Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3m2MfA--FOXmYw23WBrI1ENOifs.roa
File:                     3m2MfA--FOXmYw23WBrI1ENOifs.roa (raw, json)
Hash identifier:          5jspJ9LThOwObFygneBOFL8SzkkGlIOW1ubW/L7vMvI=
Subject key identifier:   DE:6D:8C:7C:0F:BE:14:E5:E6:63:0D:B7:58:1A:C8:D4:43:4E:89:FB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CC9BC20CFDC88099626C1284F1DC10912
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3m2MfA--FOXmYw23WBrI1ENOifs.roa
Signing time:             Tue 02 Jan 2024 10:33:18 +0000
ROA not before:           Tue 02 Jan 2024 10:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        93.190.246.0/23 maxlen: 23
                          45.129.127.0/24 maxlen: 24
                          45.128.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:20:cf:dc:88:09:96:26:c1:28:4f:1d:c1:09:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 10:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de6d8c7c0fbe14e5e6630db7581ac8d4434e89fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ef:b0:ff:f1:ce:c8:4b:08:d4:24:62:07:34:
                    6c:2f:b1:82:4d:b4:13:b9:4c:1b:cf:38:f8:da:37:
                    67:03:b0:aa:50:54:ab:15:e9:b1:84:fb:1f:64:49:
                    b7:cf:c7:34:19:2d:7f:a8:56:1d:1d:c0:26:58:1c:
                    c6:09:be:94:6c:d7:f0:06:be:f0:e4:a4:89:d2:2e:
                    9f:96:c1:be:ff:13:a0:41:1d:53:91:b1:e6:cb:f5:
                    df:4e:31:7c:f2:a9:18:49:d5:fe:f6:46:f3:51:1c:
                    af:be:23:3e:fa:41:5e:3b:e3:da:6d:37:eb:ec:74:
                    84:6a:b9:4a:f2:ad:ed:85:48:ec:a0:85:e7:8a:19:
                    9f:a3:24:25:94:13:ef:fe:7e:78:f8:08:16:03:1e:
                    20:29:d3:38:c2:12:8a:37:86:f8:bb:a0:12:cb:4f:
                    1a:0b:75:67:33:cf:37:f4:5b:57:02:a6:2a:71:11:
                    6f:01:ea:a3:9a:ac:2b:42:75:86:f0:7c:61:ac:f5:
                    ba:51:a0:0b:ac:d6:60:e0:fb:d6:9d:c6:c5:77:96:
                    f2:cb:fa:e7:2e:1a:d8:7a:04:9b:38:9e:91:4e:b1:
                    f3:bf:1b:02:f5:08:9e:c3:b8:8d:a9:5f:91:ca:e3:
                    c8:6a:79:f9:83:b0:56:13:03:97:dc:1f:8d:7a:c9:
                    a1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:6D:8C:7C:0F:BE:14:E5:E6:63:0D:B7:58:1A:C8:D4:43:4E:89:FB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/3m2MfA--FOXmYw23WBrI1ENOifs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.26.0/24
                  45.129.127.0/24
                  93.190.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:7c:7d:6e:6b:54:ab:40:70:b9:45:8d:bf:5e:49:3a:ab:34:
         7e:8a:3f:f0:67:a1:12:66:7d:f6:bc:f4:ba:aa:50:20:cf:37:
         22:29:c0:31:47:a8:d8:3c:87:7a:0b:25:72:f2:ea:e8:7d:ad:
         43:04:d1:ed:f3:e0:0d:76:af:62:21:8f:54:c8:5a:c5:04:3c:
         68:47:01:b5:7b:97:76:c9:88:2f:ca:65:27:d4:83:48:10:66:
         70:13:d7:9d:58:04:7d:9a:89:b8:5e:c7:1a:78:cb:42:72:ca:
         ee:56:20:27:cc:70:ae:02:e7:d9:f6:e7:d7:bf:89:e4:a9:18:
         f1:42:50:2c:5a:f3:47:8a:95:54:1e:53:50:79:f4:fd:40:aa:
         fc:6e:ea:50:de:4b:e8:88:14:c2:14:aa:ca:8e:6e:ba:9a:02:
         64:03:a8:c5:d6:bc:38:13:92:da:df:44:10:5e:ac:c3:aa:b4:
         54:46:22:4b:50:67:fe:af:4f:a1:3e:b7:3d:48:36:36:0e:97:
         bd:4a:31:20:c4:95:1b:d5:3d:ef:06:81:2c:b2:a3:a0:3b:b9:
         70:0e:aa:6e:37:40:2a:dd:b3:2a:b4:9b:17:2d:46:42:4d:bc:
         d5:b4:b0:10:9a:59:03:e7:16:e2:4d:38:60:7b:5d:5a:0e:0d:
         9c:92:42:2d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvCDP3IgJlibBKE8dwQkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTAyMTAzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTZkOGM3YzBmYmUxNGU1ZTY2MzBkYjc1ODFhYzhkNDQzNGU4OWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu+w//HOyEsI1CRiBzRsL7GCTbQT
uUwbzzj42jdnA7CqUFSrFemxhPsfZEm3z8c0GS1/qFYdHcAmWBzGCb6UbNfwBr7w
5KSJ0i6flsG+/xOgQR1TkbHmy/XfTjF88qkYSdX+9kbzURyvviM++kFeO+PabTfr
7HSEarlK8q3thUjsoIXnihmfoyQllBPv/n54+AgWAx4gKdM4whKKN4b4u6ASy08a
C3VnM8839FtXAqYqcRFvAeqjmqwrQnWG8HxhrPW6UaALrNZg4PvWncbFd5byy/rn
LhrYegSbOJ6RTrHzvxsC9Qiew7iNqV+RyuPIann5g7BWEwOX3B+NesmhuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN5tjHwPvhTl5mMNt1gayNRDTon7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvM20yTWZBLS1GT1htWXcyM1dCckkxRU5PaWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYAaAwQA
LYF/AwQBXb72MA0GCSqGSIb3DQEBCwUAA4IBAQCGfH1ua1SrQHC5RY2/Xkk6qzR+
ij/wZ6ESZn32vPS6qlAgzzciKcAxR6jYPId6CyVy8urofa1DBNHt8+ANdq9iIY9U
yFrFBDxoRwG1e5d2yYgvymUn1INIEGZwE9edWAR9mom4XscaeMtCcsruViAnzHCu
AufZ9ufXv4nkqRjxQlAsWvNHipVUHlNQefT9QKr8bupQ3kvoiBTCFKrKjm66mgJk
A6jF1rw4E5La30QQXqzDqrRURiJLUGf+r0+hPrc9SDY2Dpe9SjEgxJUb1T3vBoEs
sqOgO7lwDqpuN0Aq3bMqtJsXLUZCTbzVtLAQmlkD5xbiTThge11aDg2ckkIt
-----END CERTIFICATE-----