Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/scNiKgHJlOUFNyS1K8ZoUeSqIo8.roa
File:                     scNiKgHJlOUFNyS1K8ZoUeSqIo8.roa (raw, json)
Hash identifier:          mTayRmeegLVpCOzKY/TP5KBxnoMR4zgRNJAhKIm2qHk=
Subject key identifier:   B1:C3:62:2A:01:C9:94:E5:05:37:24:B5:2B:C6:68:51:E4:AA:22:8F
Certificate issuer:       /CN=85f4ee14f6d38a7cf071279dff7b391702e37135
Certificate serial:       018CC2DB3176EFFD32AE4A435ECFDFD6D294
Authority key identifier: 85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/scNiKgHJlOUFNyS1K8ZoUeSqIo8.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203977
IP address blocks:        185.146.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:76:ef:fd:32:ae:4a:43:5e:cf:df:d6:d2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85f4ee14f6d38a7cf071279dff7b391702e37135
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c3622a01c994e5053724b52bc66851e4aa228f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:76:d8:9b:d3:dd:34:6e:91:a4:1c:25:72:33:
                    81:ca:cb:4c:eb:81:0f:9b:02:13:fb:5d:84:c7:b0:
                    f0:6e:ea:fd:3d:f1:81:a9:ed:47:0f:7e:d5:69:6a:
                    0e:10:bb:0c:1e:ff:b8:f4:da:b5:cc:b8:21:ec:72:
                    ac:2e:30:3b:33:a0:69:1e:ee:58:eb:f2:59:15:5d:
                    f4:34:b9:2c:a6:12:8c:f8:03:b8:44:e0:f2:76:16:
                    64:39:2d:a5:1b:46:fe:3b:3f:ac:fb:6a:39:a0:3c:
                    fb:72:0f:04:0c:13:d1:bd:43:a3:e8:0b:c1:08:09:
                    c6:6d:10:8c:75:d5:94:17:f7:a6:5e:82:fd:9f:55:
                    fe:bc:4a:89:99:af:67:60:ff:2e:a0:16:1d:4e:74:
                    48:2e:70:aa:b5:4d:24:1d:3f:e3:5c:9d:e7:d9:82:
                    77:10:41:8c:77:20:e8:c0:01:9c:be:5e:f1:ba:a9:
                    17:ae:13:7d:01:d1:83:f4:17:da:d0:59:4a:19:3f:
                    ef:76:5b:e4:a1:18:f6:00:25:bf:36:cb:6e:bb:c4:
                    ef:4b:b2:66:60:bd:1c:38:4b:d0:ff:4f:b8:90:cd:
                    b9:3c:6a:06:20:ec:4a:b8:2d:ef:14:0d:32:d0:b0:
                    53:6f:96:95:c5:36:be:88:b9:c5:e1:fe:81:d2:8e:
                    16:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C3:62:2A:01:C9:94:E5:05:37:24:B5:2B:C6:68:51:E4:AA:22:8F
            X509v3 Authority Key Identifier:
                keyid:85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/scNiKgHJlOUFNyS1K8ZoUeSqIo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b2:2f:88:d1:ce:07:c2:e3:8f:a1:c6:84:3a:1d:bf:1c:32:
         d8:9f:fc:b5:fe:f2:28:8d:01:8b:74:fe:8c:4c:8d:ca:26:c7:
         d2:df:02:f0:f7:58:51:74:48:4e:b5:ec:e9:03:ee:bd:76:0b:
         bc:24:c2:19:3e:d9:b4:0a:6b:e6:88:94:4f:13:96:cc:cd:74:
         d3:66:5c:ca:21:1f:51:90:8e:78:9c:00:0d:85:83:ca:f8:00:
         b4:63:5f:f6:56:19:90:10:59:4e:f4:ff:4a:df:fd:f0:ad:bd:
         dd:e0:82:68:8a:a3:38:37:b4:46:aa:33:35:2f:10:7b:b4:15:
         0c:7b:8b:9c:be:9b:c2:23:bb:18:e2:ba:b3:52:e2:53:b7:a9:
         6f:0b:89:b3:48:c7:9b:50:36:b1:61:64:da:81:ee:4b:b4:5f:
         31:48:67:8b:1b:e4:6e:98:cc:ab:46:2a:10:31:a5:09:8c:32:
         0c:0b:68:4f:d9:52:63:8d:21:8c:3e:65:42:62:40:cc:6a:a4:
         b6:2d:81:e3:5e:d5:82:79:15:76:97:aa:a1:42:08:df:22:8b:
         17:3f:ca:ed:89:98:3d:60:ae:b0:ee:9b:d0:ac:d8:e2:e5:3a:
         1b:43:64:35:d7:7e:fa:0d:c3:cc:b1:73:26:9a:14:bb:67:ef:
         42:56:9d:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zF27/0yrkpDXs/f1tKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZjRlZTE0ZjZkMzhhN2NmMDcxMjc5ZGZmN2IzOTE3MDJl
MzcxMzUwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWMzNjIyYTAxYzk5NGU1MDUzNzI0YjUyYmM2Njg1MWU0YWEyMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3bYm9PdNG6RpBwlcjOBystM64EP
mwIT+12Ex7Dwbur9PfGBqe1HD37VaWoOELsMHv+49Nq1zLgh7HKsLjA7M6BpHu5Y
6/JZFV30NLksphKM+AO4RODydhZkOS2lG0b+Oz+s+2o5oDz7cg8EDBPRvUOj6AvB
CAnGbRCMddWUF/emXoL9n1X+vEqJma9nYP8uoBYdTnRILnCqtU0kHT/jXJ3n2YJ3
EEGMdyDowAGcvl7xuqkXrhN9AdGD9Bfa0FlKGT/vdlvkoRj2ACW/Nstuu8TvS7Jm
YL0cOEvQ/0+4kM25PGoGIOxKuC3vFA0y0LBTb5aVxTa+iLnF4f6B0o4WLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHDYioByZTlBTcktSvGaFHkqiKPMB8GA1UdIwQY
MBaAFIX07hT204p88HEnnf97ORcC43E1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUt
YmZkOTVhOWE2ZTY0LzEvc2NOaUtnSEpsT1VGTnlTMUs4Wm9VZVNxSW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUtYmZkOTVhOWE2ZTY0
LzEvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZLiMA0G
CSqGSIb3DQEBCwUAA4IBAQCFsi+I0c4HwuOPocaEOh2/HDLYn/y1/vIojQGLdP6M
TI3KJsfS3wLw91hRdEhOtezpA+69dgu8JMIZPtm0CmvmiJRPE5bMzXTTZlzKIR9R
kI54nAANhYPK+AC0Y1/2VhmQEFlO9P9K3/3wrb3d4IJoiqM4N7RGqjM1LxB7tBUM
e4ucvpvCI7sY4rqzUuJTt6lvC4mzSMebUDaxYWTage5LtF8xSGeLG+RumMyrRioQ
MaUJjDIMC2hP2VJjjSGMPmVCYkDMaqS2LYHjXtWCeRV2l6qhQgjfIosXP8rtiZg9
YK6w7pvQrNji5TobQ2Q11376DcPMsXMmmhS7Z+9CVp2t
-----END CERTIFICATE-----