Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/m3M_ZCdx03NW3ih_yIhDNNO07YY.roa
File:                     m3M_ZCdx03NW3ih_yIhDNNO07YY.roa (raw, json)
Hash identifier:          x66//OUFf74RCZsqLN/2nfdt78/qKkIDrjnlBsGWlII=
Subject key identifier:   9B:73:3F:64:27:71:D3:73:56:DE:28:7F:C8:88:43:34:D3:B4:ED:86
Certificate issuer:       /CN=7da49a9aef2184ec0bb6ef0fde901c5b2841ba64
Certificate serial:       018CC4255F04AFC5182BAA0BAC51DE1272A9
Authority key identifier: 7D:A4:9A:9A:EF:21:84:EC:0B:B6:EF:0F:DE:90:1C:5B:28:41:BA:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/m3M_ZCdx03NW3ih_yIhDNNO07YY.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206771
IP address blocks:        185.171.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:04:af:c5:18:2b:aa:0b:ac:51:de:12:72:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da49a9aef2184ec0bb6ef0fde901c5b2841ba64
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b733f642771d37356de287fc8884334d3b4ed86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6c:8b:37:c0:a2:ea:93:c2:24:91:94:58:52:
                    37:aa:6c:35:d4:c7:39:e6:b9:7c:43:c4:2a:7b:3b:
                    f8:ef:4f:c1:fc:38:4e:1e:26:10:98:9b:cd:b1:73:
                    ab:8c:1e:33:ab:aa:bf:71:9b:d0:d4:f7:b4:7c:18:
                    87:06:3d:1f:df:47:a3:65:12:86:ce:23:5c:1a:8e:
                    d0:1d:4a:d0:f5:b4:28:f8:be:f5:0c:da:6b:f6:f9:
                    92:ba:e5:10:9c:97:18:6b:fa:91:6d:56:24:14:af:
                    01:90:35:1e:d6:83:6a:de:bd:b7:43:91:93:46:ca:
                    bf:2e:3a:d7:00:94:61:72:d4:28:56:0f:52:8a:4d:
                    a1:0d:7b:ac:3b:86:e4:9b:09:ce:45:4a:b1:da:1f:
                    6c:73:0c:aa:9e:af:3d:dd:15:cf:cb:36:ef:01:2f:
                    a2:35:2e:9e:e9:26:f0:29:6a:b7:b3:bc:a3:ce:e8:
                    24:98:a7:33:7e:e2:c9:60:09:19:52:07:b4:1f:14:
                    d8:7c:07:9e:71:6b:23:ac:60:27:b9:37:d2:0f:62:
                    b0:32:1c:da:30:a4:fb:c3:57:06:97:5d:d5:1d:b0:
                    f7:05:4e:22:a9:88:f2:a8:20:e3:e8:4c:93:ad:35:
                    52:76:5c:b3:69:44:4f:4a:1c:b6:52:de:a7:3a:11:
                    75:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:73:3F:64:27:71:D3:73:56:DE:28:7F:C8:88:43:34:D3:B4:ED:86
            X509v3 Authority Key Identifier:
                keyid:7D:A4:9A:9A:EF:21:84:EC:0B:B6:EF:0F:DE:90:1C:5B:28:41:BA:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faSamu8hhOwLtu8P3pAcWyhBumQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/m3M_ZCdx03NW3ih_yIhDNNO07YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ff0742-7313-4e94-9618-63a1ce33307f/1/faSamu8hhOwLtu8P3pAcWyhBumQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:6d:ae:c0:f5:d4:ed:8e:13:a3:10:fe:fa:02:db:0f:d0:c5:
         8f:94:3b:c4:1d:b2:9a:bb:9c:75:4c:2c:0c:81:a6:db:10:0e:
         1f:87:5e:20:e2:9c:a6:8a:ec:c0:9b:c2:16:a6:b2:34:9a:8a:
         7f:d8:6b:dd:ad:54:c4:bd:d4:56:be:f9:06:3a:a8:3d:bc:73:
         f8:b1:b0:99:39:0c:7c:1f:d0:58:97:87:96:ec:a9:e9:4c:4b:
         9a:b8:7e:2a:1e:a7:40:7b:53:16:06:85:41:9e:96:09:6e:62:
         5f:02:57:a7:db:0d:82:67:2f:53:a4:3b:e7:d8:16:05:5c:db:
         a8:34:48:c9:16:d7:1c:61:89:66:b5:8f:42:09:43:a4:83:14:
         99:b1:e8:50:bf:1f:36:73:09:67:e6:4b:2d:e4:90:9b:40:f4:
         ed:78:0a:93:87:04:66:8b:a8:23:7a:9f:0e:d5:dd:4a:7c:79:
         1a:8d:04:27:e8:5f:1b:c6:5b:11:cb:ab:69:97:dd:96:6f:d3:
         c2:32:1a:db:cf:0a:8b:a4:ae:aa:b6:7b:3b:74:f8:e1:5a:56:
         18:02:c9:08:c5:29:78:9e:06:37:15:3d:d3:83:dd:34:68:d4:
         d6:d7:e9:d8:4f:03:cb:61:f5:fa:91:c2:9f:f7:a9:82:67:8b:
         fc:61:d3:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV8Er8UYK6oLrFHeEnKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTQ5YTlhZWYyMTg0ZWMwYmI2ZWYwZmRlOTAxYzViMjg0
MWJhNjQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjczM2Y2NDI3NzFkMzczNTZkZTI4N2ZjODg4NDMzNGQzYjRlZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmyLN8Ci6pPCJJGUWFI3qmw11Mc5
5rl8Q8Qqezv470/B/DhOHiYQmJvNsXOrjB4zq6q/cZvQ1Pe0fBiHBj0f30ejZRKG
ziNcGo7QHUrQ9bQo+L71DNpr9vmSuuUQnJcYa/qRbVYkFK8BkDUe1oNq3r23Q5GT
Rsq/LjrXAJRhctQoVg9Sik2hDXusO4bkmwnORUqx2h9scwyqnq893RXPyzbvAS+i
NS6e6SbwKWq3s7yjzugkmKczfuLJYAkZUge0HxTYfAeecWsjrGAnuTfSD2KwMhza
MKT7w1cGl13VHbD3BU4iqYjyqCDj6EyTrTVSdlyzaURPShy2Ut6nOhF1jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtzP2QncdNzVt4of8iIQzTTtO2GMB8GA1UdIwQY
MBaAFH2kmprvIYTsC7bvD96QHFsoQbpkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFTYW11OGhoT3dMdHU4UDNwQWNXeWhCdW1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mZjA3NDItNzMxMy00ZTk0LTk2MTgt
NjNhMWNlMzMzMDdmLzEvbTNNX1pDZHgwM05XM2loX3lJaEROTk8wN1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mZjA3NDItNzMxMy00ZTk0LTk2MTgtNjNhMWNlMzMzMDdm
LzEvZmFTYW11OGhoT3dMdHU4UDNwQWNXeWhCdW1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuat0MA0G
CSqGSIb3DQEBCwUAA4IBAQARba7A9dTtjhOjEP76AtsP0MWPlDvEHbKau5x1TCwM
gabbEA4fh14g4pymiuzAm8IWprI0mop/2GvdrVTEvdRWvvkGOqg9vHP4sbCZOQx8
H9BYl4eW7KnpTEuauH4qHqdAe1MWBoVBnpYJbmJfAlen2w2CZy9TpDvn2BYFXNuo
NEjJFtccYYlmtY9CCUOkgxSZsehQvx82cwln5kst5JCbQPTteAqThwRmi6gjep8O
1d1KfHkajQQn6F8bxlsRy6tpl92Wb9PCMhrbzwqLpK6qtns7dPjhWlYYAskIxSl4
ngY3FT3Tg900aNTW1+nYTwPLYfX6kcKf96mCZ4v8YdOB
-----END CERTIFICATE-----