSJLUWc+nmUTqq/uwgd7B8VxRe0Uxz/4/7Sbpu4k9/xR
cY6eq99jt8AdhOv26Oo2VyZ4uJ4lyiCJYKCy9YI/B8s31EOubx03y3exVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHffBc/rLRPZIAntHVVk8GYLiNEIMB8GA1UdIwQY
MBaAFMYSrfq/kV3zMZiTWAjPDflzjcqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhLdC1yLVJYZk14bUpOWUNNOE4tWE9OeW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8zMGFiMTgtZDM3OS00YWM3LWE5MDgt
ODFhNDZmNGY2ZDVhLzEvZDk4Rnotc3RFOWtnQ2UwZFZXVHdaZ3VJMFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8zMGFiMTgtZDM3OS00YWM3LWE5MDgtODFhNDZmNGY2ZDVh
LzEveGhLdC1yLVJYZk14bUpOWUNNOE4tWE9OeW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZEDMA0G
CSqGSIb3DQEBCwUAA4IBAQCFdO4Z87ohij/FQJHYpystkfy+N0ffuGQpKI1rUeTk
Z6SaI3/Gfvs+71/jXvBcb6eRIFB/AYLY/3b5+uDEhBOMlvdD6iN+7/UTGWR5pSSK
q+S3VcLmpkO76DKQYHmPkgbAdSvblW3gHGl92ix8KPui/rpgQVJzRSE4LoWrNqhR
Y4w0Emm/KT88IRMbQTQjMCDnkF/+gRTwBQK/S3JRNt1EaHElzOrfjX/X806UKSRi
+VZlLSFkYsC2wM7XPtjopMtsWYRasaVg9/NcO+IqezVxKt89XnJiPnF31CgwJ9Fb
dAZdsT2HEIouF+YOeHYVHoa14Sq2VRRw93gjKRqVVsFF
-----END CERTIFICATE-----