Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rK3T6OuSa_HmZW2wsO3LOyH3qn0.roa
File:                     rK3T6OuSa_HmZW2wsO3LOyH3qn0.roa (raw, json)
Hash identifier:          8q45JmCPCWoDs6EWU+BA5cFNTnXE42uPfJoo7Wf1qXc=
Subject key identifier:   AC:AD:D3:E8:EB:92:6B:F1:E6:65:6D:B0:B0:ED:CB:3B:21:F7:AA:7D
Certificate issuer:       /CN=acd6be97bcfe12becbe82b7841047f57972a935a
Certificate serial:       018D0D96F6AFD52134C4345BDFFE9F1DE889
Authority key identifier: AC:D6:BE:97:BC:FE:12:BE:CB:E8:2B:78:41:04:7F:57:97:2A:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rK3T6OuSa_HmZW2wsO3LOyH3qn0.roa
Signing time:             Mon 15 Jan 2024 14:46:53 +0000
ROA not before:           Mon 15 Jan 2024 14:46:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48795
IP address blocks:        185.176.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:96:f6:af:d5:21:34:c4:34:5b:df:fe:9f:1d:e8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acd6be97bcfe12becbe82b7841047f57972a935a
        Validity
            Not Before: Jan 15 14:46:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acadd3e8eb926bf1e6656db0b0edcb3b21f7aa7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:04:f4:53:a6:67:6e:a9:66:66:1f:8e:60:
                    65:b1:ed:5c:b7:e7:bc:c5:3d:98:bc:7b:81:25:e7:
                    93:88:64:3d:06:d0:44:2e:dc:84:ae:ba:12:a8:75:
                    bc:69:51:8f:f9:8f:0c:0e:80:5b:2f:82:6a:97:d0:
                    ea:58:b5:9f:15:13:28:74:c4:f4:2f:d3:d3:e7:aa:
                    57:b0:00:a9:37:2f:42:7b:75:aa:b6:4b:65:0f:64:
                    b7:d3:f1:0f:98:53:ca:82:39:a3:1e:5b:10:31:c1:
                    3e:de:dc:9e:a2:6d:59:b2:63:01:1c:4b:41:ef:b8:
                    d2:14:80:ba:47:fa:c1:aa:53:a9:35:28:ad:a1:b3:
                    de:98:19:8c:73:bd:29:68:10:8e:48:19:6b:bc:20:
                    d7:ff:ad:16:ea:14:49:3d:35:d5:1b:40:48:bb:57:
                    9d:aa:2b:1d:08:95:cd:6d:10:ab:68:bc:63:01:c1:
                    36:32:65:ee:7f:99:d5:77:6a:ed:aa:34:d6:0a:98:
                    5b:6c:84:ac:ba:38:af:fc:94:d6:b6:fb:a3:32:80:
                    04:30:44:9d:27:94:e1:bd:f1:81:7e:ab:c7:e0:0a:
                    aa:69:13:0d:3f:85:18:cb:a5:3c:28:71:d8:6d:21:
                    cf:6d:ca:6a:60:b5:d7:46:de:25:70:ee:d8:2a:fa:
                    11:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AD:D3:E8:EB:92:6B:F1:E6:65:6D:B0:B0:ED:CB:3B:21:F7:AA:7D
            X509v3 Authority Key Identifier:
                keyid:AC:D6:BE:97:BC:FE:12:BE:CB:E8:2B:78:41:04:7F:57:97:2A:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rK3T6OuSa_HmZW2wsO3LOyH3qn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:0f:30:f1:c8:24:3e:e3:2d:93:29:e9:f3:42:86:b0:d1:8e:
         be:48:7e:3a:3d:43:4c:83:85:3a:a6:68:5e:c2:5d:0a:a1:25:
         9e:da:59:93:a7:59:27:d7:26:55:8e:e6:c0:65:6d:69:66:35:
         cd:6c:9c:d4:66:f1:35:48:53:d6:9a:5c:a8:7c:46:0b:a3:8b:
         79:ab:b5:58:59:c0:fd:57:b6:99:ec:30:7b:a0:0f:dd:9c:b4:
         9d:c3:ca:9c:5e:8c:6a:da:44:1e:3c:55:bf:b4:f1:31:3a:e5:
         2d:7c:bc:8e:dc:55:d5:3d:32:d7:13:a3:e8:a9:65:1c:9c:6b:
         c6:e9:22:21:67:fb:d8:c9:26:4a:27:3d:37:6f:3b:26:10:cb:
         34:8f:b6:27:c7:08:94:97:f6:d8:85:3a:25:46:35:de:cd:6c:
         73:90:dc:ed:d9:88:f2:78:f5:07:fe:71:6d:90:47:cb:32:ab:
         be:b8:8a:e4:da:eb:a3:d8:97:90:78:5a:e6:3b:0c:62:1e:de:
         ed:56:cc:e4:94:bd:a8:63:0d:6b:90:7f:7c:f9:50:ea:1a:41:
         a7:16:66:c0:7e:88:a2:fb:af:10:4e:92:c9:9c:03:7f:53:9e:
         3a:91:00:3f:f0:8e:26:10:54:a0:69:a0:9f:21:28:a4:f9:ec:
         03:5e:7a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0Nlvav1SE0xDRb3/6fHeiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZDZiZTk3YmNmZTEyYmVjYmU4MmI3ODQxMDQ3ZjU3OTcy
YTkzNWEwHhcNMjQwMTE1MTQ0NjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FkZDNlOGViOTI2YmYxZTY2NTZkYjBiMGVkY2IzYjIxZjdhYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9kE9FOmZ26pZmYfjmBlse1ct+e8
xT2YvHuBJeeTiGQ9BtBELtyErroSqHW8aVGP+Y8MDoBbL4Jql9DqWLWfFRModMT0
L9PT56pXsACpNy9Ce3WqtktlD2S30/EPmFPKgjmjHlsQMcE+3tyeom1ZsmMBHEtB
77jSFIC6R/rBqlOpNSitobPemBmMc70paBCOSBlrvCDX/60W6hRJPTXVG0BIu1ed
qisdCJXNbRCraLxjAcE2MmXuf5nVd2rtqjTWCphbbISsujiv/JTWtvujMoAEMESd
J5ThvfGBfqvH4AqqaRMNP4UYy6U8KHHYbSHPbcpqYLXXRt4lcO7YKvoRxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyt0+jrkmvx5mVtsLDtyzsh96p9MB8GA1UdIwQY
MBaAFKzWvpe8/hK+y+greEEEf1eXKpNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck5hLWw3ei1FcjdMNkN0NFFRUl9WNWNxazFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC80YjdjMmUtMDg5Zi00NzA4LTkxODQt
MmE4NGFjYmUwN2VlLzEvckszVDZPdVNhX0htWlcyd3NPM0xPeUgzcW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC80YjdjMmUtMDg5Zi00NzA4LTkxODQtMmE4NGFjYmUwN2Vl
LzEvck5hLWw3ei1FcjdMNkN0NFFRUl9WNWNxazFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubCGMA0G
CSqGSIb3DQEBCwUAA4IBAQBnDzDxyCQ+4y2TKenzQoaw0Y6+SH46PUNMg4U6pmhe
wl0KoSWe2lmTp1kn1yZVjubAZW1pZjXNbJzUZvE1SFPWmlyofEYLo4t5q7VYWcD9
V7aZ7DB7oA/dnLSdw8qcXoxq2kQePFW/tPExOuUtfLyO3FXVPTLXE6PoqWUcnGvG
6SIhZ/vYySZKJz03bzsmEMs0j7YnxwiUl/bYhTolRjXezWxzkNzt2YjyePUH/nFt
kEfLMqu+uIrk2uuj2JeQeFrmOwxiHt7tVszklL2oYw1rkH98+VDqGkGnFmbAfoii
+68QTpLJnAN/U546kQA/8I4mEFSgaaCfISik+ewDXnok
-----END CERTIFICATE-----