Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/3rq-Z-bG_yL5D3y9IUrKbsyzuz0.roa
File:                     3rq-Z-bG_yL5D3y9IUrKbsyzuz0.roa (raw, json)
Hash identifier:          SatCsKYgmw8h5NBfpZH83IULi0d2QVpcAt7GuVGni8c=
Subject key identifier:   DE:BA:BE:67:E6:C6:FF:22:F9:0F:7C:BD:21:4A:CA:6E:CC:B3:BB:3D
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CED460EFF0F54E27119E1568EC47C97A1
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/3rq-Z-bG_yL5D3y9IUrKbsyzuz0.roa
Signing time:             Tue 09 Jan 2024 08:10:40 +0000
ROA not before:           Tue 09 Jan 2024 08:10:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18464
IP address blocks:        178.173.224.0/19 maxlen: 24
                          2001:16c0:16c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:46:0e:ff:0f:54:e2:71:19:e1:56:8e:c4:7c:97:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  9 08:10:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=debabe67e6c6ff22f90f7cbd214aca6eccb3bb3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d5:67:c5:40:6c:eb:c5:32:9c:47:a5:7a:9c:
                    a3:fa:79:35:61:89:1b:de:dd:1e:54:26:a4:68:1c:
                    de:a9:f8:9a:dd:6f:e1:b1:a1:0f:42:98:a4:4b:1a:
                    93:01:dd:35:2a:75:02:59:0e:40:44:56:63:e0:7e:
                    49:f3:c6:58:b4:e3:8e:d0:25:f1:9d:fa:d7:54:a8:
                    25:ad:f1:e5:bc:1d:90:6d:d0:8b:86:5c:ab:d7:4a:
                    c6:c0:86:ef:ae:bc:9d:9d:88:d6:3c:21:16:ae:a0:
                    ad:e4:93:e1:b8:b7:22:91:4f:bf:36:ba:46:4d:6a:
                    41:aa:a1:4d:80:36:41:ff:10:a0:e0:b4:4d:53:5e:
                    85:47:0a:5f:9b:63:67:a3:41:c3:bc:59:cb:bd:b6:
                    48:27:9a:3b:4b:88:12:70:45:60:e5:d0:47:20:3a:
                    bd:f8:da:3a:4a:59:d5:74:ca:72:d4:8b:ce:f0:d1:
                    5d:2f:e3:7a:8b:b6:1f:6f:77:15:39:33:96:da:c2:
                    89:b5:87:b1:99:8d:eb:44:6a:fb:ab:9a:9d:60:19:
                    ac:59:b6:98:64:b5:24:bf:06:fb:c6:af:50:c2:75:
                    05:dd:1b:c7:b7:27:6b:12:79:5a:ef:c2:28:80:76:
                    6e:a6:2c:f3:57:74:9f:8a:ba:2d:7f:bb:f5:2b:33:
                    94:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BA:BE:67:E6:C6:FF:22:F9:0F:7C:BD:21:4A:CA:6E:CC:B3:BB:3D
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/3rq-Z-bG_yL5D3y9IUrKbsyzuz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.173.224.0/19
                IPv6:
                  2001:16c0:16c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:b9:60:3f:bd:39:a0:9b:cc:a2:93:5b:40:43:f8:7e:b2:1d:
         58:35:bb:81:46:d5:8e:6c:37:ea:e3:94:61:b9:19:cc:b8:73:
         e2:de:32:b5:91:1b:fe:c4:e1:bb:ab:4a:1c:58:a1:a1:60:1d:
         44:b4:3a:02:2e:33:5c:3f:20:20:35:2e:64:18:f4:31:2b:0e:
         62:d4:d9:a7:31:1b:f1:ed:e3:81:21:79:c7:85:f7:7a:36:0c:
         e7:22:ab:b3:c3:a2:d4:21:6c:ab:d5:d3:81:2b:56:ff:6a:4b:
         cb:d1:f8:a7:d9:28:05:54:53:d4:ce:97:a1:d3:a1:6f:19:61:
         8c:30:82:c9:53:45:e2:d8:a6:07:66:58:6a:68:1b:18:fd:ec:
         b8:af:6d:dd:e3:6f:6a:90:1e:97:9f:45:20:73:b4:ef:30:b8:
         72:66:8f:1f:be:fb:48:fc:3a:b8:6f:bf:73:ef:6c:39:f5:0a:
         b1:2c:26:0b:10:f6:b7:c8:2c:1f:43:57:d1:40:7e:18:1e:d6:
         ca:dd:da:f9:5a:a4:1d:e6:e2:56:0e:57:c7:c1:a0:48:a8:c4:
         59:48:39:da:7c:8b:b9:09:ae:87:9d:b3:81:cb:68:3c:80:7f:
         f0:22:1b:57:e2:a9:77:f4:5f:b8:f9:e5:fa:21:2f:83:40:f0:
         e2:68:1f:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYztRg7/D1TicRnhVo7EfJehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTA5MDgxMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJhYmU2N2U2YzZmZjIyZjkwZjdjYmQyMTRhY2E2ZWNjYjNiYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9VnxUBs68UynEelepyj+nk1YYkb
3t0eVCakaBzeqfia3W/hsaEPQpikSxqTAd01KnUCWQ5ARFZj4H5J88ZYtOOO0CXx
nfrXVKglrfHlvB2QbdCLhlyr10rGwIbvrrydnYjWPCEWrqCt5JPhuLcikU+/NrpG
TWpBqqFNgDZB/xCg4LRNU16FRwpfm2Nno0HDvFnLvbZIJ5o7S4gScEVg5dBHIDq9
+No6SlnVdMpy1IvO8NFdL+N6i7Yfb3cVOTOW2sKJtYexmY3rRGr7q5qdYBmsWbaY
ZLUkvwb7xq9QwnUF3RvHtydrEnla78IogHZupizzV3Sfirotf7v1KzOUKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN66vmfmxv8i+Q98vSFKym7Ms7s9MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvM3JxLVotYkdfeUw1RDN5OUlVcktic3l6dXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQFsq3gMA8E
AgACMAkDBwAgARbAFsAwDQYJKoZIhvcNAQELBQADggEBAJ65YD+9OaCbzKKTW0BD
+H6yHVg1u4FG1Y5sN+rjlGG5Gcy4c+LeMrWRG/7E4burShxYoaFgHUS0OgIuM1w/
ICA1LmQY9DErDmLU2acxG/Ht44EheceF93o2DOciq7PDotQhbKvV04ErVv9qS8vR
+KfZKAVUU9TOl6HToW8ZYYwwgslTReLYpgdmWGpoGxj97Livbd3jb2qQHpefRSBz
tO8wuHJmjx+++0j8Orhvv3PvbDn1CrEsJgsQ9rfILB9DV9FAfhge1srd2vlapB3m
4lYOV8fBoEioxFlIOdp8i7kJroeds4HLaDyAf/AiG1fiqXf0X7j55fohL4NA8OJo
Hy8=
-----END CERTIFICATE-----