Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/bQG0wHm3F2fR4v7NlJ2UCF_t40Y.roa
File:                     bQG0wHm3F2fR4v7NlJ2UCF_t40Y.roa (raw, json)
Hash identifier:          JyNzFse/zD12NK5rHuhksEGo3atbEnl4sHS9xp9cJMc=
Subject key identifier:   6D:01:B4:C0:79:B7:17:67:D1:E2:FE:CD:94:9D:94:08:5F:ED:E3:46
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       018CC87096B8FF2B6330677517094290AB59
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/bQG0wHm3F2fR4v7NlJ2UCF_t40Y.roa
Signing time:             Tue 02 Jan 2024 04:31:10 +0000
ROA not before:           Tue 02 Jan 2024 04:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209640
IP address blocks:        149.3.190.0/24 maxlen: 24
                          149.3.189.0/24 maxlen: 24
                          149.3.191.0/24 maxlen: 24
                          79.140.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:96:b8:ff:2b:63:30:67:75:17:09:42:90:ab:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Jan  2 04:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d01b4c079b71767d1e2fecd949d94085fede346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:36:2b:32:ca:85:dc:8f:a3:64:1a:d5:b5:3c:
                    af:76:1e:0d:d9:9f:f1:07:cb:a1:ae:55:9a:9b:0a:
                    b2:e4:10:30:9f:67:d6:16:db:83:91:bf:ce:79:0f:
                    47:ef:82:9a:91:3b:c1:4f:c6:97:70:9a:00:76:51:
                    e5:e6:a2:2d:8b:93:56:75:42:c5:1c:16:bd:ba:74:
                    06:52:b1:d0:4d:7e:b6:fc:04:93:e1:9e:e8:e7:78:
                    b7:c0:6a:a2:35:e3:fc:39:c7:6c:d0:37:f2:76:4b:
                    1e:70:bf:0f:1e:34:49:52:17:e9:c8:99:3a:94:9e:
                    40:40:66:0c:1c:4b:de:ab:31:0e:5e:29:5d:52:30:
                    15:bf:9e:ac:0f:89:d7:27:d5:c2:28:97:8d:b3:3f:
                    8f:5f:3c:cf:6f:2a:12:e9:27:3f:f5:c5:3a:d1:b7:
                    9b:64:d2:f1:eb:17:c0:33:44:15:42:34:75:cd:90:
                    c9:0e:44:46:29:d7:a6:e1:61:32:c1:72:14:e9:6c:
                    52:f8:6e:6a:24:2d:a4:d9:76:7c:6b:a9:fa:87:f3:
                    ba:47:96:49:de:d8:76:94:d5:32:05:b9:1a:71:af:
                    e5:ee:25:48:17:9d:0e:ee:04:98:76:c7:b0:f8:c2:
                    78:ce:14:c8:b4:21:b3:ab:63:7b:80:20:bc:20:19:
                    5e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:01:B4:C0:79:B7:17:67:D1:E2:FE:CD:94:9D:94:08:5F:ED:E3:46
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/bQG0wHm3F2fR4v7NlJ2UCF_t40Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.173.0/24
                  149.3.189.0-149.3.191.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:a5:28:de:5e:5f:44:bf:b3:88:f3:ca:d4:60:44:ae:71:2a:
         c7:5a:dc:47:32:2a:26:57:f5:99:1c:2c:07:d5:f0:fd:82:ee:
         32:ba:f0:6d:bc:ab:5d:42:09:f8:11:08:3f:04:47:bd:91:a0:
         a1:6a:e8:42:6c:ea:bf:da:0a:0c:b4:20:d6:ce:63:4f:09:f6:
         c1:75:67:b8:63:ac:17:15:d7:63:4a:7e:c8:ca:f8:46:34:21:
         91:0b:03:12:92:55:ca:83:32:56:11:94:14:87:4c:5b:ab:e9:
         1a:38:24:3c:c5:05:b0:76:45:4f:79:33:05:9d:1e:ef:ed:d4:
         8d:91:07:06:7b:b1:f9:24:38:70:ad:25:43:36:6c:65:e8:31:
         70:d0:f7:e6:ea:27:0d:cb:60:6c:17:c6:e6:8c:88:3d:42:30:
         57:62:c9:c7:41:46:8e:82:2c:87:9e:dc:88:9e:11:49:b9:4e:
         92:be:b0:20:da:34:df:cb:2c:59:ce:88:4b:ab:ce:91:6f:5f:
         65:58:b2:72:7e:b8:02:f4:98:c1:5a:0e:ae:f0:d4:04:3d:df:
         b7:8f:d5:92:54:a7:b7:bc:a3:ee:c2:46:16:96:a8:3c:25:6f:
         9a:d5:30:0e:ce:5c:f3:40:23:29:01:d4:ba:c4:06:b2:23:cb:
         7e:81:43:d0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIcJa4/ytjMGd1FwlCkKtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjQwMTAyMDQzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDAxYjRjMDc5YjcxNzY3ZDFlMmZlY2Q5NDlkOTQwODVmZWRlMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzYrMsqF3I+jZBrVtTyvdh4N2Z/x
B8uhrlWamwqy5BAwn2fWFtuDkb/OeQ9H74KakTvBT8aXcJoAdlHl5qIti5NWdULF
HBa9unQGUrHQTX62/AST4Z7o53i3wGqiNeP8Ocds0DfydksecL8PHjRJUhfpyJk6
lJ5AQGYMHEveqzEOXildUjAVv56sD4nXJ9XCKJeNsz+PXzzPbyoS6Sc/9cU60beb
ZNLx6xfAM0QVQjR1zZDJDkRGKdem4WEywXIU6WxS+G5qJC2k2XZ8a6n6h/O6R5ZJ
3th2lNUyBbkaca/l7iVIF50O7gSYdsew+MJ4zhTItCGzq2N7gCC8IBleuwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG0BtMB5txdn0eL+zZSdlAhf7eNGMB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEvYlFHMHdIbTNGMmZSNHY3TmxKMlVDRl90NDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAT4ytMAwD
BACVA70DBAaVA4AwDQYJKoZIhvcNAQELBQADggEBAC2lKN5eX0S/s4jzytRgRK5x
Ksda3EcyKiZX9ZkcLAfV8P2C7jK68G28q11CCfgRCD8ER72RoKFq6EJs6r/aCgy0
INbOY08J9sF1Z7hjrBcV12NKfsjK+EY0IZELAxKSVcqDMlYRlBSHTFur6Ro4JDzF
BbB2RU95MwWdHu/t1I2RBwZ7sfkkOHCtJUM2bGXoMXDQ9+bqJw3LYGwXxuaMiD1C
MFdiycdBRo6CLIee3IieEUm5TpK+sCDaNN/LLFnOiEurzpFvX2VYsnJ+uAL0mMFa
Dq7w1AQ937eP1ZJUp7e8o+7CRhaWqDwlb5rVMA7OXPNAIykB1LrEBrIjy36BQ9A=
-----END CERTIFICATE-----