Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/3VFXPqnsN6twQWtX4HdC-Y4904I.roa
File:                     3VFXPqnsN6twQWtX4HdC-Y4904I.roa (raw, json)
Hash identifier:          rSbNkdEwxZ2dWTKl3C1FrTUCbAH6he55ZexPOXXZ7U4=
Subject key identifier:   DD:51:57:3E:A9:EC:37:AB:70:41:6B:57:E0:77:42:F9:8E:3D:D3:82
Certificate issuer:       /CN=3066ad61c162df0650ee0ab60c68075b29a211c8
Certificate serial:       018CC26D54EB8C96808418E4D0983068AF38
Authority key identifier: 30:66:AD:61:C1:62:DF:06:50:EE:0A:B6:0C:68:07:5B:29:A2:11:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/3VFXPqnsN6twQWtX4HdC-Y4904I.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        185.203.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:54:eb:8c:96:80:84:18:e4:d0:98:30:68:af:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3066ad61c162df0650ee0ab60c68075b29a211c8
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd51573ea9ec37ab70416b57e07742f98e3dd382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0d:0e:2e:11:2a:2b:25:d6:ab:06:8d:88:4b:
                    8a:cd:cb:44:6b:a9:71:1d:4e:06:f8:ed:6a:91:e6:
                    00:48:83:e8:38:79:33:4a:0d:03:f1:e4:7c:b9:5c:
                    73:9d:86:a9:28:2c:80:a5:cb:9b:22:0b:10:16:09:
                    4f:4e:f0:c3:79:75:58:0a:dc:7a:96:e1:10:31:ec:
                    f0:ad:c2:99:01:45:93:36:6b:e9:fb:cc:e5:69:c5:
                    d1:c6:b0:9c:b9:26:59:68:08:8e:b7:ea:47:0b:c1:
                    b4:35:c7:cb:f4:3f:f6:74:92:75:09:44:91:0c:f0:
                    c3:8e:e3:aa:c4:ea:09:02:be:5f:59:ec:15:e5:55:
                    f6:6c:34:65:2a:e0:a1:f9:31:3a:ab:2e:66:2a:18:
                    2c:f7:28:39:29:50:2e:75:1b:82:bf:11:d9:dd:e2:
                    2f:b4:8b:27:14:43:e1:93:c7:c0:3a:ec:63:f2:3c:
                    68:17:c0:7f:4b:b8:09:ac:4a:8b:05:dc:87:a0:1c:
                    b0:64:58:50:84:1b:f9:fb:5b:27:46:a2:8c:3f:b3:
                    83:13:11:ee:62:0e:3d:f0:e0:5e:c1:f3:f3:ca:32:
                    a9:30:7e:aa:d8:ed:6d:e3:39:27:c9:e1:35:f4:fc:
                    69:9c:ca:96:47:3d:35:f5:a6:19:ed:cc:d4:74:2a:
                    06:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:51:57:3E:A9:EC:37:AB:70:41:6B:57:E0:77:42:F9:8E:3D:D3:82
            X509v3 Authority Key Identifier:
                keyid:30:66:AD:61:C1:62:DF:06:50:EE:0A:B6:0C:68:07:5B:29:A2:11:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/3VFXPqnsN6twQWtX4HdC-Y4904I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:0f:eb:da:4d:fc:2d:b0:36:5a:78:da:a5:13:ea:24:86:bb:
         c7:01:30:9e:6d:df:ef:de:f9:da:77:d1:0c:69:22:52:f9:9a:
         c8:9e:21:45:3f:ad:0b:61:74:16:da:d6:12:5a:40:d3:dd:06:
         4c:2a:80:99:bf:64:f1:2d:bb:d2:c6:8c:19:10:74:fb:72:af:
         6d:17:fe:af:34:c5:ac:76:68:47:2b:b7:cc:bf:42:ab:e5:25:
         81:5a:f7:c0:12:dc:70:c5:95:6b:af:a7:2b:da:6f:08:1b:73:
         22:9e:05:25:f8:c4:6e:65:38:b7:dc:db:1a:c5:b2:6c:08:1e:
         7b:cc:f2:38:99:79:8b:e5:8d:06:40:46:bd:4b:5f:0a:2f:d3:
         d8:9d:29:2a:ec:89:94:01:c8:5f:df:db:34:c9:43:fb:a7:99:
         f2:83:43:e4:f5:a2:3c:87:f8:9c:4c:0a:0d:6f:a7:26:58:31:
         ba:38:68:61:72:e3:81:e2:7d:34:d8:58:6f:d6:e3:0d:e2:b4:
         9d:4b:48:c7:53:3c:dd:bc:ec:a0:03:cd:b5:eb:b5:99:e8:bc:
         b1:c4:c8:56:c1:2d:49:46:2b:29:42:79:1f:71:46:b5:c7:2d:
         af:18:12:33:84:b3:fe:73:84:39:75:88:7b:e3:f1:c9:14:87:
         2c:0c:b6:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVTrjJaAhBjk0JgwaK84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjZhZDYxYzE2MmRmMDY1MGVlMGFiNjBjNjgwNzViMjlh
MjExYzgwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDUxNTczZWE5ZWMzN2FiNzA0MTZiNTdlMDc3NDJmOThlM2RkMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA0OLhEqKyXWqwaNiEuKzctEa6lx
HU4G+O1qkeYASIPoOHkzSg0D8eR8uVxznYapKCyApcubIgsQFglPTvDDeXVYCtx6
luEQMezwrcKZAUWTNmvp+8zlacXRxrCcuSZZaAiOt+pHC8G0NcfL9D/2dJJ1CUSR
DPDDjuOqxOoJAr5fWewV5VX2bDRlKuCh+TE6qy5mKhgs9yg5KVAudRuCvxHZ3eIv
tIsnFEPhk8fAOuxj8jxoF8B/S7gJrEqLBdyHoBywZFhQhBv5+1snRqKMP7ODExHu
Yg498OBewfPzyjKpMH6q2O1t4zknyeE19PxpnMqWRz019aYZ7czUdCoGbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1RVz6p7DercEFrV+B3QvmOPdOCMB8GA1UdIwQY
MBaAFDBmrWHBYt8GUO4KtgxoB1spohHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdhdFljRmkzd1pRN2dxMkRHZ0hXeW1pRWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85YjM0YjAtMzAxYS00MWEyLWI0YzUt
YTg4NjZhYTk1YzcxLzEvM1ZGWFBxbnNONnR3UVd0WDRIZEMtWTQ5MDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85YjM0YjAtMzAxYS00MWEyLWI0YzUtYTg4NjZhYTk1Yzcx
LzEvTUdhdFljRmkzd1pRN2dxMkRHZ0hXeW1pRWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucu8MA0G
CSqGSIb3DQEBCwUAA4IBAQBzD+vaTfwtsDZaeNqlE+okhrvHATCebd/v3vnad9EM
aSJS+ZrIniFFP60LYXQW2tYSWkDT3QZMKoCZv2TxLbvSxowZEHT7cq9tF/6vNMWs
dmhHK7fMv0Kr5SWBWvfAEtxwxZVrr6cr2m8IG3MingUl+MRuZTi33NsaxbJsCB57
zPI4mXmL5Y0GQEa9S18KL9PYnSkq7ImUAchf39s0yUP7p5nyg0Pk9aI8h/icTAoN
b6cmWDG6OGhhcuOB4n002Fhv1uMN4rSdS0jHUzzdvOygA82167WZ6LyxxMhWwS1J
RispQnkfcUa1xy2vGBIzhLP+c4Q5dYh74/HJFIcsDLb6
-----END CERTIFICATE-----