Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/T3Pi1MlSfK0VXGGV2FkAaWxKF2A.roa
File:                     T3Pi1MlSfK0VXGGV2FkAaWxKF2A.roa (raw, json)
Hash identifier:          13t2156ZnJXZ6rujQzQ4XVSiSzfINzUXZTgtiRIzK3c=
Subject key identifier:   4F:73:E2:D4:C9:52:7C:AD:15:5C:61:95:D8:59:00:69:6C:4A:17:60
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0191D9F48EED87FF8B69E158D4F5DC8D7AF7
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/T3Pi1MlSfK0VXGGV2FkAaWxKF2A.roa
Signing time:             Tue 10 Sep 2024 03:22:48 +0000
ROA not before:           Tue 10 Sep 2024 03:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142578
IP address blocks:        185.207.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d9:f4:8e:ed:87:ff:8b:69:e1:58:d4:f5:dc:8d:7a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Sep 10 03:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f73e2d4c9527cad155c6195d85900696c4a1760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b3:5f:18:74:72:8e:88:c6:80:0b:f7:54:c3:
                    62:d8:48:86:13:10:59:6c:88:41:6f:8f:d1:35:ee:
                    e3:8c:aa:01:5a:00:d7:ef:c8:72:cc:4d:df:b6:6d:
                    01:f0:5d:93:c2:05:25:b9:87:a3:00:49:5e:45:6d:
                    fc:e8:73:82:34:b2:15:cd:a5:59:8b:cd:be:07:82:
                    cc:72:a3:47:9f:9e:d0:67:1e:7c:84:ea:9c:50:eb:
                    9f:10:48:61:96:cd:e7:78:ed:a1:f8:80:f5:88:6a:
                    6d:82:49:31:d1:a0:4d:cf:62:23:f3:93:4c:e6:4e:
                    a6:b7:82:cb:ca:d5:33:27:71:54:1a:02:00:f1:8d:
                    f6:1d:b0:5b:35:74:d5:64:db:52:24:44:7a:51:84:
                    4c:68:77:84:86:5d:9f:11:95:be:82:19:a0:11:c0:
                    7f:52:51:2a:87:91:6c:8f:0a:65:ab:68:ee:fb:fd:
                    9d:fd:2a:57:2c:5e:fe:bf:e5:fd:0e:02:65:61:0e:
                    85:e4:44:8a:02:a1:39:af:17:82:1c:8e:29:88:03:
                    42:b6:b0:4c:44:8b:81:02:d6:c5:8d:a2:3c:67:83:
                    9b:b5:e2:99:1c:03:8f:7c:cd:65:0e:f5:11:af:5c:
                    db:4f:05:76:ad:16:08:06:e7:15:4c:56:1a:3d:47:
                    27:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:73:E2:D4:C9:52:7C:AD:15:5C:61:95:D8:59:00:69:6C:4A:17:60
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/T3Pi1MlSfK0VXGGV2FkAaWxKF2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:92:6f:f8:90:bc:68:c6:58:74:8b:4b:2f:77:c7:a8:95:f3:
         b2:97:c2:cf:3d:4c:87:f3:0d:dc:2c:f1:5d:f3:55:5a:15:a3:
         df:d0:78:13:92:e3:39:1d:e9:7e:a5:69:a3:6e:9b:b3:05:c6:
         65:63:b7:c8:4d:29:32:04:42:86:5e:e7:1f:33:43:80:05:a4:
         e7:b5:d5:c4:ac:27:a8:69:d7:4d:bb:15:8e:87:c7:71:99:50:
         2e:33:26:cf:4c:1d:be:33:8e:ca:c9:95:05:f3:20:9f:97:5e:
         2d:13:04:00:0f:1a:99:5e:25:ee:5c:e6:28:b7:08:8b:ea:b8:
         e7:78:7d:dc:a7:c7:17:40:6c:79:cd:f0:e1:41:5e:94:6f:fe:
         88:93:ce:9d:e4:25:f9:b7:78:da:68:91:89:27:86:ff:e0:82:
         17:0b:c8:2a:57:bb:45:94:7f:81:45:f7:fd:b3:26:8d:5d:76:
         77:74:88:30:93:b6:42:7a:40:aa:11:28:de:a1:43:b9:59:fd:
         ea:06:e5:17:4c:ea:ac:1e:20:29:15:5d:60:c2:f5:c9:16:76:
         ef:93:09:8e:1a:c2:fc:67:07:16:8d:84:ec:f8:26:01:a6:db:
         02:5d:00:76:eb:13:b7:04:50:0b:f6:70:83:83:ae:29:98:16:
         55:cb:f4:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHZ9I7th/+LaeFY1PXcjXr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwOTEwMDMyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjczZTJkNGM5NTI3Y2FkMTU1YzYxOTVkODU5MDA2OTZjNGExNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbNfGHRyjojGgAv3VMNi2EiGExBZ
bIhBb4/RNe7jjKoBWgDX78hyzE3ftm0B8F2TwgUluYejAEleRW386HOCNLIVzaVZ
i82+B4LMcqNHn57QZx58hOqcUOufEEhhls3neO2h+ID1iGptgkkx0aBNz2Ij85NM
5k6mt4LLytUzJ3FUGgIA8Y32HbBbNXTVZNtSJER6UYRMaHeEhl2fEZW+ghmgEcB/
UlEqh5Fsjwplq2ju+/2d/SpXLF7+v+X9DgJlYQ6F5ESKAqE5rxeCHI4piANCtrBM
RIuBAtbFjaI8Z4ObteKZHAOPfM1lDvURr1zbTwV2rRYIBucVTFYaPUcndQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9z4tTJUnytFVxhldhZAGlsShdgMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVDNQaTFNbFNmSzBWWEdHVjJGa0FhV3hLRjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc/EMA0G
CSqGSIb3DQEBCwUAA4IBAQBhkm/4kLxoxlh0i0svd8eolfOyl8LPPUyH8w3cLPFd
81VaFaPf0HgTkuM5Hel+pWmjbpuzBcZlY7fITSkyBEKGXucfM0OABaTntdXErCeo
addNuxWOh8dxmVAuMybPTB2+M47KyZUF8yCfl14tEwQADxqZXiXuXOYotwiL6rjn
eH3cp8cXQGx5zfDhQV6Ub/6Ik86d5CX5t3jaaJGJJ4b/4IIXC8gqV7tFlH+BRff9
syaNXXZ3dIgwk7ZCekCqESjeoUO5Wf3qBuUXTOqsHiApFV1gwvXJFnbvkwmOGsL8
ZwcWjYTs+CYBptsCXQB26xO3BFAL9nCDg64pmBZVy/Sx
-----END CERTIFICATE-----