Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/3mrARwRgtgA0CnXy6mUsH_i8uQg.roa
File:                     3mrARwRgtgA0CnXy6mUsH_i8uQg.roa (raw, json)
Hash identifier:          9izCk+yrQNd6ROGo1OWva7bv4AcFrWKps6fbNx4cViY=
Subject key identifier:   DE:6A:C0:47:04:60:B6:00:34:0A:75:F2:EA:65:2C:1F:F8:BC:B9:08
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC49248C64B88DD2DC37C58D216F63367
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/3mrARwRgtgA0CnXy6mUsH_i8uQg.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213006
IP address blocks:        185.21.135.0/24 maxlen: 24
                          195.182.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:48:c6:4b:88:dd:2d:c3:7c:58:d2:16:f6:33:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de6ac0470460b600340a75f2ea652c1ff8bcb908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:52:47:0e:07:1d:6e:db:42:07:aa:d5:34:93:
                    4b:e9:3b:1d:15:19:30:09:6c:21:9f:d6:62:3c:75:
                    ba:64:c4:62:09:f9:eb:e7:ce:6d:c4:0c:68:85:3e:
                    a3:4d:6b:b0:76:aa:0b:c7:a4:af:c2:fc:50:f2:d8:
                    bc:81:64:54:8b:26:e0:5e:bf:c7:d7:8d:b2:64:18:
                    bb:15:3c:4e:e3:49:b9:ab:32:d0:8e:48:16:ac:af:
                    9b:86:b3:77:05:ea:87:e6:20:ae:80:f4:10:9b:4d:
                    fc:e0:f8:b5:a2:ff:c3:ca:67:ec:86:ea:5c:c6:ec:
                    1b:32:2b:30:41:8d:cc:5c:1f:30:ee:97:3c:7d:70:
                    47:8b:01:e0:2c:5e:94:d6:e1:1a:34:ad:09:06:48:
                    5e:f0:a2:b7:7f:35:96:a5:32:64:f7:b9:39:f9:f8:
                    3c:be:e3:2b:fd:0d:2d:99:3d:08:63:87:6a:92:52:
                    b5:d1:dc:93:0a:4e:da:2a:80:4a:3b:41:d0:a8:fe:
                    fc:f4:eb:db:e2:45:72:56:ef:e7:6b:30:13:c3:08:
                    92:11:12:8a:eb:d9:43:d5:64:7d:de:3d:a8:ab:5e:
                    b7:01:a6:be:06:9f:59:b7:52:18:cb:78:49:a5:f4:
                    a0:0c:2f:d9:5e:9a:62:90:7d:7f:56:66:ab:8d:d0:
                    00:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:6A:C0:47:04:60:B6:00:34:0A:75:F2:EA:65:2C:1F:F8:BC:B9:08
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/3mrARwRgtgA0CnXy6mUsH_i8uQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.135.0/24
                  195.182.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:6c:95:86:0c:ee:48:57:2e:9d:59:c2:c5:2b:8a:21:87:cf:
         8a:b5:d3:2b:4d:6e:8d:71:e6:df:7c:d4:77:33:43:52:9d:76:
         2f:8c:ef:ac:e4:f8:9c:ca:2e:d3:bd:1e:e9:28:b2:65:7b:24:
         39:b1:53:e5:e1:a8:ba:c0:14:d2:3f:6a:7c:60:b9:40:b5:3b:
         cb:5f:55:07:06:7b:8a:d8:21:c0:89:69:f0:8e:76:fa:80:84:
         c2:63:5b:97:c3:8e:3c:ff:31:b3:cc:cc:a5:bf:94:a3:3d:b9:
         79:21:ff:0f:cd:69:9c:da:79:68:27:33:5c:24:4d:9a:95:25:
         6c:38:97:f2:dd:72:5a:52:2b:67:9e:12:0d:46:b3:2c:67:64:
         c4:ee:90:8f:bb:fb:ce:4c:46:9a:20:ec:8d:d9:e0:54:d1:42:
         0a:42:73:31:7a:19:b3:94:0d:06:20:8d:2b:3d:14:1f:59:11:
         68:4a:15:81:16:c8:3c:23:28:d2:d0:46:0e:cf:19:15:ff:6f:
         31:77:f5:e7:a9:94:85:73:8b:3e:0a:56:e0:35:e3:e2:83:a5:
         4f:e1:83:fa:c4:10:5f:db:33:2e:49:1a:e9:09:c9:1f:63:94:
         5e:67:da:09:bf:c7:16:d3:be:0f:8c:33:e3:cd:1e:ec:ca:bf:
         f8:39:1f:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkkjGS4jdLcN8WNIW9jNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTZhYzA0NzA0NjBiNjAwMzQwYTc1ZjJlYTY1MmMxZmY4YmNiOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFJHDgcdbttCB6rVNJNL6TsdFRkw
CWwhn9ZiPHW6ZMRiCfnr585txAxohT6jTWuwdqoLx6SvwvxQ8ti8gWRUiybgXr/H
142yZBi7FTxO40m5qzLQjkgWrK+bhrN3BeqH5iCugPQQm0384Pi1ov/Dymfshupc
xuwbMiswQY3MXB8w7pc8fXBHiwHgLF6U1uEaNK0JBkhe8KK3fzWWpTJk97k5+fg8
vuMr/Q0tmT0IY4dqklK10dyTCk7aKoBKO0HQqP789Ovb4kVyVu/nazATwwiSERKK
69lD1WR93j2oq163Aaa+Bp9Zt1IYy3hJpfSgDC/ZXppikH1/VmarjdAA7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN5qwEcEYLYANAp18uplLB/4vLkIMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvM21yQVJ3Umd0Z0EwQ25YeTZtVXNIX2k4dVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRWHAwQA
w7bMMA0GCSqGSIb3DQEBCwUAA4IBAQApbJWGDO5IVy6dWcLFK4ohh8+KtdMrTW6N
cebffNR3M0NSnXYvjO+s5Picyi7TvR7pKLJleyQ5sVPl4ai6wBTSP2p8YLlAtTvL
X1UHBnuK2CHAiWnwjnb6gITCY1uXw448/zGzzMylv5SjPbl5If8PzWmc2nloJzNc
JE2alSVsOJfy3XJaUitnnhINRrMsZ2TE7pCPu/vOTEaaIOyN2eBU0UIKQnMxehmz
lA0GII0rPRQfWRFoShWBFsg8IyjS0EYOzxkV/28xd/XnqZSFc4s+ClbgNePig6VP
4YP6xBBf2zMuSRrpCckfY5ReZ9oJv8cW074PjDPjzR7syr/4OR9Z
-----END CERTIFICATE-----