Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/wItpFzp58lB6ATjYQhsdbTwF018.roa
File:                     wItpFzp58lB6ATjYQhsdbTwF018.roa (raw, json)
Hash identifier:          wo1qTpYI3PgXo32hPjYxjT/3jkU7vlVmSAXxCUh9ECg=
Subject key identifier:   C0:8B:69:17:3A:79:F2:50:7A:01:38:D8:42:1B:1D:6D:3C:05:D3:5F
Certificate issuer:       /CN=c7ab6b2254e45730aafa45ab51973203614bb6cc
Certificate serial:       018CC2DB255991CE996F981C4428C1FCBBF0
Authority key identifier: C7:AB:6B:22:54:E4:57:30:AA:FA:45:AB:51:97:32:03:61:4B:B6:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/wItpFzp58lB6ATjYQhsdbTwF018.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205118
IP address blocks:        185.229.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:59:91:ce:99:6f:98:1c:44:28:c1:fc:bb:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7ab6b2254e45730aafa45ab51973203614bb6cc
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c08b69173a79f2507a0138d8421b1d6d3c05d35f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:37:37:38:72:68:67:c3:19:3e:ee:1e:3d:1a:
                    89:c7:ec:11:b9:ba:18:25:29:f2:dc:53:ce:e2:19:
                    d4:5e:4e:68:64:82:69:3a:c7:55:0a:c7:b8:0d:60:
                    fd:8a:66:a7:06:94:f4:84:2f:23:0e:dd:01:0b:f2:
                    f6:62:46:85:4b:6e:0c:6a:21:33:e1:41:c0:f4:b5:
                    bb:35:6d:cd:04:42:27:e4:ab:2e:02:66:b8:48:e6:
                    3d:d7:6c:73:54:ea:33:28:51:c8:2f:53:bf:65:db:
                    da:c1:9c:f5:a3:15:fe:58:a1:55:9c:84:d3:02:c3:
                    62:d1:fb:c2:16:d5:ba:b3:73:74:3a:56:68:62:31:
                    39:a5:85:94:fe:30:3a:0c:bd:d6:7c:f4:67:65:38:
                    ec:8f:d2:fa:8a:3a:10:d3:35:96:a8:1a:c7:77:10:
                    7e:b9:64:e7:b4:c5:f4:8a:0d:a2:4d:72:e5:1e:08:
                    da:d6:05:86:bf:d4:d7:40:1b:b0:06:5c:c6:3e:30:
                    45:0c:b8:96:a1:e4:14:56:05:ae:0d:79:39:da:3b:
                    fb:a1:9c:af:79:24:2b:bc:5c:94:ad:69:a6:b5:35:
                    16:72:23:ff:94:5b:cf:b1:a2:7f:82:6c:da:e3:1f:
                    0a:08:f7:c0:5f:f1:35:53:c6:a4:b1:0d:5e:83:3e:
                    6f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8B:69:17:3A:79:F2:50:7A:01:38:D8:42:1B:1D:6D:3C:05:D3:5F
            X509v3 Authority Key Identifier:
                keyid:C7:AB:6B:22:54:E4:57:30:AA:FA:45:AB:51:97:32:03:61:4B:B6:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/wItpFzp58lB6ATjYQhsdbTwF018.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e6:23:43:36:70:41:b1:43:b3:df:cf:28:de:03:f3:2f:c7:
         08:15:2b:d2:88:0d:d6:54:0c:ec:ae:7a:41:6d:ca:f3:a4:9a:
         35:7b:e6:55:8d:15:00:06:6b:10:b3:08:5c:38:19:e6:fb:c8:
         3b:62:42:6a:93:cb:5b:48:ea:74:af:cf:81:95:ad:6d:7b:dd:
         62:01:22:33:df:c3:42:62:8b:6d:40:01:ea:3a:98:8c:64:f3:
         f2:a4:93:53:29:91:e9:77:38:17:22:73:52:5b:8e:6c:7e:8a:
         95:49:8b:ba:b8:be:09:f9:84:71:87:bf:64:5a:6b:6a:23:a6:
         2a:11:e1:1d:47:5c:85:dd:4b:c8:17:16:ac:3e:12:b6:b5:cd:
         25:1b:9c:bb:ed:2a:1f:b5:54:ea:68:f1:0c:f0:b2:a3:64:56:
         21:cc:47:93:30:87:9f:af:01:95:2c:32:8f:be:87:8f:11:04:
         db:c8:79:4b:03:93:24:c2:40:2c:d5:02:ed:8e:c2:ae:f6:ad:
         a4:f5:57:f2:34:54:75:8e:d8:0f:aa:f3:1b:e4:68:6d:65:11:
         5a:60:4f:27:eb:b9:74:86:1e:bc:b8:e9:ac:87:28:07:dd:84:
         08:b0:f8:e7:8f:71:31:22:9b:78:3f:03:27:d7:2f:a1:07:d5:
         3d:1c:11:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yVZkc6Zb5gcRCjB/LvwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YWI2YjIyNTRlNDU3MzBhYWZhNDVhYjUxOTczMjAzNjE0
YmI2Y2MwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhiNjkxNzNhNzlmMjUwN2EwMTM4ZDg0MjFiMWQ2ZDNjMDVkMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jc3OHJoZ8MZPu4ePRqJx+wRuboY
JSny3FPO4hnUXk5oZIJpOsdVCse4DWD9imanBpT0hC8jDt0BC/L2YkaFS24MaiEz
4UHA9LW7NW3NBEIn5KsuAma4SOY912xzVOozKFHIL1O/ZdvawZz1oxX+WKFVnITT
AsNi0fvCFtW6s3N0OlZoYjE5pYWU/jA6DL3WfPRnZTjsj9L6ijoQ0zWWqBrHdxB+
uWTntMX0ig2iTXLlHgja1gWGv9TXQBuwBlzGPjBFDLiWoeQUVgWuDXk52jv7oZyv
eSQrvFyUrWmmtTUWciP/lFvPsaJ/gmza4x8KCPfAX/E1U8aksQ1egz5vyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCLaRc6efJQegE42EIbHW08BdNfMB8GA1UdIwQY
MBaAFMerayJU5FcwqvpFq1GXMgNhS7bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZ0cklsVGtWekNxLWtXclVaY3lBMkZMdHN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zM2I2OWQtZjRjYS00M2FhLTk3ODAt
MWQ1NWQ1OTI5Y2VjLzEvd0l0cEZ6cDU4bEI2QVRqWVFoc2RiVHdGMDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zM2I2OWQtZjRjYS00M2FhLTk3ODAtMWQ1NWQ1OTI5Y2Vj
LzEveDZ0cklsVGtWekNxLWtXclVaY3lBMkZMdHN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUDMA0G
CSqGSIb3DQEBCwUAA4IBAQCm5iNDNnBBsUOz388o3gPzL8cIFSvSiA3WVAzsrnpB
bcrzpJo1e+ZVjRUABmsQswhcOBnm+8g7YkJqk8tbSOp0r8+Bla1te91iASIz38NC
YottQAHqOpiMZPPypJNTKZHpdzgXInNSW45sfoqVSYu6uL4J+YRxh79kWmtqI6Yq
EeEdR1yF3UvIFxasPhK2tc0lG5y77SoftVTqaPEM8LKjZFYhzEeTMIefrwGVLDKP
voePEQTbyHlLA5MkwkAs1QLtjsKu9q2k9VfyNFR1jtgPqvMb5GhtZRFaYE8n67l0
hh68uOmshygH3YQIsPjnj3ExIpt4PwMn1y+hB9U9HBEl
-----END CERTIFICATE-----