Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/vWgcEKTNxMC7tFT2zjOOtE_XzpQ.roa
File:                     vWgcEKTNxMC7tFT2zjOOtE_XzpQ.roa (raw, json)
Hash identifier:          sUu7KyfF5P6WMStvQSbenwdIkyxcpmg0mRoKZmh0QN8=
Subject key identifier:   BD:68:1C:10:A4:CD:C4:C0:BB:B4:54:F6:CE:33:8E:B4:4F:D7:CE:94
Certificate issuer:       /CN=abc3a3091c3b1a8c9e82a09d374090f6d7300b20
Certificate serial:       018CC2DB5DC9593FA9B596E468966EF1A54D
Authority key identifier: AB:C3:A3:09:1C:3B:1A:8C:9E:82:A0:9D:37:40:90:F6:D7:30:0B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8OjCRw7GoyegqCdN0CQ9tcwCyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/vWgcEKTNxMC7tFT2zjOOtE_XzpQ.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44531
IP address blocks:        185.150.111.0/24 maxlen: 24
                          185.150.108.0/24 maxlen: 24
                          185.150.109.0/24 maxlen: 24
                          185.150.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/q8OjCRw7GoyegqCdN0CQ9tcwCyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/q8OjCRw7GoyegqCdN0CQ9tcwCyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8OjCRw7GoyegqCdN0CQ9tcwCyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:c9:59:3f:a9:b5:96:e4:68:96:6e:f1:a5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc3a3091c3b1a8c9e82a09d374090f6d7300b20
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd681c10a4cdc4c0bbb454f6ce338eb44fd7ce94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d1:64:14:6d:5b:9b:d0:ba:4a:7d:56:f6:4a:
                    01:d9:04:29:c7:9d:bd:ee:e0:5b:39:16:d3:14:6e:
                    77:b2:02:8f:8c:19:f8:9f:44:a4:92:a0:63:ec:a8:
                    5f:e3:47:11:d7:b2:8d:7e:46:79:bf:51:b3:3f:ce:
                    1e:d3:08:6a:26:23:e5:70:9c:88:7b:e0:83:9d:78:
                    e9:7e:c8:00:3d:8e:4c:e3:5b:0a:09:f0:c7:f1:53:
                    b5:6f:29:29:37:2a:a2:f9:83:50:b3:82:eb:8c:05:
                    e0:e1:33:ce:70:39:1f:4c:43:5d:48:40:c2:3d:4a:
                    bb:4b:bc:7c:9d:e0:e0:44:38:09:92:bb:b9:09:12:
                    e3:d8:1a:24:0b:d2:22:66:3a:3c:72:1f:2f:fc:f2:
                    0a:55:55:34:44:93:e0:62:68:c4:aa:11:ee:76:a8:
                    d3:38:c0:b9:f1:61:14:a2:22:c5:f7:c5:a2:e8:9a:
                    e4:94:68:15:c3:e3:88:41:23:7a:30:c8:82:3c:6f:
                    ff:92:d8:e2:07:a6:62:13:e2:31:c0:9a:06:78:a6:
                    ed:73:b6:aa:ff:2a:ed:13:71:fd:b3:a7:6a:95:e3:
                    d1:c2:96:a3:51:55:ef:46:8a:e8:67:44:4e:ea:79:
                    1a:90:e6:ad:3e:51:d4:c5:7d:76:aa:5b:41:8f:b4:
                    68:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:68:1C:10:A4:CD:C4:C0:BB:B4:54:F6:CE:33:8E:B4:4F:D7:CE:94
            X509v3 Authority Key Identifier:
                keyid:AB:C3:A3:09:1C:3B:1A:8C:9E:82:A0:9D:37:40:90:F6:D7:30:0B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8OjCRw7GoyegqCdN0CQ9tcwCyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/vWgcEKTNxMC7tFT2zjOOtE_XzpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/b739e9-16a8-42df-820c-18a768b60fcd/1/q8OjCRw7GoyegqCdN0CQ9tcwCyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:a9:47:d8:0d:05:78:0d:ec:8a:c3:a5:be:5e:e2:7d:7c:33:
         e1:31:3a:f3:82:c7:d6:57:25:5c:c7:7d:71:7a:15:f8:41:b4:
         e7:b2:49:54:29:9d:3d:af:40:bb:f8:c2:1e:58:19:d9:bd:a1:
         50:2a:ea:ad:94:02:fe:32:a0:64:8f:83:05:72:37:a3:fe:ea:
         d3:27:27:7a:34:2d:4d:bb:56:e7:c8:d5:44:3b:76:4b:0f:af:
         34:a8:11:68:bf:63:88:fa:64:a0:bf:d8:b1:0b:24:30:6b:40:
         45:f8:8e:75:e3:fe:31:d8:19:a3:5c:7b:e6:94:72:6f:0a:38:
         96:1b:ee:8f:35:88:c9:98:5f:c6:71:79:55:ea:6c:1a:22:8f:
         fa:3d:c8:ae:3a:b7:17:3a:54:f5:85:33:40:02:bf:31:dc:a6:
         9c:2f:ed:b8:16:89:28:4b:c7:ee:c9:98:23:38:a6:39:6b:61:
         21:33:0e:82:38:8d:44:ce:c2:39:b7:19:61:f0:92:5b:52:fc:
         26:1d:2d:ad:9b:80:08:50:8e:0d:ce:de:38:db:ea:51:e1:a8:
         c0:27:be:36:7f:08:d9:1d:2e:17:46:60:1c:11:61:fe:93:1a:
         e5:ca:8c:97:f8:15:73:9f:e1:7e:8e:70:d9:78:76:6d:03:38:
         14:42:67:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC213JWT+ptZbkaJZu8aVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzNhMzA5MWMzYjFhOGM5ZTgyYTA5ZDM3NDA5MGY2ZDcz
MDBiMjAwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDY4MWMxMGE0Y2RjNGMwYmJiNDU0ZjZjZTMzOGViNDRmZDdjZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdFkFG1bm9C6Sn1W9koB2QQpx529
7uBbORbTFG53sgKPjBn4n0SkkqBj7Khf40cR17KNfkZ5v1GzP84e0whqJiPlcJyI
e+CDnXjpfsgAPY5M41sKCfDH8VO1bykpNyqi+YNQs4LrjAXg4TPOcDkfTENdSEDC
PUq7S7x8neDgRDgJkru5CRLj2BokC9IiZjo8ch8v/PIKVVU0RJPgYmjEqhHudqjT
OMC58WEUoiLF98Wi6JrklGgVw+OIQSN6MMiCPG//ktjiB6ZiE+IxwJoGeKbtc7aq
/yrtE3H9s6dqlePRwpajUVXvRoroZ0RO6nkakOatPlHUxX12qltBj7RonwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1oHBCkzcTAu7RU9s4zjrRP186UMB8GA1UdIwQY
MBaAFKvDowkcOxqMnoKgnTdAkPbXMAsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThPakNSdzdHb3llZ3FDZE4wQ1E5dGN3Q3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9iNzM5ZTktMTZhOC00MmRmLTgyMGMt
MThhNzY4YjYwZmNkLzEvdldnY0VLVE54TUM3dEZUMnpqT090RV9YenBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9iNzM5ZTktMTZhOC00MmRmLTgyMGMtMThhNzY4YjYwZmNk
LzEvcThPakNSdzdHb3llZ3FDZE4wQ1E5dGN3Q3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZZsMA0G
CSqGSIb3DQEBCwUAA4IBAQBGqUfYDQV4DeyKw6W+XuJ9fDPhMTrzgsfWVyVcx31x
ehX4QbTnsklUKZ09r0C7+MIeWBnZvaFQKuqtlAL+MqBkj4MFcjej/urTJyd6NC1N
u1bnyNVEO3ZLD680qBFov2OI+mSgv9ixCyQwa0BF+I514/4x2BmjXHvmlHJvCjiW
G+6PNYjJmF/GcXlV6mwaIo/6PciuOrcXOlT1hTNAAr8x3KacL+24FokoS8fuyZgj
OKY5a2EhMw6COI1EzsI5txlh8JJbUvwmHS2tm4AIUI4Nzt442+pR4ajAJ742fwjZ
HS4XRmAcEWH+kxrlyoyX+BVzn+F+jnDZeHZtAzgUQmfL
-----END CERTIFICATE-----