Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/uI3MD3WXqTNNqKPFMblRDxgoxHw.roa
File:                     uI3MD3WXqTNNqKPFMblRDxgoxHw.roa (raw, json)
Hash identifier:          2bosj0BtHS3PcghOtTwkkyMylh75hE59a0QGISHqFlM=
Subject key identifier:   B8:8D:CC:0F:75:97:A9:33:4D:A8:A3:C5:31:B9:51:0F:18:28:C4:7C
Certificate issuer:       /CN=168600dfac9d3d1a75e6630d697102f2f2132c48
Certificate serial:       018CC8712E1E6FF83D2748FF5C6D458ED329
Authority key identifier: 16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/uI3MD3WXqTNNqKPFMblRDxgoxHw.roa
Signing time:             Tue 02 Jan 2024 04:31:49 +0000
ROA not before:           Tue 02 Jan 2024 04:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203248
IP address blocks:        185.165.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/FoYA36ydPRp15mMNaXEC8vITLEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/FoYA36ydPRp15mMNaXEC8vITLEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:2e:1e:6f:f8:3d:27:48:ff:5c:6d:45:8e:d3:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=168600dfac9d3d1a75e6630d697102f2f2132c48
        Validity
            Not Before: Jan  2 04:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b88dcc0f7597a9334da8a3c531b9510f1828c47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e8:f8:87:65:a8:2c:f9:f9:67:f8:24:64:e5:
                    90:18:56:1a:16:43:95:09:ec:a1:20:82:d1:03:34:
                    25:c9:05:8d:11:9e:25:72:4b:2a:47:67:9b:7d:e5:
                    e4:78:39:4d:b2:55:76:33:ac:3b:93:c8:7c:8d:4b:
                    32:f9:0e:58:82:7c:23:32:7d:ff:a6:28:73:7c:31:
                    d1:85:7a:63:3d:05:a6:aa:1f:ee:c1:4a:1c:52:8a:
                    ca:4a:ea:0e:3e:3e:a3:58:e2:22:8b:b3:87:6b:36:
                    7b:f6:ef:05:9b:88:1a:b1:b5:3e:00:56:07:c1:38:
                    5c:0b:62:a7:28:36:08:b0:95:f3:77:24:3a:b7:3b:
                    cb:f4:36:74:d1:7c:dd:d3:2c:29:14:04:57:79:79:
                    3b:2d:3b:bb:a2:77:33:f5:cc:39:6f:a6:ff:ee:10:
                    b8:ce:d4:8e:9e:ef:ca:45:aa:26:c7:fe:21:be:85:
                    3f:cf:7c:bc:d0:29:4a:d4:d6:46:e9:74:26:13:b6:
                    8c:ad:f1:05:3e:90:5d:f6:d9:ed:78:0e:c1:48:aa:
                    78:e9:69:bb:2e:c8:5f:cc:68:73:3d:58:a7:34:6b:
                    f1:94:c6:80:4d:1f:26:07:45:40:ce:4b:61:8e:08:
                    77:00:ce:5f:f9:aa:88:59:8a:3f:c9:28:20:73:ac:
                    02:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8D:CC:0F:75:97:A9:33:4D:A8:A3:C5:31:B9:51:0F:18:28:C4:7C
            X509v3 Authority Key Identifier:
                keyid:16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/uI3MD3WXqTNNqKPFMblRDxgoxHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/FoYA36ydPRp15mMNaXEC8vITLEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:16:0d:20:73:a0:86:a5:4b:f1:23:82:4f:69:0f:eb:07:0e:
         be:bb:e6:6d:24:b7:d0:5f:e5:d6:64:85:ca:9d:6d:80:e2:64:
         99:aa:d0:7a:47:c3:78:d7:cd:3d:17:04:e2:4b:60:0e:7e:6c:
         c8:2e:6f:c5:1c:41:f7:e0:ce:26:18:ba:2e:5d:df:b3:17:a8:
         b6:50:9e:78:82:67:1a:ca:48:e8:a4:8b:40:86:9f:ba:f1:b9:
         e1:71:09:93:37:71:92:37:9e:ba:b8:50:be:88:8c:0f:8d:3a:
         ab:9a:e1:c1:57:fd:fa:90:3e:0a:db:59:28:bc:d1:ed:75:d8:
         27:b3:ae:8c:af:c8:08:c2:fc:c1:2e:4f:32:73:f2:84:03:cb:
         94:5a:90:6b:f1:86:e0:0e:32:a6:8b:7d:7c:9f:ec:6f:4e:a2:
         91:04:e4:eb:1e:62:e8:8f:85:3f:ab:9d:4a:8a:d1:4d:f2:4d:
         17:38:59:9b:70:01:77:4d:9f:42:d0:a0:71:d5:53:ce:04:17:
         6d:8a:a0:e3:6e:14:ff:a4:7e:03:5d:a7:1e:ae:f8:7f:95:78:
         1a:ed:01:1c:ee:88:5c:f8:29:eb:e0:2c:70:01:08:41:52:52:
         03:ff:c5:e9:81:4a:51:3d:79:7f:7e:9f:56:92:f3:69:36:3b:
         10:6f:ea:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcS4eb/g9J0j/XG1FjtMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ODYwMGRmYWM5ZDNkMWE3NWU2NjMwZDY5NzEwMmYyZjIx
MzJjNDgwHhcNMjQwMTAyMDQzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhkY2MwZjc1OTdhOTMzNGRhOGEzYzUzMWI5NTEwZjE4MjhjNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzej4h2WoLPn5Z/gkZOWQGFYaFkOV
CeyhIILRAzQlyQWNEZ4lcksqR2ebfeXkeDlNslV2M6w7k8h8jUsy+Q5YgnwjMn3/
pihzfDHRhXpjPQWmqh/uwUocUorKSuoOPj6jWOIii7OHazZ79u8Fm4gasbU+AFYH
wThcC2KnKDYIsJXzdyQ6tzvL9DZ00Xzd0ywpFARXeXk7LTu7oncz9cw5b6b/7hC4
ztSOnu/KRaomx/4hvoU/z3y80ClK1NZG6XQmE7aMrfEFPpBd9tnteA7BSKp46Wm7
LshfzGhzPVinNGvxlMaATR8mB0VAzkthjgh3AM5f+aqIWYo/ySggc6wCNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiNzA91l6kzTaijxTG5UQ8YKMR8MB8GA1UdIwQY
MBaAFBaGAN+snT0adeZjDWlxAvLyEyxIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEt
MThkYmU2NTA0YmI0LzEvdUkzTUQzV1hxVE5OcUtQRk1ibFJEeGdveEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEtMThkYmU2NTA0YmI0
LzEvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaUuMA0G
CSqGSIb3DQEBCwUAA4IBAQBNFg0gc6CGpUvxI4JPaQ/rBw6+u+ZtJLfQX+XWZIXK
nW2A4mSZqtB6R8N41809FwTiS2AOfmzILm/FHEH34M4mGLouXd+zF6i2UJ54gmca
ykjopItAhp+68bnhcQmTN3GSN566uFC+iIwPjTqrmuHBV/36kD4K21kovNHtddgn
s66Mr8gIwvzBLk8yc/KEA8uUWpBr8YbgDjKmi318n+xvTqKRBOTrHmLoj4U/q51K
itFN8k0XOFmbcAF3TZ9C0KBx1VPOBBdtiqDjbhT/pH4DXacervh/lXga7QEc7ohc
+Cnr4CxwAQhBUlID/8XpgUpRPXl/fp9WkvNpNjsQb+pF
-----END CERTIFICATE-----