Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/G3EXCjWzNbf1OUMTAU5RPsU7nWk.roa
File:                     G3EXCjWzNbf1OUMTAU5RPsU7nWk.roa (raw, json)
Hash identifier:          G4Xt9Jy6j0QGf2SOYxyL1n9XimHtadTCNkniTTBQGDk=
Subject key identifier:   1B:71:17:0A:35:B3:35:B7:F5:39:43:13:01:4E:51:3E:C5:3B:9D:69
Certificate issuer:       /CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
Certificate serial:       018CC26D59E3939D2AC92C4DAD43BBDBE6B6
Authority key identifier: BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/G3EXCjWzNbf1OUMTAU5RPsU7nWk.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203012
IP address blocks:        185.147.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:59:e3:93:9d:2a:c9:2c:4d:ad:43:bb:db:e6:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b71170a35b335b7f5394313014e513ec53b9d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:03:3f:d0:13:18:d8:e4:b3:d1:b0:7f:af:e7:
                    5c:11:f2:2f:a0:b7:f9:d1:ea:67:d6:23:56:81:67:
                    ae:54:04:71:d6:03:ba:d5:cf:16:e7:fe:23:02:fd:
                    f3:0c:30:2e:cc:3b:28:e9:95:68:bd:db:52:4a:b9:
                    84:6d:75:0f:03:f8:27:5b:eb:d7:b1:8d:cf:6e:a5:
                    49:8a:49:c8:74:0c:7a:a0:63:22:50:b8:c9:8b:5d:
                    61:bd:c4:9f:c1:36:24:17:65:19:93:0d:c7:f3:23:
                    36:30:51:b6:d2:e8:a4:31:72:e2:ce:d8:85:45:36:
                    8c:bf:00:be:06:64:b3:50:b1:04:d5:42:20:f9:e3:
                    f7:2d:72:b6:21:5e:6d:fb:07:45:4d:7d:27:80:04:
                    92:1a:48:d6:3f:87:8b:8f:5c:5d:36:60:36:a9:06:
                    f3:84:d1:3b:c7:75:76:af:16:f0:1e:bf:2f:d7:ae:
                    56:1b:a7:37:79:62:7c:ff:d7:13:95:ca:b8:43:5c:
                    24:ad:15:76:8d:65:9a:06:3c:42:28:20:63:eb:b1:
                    bf:e3:ce:ee:d5:e1:fb:79:6e:66:49:97:e4:8b:cd:
                    fd:89:eb:ce:4d:11:f5:76:5a:a4:37:85:61:a0:76:
                    4c:b7:7a:1f:40:91:16:d1:a6:79:7d:ff:2f:ef:09:
                    d1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:71:17:0A:35:B3:35:B7:F5:39:43:13:01:4E:51:3E:C5:3B:9D:69
            X509v3 Authority Key Identifier:
                keyid:BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/G3EXCjWzNbf1OUMTAU5RPsU7nWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:71:00:ca:40:98:4a:3c:6c:09:aa:4f:08:33:6f:17:ed:d6:
         c3:9e:c0:5b:3b:48:01:ba:be:65:ec:63:c3:bd:7a:a1:e8:45:
         08:91:09:49:00:78:ae:e2:82:e6:a5:2c:d0:cb:7d:58:76:fc:
         1b:39:65:08:8a:7a:bb:47:49:8d:b0:b2:ea:2c:09:c8:00:d3:
         fb:e2:c2:d9:07:56:5a:a4:37:c7:5e:09:b2:0a:cf:e2:8b:d8:
         b9:d8:d6:54:70:b6:1f:98:d5:d9:13:d3:9e:04:5f:ac:66:a8:
         45:e2:0e:5e:1d:ad:ed:38:71:fb:c4:b5:aa:96:65:7f:19:d5:
         a4:ea:ee:e6:47:5d:01:80:49:e3:ab:43:18:a1:d8:55:a5:29:
         7d:0a:d6:48:61:f8:cd:7e:13:d5:c4:41:56:ff:ba:34:94:00:
         79:03:97:40:e8:1e:07:fc:77:fa:30:65:9f:27:b7:37:6a:34:
         f5:a4:a2:54:44:62:5c:09:55:a6:05:a0:aa:01:df:71:f4:b9:
         76:7a:84:f1:d6:15:a4:e3:a4:b4:d0:e0:65:4d:ab:7d:7a:a9:
         f5:15:e3:52:4a:45:14:ff:4e:38:5e:61:db:40:41:5c:00:62:
         17:27:61:fb:6d:93:ce:d3:f7:b0:41:95:02:20:91:0e:2f:89:
         67:8a:fb:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVnjk50qySxNrUO72+a2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGEwYWYxNTYzMzJkM2M3ZWNiNTg1ZmFlZTNhOTBkOWJm
MmEwOTYwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjcxMTcwYTM1YjMzNWI3ZjUzOTQzMTMwMTRlNTEzZWM1M2I5ZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gM/0BMY2OSz0bB/r+dcEfIvoLf5
0epn1iNWgWeuVARx1gO61c8W5/4jAv3zDDAuzDso6ZVovdtSSrmEbXUPA/gnW+vX
sY3PbqVJiknIdAx6oGMiULjJi11hvcSfwTYkF2UZkw3H8yM2MFG20uikMXLiztiF
RTaMvwC+BmSzULEE1UIg+eP3LXK2IV5t+wdFTX0ngASSGkjWP4eLj1xdNmA2qQbz
hNE7x3V2rxbwHr8v165WG6c3eWJ8/9cTlcq4Q1wkrRV2jWWaBjxCKCBj67G/487u
1eH7eW5mSZfki839ievOTRH1dlqkN4VhoHZMt3ofQJEW0aZ5ff8v7wnRMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtxFwo1szW39TlDEwFOUT7FO51pMB8GA1UdIwQY
MBaAFLtKCvFWMy08fstYX67jqQ2b8qCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYt
ZjIxMjY2NjcyNWI0LzEvRzNFWENqV3pOYmYxT1VNVEFVNVJQc1U3bldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYtZjIxMjY2NjcyNWI0
LzEvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZMQMA0G
CSqGSIb3DQEBCwUAA4IBAQBucQDKQJhKPGwJqk8IM28X7dbDnsBbO0gBur5l7GPD
vXqh6EUIkQlJAHiu4oLmpSzQy31YdvwbOWUIinq7R0mNsLLqLAnIANP74sLZB1Za
pDfHXgmyCs/ii9i52NZUcLYfmNXZE9OeBF+sZqhF4g5eHa3tOHH7xLWqlmV/GdWk
6u7mR10BgEnjq0MYodhVpSl9CtZIYfjNfhPVxEFW/7o0lAB5A5dA6B4H/Hf6MGWf
J7c3ajT1pKJURGJcCVWmBaCqAd9x9Ll2eoTx1hWk46S00OBlTat9eqn1FeNSSkUU
/044XmHbQEFcAGIXJ2H7bZPO0/ewQZUCIJEOL4lnivsx
-----END CERTIFICATE-----