Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/3YB2Zlq6cQGL_zvdlsW5o8Obass.roa
File:                     3YB2Zlq6cQGL_zvdlsW5o8Obass.roa (raw, json)
Hash identifier:          P9rzBe/z0wojX8Dyh55Aa+TPSh7ayxbyBOt6o93lnxE=
Subject key identifier:   DD:80:76:66:5A:BA:71:01:8B:FF:3B:DD:96:C5:B9:A3:C3:9B:6A:CB
Certificate issuer:       /CN=ffdd76d973a2836e201526879f40ae3b65f564f4
Certificate serial:       018CC7933918A99F534E343E55B509EE8B29
Authority key identifier: FF:DD:76:D9:73:A2:83:6E:20:15:26:87:9F:40:AE:3B:65:F5:64:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9122XOig24gFSaHn0CuO2X1ZPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/3YB2Zlq6cQGL_zvdlsW5o8Obass.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62117
IP address blocks:        185.46.236.0/24 maxlen: 24
                          185.46.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/_9122XOig24gFSaHn0CuO2X1ZPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/_9122XOig24gFSaHn0CuO2X1ZPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9122XOig24gFSaHn0CuO2X1ZPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:39:18:a9:9f:53:4e:34:3e:55:b5:09:ee:8b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdd76d973a2836e201526879f40ae3b65f564f4
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd8076665aba71018bff3bdd96c5b9a3c39b6acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ff:1f:d4:d5:9d:1b:9a:71:30:18:6a:e0:ba:
                    c9:a9:9a:66:c3:b9:1a:19:05:33:e3:43:4c:a0:cb:
                    e2:4d:41:f0:1c:3c:fe:8e:61:45:15:b8:f0:4a:f2:
                    46:86:9c:c6:4a:d2:d7:90:c4:a5:fd:34:13:a1:cc:
                    53:b5:fe:37:15:bb:24:a6:d9:5e:bf:1c:18:10:2f:
                    b2:5b:ec:fc:d4:df:23:3c:16:11:e5:1f:54:c5:45:
                    6a:a0:7b:af:2d:32:d8:8d:98:18:c5:76:7f:63:1e:
                    35:d7:cc:4c:6f:1f:9f:3a:21:80:15:ce:55:8d:26:
                    15:ce:0f:ff:c4:7f:ab:d9:28:fd:38:f5:eb:74:99:
                    8c:72:20:9a:d3:2a:5a:9b:a0:8b:5c:b1:25:d3:4b:
                    52:af:25:fd:5c:05:f4:ea:3b:e1:68:18:5b:2d:c8:
                    35:f6:f4:13:cf:4b:77:a5:74:4d:5f:bf:26:b2:29:
                    9c:c3:ed:f0:c7:7e:c7:61:0d:42:0e:f8:12:ce:d5:
                    c9:f3:03:59:8f:63:93:22:3e:8b:39:07:8a:a0:47:
                    e9:2c:b1:80:e4:68:79:a5:ac:08:1c:b0:58:cc:68:
                    e8:e3:05:5a:8b:b9:07:61:d8:f4:9d:f4:82:f5:a5:
                    d1:5c:6a:45:3a:5a:16:05:7b:49:5e:46:a9:35:5e:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:80:76:66:5A:BA:71:01:8B:FF:3B:DD:96:C5:B9:A3:C3:9B:6A:CB
            X509v3 Authority Key Identifier:
                keyid:FF:DD:76:D9:73:A2:83:6E:20:15:26:87:9F:40:AE:3B:65:F5:64:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9122XOig24gFSaHn0CuO2X1ZPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/3YB2Zlq6cQGL_zvdlsW5o8Obass.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5a5b74-cab9-4220-b45e-87e8cbd80b4e/1/_9122XOig24gFSaHn0CuO2X1ZPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:a5:21:d4:c8:23:5f:b2:ee:ce:fa:63:0a:43:83:ca:af:00:
         92:4d:af:53:96:c4:43:67:6f:bf:34:2f:8b:59:54:ab:8d:f3:
         17:a1:17:3b:78:c3:3b:09:74:fe:49:85:cd:01:e2:1f:07:4c:
         a2:35:72:1b:de:16:3b:5d:dd:30:10:5b:ae:df:3b:18:c9:31:
         4c:48:49:3d:74:e6:a9:7f:6a:2d:79:ca:74:7d:3f:aa:a4:22:
         f4:fb:50:29:df:85:5f:14:04:3e:aa:91:1d:4a:1b:29:41:6b:
         b8:7e:9a:91:9f:dc:52:ca:01:28:a2:09:3c:70:57:b5:7e:8c:
         18:97:5e:50:5a:7f:64:a1:33:cd:ec:09:76:70:c0:f0:cc:36:
         9a:5b:66:eb:9f:e2:ac:b8:28:c3:0c:0e:ee:db:9e:26:79:39:
         7c:3c:cd:5b:69:24:46:20:2a:a1:5e:21:cd:31:a5:f6:e4:cd:
         5b:67:18:47:ce:53:bd:ce:83:d1:65:82:99:4f:2b:8e:b1:37:
         ef:19:c7:a3:d0:e1:2d:5e:5e:cf:6e:e6:09:c4:99:74:ec:66:
         0e:1d:e1:85:a7:ff:84:58:a9:64:8f:02:3a:d1:89:ac:8a:41:
         e7:23:eb:39:31:7a:07:4b:05:8b:86:84:cf:de:24:2c:f7:11:
         d1:9d:d0:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzkYqZ9TTjQ+VbUJ7ospMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGQ3NmQ5NzNhMjgzNmUyMDE1MjY4NzlmNDBhZTNiNjVm
NTY0ZjQwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDgwNzY2NjVhYmE3MTAxOGJmZjNiZGQ5NmM1YjlhM2MzOWI2YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/8f1NWdG5pxMBhq4LrJqZpmw7ka
GQUz40NMoMviTUHwHDz+jmFFFbjwSvJGhpzGStLXkMSl/TQTocxTtf43Fbskptle
vxwYEC+yW+z81N8jPBYR5R9UxUVqoHuvLTLYjZgYxXZ/Yx4118xMbx+fOiGAFc5V
jSYVzg//xH+r2Sj9OPXrdJmMciCa0ypam6CLXLEl00tSryX9XAX06jvhaBhbLcg1
9vQTz0t3pXRNX78msimcw+3wx37HYQ1CDvgSztXJ8wNZj2OTIj6LOQeKoEfpLLGA
5Gh5pawIHLBYzGjo4wVai7kHYdj0nfSC9aXRXGpFOloWBXtJXkapNV71BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2AdmZaunEBi/873ZbFuaPDm2rLMB8GA1UdIwQY
MBaAFP/ddtlzooNuIBUmh59Arjtl9WT0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzkxMjJYT2lnMjRnRlNhSG4wQ3VPMlgxWlBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi81YTViNzQtY2FiOS00MjIwLWI0NWUt
ODdlOGNiZDgwYjRlLzEvM1lCMlpscTZjUUdMX3p2ZGxzVzVvOE9iYXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi81YTViNzQtY2FiOS00MjIwLWI0NWUtODdlOGNiZDgwYjRl
LzEvXzkxMjJYT2lnMjRnRlNhSG4wQ3VPMlgxWlBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS7sMA0G
CSqGSIb3DQEBCwUAA4IBAQB8pSHUyCNfsu7O+mMKQ4PKrwCSTa9TlsRDZ2+/NC+L
WVSrjfMXoRc7eMM7CXT+SYXNAeIfB0yiNXIb3hY7Xd0wEFuu3zsYyTFMSEk9dOap
f2otecp0fT+qpCL0+1Ap34VfFAQ+qpEdShspQWu4fpqRn9xSygEoogk8cFe1fowY
l15QWn9koTPN7Al2cMDwzDaaW2brn+KsuCjDDA7u254meTl8PM1baSRGICqhXiHN
MaX25M1bZxhHzlO9zoPRZYKZTyuOsTfvGcej0OEtXl7PbuYJxJl07GYOHeGFp/+E
WKlkjwI60YmsikHnI+s5MXoHSwWLhoTP3iQs9xHRndB0
-----END CERTIFICATE-----