Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/3y59T3vgUEUU_XoFI4iVcIYohP0.roa
File:                     3y59T3vgUEUU_XoFI4iVcIYohP0.roa (raw, json)
Hash identifier:          U+n5eaK4oq2egFHPRV4hWhvV0J3qjvVMUtszdSlSm3E=
Subject key identifier:   DF:2E:7D:4F:7B:E0:50:45:14:FD:7A:05:23:88:95:70:86:28:84:FD
Certificate issuer:       /CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
Certificate serial:       018CC26D0D6F65CE1382C72AB9DEE1F809F1
Authority key identifier: 8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/3y59T3vgUEUU_XoFI4iVcIYohP0.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50763
IP address blocks:        185.241.44.0/22 maxlen: 22
                          185.241.44.0/23 maxlen: 23
                          185.241.46.0/24 maxlen: 24
                          2a0c:9880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0d:6f:65:ce:13:82:c7:2a:b9:de:e1:f8:09:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df2e7d4f7be0504514fd7a0523889570862884fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:09:35:52:44:93:f2:d5:46:e4:13:07:50:fc:
                    ef:91:75:21:c4:d9:17:ad:f5:33:6b:3a:69:a8:10:
                    07:7a:29:28:c6:8b:80:c9:81:01:b6:b9:a6:e4:10:
                    87:c0:9a:57:52:c1:ad:b2:d8:93:31:17:9c:04:26:
                    ef:aa:17:84:16:bb:83:47:4a:9c:b3:a0:3d:14:8d:
                    dd:2b:b7:dd:0d:09:29:3f:7f:f9:4a:59:c0:f6:8e:
                    5c:97:f3:42:2d:d9:89:00:52:8d:e8:10:5a:be:d2:
                    8a:4b:1f:46:4e:56:e1:6c:92:cb:c5:34:d6:b6:60:
                    f9:ab:c1:2c:b2:54:f6:c4:5c:df:94:96:6e:68:a7:
                    0f:57:da:b3:4c:52:6e:03:45:01:4b:2d:b9:34:69:
                    61:f6:d5:25:d7:ac:5b:4c:74:d1:d6:10:d6:95:c4:
                    83:ae:0e:38:93:5b:89:ac:15:2b:04:8e:fa:60:e5:
                    ed:25:5b:6c:94:b2:8f:7d:22:a9:12:06:4f:1b:89:
                    d2:1f:e7:dd:b9:d9:02:f2:16:83:f8:70:96:18:74:
                    c5:51:cd:95:a2:c1:4b:d9:fd:e1:8e:4d:63:ff:6e:
                    b7:94:5a:d8:6d:a8:cd:84:72:22:d0:dd:b6:20:11:
                    48:62:73:46:51:3c:8f:65:dd:52:52:c2:91:e4:59:
                    2b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2E:7D:4F:7B:E0:50:45:14:FD:7A:05:23:88:95:70:86:28:84:FD
            X509v3 Authority Key Identifier:
                keyid:8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/3y59T3vgUEUU_XoFI4iVcIYohP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.44.0/22
                IPv6:
                  2a0c:9880::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:fe:62:98:1e:93:0b:91:91:dc:fe:62:be:79:2d:55:c9:90:
         b6:95:c9:28:14:92:21:4c:a1:fb:52:7e:96:f9:8c:6e:28:5d:
         d7:06:60:ca:c9:8e:5b:84:0e:4e:f9:9b:31:6e:9b:4a:a8:08:
         ca:7f:94:15:83:84:2d:f9:77:47:c8:91:73:ce:79:08:73:94:
         e2:8f:4b:a7:23:cd:c0:dc:0a:f8:4c:a2:f1:f8:6a:8e:50:ba:
         11:74:6f:cb:33:dd:ff:85:8a:77:50:2f:64:f6:6c:af:40:ed:
         68:7a:30:c1:d2:fb:c2:a3:37:d9:2b:b4:25:4a:6f:ca:f8:05:
         8e:51:0a:ad:30:77:71:5a:56:ef:20:da:82:f9:3b:aa:9b:c9:
         71:18:f7:df:8b:47:d6:35:b1:90:1f:ae:9f:1e:45:67:e8:6f:
         7c:22:64:6f:14:a8:72:e6:d7:56:77:49:78:3e:bd:e0:52:c3:
         b3:dd:1a:f1:a4:da:bc:ac:57:cd:ff:48:2e:27:a3:26:da:75:
         7c:a8:e2:28:78:70:03:cc:df:48:b0:6f:11:74:59:f4:43:36:
         af:68:fc:37:12:5e:7f:fe:6e:74:9d:7a:83:a4:50:19:40:90:
         f6:8b:55:2b:e3:c6:b4:82:a9:06:e8:60:26:eb:c4:a9:7a:16:
         75:44:d6:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbQ1vZc4Tgscqud7h+AnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYTFmZTlhNGMwM2QwMTVhZWM5NzRlMmQyOTcwOWE5Nzll
YjgyZjEwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJlN2Q0ZjdiZTA1MDQ1MTRmZDdhMDUyMzg4OTU3MDg2Mjg4NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQk1UkST8tVG5BMHUPzvkXUhxNkX
rfUzazppqBAHeikoxouAyYEBtrmm5BCHwJpXUsGtstiTMRecBCbvqheEFruDR0qc
s6A9FI3dK7fdDQkpP3/5SlnA9o5cl/NCLdmJAFKN6BBavtKKSx9GTlbhbJLLxTTW
tmD5q8EsslT2xFzflJZuaKcPV9qzTFJuA0UBSy25NGlh9tUl16xbTHTR1hDWlcSD
rg44k1uJrBUrBI76YOXtJVtslLKPfSKpEgZPG4nSH+fdudkC8haD+HCWGHTFUc2V
osFL2f3hjk1j/263lFrYbajNhHIi0N22IBFIYnNGUTyPZd1SUsKR5FkrdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN8ufU974FBFFP16BSOIlXCGKIT9MB8GA1UdIwQY
MBaAFIqh/ppMA9AVrsl04tKXCal564LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYt
MWY5YWUwNTU2NDZmLzEvM3k1OVQzdmdVRVVVX1hvRkk0aVZjSVlvaFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYtMWY5YWUwNTU2NDZm
LzEvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufEsMA0E
AgACMAcDBQMqDJiAMA0GCSqGSIb3DQEBCwUAA4IBAQB9/mKYHpMLkZHc/mK+eS1V
yZC2lckoFJIhTKH7Un6W+YxuKF3XBmDKyY5bhA5O+ZsxbptKqAjKf5QVg4Qt+XdH
yJFzznkIc5Tij0unI83A3Ar4TKLx+GqOULoRdG/LM93/hYp3UC9k9myvQO1oejDB
0vvCozfZK7QlSm/K+AWOUQqtMHdxWlbvINqC+Tuqm8lxGPffi0fWNbGQH66fHkVn
6G98ImRvFKhy5tdWd0l4Pr3gUsOz3RrxpNq8rFfN/0guJ6Mm2nV8qOIoeHADzN9I
sG8RdFn0QzavaPw3El5//m50nXqDpFAZQJD2i1Ur48a0gqkG6GAm68SpehZ1RNaC
-----END CERTIFICATE-----