Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/uG6F5VkUk2a8wE8dCtqypYLxCk4.roa
File:                     uG6F5VkUk2a8wE8dCtqypYLxCk4.roa (raw, json)
Hash identifier:          C5DjvwA/epnlUl4teHftMm16b/xiC1kWavhdPJkEfk8=
Subject key identifier:   B8:6E:85:E5:59:14:93:66:BC:C0:4F:1D:0A:DA:B2:A5:82:F1:0A:4E
Certificate issuer:       /CN=3bad9cd5034f81558f83d238eca406332bd7ba85
Certificate serial:       018CC94E11992E0982FE59C5CE9BB0715E2F
Authority key identifier: 3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/uG6F5VkUk2a8wE8dCtqypYLxCk4.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        185.253.12.0/22 maxlen: 24
                          2a0c:3040::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:11:99:2e:09:82:fe:59:c5:ce:9b:b0:71:5e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bad9cd5034f81558f83d238eca406332bd7ba85
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b86e85e559149366bcc04f1d0adab2a582f10a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:df:6c:1f:2b:9e:53:32:27:a0:b2:69:e8:ee:
                    46:4f:a6:80:74:eb:7e:73:23:83:8c:46:cf:95:a4:
                    c4:9c:53:d0:c3:b8:4d:ca:e0:aa:15:ae:16:1e:3d:
                    31:b6:8b:75:11:8b:73:79:f8:1f:35:1c:e5:21:2a:
                    ea:d2:93:88:21:15:99:91:b3:f7:f9:14:c2:67:29:
                    1c:4e:7e:0c:d0:00:61:ac:8a:b4:9d:e2:6e:bb:ec:
                    04:dd:4f:b1:71:93:c2:f7:04:d2:de:d9:b4:5d:d3:
                    e0:d7:45:87:1f:ae:68:c9:97:d1:96:a8:85:f8:d9:
                    73:ce:96:5c:11:e9:b3:63:41:ec:3c:9c:39:62:bd:
                    e8:e6:e3:30:d6:92:73:74:dc:c1:69:44:c5:20:03:
                    31:fc:37:63:c0:46:cb:a6:2c:c2:4f:f2:22:c0:f0:
                    b8:21:e1:69:12:88:80:82:b3:43:27:e0:31:98:f2:
                    ca:8a:11:fe:b7:06:67:5d:c9:bc:60:75:c4:0a:f2:
                    20:ea:47:6d:a9:7a:8b:a4:e9:a3:8b:ca:99:31:d7:
                    60:98:ef:c1:28:b0:fc:f7:e2:c0:00:0d:60:d8:9b:
                    55:a0:c5:cb:0b:c2:6e:52:cb:39:55:05:97:71:11:
                    21:1c:8a:f7:80:36:a2:0d:b8:45:a9:85:93:62:0a:
                    2e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:6E:85:E5:59:14:93:66:BC:C0:4F:1D:0A:DA:B2:A5:82:F1:0A:4E
            X509v3 Authority Key Identifier:
                keyid:3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/uG6F5VkUk2a8wE8dCtqypYLxCk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.12.0/22
                IPv6:
                  2a0c:3040::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:cd:2c:6b:92:4c:1a:31:11:bb:c1:89:48:56:69:cc:8d:3c:
         e2:24:8d:64:28:a2:79:f7:fb:93:eb:f0:06:65:90:02:83:54:
         a6:c6:53:ed:5c:ca:5a:4d:78:b7:c5:d2:41:0d:50:5d:6e:94:
         b9:d2:9e:77:fb:38:2b:f5:ee:1d:da:50:dd:eb:84:7d:db:7d:
         d6:7d:88:39:e8:a1:2f:18:d0:39:c8:db:8b:56:48:16:7f:e8:
         4d:38:b7:a4:9a:51:de:73:59:72:f3:8e:85:1c:9f:50:b2:71:
         72:a1:09:0c:1b:ad:4b:2d:92:a9:51:a7:60:2e:3c:9f:3e:a6:
         31:96:ae:a7:db:66:7c:1f:45:50:b5:fc:b6:53:31:17:b0:b2:
         e6:59:62:c2:be:ff:da:79:23:e2:c1:1a:b4:88:0c:a0:0b:30:
         fa:ac:36:8c:73:95:91:ec:53:f9:e1:5b:10:93:10:bc:5c:ec:
         bc:5d:a0:41:d9:15:88:85:20:77:18:90:07:63:81:1e:24:28:
         7f:24:70:35:37:da:d4:17:75:99:af:19:a5:2d:23:52:13:f6:
         48:28:ad:4e:f2:03:03:20:02:cd:f7:59:8a:0b:b3:4b:3b:1b:
         53:a1:02:d3:ae:9e:a1:9b:b7:9a:a4:10:5a:f1:07:d6:83:75:
         1d:b4:25:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJThGZLgmC/lnFzpuwcV4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYWQ5Y2Q1MDM0ZjgxNTU4ZjgzZDIzOGVjYTQwNjMzMmJk
N2JhODUwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODZlODVlNTU5MTQ5MzY2YmNjMDRmMWQwYWRhYjJhNTgyZjEwYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN9sHyueUzInoLJp6O5GT6aAdOt+
cyODjEbPlaTEnFPQw7hNyuCqFa4WHj0xtot1EYtzefgfNRzlISrq0pOIIRWZkbP3
+RTCZykcTn4M0ABhrIq0neJuu+wE3U+xcZPC9wTS3tm0XdPg10WHH65oyZfRlqiF
+NlzzpZcEemzY0HsPJw5Yr3o5uMw1pJzdNzBaUTFIAMx/DdjwEbLpizCT/IiwPC4
IeFpEoiAgrNDJ+AxmPLKihH+twZnXcm8YHXECvIg6kdtqXqLpOmji8qZMddgmO/B
KLD89+LAAA1g2JtVoMXLC8JuUss5VQWXcREhHIr3gDaiDbhFqYWTYgounQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLhuheVZFJNmvMBPHQrasqWC8QpOMB8GA1UdIwQY
MBaAFDutnNUDT4FVj4PSOOykBjMr17qFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgt
NGJhNWYyMDZmNjVhLzEvdUc2RjVWa1VrMmE4d0U4ZEN0cXlwWUx4Q2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgtNGJhNWYyMDZmNjVh
LzEvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf0MMA0E
AgACMAcDBQMqDDBAMA0GCSqGSIb3DQEBCwUAA4IBAQAizSxrkkwaMRG7wYlIVmnM
jTziJI1kKKJ59/uT6/AGZZACg1SmxlPtXMpaTXi3xdJBDVBdbpS50p53+zgr9e4d
2lDd64R9233WfYg56KEvGNA5yNuLVkgWf+hNOLekmlHec1ly846FHJ9QsnFyoQkM
G61LLZKpUadgLjyfPqYxlq6n22Z8H0VQtfy2UzEXsLLmWWLCvv/aeSPiwRq0iAyg
CzD6rDaMc5WR7FP54VsQkxC8XOy8XaBB2RWIhSB3GJAHY4EeJCh/JHA1N9rUF3WZ
rxmlLSNSE/ZIKK1O8gMDIALN91mKC7NLOxtToQLTrp6hm7eapBBa8QfWg3UdtCU5
-----END CERTIFICATE-----