Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/P282KdJjrJRoRvZlv7UKmfi9bAQ.roa
File:                     P282KdJjrJRoRvZlv7UKmfi9bAQ.roa (raw, json)
Hash identifier:          VUmWleUetItQ7VcTx29wOa9Y8QfiyvAZmIbTzxwaD5c=
Subject key identifier:   3F:6F:36:29:D2:63:AC:94:68:46:F6:65:BF:B5:0A:99:F8:BD:6C:04
Certificate issuer:       /CN=e9b2d146e58663316fd16d3346b5e623fee8eb6a
Certificate serial:       018CC801CEA149AA20B6C94F64066F94B300
Authority key identifier: E9:B2:D1:46:E5:86:63:31:6F:D1:6D:33:46:B5:E6:23:FE:E8:EB:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/P282KdJjrJRoRvZlv7UKmfi9bAQ.roa
Signing time:             Tue 02 Jan 2024 02:30:10 +0000
ROA not before:           Tue 02 Jan 2024 02:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57307
IP address blocks:        185.100.148.0/22 maxlen: 24
                          188.227.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ce:a1:49:aa:20:b6:c9:4f:64:06:6f:94:b3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b2d146e58663316fd16d3346b5e623fee8eb6a
        Validity
            Not Before: Jan  2 02:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f6f3629d263ac946846f665bfb50a99f8bd6c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fe:82:4b:03:0d:25:a3:02:6c:52:77:78:3b:
                    7f:ba:26:59:36:50:bd:e5:ef:a7:85:ca:4d:d7:26:
                    1c:da:a7:a4:53:df:8e:45:9e:b9:6e:4d:22:4b:79:
                    fb:b1:69:fa:d8:65:90:96:14:83:72:88:3e:77:b9:
                    45:17:18:2a:bf:76:f4:ab:71:d8:f1:b1:c6:28:b6:
                    a4:80:bf:fa:7a:88:fa:92:5f:b2:45:d7:22:7a:e6:
                    4a:3b:ad:cd:16:9c:e6:6e:b5:27:a9:2b:9c:25:9f:
                    76:2c:ca:71:be:61:80:d5:74:b1:a6:7e:74:c5:e0:
                    73:cd:a0:c9:58:b6:2c:c2:61:a8:25:71:0a:18:15:
                    ce:05:29:ac:e1:45:21:4f:9e:47:1e:06:7b:7b:2c:
                    eb:6e:d1:59:37:c7:d2:a3:df:3d:12:12:4a:e3:6d:
                    70:85:84:11:fa:db:68:b4:8f:36:3a:2f:81:5b:e2:
                    fa:85:76:aa:07:3b:d8:1e:8c:97:f3:a8:e8:59:9b:
                    a8:27:66:15:73:3d:7d:18:2d:e5:7f:c5:d1:7c:3c:
                    b3:8a:3a:ea:3f:44:2d:3a:67:02:89:c6:c5:3b:a2:
                    2b:1a:ed:23:66:37:52:53:b2:a1:4b:32:dd:dc:c7:
                    23:9e:66:71:7f:85:c3:be:3c:be:72:e7:f1:3c:43:
                    4b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6F:36:29:D2:63:AC:94:68:46:F6:65:BF:B5:0A:99:F8:BD:6C:04
            X509v3 Authority Key Identifier:
                keyid:E9:B2:D1:46:E5:86:63:31:6F:D1:6D:33:46:B5:E6:23:FE:E8:EB:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/P282KdJjrJRoRvZlv7UKmfi9bAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.148.0/22
                  188.227.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:5f:87:e3:18:38:94:eb:0e:60:ce:e0:ad:5d:00:4d:9c:80:
         9c:af:ff:c0:c1:80:e9:24:2b:a6:d4:15:e3:d8:56:51:24:e6:
         16:25:72:cb:bb:41:ad:74:1d:2b:24:a1:b2:f2:d6:9a:6d:55:
         62:b2:1b:df:75:a1:0e:a9:b7:38:0c:6a:bf:1e:68:06:65:63:
         af:38:72:6d:56:bc:7b:d0:0e:0e:b6:b0:50:14:7f:55:c5:6f:
         3e:63:c3:bb:fc:57:e0:28:75:b4:42:2e:d5:02:de:0c:cd:9f:
         cd:e7:67:cd:f0:a4:9b:c2:35:06:13:bb:bb:2d:01:d6:0c:6c:
         45:2d:78:c2:99:48:0f:76:eb:9d:30:59:ab:57:42:79:7b:67:
         8f:27:b3:e5:05:64:b1:20:21:b4:71:84:b7:cc:7e:5b:f0:67:
         9b:c0:d0:c4:c3:d1:d2:1f:b8:45:a4:f7:c1:51:fa:2b:75:55:
         62:aa:c2:49:f0:39:92:f1:79:3d:85:e2:3c:60:38:5c:03:1a:
         7e:56:7c:79:a6:48:ce:e6:76:33:93:b9:d5:55:68:b5:15:71:
         58:53:5a:b2:01:17:cf:73:e7:2c:78:80:7c:a3:b3:e9:db:c4:
         a7:55:cd:23:28:65:47:1f:17:80:f8:74:5c:4f:43:a0:e7:c2:
         45:2a:ee:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAc6hSaogtslPZAZvlLMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjJkMTQ2ZTU4NjYzMzE2ZmQxNmQzMzQ2YjVlNjIzZmVl
OGViNmEwHhcNMjQwMTAyMDIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZmMzYyOWQyNjNhYzk0Njg0NmY2NjViZmI1MGE5OWY4YmQ2YzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv6CSwMNJaMCbFJ3eDt/uiZZNlC9
5e+nhcpN1yYc2qekU9+ORZ65bk0iS3n7sWn62GWQlhSDcog+d7lFFxgqv3b0q3HY
8bHGKLakgL/6eoj6kl+yRdcieuZKO63NFpzmbrUnqSucJZ92LMpxvmGA1XSxpn50
xeBzzaDJWLYswmGoJXEKGBXOBSms4UUhT55HHgZ7eyzrbtFZN8fSo989EhJK421w
hYQR+ttotI82Oi+BW+L6hXaqBzvYHoyX86joWZuoJ2YVcz19GC3lf8XRfDyzijrq
P0QtOmcCicbFO6IrGu0jZjdSU7KhSzLd3McjnmZxf4XDvjy+cufxPENLqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD9vNinSY6yUaEb2Zb+1Cpn4vWwEMB8GA1UdIwQY
MBaAFOmy0UblhmMxb9FtM0a15iP+6OtqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJMUlJ1V0dZekZ2MFcwelJyWG1JXzdvNjJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yZjNlZGEtN2M3My00Njc1LThlNDIt
MDUyNDUyZGRmZjMzLzEvUDI4MktkSmpySlJvUnZabHY3VUttZmk5YkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yZjNlZGEtN2M3My00Njc1LThlNDItMDUyNDUyZGRmZjMz
LzEvNmJMUlJ1V0dZekZ2MFcwelJyWG1JXzdvNjJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWSUAwQD
vOPwMA0GCSqGSIb3DQEBCwUAA4IBAQBhX4fjGDiU6w5gzuCtXQBNnICcr//AwYDp
JCum1BXj2FZRJOYWJXLLu0GtdB0rJKGy8taabVVishvfdaEOqbc4DGq/HmgGZWOv
OHJtVrx70A4OtrBQFH9VxW8+Y8O7/FfgKHW0Qi7VAt4MzZ/N52fN8KSbwjUGE7u7
LQHWDGxFLXjCmUgPduudMFmrV0J5e2ePJ7PlBWSxICG0cYS3zH5b8GebwNDEw9HS
H7hFpPfBUfordVViqsJJ8DmS8Xk9heI8YDhcAxp+Vnx5pkjO5nYzk7nVVWi1FXFY
U1qyARfPc+cseIB8o7Pp28SnVc0jKGVHHxeA+HRcT0Og58JFKu6H
-----END CERTIFICATE-----