Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/3ay14yWrVBaXv_yQGpsGgQAt_Fw.roa
File:                     3ay14yWrVBaXv_yQGpsGgQAt_Fw.roa (raw, json)
Hash identifier:          1IL/RLchifNJNByByc48TKaVQeVdAdLcRSnyT6aLbNo=
Subject key identifier:   DD:AC:B5:E3:25:AB:54:16:97:BF:FC:90:1A:9B:06:81:00:2D:FC:5C
Certificate issuer:       /CN=924532b4f743cf95cbec18681ba67ac5db854f33
Certificate serial:       019053E94406E3B9DF384EF7FD6B8B473BF1
Authority key identifier: 92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/3ay14yWrVBaXv_yQGpsGgQAt_Fw.roa
Signing time:             Wed 26 Jun 2024 09:38:34 +0000
ROA not before:           Wed 26 Jun 2024 09:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206022
IP address blocks:        185.48.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:e9:44:06:e3:b9:df:38:4e:f7:fd:6b:8b:47:3b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924532b4f743cf95cbec18681ba67ac5db854f33
        Validity
            Not Before: Jun 26 09:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddacb5e325ab541697bffc901a9b0681002dfc5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:da:03:13:21:40:c5:2a:97:8c:7c:a4:be:ac:
                    f9:e4:71:1d:d0:be:da:56:da:85:ca:c1:9f:25:df:
                    7e:75:01:f4:df:43:db:db:5e:78:9a:1d:3b:32:3b:
                    64:bc:0a:1d:4d:7a:33:58:ee:44:40:ad:90:76:49:
                    e2:a4:d8:3f:e6:d1:5c:78:10:28:c6:dd:1a:27:81:
                    e4:9a:12:a8:82:ff:fd:b1:d2:2e:43:c2:62:1e:7d:
                    ab:ee:15:2d:04:95:cf:94:3e:d7:49:2d:5f:52:bf:
                    45:23:10:22:1e:aa:04:94:02:f8:50:b1:77:66:bb:
                    8b:48:e1:16:6d:a0:ee:6c:cd:f8:03:e9:84:50:3d:
                    71:15:a8:cf:24:1d:07:11:4f:48:7d:ab:f4:16:d8:
                    e6:20:84:be:2b:a2:9d:b1:3a:25:a7:60:35:01:90:
                    eb:6d:3e:90:2f:d5:e4:92:14:20:13:bc:e3:c0:56:
                    ff:14:00:cc:b5:da:aa:fe:96:32:9f:a5:d4:b0:e3:
                    66:bd:4e:d0:c3:99:ea:24:87:7f:0e:52:9c:9e:a9:
                    72:65:cd:0c:90:95:7f:5a:7d:2b:a6:12:16:a1:1b:
                    d6:db:30:9f:58:79:1f:48:18:2b:52:67:ee:59:f0:
                    73:b7:89:8a:41:b3:08:14:42:9b:2d:f9:a6:d3:98:
                    6a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AC:B5:E3:25:AB:54:16:97:BF:FC:90:1A:9B:06:81:00:2D:FC:5C
            X509v3 Authority Key Identifier:
                keyid:92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/3ay14yWrVBaXv_yQGpsGgQAt_Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:ff:96:3f:54:78:0c:fb:28:36:88:41:8e:1f:fe:ea:1c:26:
         c8:19:cc:1b:5f:1f:b1:ac:ed:09:7a:4a:46:85:ac:88:51:f2:
         e8:80:34:df:48:36:a8:07:ce:eb:d6:d1:c3:a2:69:36:a2:71:
         ba:17:b0:25:76:5e:38:6b:41:37:59:c9:f2:4f:54:e5:86:07:
         07:b4:fa:1a:a1:80:b5:39:e2:a0:f1:dc:ee:ac:d7:5a:27:fa:
         d0:01:69:21:e3:d2:00:96:66:ef:6d:02:bd:80:6b:ef:9b:97:
         f6:62:dc:bb:6b:d6:32:e8:a8:71:4f:da:32:92:0e:12:40:51:
         24:9c:16:1d:87:3a:b8:ff:6c:05:5e:d6:b1:7d:be:b6:c1:69:
         43:6a:a9:00:88:8d:ca:6a:33:9b:b2:04:df:5e:d7:a2:57:ab:
         6b:d1:5f:e7:7a:78:8b:45:16:81:56:40:88:50:33:26:e4:d6:
         2a:14:72:b6:e8:23:c3:4d:65:94:67:99:f8:00:f5:6a:4c:6b:
         89:57:b0:37:34:65:ed:fe:cd:e3:25:1c:40:c8:95:91:1a:0c:
         99:40:0b:af:77:23:ad:15:00:a1:42:cf:f9:55:be:22:23:4c:
         24:9a:3e:68:a8:48:64:65:95:7f:0e:b1:94:ab:02:8b:ce:d5:
         9c:db:91:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBT6UQG47nfOE73/WuLRzvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDUzMmI0Zjc0M2NmOTVjYmVjMTg2ODFiYTY3YWM1ZGI4
NTRmMzMwHhcNMjQwNjI2MDkzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFjYjVlMzI1YWI1NDE2OTdiZmZjOTAxYTliMDY4MTAwMmRmYzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNoDEyFAxSqXjHykvqz55HEd0L7a
VtqFysGfJd9+dQH030Pb2154mh07MjtkvAodTXozWO5EQK2QdknipNg/5tFceBAo
xt0aJ4HkmhKogv/9sdIuQ8JiHn2r7hUtBJXPlD7XSS1fUr9FIxAiHqoElAL4ULF3
ZruLSOEWbaDubM34A+mEUD1xFajPJB0HEU9Ifav0FtjmIIS+K6KdsTolp2A1AZDr
bT6QL9XkkhQgE7zjwFb/FADMtdqq/pYyn6XUsONmvU7Qw5nqJId/DlKcnqlyZc0M
kJV/Wn0rphIWoRvW2zCfWHkfSBgrUmfuWfBzt4mKQbMIFEKbLfmm05hqkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2steMlq1QWl7/8kBqbBoEALfxcMB8GA1UdIwQY
MBaAFJJFMrT3Q8+Vy+wYaBumesXbhU8zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzIt
MzhlZDcxNTU5OTVjLzEvM2F5MTR5V3JWQmFYdl95UUdwc0dnUUF0X0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzItMzhlZDcxNTU5OTVj
LzEva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTCMMA0G
CSqGSIb3DQEBCwUAA4IBAQAG/5Y/VHgM+yg2iEGOH/7qHCbIGcwbXx+xrO0JekpG
hayIUfLogDTfSDaoB87r1tHDomk2onG6F7Aldl44a0E3WcnyT1TlhgcHtPoaoYC1
OeKg8dzurNdaJ/rQAWkh49IAlmbvbQK9gGvvm5f2Yty7a9Yy6KhxT9oykg4SQFEk
nBYdhzq4/2wFXtaxfb62wWlDaqkAiI3KajObsgTfXteiV6tr0V/neniLRRaBVkCI
UDMm5NYqFHK26CPDTWWUZ5n4APVqTGuJV7A3NGXt/s3jJRxAyJWRGgyZQAuvdyOt
FQChQs/5Vb4iI0wkmj5oqEhkZZV/DrGUqwKLztWc25Gw
-----END CERTIFICATE-----