Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/3prsfM0cuiyTxnUnqrv7EC-ZbwE.roa
File:                     3prsfM0cuiyTxnUnqrv7EC-ZbwE.roa (raw, json)
Hash identifier:          cdyb9SLygfaQoyFfqx2oSkoURO/74AhP5WKHg88MMvQ=
Subject key identifier:   DE:9A:EC:7C:CD:1C:BA:2C:93:C6:75:27:AA:BB:FB:10:2F:99:6F:01
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       018CCA2B65A05F4D990593C28E4D61053605
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/3prsfM0cuiyTxnUnqrv7EC-ZbwE.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50599
IP address blocks:        83.150.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:65:a0:5f:4d:99:05:93:c2:8e:4d:61:05:36:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de9aec7ccd1cba2c93c67527aabbfb102f996f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c1:09:74:1b:34:28:09:ab:7c:d7:c2:45:0a:
                    17:e0:46:b6:b5:75:c8:bb:76:71:e2:41:a4:6b:76:
                    12:93:ec:6e:f4:9b:53:e6:80:38:86:7a:6b:af:65:
                    14:41:7a:72:89:5c:0b:46:9b:2e:15:d6:e0:4b:7f:
                    01:68:a9:56:d2:de:fd:09:98:27:97:85:0c:7a:80:
                    62:b8:e5:d2:60:4f:d4:57:da:63:a6:98:e7:ae:92:
                    31:34:f1:66:0e:a0:b4:c2:f6:04:3d:c0:b4:da:57:
                    9f:b7:3a:45:8d:39:6d:55:24:e8:4a:8c:df:53:9e:
                    c9:3c:73:82:01:c8:aa:07:9a:3a:f8:f5:2a:4e:2d:
                    6d:02:4e:f7:4d:d3:30:a8:16:50:49:05:5e:dd:b3:
                    60:a3:69:2c:64:84:3f:ee:cd:d1:5b:82:c8:96:dd:
                    7d:d8:e3:04:c3:37:50:fb:a9:da:57:6e:84:f7:8d:
                    d7:52:98:8d:54:64:a8:f8:73:44:ae:66:c5:7f:b7:
                    1c:10:93:88:7b:95:ae:92:50:6e:b1:9c:17:be:d1:
                    a9:a5:b3:c9:11:d7:08:df:97:b1:8d:88:0d:29:c3:
                    16:1b:a8:f3:4c:11:ce:60:1f:9a:30:f1:f2:de:2b:
                    be:bc:ec:6e:f9:c1:12:03:02:30:63:80:ea:60:d0:
                    8a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:9A:EC:7C:CD:1C:BA:2C:93:C6:75:27:AA:BB:FB:10:2F:99:6F:01
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/3prsfM0cuiyTxnUnqrv7EC-ZbwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:50:c0:42:c6:d6:fd:5a:27:f4:a3:1e:95:1f:93:c9:2c:82:
         b6:44:3f:47:88:8d:f5:c7:12:68:08:98:57:7f:51:d6:d3:56:
         a1:be:fc:fe:d2:4c:00:6e:9f:2e:b3:9c:bc:00:ae:cf:0e:da:
         d8:18:aa:8e:de:28:e7:ef:09:f7:16:f4:c8:10:83:0a:a3:42:
         c6:3b:34:70:e2:75:88:c4:73:34:28:b8:94:0d:c3:5b:eb:4a:
         33:7f:bf:60:be:33:b0:83:cf:9f:34:83:3e:e1:5f:5f:ba:e7:
         d9:c2:1e:5c:5c:6c:66:77:09:13:c5:db:06:89:91:39:65:90:
         a7:fa:b3:1b:e3:4e:a8:76:6d:ed:77:e0:64:6a:27:79:a8:25:
         b4:24:19:d8:c6:42:bc:33:fd:7f:0e:57:09:3a:8b:4c:67:ec:
         f9:e1:38:3f:a3:0f:04:ad:31:32:8b:cd:32:1e:df:3b:50:85:
         ed:b9:2a:23:19:17:c1:d8:43:c5:af:1f:ae:b5:53:9e:06:64:
         01:79:98:2b:3b:99:53:f7:81:fc:8f:8b:af:f1:bc:8a:15:72:
         f9:93:94:e2:19:78:9b:ac:ce:9e:9b:72:ca:8d:10:86:2d:ef:
         f2:d7:9d:13:35:28:09:ff:a8:6d:09:76:63:f7:41:34:c7:84:
         ba:e7:a0:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2WgX02ZBZPCjk1hBTYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTlhZWM3Y2NkMWNiYTJjOTNjNjc1MjdhYWJiZmIxMDJmOTk2ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMEJdBs0KAmrfNfCRQoX4Ea2tXXI
u3Zx4kGka3YSk+xu9JtT5oA4hnprr2UUQXpyiVwLRpsuFdbgS38BaKlW0t79CZgn
l4UMeoBiuOXSYE/UV9pjppjnrpIxNPFmDqC0wvYEPcC02leftzpFjTltVSToSozf
U57JPHOCAciqB5o6+PUqTi1tAk73TdMwqBZQSQVe3bNgo2ksZIQ/7s3RW4LIlt19
2OMEwzdQ+6naV26E943XUpiNVGSo+HNErmbFf7ccEJOIe5WuklBusZwXvtGppbPJ
EdcI35exjYgNKcMWG6jzTBHOYB+aMPHy3iu+vOxu+cESAwIwY4DqYNCKDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6a7HzNHLosk8Z1J6q7+xAvmW8BMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvM3Byc2ZNMGN1aXlUeG5VbnFydjdFQy1aYndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5bsMA0G
CSqGSIb3DQEBCwUAA4IBAQBUUMBCxtb9Wif0ox6VH5PJLIK2RD9HiI31xxJoCJhX
f1HW01ahvvz+0kwAbp8us5y8AK7PDtrYGKqO3ijn7wn3FvTIEIMKo0LGOzRw4nWI
xHM0KLiUDcNb60ozf79gvjOwg8+fNIM+4V9fuufZwh5cXGxmdwkTxdsGiZE5ZZCn
+rMb406odm3td+Bkaid5qCW0JBnYxkK8M/1/DlcJOotMZ+z54Tg/ow8ErTEyi80y
Ht87UIXtuSojGRfB2EPFrx+utVOeBmQBeZgrO5lT94H8j4uv8byKFXL5k5TiGXib
rM6em3LKjRCGLe/y150TNSgJ/6htCXZj90E0x4S656B/
-----END CERTIFICATE-----