Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/tOqG3PPhm3VxhvggOx6KD69EYVU.roa
File:                     tOqG3PPhm3VxhvggOx6KD69EYVU.roa (raw, json)
Hash identifier:          OuOopVvVcSJwcL3SshPDKYQlBiWnsEOYVFi1YnY2GaM=
Subject key identifier:   B4:EA:86:DC:F3:E1:9B:75:71:86:F8:20:3B:1E:8A:0F:AF:44:61:55
Certificate issuer:       /CN=237b2b50bf0c18a531e6db15667be7ed76bb2821
Certificate serial:       018CC26D39488908E3F3D810A04D7DE0DF59
Authority key identifier: 23:7B:2B:50:BF:0C:18:A5:31:E6:DB:15:66:7B:E7:ED:76:BB:28:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3srUL8MGKUx5tsVZnvn7Xa7KCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/tOqG3PPhm3VxhvggOx6KD69EYVU.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60169
IP address blocks:        185.39.20.0/22 maxlen: 22
                          2a04:6100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/I3srUL8MGKUx5tsVZnvn7Xa7KCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/I3srUL8MGKUx5tsVZnvn7Xa7KCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3srUL8MGKUx5tsVZnvn7Xa7KCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:39:48:89:08:e3:f3:d8:10:a0:4d:7d:e0:df:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237b2b50bf0c18a531e6db15667be7ed76bb2821
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4ea86dcf3e19b757186f8203b1e8a0faf446155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:da:0d:af:97:4b:e5:cb:b0:df:76:a6:ef:45:
                    c7:cd:8c:06:32:51:cd:44:c2:2a:c2:6a:bc:a9:74:
                    32:60:44:af:ae:5b:75:8f:aa:93:e7:a5:b4:41:a7:
                    c2:88:87:91:66:d7:8a:a8:db:79:00:b9:39:43:d5:
                    7c:1b:28:d2:c9:65:2a:b0:51:e9:96:b3:c1:94:73:
                    ef:35:10:11:ff:fb:75:f9:75:21:27:64:24:40:76:
                    14:cf:08:de:2f:37:68:30:48:3d:df:b5:e4:90:5e:
                    69:5a:5f:65:b1:3f:fb:37:50:17:59:e7:5d:e2:ad:
                    f8:bd:cb:eb:05:8c:fc:29:fc:bd:b4:af:bb:95:f8:
                    7e:17:cd:03:4e:04:b9:51:e8:35:ba:75:19:81:a3:
                    69:e1:2f:3d:ae:12:0c:98:ae:ae:54:45:ce:c4:8a:
                    ff:47:28:e8:9e:df:28:f8:30:87:fb:cd:5a:d1:d8:
                    5e:4b:45:ae:c7:5e:ac:d6:f7:b7:bc:ba:9f:61:c9:
                    56:42:01:0e:d0:0d:d4:91:b6:a4:b6:64:a9:59:d1:
                    e7:db:a2:43:0e:fa:fb:42:fe:13:ce:db:c0:1b:e4:
                    55:8f:09:a9:0b:77:fe:fe:13:65:73:57:d5:57:08:
                    8d:e3:8f:af:d3:83:3e:e7:76:92:d9:62:bc:cc:87:
                    1b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EA:86:DC:F3:E1:9B:75:71:86:F8:20:3B:1E:8A:0F:AF:44:61:55
            X509v3 Authority Key Identifier:
                keyid:23:7B:2B:50:BF:0C:18:A5:31:E6:DB:15:66:7B:E7:ED:76:BB:28:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3srUL8MGKUx5tsVZnvn7Xa7KCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/tOqG3PPhm3VxhvggOx6KD69EYVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/3d6d51-3d57-43a8-b67f-b615df7fce9e/1/I3srUL8MGKUx5tsVZnvn7Xa7KCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.20.0/22
                IPv6:
                  2a04:6100::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:dd:87:b7:fa:7a:f0:61:fb:97:fa:3e:1f:68:71:df:9e:fa:
         bc:bf:d0:d3:5f:dd:69:98:33:cf:71:57:98:96:37:ac:7e:a2:
         f3:73:c0:06:37:24:cf:de:4d:16:87:cc:69:72:2f:fa:b7:1f:
         29:8a:1b:a1:1c:55:3d:92:f1:f0:c1:86:b4:a1:d9:8b:67:5b:
         2c:1f:06:ae:4a:48:5c:29:7f:90:c4:19:8b:f8:1b:3c:66:a0:
         02:e0:ac:63:49:1a:1e:e5:08:c5:45:62:cb:d3:a7:9e:11:7c:
         bc:8a:a4:7a:e2:9c:eb:b5:54:ab:be:05:2a:d6:5f:63:ce:a3:
         bf:88:31:32:83:14:e2:ab:36:1b:aa:c0:c2:f8:2f:31:a4:e5:
         e2:85:11:94:14:c7:10:9f:3f:f9:df:98:90:62:d7:87:70:aa:
         51:6b:77:7c:ff:2f:28:b5:43:93:97:f7:d9:32:d1:c2:98:74:
         48:08:cd:6d:8f:f6:4b:e4:18:18:b7:97:7f:f2:9f:f5:71:30:
         db:30:25:d8:d4:47:68:b4:77:ad:b0:f0:37:a4:af:4a:e2:d4:
         9d:15:b3:7a:34:1c:48:36:99:d2:81:bc:04:71:8f:b1:9a:f3:
         ae:3a:cd:89:b2:1c:df:f2:85:c5:0e:43:b6:c7:d5:99:f5:67:
         58:db:8b:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbTlIiQjj89gQoE194N9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzN2IyYjUwYmYwYzE4YTUzMWU2ZGIxNTY2N2JlN2VkNzZi
YjI4MjEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVhODZkY2YzZTE5Yjc1NzE4NmY4MjAzYjFlOGEwZmFmNDQ2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtoNr5dL5cuw33am70XHzYwGMlHN
RMIqwmq8qXQyYESvrlt1j6qT56W0QafCiIeRZteKqNt5ALk5Q9V8GyjSyWUqsFHp
lrPBlHPvNRAR//t1+XUhJ2QkQHYUzwjeLzdoMEg937XkkF5pWl9lsT/7N1AXWedd
4q34vcvrBYz8Kfy9tK+7lfh+F80DTgS5Ueg1unUZgaNp4S89rhIMmK6uVEXOxIr/
Ryjont8o+DCH+81a0dheS0Wux16s1ve3vLqfYclWQgEO0A3UkbaktmSpWdHn26JD
Dvr7Qv4TztvAG+RVjwmpC3f+/hNlc1fVVwiN44+v04M+53aS2WK8zIcbEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLTqhtzz4Zt1cYb4IDseig+vRGFVMB8GA1UdIwQY
MBaAFCN7K1C/DBilMebbFWZ75+12uyghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNzclVMOE1HS1V4NXRzVlpudm43WGE3S0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8zZDZkNTEtM2Q1Ny00M2E4LWI2N2Yt
YjYxNWRmN2ZjZTllLzEvdE9xRzNQUGhtM1Z4aHZnZ094NktENjlFWVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8zZDZkNTEtM2Q1Ny00M2E4LWI2N2YtYjYxNWRmN2ZjZTll
LzEvSTNzclVMOE1HS1V4NXRzVlpudm43WGE3S0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuScUMA0E
AgACMAcDBQMqBGEAMA0GCSqGSIb3DQEBCwUAA4IBAQA73Ye3+nrwYfuX+j4faHHf
nvq8v9DTX91pmDPPcVeYljesfqLzc8AGNyTP3k0Wh8xpci/6tx8pihuhHFU9kvHw
wYa0odmLZ1ssHwauSkhcKX+QxBmL+Bs8ZqAC4KxjSRoe5QjFRWLL06eeEXy8iqR6
4pzrtVSrvgUq1l9jzqO/iDEygxTiqzYbqsDC+C8xpOXihRGUFMcQnz/535iQYteH
cKpRa3d8/y8otUOTl/fZMtHCmHRICM1tj/ZL5BgYt5d/8p/1cTDbMCXY1EdotHet
sPA3pK9K4tSdFbN6NBxINpnSgbwEcY+xmvOuOs2Jshzf8oXFDkO2x9WZ9WdY24tP
-----END CERTIFICATE-----