Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bdBnTyP7DEBM8jlRm9rM-pJ3450.roa
File:                     bdBnTyP7DEBM8jlRm9rM-pJ3450.roa (raw, json)
Hash identifier:          5aneQjIo/JGxf9xrBQT1io1df6YFUhbG76y+kPMe4SE=
Subject key identifier:   6D:D0:67:4F:23:FB:0C:40:4C:F2:39:51:9B:DA:CC:FA:92:77:E3:9D
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018DAC2ACAE35D5EB003DF38DA4138EAA3BC
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bdBnTyP7DEBM8jlRm9rM-pJ3450.roa
Signing time:             Thu 15 Feb 2024 09:48:22 +0000
ROA not before:           Thu 15 Feb 2024 09:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        185.243.154.0/24 maxlen: 24
                          185.243.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:2a:ca:e3:5d:5e:b0:03:df:38:da:41:38:ea:a3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Feb 15 09:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dd0674f23fb0c404cf239519bdaccfa9277e39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d4:2b:00:05:37:5c:98:4c:80:14:fb:a9:d3:
                    29:87:b0:24:37:e9:a6:f7:13:97:0b:91:8d:38:b1:
                    97:79:17:ab:c3:e4:14:3e:d1:45:e6:60:b0:8c:74:
                    5f:f1:85:c1:8e:68:cf:83:58:bb:3f:99:ca:ce:2a:
                    86:78:b2:cd:20:0e:c0:2e:9a:28:25:a3:a4:99:c3:
                    bc:b3:c0:48:8d:14:33:ee:14:30:c6:3c:e5:b0:b9:
                    f5:47:73:ba:a4:b5:d1:1e:98:3b:a9:b9:0f:78:64:
                    9b:4e:bc:c6:48:c8:45:4a:8d:07:09:6d:0b:e8:21:
                    4b:22:36:3d:68:45:6a:db:ac:b0:2f:f8:5e:a8:a1:
                    b9:c9:75:83:ce:ff:27:50:9a:88:97:d9:d4:e7:97:
                    e3:a2:59:3c:8d:e5:b2:d5:51:03:9d:7b:ca:af:93:
                    dd:d3:a4:42:fd:c4:f7:88:a0:8d:f3:0d:d4:56:ea:
                    df:6e:3c:e2:14:1a:af:f5:75:d0:87:cb:cf:0f:52:
                    49:d6:a9:42:b9:ec:a0:7a:dd:dd:0f:b9:75:f2:dc:
                    99:f8:e1:2f:ff:5a:13:db:50:ff:2a:ec:1a:fc:3e:
                    79:ea:4e:22:ed:22:40:4c:2a:8d:94:91:66:e5:d4:
                    47:b0:b6:f3:67:bd:41:3f:d8:fb:34:6c:41:4a:fd:
                    38:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D0:67:4F:23:FB:0C:40:4C:F2:39:51:9B:DA:CC:FA:92:77:E3:9D
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bdBnTyP7DEBM8jlRm9rM-pJ3450.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:51:4d:90:ee:c2:0c:de:76:ce:44:ce:f9:e1:d3:02:8a:68:
         27:4a:eb:6c:f0:98:1a:67:cd:79:02:b0:eb:2f:e5:c7:e3:97:
         94:00:88:c7:2d:52:fc:26:ca:1b:8b:d7:57:38:4d:f8:f4:39:
         d0:1a:84:29:9a:27:8e:56:3b:39:b0:94:1f:93:8c:d9:13:0e:
         4d:5f:1d:9f:e9:fd:86:b9:62:76:b4:4e:98:2e:76:ff:de:7b:
         89:7a:08:0f:13:bd:18:d3:0c:d4:c8:ec:e5:19:6a:91:55:a0:
         02:a6:50:8d:5e:9b:bf:54:b4:d2:f6:be:2e:0c:72:af:9d:bd:
         07:ce:67:4d:ea:ce:f9:e6:af:45:48:8b:df:6d:0b:b8:12:b0:
         40:12:c5:30:1d:1e:91:61:39:a2:f2:d8:27:60:ca:6e:03:75:
         f1:9c:5d:3a:3a:95:7b:4d:b8:d5:1b:2f:4b:d3:8c:a0:10:6c:
         bb:6b:92:d9:e0:77:84:31:d8:90:21:4a:ef:58:c2:d5:d5:57:
         9e:68:ed:7e:4b:3f:90:a2:8c:90:de:68:8c:a9:04:b8:35:62:
         f0:c2:63:1c:02:8b:90:0a:7a:1a:9f:c2:2d:47:88:f6:d8:ed:
         af:17:b1:f6:f4:54:37:ef:80:5f:00:4f:3d:be:b8:12:ac:38:
         60:84:60:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sKsrjXV6wA9842kE46qO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMjE1MDk0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQwNjc0ZjIzZmIwYzQwNGNmMjM5NTE5YmRhY2NmYTkyNzdlMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNQrAAU3XJhMgBT7qdMph7AkN+mm
9xOXC5GNOLGXeRerw+QUPtFF5mCwjHRf8YXBjmjPg1i7P5nKziqGeLLNIA7ALpoo
JaOkmcO8s8BIjRQz7hQwxjzlsLn1R3O6pLXRHpg7qbkPeGSbTrzGSMhFSo0HCW0L
6CFLIjY9aEVq26ywL/heqKG5yXWDzv8nUJqIl9nU55fjolk8jeWy1VEDnXvKr5Pd
06RC/cT3iKCN8w3UVurfbjziFBqv9XXQh8vPD1JJ1qlCueyget3dD7l18tyZ+OEv
/1oT21D/Kuwa/D556k4i7SJATCqNlJFm5dRHsLbzZ71BP9j7NGxBSv043QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3QZ08j+wxATPI5UZvazPqSd+OdMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvYmRCblR5UDdERUJNOGpsUm05ck0tcEozNDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufOaMA0G
CSqGSIb3DQEBCwUAA4IBAQARUU2Q7sIM3nbORM754dMCimgnSuts8JgaZ815ArDr
L+XH45eUAIjHLVL8Jsobi9dXOE349DnQGoQpmieOVjs5sJQfk4zZEw5NXx2f6f2G
uWJ2tE6YLnb/3nuJeggPE70Y0wzUyOzlGWqRVaACplCNXpu/VLTS9r4uDHKvnb0H
zmdN6s755q9FSIvfbQu4ErBAEsUwHR6RYTmi8tgnYMpuA3XxnF06OpV7TbjVGy9L
04ygEGy7a5LZ4HeEMdiQIUrvWMLV1VeeaO1+Sz+QooyQ3miMqQS4NWLwwmMcAouQ
Cnoan8ItR4j22O2vF7H29FQ374BfAE89vrgSrDhghGDs
-----END CERTIFICATE-----