Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/FQu3BNWeVk4y0n3J7oh3hQihd-Q.roa
File:                     FQu3BNWeVk4y0n3J7oh3hQihd-Q.roa (raw, json)
Hash identifier:          DaibmH9iDPlL1WbPxRnUmsGyW84dCus/1lMY8pF71HM=
Subject key identifier:   15:0B:B7:04:D5:9E:56:4E:32:D2:7D:C9:EE:88:77:85:08:A1:77:E4
Certificate issuer:       /CN=3e2bbf346ebd4aa0b76e10c58321ad33d72d519f
Certificate serial:       018CC6B88B48FE5610DCF570A4A0650C13E8
Authority key identifier: 3E:2B:BF:34:6E:BD:4A:A0:B7:6E:10:C5:83:21:AD:33:D7:2D:51:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Piu_NG69SqC3bhDFgyGtM9ctUZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/FQu3BNWeVk4y0n3J7oh3hQihd-Q.roa
Signing time:             Mon 01 Jan 2024 20:30:32 +0000
ROA not before:           Mon 01 Jan 2024 20:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47777
IP address blocks:        185.160.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/Piu_NG69SqC3bhDFgyGtM9ctUZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/Piu_NG69SqC3bhDFgyGtM9ctUZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Piu_NG69SqC3bhDFgyGtM9ctUZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:8b:48:fe:56:10:dc:f5:70:a4:a0:65:0c:13:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e2bbf346ebd4aa0b76e10c58321ad33d72d519f
        Validity
            Not Before: Jan  1 20:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=150bb704d59e564e32d27dc9ee88778508a177e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bf:f1:b2:67:2c:91:a8:03:1b:54:85:99:70:
                    a4:b9:ce:cb:0d:ea:3f:52:f8:60:e3:15:58:80:65:
                    cd:89:5d:4e:ca:ba:02:eb:4b:e1:11:c2:d2:06:c4:
                    64:6c:57:51:fa:8d:04:65:43:28:d9:f2:d3:ca:99:
                    ae:0a:76:31:d8:66:69:7a:ef:e1:e8:f7:b1:6c:df:
                    f0:4c:75:3e:2a:45:35:02:9a:98:c2:81:67:68:09:
                    f7:bd:20:49:cb:57:9e:61:fb:a8:b9:44:73:72:e6:
                    2d:3c:d3:ae:55:ef:07:cc:96:c9:4b:f6:85:7a:d7:
                    47:1a:a0:19:62:0b:1e:da:e5:a2:ac:ff:80:80:74:
                    6a:12:3b:af:7d:9b:1a:ad:28:9b:b6:41:54:4e:35:
                    25:06:e5:44:da:ce:e9:bf:35:8f:d4:07:29:2f:a5:
                    76:4a:8d:bb:26:a3:5a:18:f2:20:fd:9e:7a:b2:f3:
                    58:3b:01:8d:de:b0:fa:e2:b4:9b:ac:67:0a:88:8a:
                    2b:f2:73:d9:4b:a7:47:75:b5:7b:f9:0b:1e:34:ec:
                    5c:97:d0:6f:a3:8d:b5:21:10:d7:5b:f2:a3:85:f4:
                    80:bd:f0:2a:9b:e3:7e:8c:6d:5e:06:49:b7:47:6b:
                    10:ec:34:e9:6f:6e:94:5a:3e:5d:b4:91:c6:aa:56:
                    9e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:0B:B7:04:D5:9E:56:4E:32:D2:7D:C9:EE:88:77:85:08:A1:77:E4
            X509v3 Authority Key Identifier:
                keyid:3E:2B:BF:34:6E:BD:4A:A0:B7:6E:10:C5:83:21:AD:33:D7:2D:51:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Piu_NG69SqC3bhDFgyGtM9ctUZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/FQu3BNWeVk4y0n3J7oh3hQihd-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bc51cb-de0c-4881-b0b1-1aa277df3769/1/Piu_NG69SqC3bhDFgyGtM9ctUZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:f2:eb:4a:3e:8b:b2:3b:e4:9c:04:f5:82:91:91:32:e6:91:
         e4:70:31:8a:25:15:6d:f5:0d:31:12:ed:c7:93:9b:a3:e6:c5:
         f7:22:4e:32:84:b2:2b:73:6a:09:13:95:1a:b3:86:b4:c1:47:
         b8:e7:0d:5f:37:8e:81:f9:64:2b:f3:e7:89:52:8f:19:37:c9:
         14:70:e1:fd:61:5c:22:9f:e2:28:24:ef:08:86:f3:0e:aa:3a:
         01:eb:8c:34:bd:76:97:3b:90:aa:a7:b5:0e:fd:8d:df:dc:e3:
         ff:12:e6:08:59:84:b8:7d:ca:a8:95:ed:8d:43:d8:6f:e6:4d:
         2b:5b:76:55:71:ce:81:2d:49:43:d6:9b:f9:8f:b2:76:6f:f4:
         e4:9b:e9:90:c3:99:4e:13:97:c7:a5:62:51:2d:43:22:73:43:
         92:cf:95:95:5e:d2:13:82:b9:cf:8d:70:6f:de:06:47:1b:85:
         51:fe:70:97:13:a5:d8:96:de:24:f1:7c:b1:90:7a:fe:0c:94:
         b1:8e:f7:49:d7:f0:9b:7e:d2:f8:3f:5b:97:af:40:da:bf:6e:
         1f:00:db:5d:1e:fb:9d:30:07:f9:55:db:8d:f9:10:6b:b8:1d:
         a3:7a:b1:d7:2b:a7:98:14:bc:f3:e4:c1:16:f8:2f:ed:da:39:
         b9:8d:2b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuItI/lYQ3PVwpKBlDBPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMmJiZjM0NmViZDRhYTBiNzZlMTBjNTgzMjFhZDMzZDcy
ZDUxOWYwHhcNMjQwMTAxMjAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTBiYjcwNGQ1OWU1NjRlMzJkMjdkYzllZTg4Nzc4NTA4YTE3N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb/xsmcskagDG1SFmXCkuc7LDeo/
Uvhg4xVYgGXNiV1OyroC60vhEcLSBsRkbFdR+o0EZUMo2fLTypmuCnYx2GZpeu/h
6PexbN/wTHU+KkU1ApqYwoFnaAn3vSBJy1eeYfuouURzcuYtPNOuVe8HzJbJS/aF
etdHGqAZYgse2uWirP+AgHRqEjuvfZsarSibtkFUTjUlBuVE2s7pvzWP1AcpL6V2
So27JqNaGPIg/Z56svNYOwGN3rD64rSbrGcKiIor8nPZS6dHdbV7+QseNOxcl9Bv
o421IRDXW/KjhfSAvfAqm+N+jG1eBkm3R2sQ7DTpb26UWj5dtJHGqlaeLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBULtwTVnlZOMtJ9ye6Id4UIoXfkMB8GA1UdIwQY
MBaAFD4rvzRuvUqgt24QxYMhrTPXLVGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGl1X05HNjlTcUMzYmhERmd5R3RNOWN0VVo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iYzUxY2ItZGUwYy00ODgxLWIwYjEt
MWFhMjc3ZGYzNzY5LzEvRlF1M0JOV2VWazR5MG4zSjdvaDNoUWloZC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iYzUxY2ItZGUwYy00ODgxLWIwYjEtMWFhMjc3ZGYzNzY5
LzEvUGl1X05HNjlTcUMzYmhERmd5R3RNOWN0VVo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaBgMA0G
CSqGSIb3DQEBCwUAA4IBAQAi8utKPouyO+ScBPWCkZEy5pHkcDGKJRVt9Q0xEu3H
k5uj5sX3Ik4yhLIrc2oJE5Uas4a0wUe45w1fN46B+WQr8+eJUo8ZN8kUcOH9YVwi
n+IoJO8IhvMOqjoB64w0vXaXO5Cqp7UO/Y3f3OP/EuYIWYS4fcqole2NQ9hv5k0r
W3ZVcc6BLUlD1pv5j7J2b/Tkm+mQw5lOE5fHpWJRLUMic0OSz5WVXtITgrnPjXBv
3gZHG4VR/nCXE6XYlt4k8XyxkHr+DJSxjvdJ1/CbftL4P1uXr0Dav24fANtdHvud
MAf5VduN+RBruB2jerHXK6eYFLzz5MEW+C/t2jm5jSud
-----END CERTIFICATE-----