Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/46yzQ7mkHOlhNvAzVGPLNjIwfFo.roa
File:                     46yzQ7mkHOlhNvAzVGPLNjIwfFo.roa (raw, json)
Hash identifier:          Ch3/LweyXKEtSGDATHRZ+Io5xwHGLxm0WXZd4h1Wjho=
Subject key identifier:   E3:AC:B3:43:B9:A4:1C:E9:61:36:F0:33:54:63:CB:36:32:30:7C:5A
Certificate issuer:       /CN=dce4a4c4840fc9a5fd214a619aa887b5b7624bf5
Certificate serial:       018CC9BC1FFD8B2CA4F8326B26C398AC17F3
Authority key identifier: DC:E4:A4:C4:84:0F:C9:A5:FD:21:4A:61:9A:A8:87:B5:B7:62:4B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/46yzQ7mkHOlhNvAzVGPLNjIwfFo.roa
Signing time:             Tue 02 Jan 2024 10:33:18 +0000
ROA not before:           Tue 02 Jan 2024 10:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.3.168.0/24 maxlen: 24
                          185.3.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1f:fd:8b:2c:a4:f8:32:6b:26:c3:98:ac:17:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce4a4c4840fc9a5fd214a619aa887b5b7624bf5
        Validity
            Not Before: Jan  2 10:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3acb343b9a41ce96136f0335463cb3632307c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:66:7b:7b:c9:80:a0:d1:0b:ae:df:9d:40:1f:
                    54:52:26:91:78:68:a7:5b:ea:45:51:38:dd:19:86:
                    dd:24:94:73:22:8e:43:ac:0c:97:84:56:90:a6:a6:
                    2a:bc:0f:c1:b2:f8:a2:b0:cd:de:dc:18:13:04:69:
                    e1:07:d5:1f:4e:4b:7c:c7:29:12:f4:89:1f:02:93:
                    80:0f:ec:97:22:29:35:07:f2:61:fd:12:bf:72:b7:
                    42:c5:55:a9:67:c5:26:76:f3:76:82:ec:d1:2d:21:
                    e5:8f:0f:e7:6e:a1:11:45:a6:33:17:63:cc:1c:57:
                    57:62:c5:4a:d0:36:97:f8:43:76:a5:e4:23:46:66:
                    fd:f0:8c:a5:f9:f6:eb:39:6e:8a:cf:c2:26:52:da:
                    c1:44:c4:5f:6c:6d:c8:f9:83:7c:5b:de:20:7e:58:
                    63:72:82:63:a2:c1:8b:35:1a:9e:3f:27:82:39:3e:
                    7b:77:c1:94:ee:cd:0a:86:be:a1:d4:2b:22:2a:d0:
                    10:5c:cc:56:c0:92:10:af:3b:bf:15:7e:a6:59:6f:
                    3e:94:c9:a0:50:99:f6:f5:18:23:4c:e9:ac:fd:0d:
                    22:c9:6f:8d:94:36:9f:f5:50:89:4b:a9:95:64:40:
                    0f:25:e2:86:a5:33:ba:33:3a:83:f4:0e:c8:4e:46:
                    1a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:AC:B3:43:B9:A4:1C:E9:61:36:F0:33:54:63:CB:36:32:30:7C:5A
            X509v3 Authority Key Identifier:
                keyid:DC:E4:A4:C4:84:0F:C9:A5:FD:21:4A:61:9A:A8:87:B5:B7:62:4B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/46yzQ7mkHOlhNvAzVGPLNjIwfFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:d6:f0:85:86:b5:3d:a7:22:03:d5:07:aa:19:5e:58:d6:d0:
         0f:d5:c0:08:a2:2f:ec:dc:1d:73:6b:43:be:00:e8:85:d7:1a:
         15:20:53:85:ac:32:d2:7f:ab:6d:13:17:06:92:cb:da:98:20:
         01:f2:be:e1:3d:ea:da:66:86:d9:71:a8:1e:ed:b3:1a:cd:0b:
         8b:bf:50:1c:69:5e:54:26:92:77:b8:89:01:45:5f:04:f8:58:
         47:db:76:0e:01:d7:1b:63:b2:a6:02:56:dc:58:40:dc:77:3c:
         e0:94:88:88:83:9d:40:7b:8f:6d:73:73:d7:ae:5e:2e:d3:6f:
         06:10:f3:b4:9c:ea:2b:04:29:99:0f:ca:f4:3d:bf:7c:e5:b8:
         95:d0:70:68:fb:23:47:7f:c7:cc:12:93:ac:f7:04:14:4b:6a:
         97:4a:6a:2e:a1:bb:6d:58:98:b2:49:7e:48:74:9d:42:fa:35:
         6a:b6:91:de:51:89:89:18:61:0a:c7:80:75:86:3c:80:c0:86:
         19:b7:b6:7e:4d:a9:e6:ee:e3:f0:39:49:43:f1:be:62:a3:ae:
         ca:f5:9e:32:e8:44:d7:ac:53:6b:b1:85:75:eb:ed:44:17:69:
         e4:a3:30:51:a1:b4:4f:2c:92:1d:8e:fa:af:84:ed:2d:9f:31:
         1f:3b:f1:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvB/9iyyk+DJrJsOYrBfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTRhNGM0ODQwZmM5YTVmZDIxNGE2MTlhYTg4N2I1Yjc2
MjRiZjUwHhcNMjQwMTAyMTAzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2FjYjM0M2I5YTQxY2U5NjEzNmYwMzM1NDYzY2IzNjMyMzA3YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWZ7e8mAoNELrt+dQB9UUiaReGin
W+pFUTjdGYbdJJRzIo5DrAyXhFaQpqYqvA/BsviisM3e3BgTBGnhB9UfTkt8xykS
9IkfApOAD+yXIik1B/Jh/RK/crdCxVWpZ8UmdvN2guzRLSHljw/nbqERRaYzF2PM
HFdXYsVK0DaX+EN2peQjRmb98Iyl+fbrOW6Kz8ImUtrBRMRfbG3I+YN8W94gflhj
coJjosGLNRqePyeCOT57d8GU7s0Khr6h1CsiKtAQXMxWwJIQrzu/FX6mWW8+lMmg
UJn29RgjTOms/Q0iyW+NlDaf9VCJS6mVZEAPJeKGpTO6MzqD9A7ITkYaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOss0O5pBzpYTbwM1RjyzYyMHxaMB8GA1UdIwQY
MBaAFNzkpMSED8ml/SFKYZqoh7W3Ykv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09Ta3hJUVB5YVg5SVVwaG1xaUh0YmRpU19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMTQwYTgtMDFjMC00ZTM2LWJkMDEt
MmI3YWU3MjIwMTFmLzEvNDZ5elE3bWtIT2xoTnZBelZHUExOakl3ZkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMTQwYTgtMDFjMC00ZTM2LWJkMDEtMmI3YWU3MjIwMTFm
LzEvM09Ta3hJUVB5YVg5SVVwaG1xaUh0YmRpU19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQOoMA0G
CSqGSIb3DQEBCwUAA4IBAQBr1vCFhrU9pyID1QeqGV5Y1tAP1cAIoi/s3B1za0O+
AOiF1xoVIFOFrDLSf6ttExcGksvamCAB8r7hPeraZobZcage7bMazQuLv1AcaV5U
JpJ3uIkBRV8E+FhH23YOAdcbY7KmAlbcWEDcdzzglIiIg51Ae49tc3PXrl4u028G
EPO0nOorBCmZD8r0Pb985biV0HBo+yNHf8fMEpOs9wQUS2qXSmouobttWJiySX5I
dJ1C+jVqtpHeUYmJGGEKx4B1hjyAwIYZt7Z+Tanm7uPwOUlD8b5io67K9Z4y6ETX
rFNrsYV16+1EF2nkozBRobRPLJIdjvqvhO0tnzEfO/F3
-----END CERTIFICATE-----