Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/DEtFTLyhCZrz_ZFlK3LPe67oBBY.roa
File:                     DEtFTLyhCZrz_ZFlK3LPe67oBBY.roa (raw, json)
Hash identifier:          LhMG8+saryk2/SIY4SbDPKLFxjCO8OtH3KfSuhSz1KE=
Subject key identifier:   0C:4B:45:4C:BC:A1:09:9A:F3:FD:91:65:2B:72:CF:7B:AE:E8:04:16
Certificate issuer:       /CN=3b544ca0e2be18e9fd74e281324a30b0ea2d1d52
Certificate serial:       018CC4246AC5DB79556EB7F5B12FE1B32C32
Authority key identifier: 3B:54:4C:A0:E2:BE:18:E9:FD:74:E2:81:32:4A:30:B0:EA:2D:1D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/DEtFTLyhCZrz_ZFlK3LPe67oBBY.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        145.224.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6a:c5:db:79:55:6e:b7:f5:b1:2f:e1:b3:2c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b544ca0e2be18e9fd74e281324a30b0ea2d1d52
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c4b454cbca1099af3fd91652b72cf7baee80416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d1:e7:39:2e:df:e1:4a:27:ff:94:31:af:bc:
                    64:55:68:40:1b:48:e3:ff:a7:8b:03:ee:c9:cd:1b:
                    0d:81:1e:41:fb:77:49:bb:27:9f:67:6e:e8:a9:c3:
                    3b:a3:2d:69:40:10:cc:11:48:a1:46:ab:b7:10:84:
                    62:3a:83:79:aa:28:5b:79:cc:3a:7a:b4:c0:ca:91:
                    ab:94:94:36:df:ae:48:c6:ee:98:21:99:82:67:9e:
                    9c:08:77:96:af:60:ba:da:6a:a2:ad:8a:27:98:b9:
                    70:17:3d:a9:1c:4a:ae:7b:64:94:b1:4d:16:1c:e8:
                    89:59:46:2d:44:ec:d7:b5:3a:d1:3d:67:1d:a9:41:
                    1d:5b:c4:9b:97:f5:89:22:70:6b:ab:21:a3:35:f6:
                    0f:e0:fc:8f:3a:64:81:56:1e:54:16:43:78:8e:54:
                    86:88:3f:72:d5:15:ed:38:5d:45:ce:2a:b5:61:d4:
                    00:48:14:54:de:af:c7:85:af:9a:a4:44:76:3a:18:
                    a8:f4:ff:23:c3:22:ba:d9:76:91:31:b4:09:a3:71:
                    46:60:9a:c0:f2:d9:f9:d0:b6:03:d9:53:dd:d6:e8:
                    da:7b:46:3a:33:ca:1d:15:4a:4f:d3:23:89:7f:27:
                    13:b7:3c:e8:06:51:ba:2e:05:74:16:62:88:3d:25:
                    e4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4B:45:4C:BC:A1:09:9A:F3:FD:91:65:2B:72:CF:7B:AE:E8:04:16
            X509v3 Authority Key Identifier:
                keyid:3B:54:4C:A0:E2:BE:18:E9:FD:74:E2:81:32:4A:30:B0:EA:2D:1D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/DEtFTLyhCZrz_ZFlK3LPe67oBBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.224.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:68:f3:55:2e:6d:5c:6a:64:f8:ce:5a:cc:1d:2e:02:1f:86:
         c7:c8:b1:90:63:8a:57:fb:b0:77:c6:6b:ce:44:d3:ad:14:a4:
         6e:4f:e6:ad:c3:75:57:cc:cf:d7:24:b7:91:a0:78:1e:b3:85:
         91:70:cb:e5:0d:67:2d:de:c4:e7:92:62:7a:5e:9d:a6:90:82:
         54:80:25:e2:fd:a2:43:29:0e:cd:c6:ea:da:3f:17:91:76:0b:
         61:eb:92:5c:b8:e5:e9:64:d4:59:a3:ca:bd:dc:f3:00:d7:30:
         d7:09:46:47:13:61:2f:c4:46:94:bd:ff:80:08:1a:b2:ac:69:
         56:aa:58:b9:94:23:38:fd:b5:0a:04:a5:26:96:4d:f2:51:97:
         7d:f4:93:3b:34:7f:d9:49:d9:e3:8a:d5:a3:0c:5c:88:99:1a:
         3d:7c:12:1c:f9:c6:6e:ad:0f:1f:6c:c1:b4:0f:1f:e0:59:95:
         25:d2:55:af:0c:29:5a:4e:16:42:8d:c1:3e:b7:1d:68:56:01:
         d1:df:58:ea:d7:41:44:07:e9:b5:07:83:14:30:52:09:9a:0e:
         b1:2d:8f:98:4c:f8:d2:01:7d:30:63:80:37:96:91:0f:f6:cc:
         fb:91:a5:89:36:bf:28:b3:66:92:f1:23:37:7a:81:c4:f3:1f:
         1f:85:18:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGrF23lVbrf1sS/hsywyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNTQ0Y2EwZTJiZTE4ZTlmZDc0ZTI4MTMyNGEzMGIwZWEy
ZDFkNTIwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRiNDU0Y2JjYTEwOTlhZjNmZDkxNjUyYjcyY2Y3YmFlZTgwNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHnOS7f4Uon/5Qxr7xkVWhAG0jj
/6eLA+7JzRsNgR5B+3dJuyefZ27oqcM7oy1pQBDMEUihRqu3EIRiOoN5qihbecw6
erTAypGrlJQ2365Ixu6YIZmCZ56cCHeWr2C62mqirYonmLlwFz2pHEque2SUsU0W
HOiJWUYtROzXtTrRPWcdqUEdW8Sbl/WJInBrqyGjNfYP4PyPOmSBVh5UFkN4jlSG
iD9y1RXtOF1Fziq1YdQASBRU3q/Hha+apER2Ohio9P8jwyK62XaRMbQJo3FGYJrA
8tn50LYD2VPd1ujae0Y6M8odFUpP0yOJfycTtzzoBlG6LgV0FmKIPSXk5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxLRUy8oQma8/2RZStyz3uu6AQWMB8GA1UdIwQY
MBaAFDtUTKDivhjp/XTigTJKMLDqLR1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFSTW9PSy1HT245ZE9LQk1rb3dzT290SFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8zMDMwYmItNDJjMi00ZTNjLTg1OWEt
ODc2YTlkNzYyOWY2LzEvREV0RlRMeWhDWnJ6X1pGbEszTFBlNjdvQkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8zMDMwYmItNDJjMi00ZTNjLTg1OWEtODc2YTlkNzYyOWY2
LzEvTzFSTW9PSy1HT245ZE9LQk1rb3dzT290SFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkeAgMA0G
CSqGSIb3DQEBCwUAA4IBAQAmaPNVLm1camT4zlrMHS4CH4bHyLGQY4pX+7B3xmvO
RNOtFKRuT+atw3VXzM/XJLeRoHges4WRcMvlDWct3sTnkmJ6Xp2mkIJUgCXi/aJD
KQ7NxuraPxeRdgth65JcuOXpZNRZo8q93PMA1zDXCUZHE2EvxEaUvf+ACBqyrGlW
qli5lCM4/bUKBKUmlk3yUZd99JM7NH/ZSdnjitWjDFyImRo9fBIc+cZurQ8fbMG0
Dx/gWZUl0lWvDClaThZCjcE+tx1oVgHR31jq10FEB+m1B4MUMFIJmg6xLY+YTPjS
AX0wY4A3lpEP9sz7kaWJNr8os2aS8SM3eoHE8x8fhRgT
-----END CERTIFICATE-----