Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/dg3DvqX4fv_b7dA_McuPip09OYA.roa
File:                     dg3DvqX4fv_b7dA_McuPip09OYA.roa (raw, json)
Hash identifier:          n1zdAkHrm69leyk6LB7n5DRQSEOLrNMianChVw6OnMs=
Subject key identifier:   76:0D:C3:BE:A5:F8:7E:FF:DB:ED:D0:3F:31:CB:8F:8A:9D:3D:39:80
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       018CCA2A01D312C5DB34810655EFCEAA3212
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/dg3DvqX4fv_b7dA_McuPip09OYA.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216180
IP address blocks:        192.250.233.0/24 maxlen: 24
                          192.250.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:01:d3:12:c5:db:34:81:06:55:ef:ce:aa:32:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=760dc3bea5f87effdbedd03f31cb8f8a9d3d3980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:88:e0:bb:0a:0e:4b:7c:fd:20:a6:42:b0:1b:
                    85:2d:eb:4b:ea:02:1d:96:91:a1:ff:df:69:df:83:
                    f3:e8:da:d1:65:4b:6e:1a:b1:89:16:fa:b2:e9:a1:
                    a5:27:9c:a3:9c:2e:56:87:f7:b4:ea:29:b6:00:e1:
                    36:84:f0:1e:18:31:d2:a6:78:c0:73:7a:91:2d:b5:
                    f3:5d:85:65:1d:e2:3b:7d:90:97:9b:54:97:e6:d8:
                    98:a6:7e:a8:af:a4:4d:39:57:fe:af:36:56:31:9d:
                    69:51:c1:c7:96:43:12:59:21:13:12:31:62:ed:20:
                    e7:7a:eb:a6:d3:6d:15:79:e2:72:a4:2d:9b:59:a3:
                    e4:63:44:e1:dd:3f:3c:e8:ab:2a:62:17:a1:f9:09:
                    fb:a6:74:a4:f6:22:b7:37:be:df:cd:ce:5f:d8:95:
                    d5:cd:42:c2:21:ee:25:ab:45:7b:84:6a:41:33:f1:
                    db:d3:79:37:a2:82:af:f5:cc:bb:51:c9:d0:f9:7a:
                    f3:0d:23:61:42:0c:f3:cc:72:54:27:33:d6:c8:a2:
                    da:60:52:9e:0c:77:6f:a7:89:b3:46:5a:b6:c7:82:
                    f7:8a:ee:6e:d2:17:7c:50:1b:af:27:6d:15:ea:34:
                    16:13:0f:50:99:e1:f3:56:ac:11:a5:89:7e:51:f5:
                    25:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0D:C3:BE:A5:F8:7E:FF:DB:ED:D0:3F:31:CB:8F:8A:9D:3D:39:80
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/dg3DvqX4fv_b7dA_McuPip09OYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.250.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:ce:b9:54:16:53:25:d9:62:ff:76:8e:02:e7:aa:d8:ec:b1:
         7b:93:0e:f2:25:00:ce:27:ec:10:01:21:d6:66:d4:e2:5a:de:
         64:7a:b0:56:ce:e9:45:3b:82:59:b6:bb:f5:f3:1a:c7:6d:c2:
         cc:28:f6:7f:11:a2:bb:db:94:89:2b:33:3c:1b:bc:77:62:8c:
         61:3f:3d:84:9c:0e:d8:d0:54:c6:05:8e:b7:28:24:4c:b4:4a:
         27:81:f2:dd:00:0c:b4:d6:fb:4a:ce:a7:67:3c:f0:2a:53:c2:
         7a:bf:89:22:4a:38:de:fd:07:95:97:ca:95:99:26:12:66:9d:
         0a:28:60:ee:e5:cd:3b:9d:46:93:96:91:11:87:b0:2e:11:3c:
         16:64:4f:f9:8c:24:40:63:8c:88:5b:02:c4:0e:5c:da:7d:c1:
         ed:6c:11:82:f9:c5:31:0d:63:a6:9c:7e:c8:cc:dd:13:04:05:
         c5:da:52:6f:2d:be:48:5f:66:2c:50:2c:c2:ac:46:c2:d7:de:
         c3:97:09:70:b2:a2:cc:3d:18:70:1c:d2:c0:67:1b:1a:78:dc:
         0b:6b:5f:56:2e:d0:e2:fc:6c:93:ab:17:7b:fa:6b:2f:19:a0:
         df:5a:8a:c5:ae:23:5d:19:ab:1b:29:eb:9c:45:6f:6d:0a:c1:
         5a:ad:57:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgHTEsXbNIEGVe/OqjISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjBkYzNiZWE1Zjg3ZWZmZGJlZGQwM2YzMWNiOGY4YTlkM2QzOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsojguwoOS3z9IKZCsBuFLetL6gId
lpGh/99p34Pz6NrRZUtuGrGJFvqy6aGlJ5yjnC5Wh/e06im2AOE2hPAeGDHSpnjA
c3qRLbXzXYVlHeI7fZCXm1SX5tiYpn6or6RNOVf+rzZWMZ1pUcHHlkMSWSETEjFi
7SDneuum020VeeJypC2bWaPkY0Th3T886KsqYheh+Qn7pnSk9iK3N77fzc5f2JXV
zULCIe4lq0V7hGpBM/Hb03k3ooKv9cy7UcnQ+XrzDSNhQgzzzHJUJzPWyKLaYFKe
DHdvp4mzRlq2x4L3iu5u0hd8UBuvJ20V6jQWEw9QmeHzVqwRpYl+UfUlsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYNw76l+H7/2+3QPzHLj4qdPTmAMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvZGczRHZxWDRmdl9iN2RBX01jdVBpcDA5T1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwProMA0G
CSqGSIb3DQEBCwUAA4IBAQBtzrlUFlMl2WL/do4C56rY7LF7kw7yJQDOJ+wQASHW
ZtTiWt5kerBWzulFO4JZtrv18xrHbcLMKPZ/EaK725SJKzM8G7x3YoxhPz2EnA7Y
0FTGBY63KCRMtEongfLdAAy01vtKzqdnPPAqU8J6v4kiSjje/QeVl8qVmSYSZp0K
KGDu5c07nUaTlpERh7AuETwWZE/5jCRAY4yIWwLEDlzafcHtbBGC+cUxDWOmnH7I
zN0TBAXF2lJvLb5IX2YsUCzCrEbC197DlwlwsqLMPRhwHNLAZxsaeNwLa19WLtDi
/GyTqxd7+msvGaDfWorFriNdGasbKeucRW9tCsFarVcy
-----END CERTIFICATE-----