Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/1IaQ2lmvuxTQzzVB2E3BR8ugcuw.roa
File:                     1IaQ2lmvuxTQzzVB2E3BR8ugcuw.roa (raw, json)
Hash identifier:          aenmIMnbMMdSLvmXIO6OSl86F05bS7qFQUmEgxQVzBQ=
Subject key identifier:   D4:86:90:DA:59:AF:BB:14:D0:CF:35:41:D8:4D:C1:47:CB:A0:72:EC
Certificate issuer:       /CN=c3fb00b220ea784a04683054fcbf4e4b489eb420
Certificate serial:       018CC80231E6E3C98D5248A05FAA3EDC7EC7
Authority key identifier: C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/1IaQ2lmvuxTQzzVB2E3BR8ugcuw.roa
Signing time:             Tue 02 Jan 2024 02:30:36 +0000
ROA not before:           Tue 02 Jan 2024 02:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201636
IP address blocks:        185.198.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:31:e6:e3:c9:8d:52:48:a0:5f:aa:3e:dc:7e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb00b220ea784a04683054fcbf4e4b489eb420
        Validity
            Not Before: Jan  2 02:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d48690da59afbb14d0cf3541d84dc147cba072ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fd:e9:8f:dc:4d:b7:a5:eb:ce:14:63:1c:ba:
                    a1:0f:32:5c:1f:66:f8:2e:57:7b:8a:ad:df:81:b6:
                    e7:a7:55:87:77:41:10:09:ac:9f:fd:cf:1d:17:a2:
                    49:4e:66:e8:d3:1d:35:e8:74:d6:7d:30:34:80:ab:
                    de:a4:27:b4:94:c3:84:5b:81:6d:f5:3c:03:e4:ed:
                    50:67:e8:c5:c9:78:20:80:0f:fa:87:a0:96:34:41:
                    7e:b5:35:d4:b5:2f:56:54:bb:3e:2e:19:ec:62:cf:
                    83:d8:43:ab:cb:62:69:60:7d:e3:e7:e8:94:e2:46:
                    77:a4:64:e7:fd:67:52:36:d1:7d:11:35:a1:c3:e5:
                    83:30:c0:b8:36:a1:92:33:0a:a5:70:09:c9:6b:15:
                    7a:f3:51:71:7b:b6:cd:a6:ad:89:bf:57:17:02:0a:
                    b9:5e:11:3c:d5:43:31:10:f4:95:60:e9:cf:f3:76:
                    c9:02:3c:71:a7:1d:d1:47:0a:f6:8c:54:db:47:3a:
                    d3:2c:89:94:97:49:34:6a:8d:f0:35:11:3d:9e:2f:
                    cd:e3:3e:2a:df:2c:a2:61:f9:fd:ea:73:4b:14:ec:
                    f1:e9:b9:7f:d8:9d:32:60:6f:63:27:e6:13:60:ef:
                    74:86:c3:9a:fc:6f:85:b2:20:00:82:2d:3f:d5:ee:
                    df:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:86:90:DA:59:AF:BB:14:D0:CF:35:41:D8:4D:C1:47:CB:A0:72:EC
            X509v3 Authority Key Identifier:
                keyid:C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/1IaQ2lmvuxTQzzVB2E3BR8ugcuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:d8:9a:28:97:e7:62:fd:ec:fd:82:aa:48:ca:00:f8:60:c2:
         ca:f9:b3:b7:1e:b4:ff:e3:92:64:05:e6:1b:c2:db:25:bf:f7:
         c1:39:31:d3:05:24:7a:e3:09:be:07:e2:8b:66:20:5e:90:69:
         a9:26:84:1d:e0:37:df:03:e6:82:21:ea:f7:5f:c4:57:34:22:
         a1:66:ba:b5:d1:89:59:ac:5a:54:db:ce:38:72:d0:56:12:b8:
         b0:87:18:ae:f2:85:9a:47:16:54:5d:34:18:04:60:18:76:75:
         05:b9:76:03:0b:e0:dc:73:49:02:58:16:6e:d8:cf:e9:93:84:
         f5:52:70:70:b6:35:e4:48:b1:cf:00:da:a3:52:48:2c:cf:ea:
         1c:f5:77:72:94:c0:79:98:fa:12:ba:f1:b6:4b:53:68:cd:42:
         68:78:10:f1:cf:e9:fe:d4:ee:7c:f5:bc:60:d9:b2:9d:de:05:
         ed:14:74:45:dd:37:b9:db:48:99:3d:f4:ec:d4:7a:c4:ca:eb:
         87:3a:96:ea:81:20:01:97:4b:90:1b:f3:85:3d:34:de:a3:88:
         9d:38:b7:52:ce:a7:1c:6b:8a:63:87:42:96:f8:a6:84:f3:b4:
         19:27:1b:2a:3a:c2:7d:e0:43:df:be:25:0c:9e:ea:fd:4c:69:
         b8:ce:a6:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAjHm48mNUkigX6o+3H7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmIwMGIyMjBlYTc4NGEwNDY4MzA1NGZjYmY0ZTRiNDg5
ZWI0MjAwHhcNMjQwMTAyMDIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg2OTBkYTU5YWZiYjE0ZDBjZjM1NDFkODRkYzE0N2NiYTA3MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv3pj9xNt6XrzhRjHLqhDzJcH2b4
Lld7iq3fgbbnp1WHd0EQCayf/c8dF6JJTmbo0x016HTWfTA0gKvepCe0lMOEW4Ft
9TwD5O1QZ+jFyXgggA/6h6CWNEF+tTXUtS9WVLs+LhnsYs+D2EOry2JpYH3j5+iU
4kZ3pGTn/WdSNtF9ETWhw+WDMMC4NqGSMwqlcAnJaxV681Fxe7bNpq2Jv1cXAgq5
XhE81UMxEPSVYOnP83bJAjxxpx3RRwr2jFTbRzrTLImUl0k0ao3wNRE9ni/N4z4q
3yyiYfn96nNLFOzx6bl/2J0yYG9jJ+YTYO90hsOa/G+FsiAAgi0/1e7fCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSGkNpZr7sU0M81QdhNwUfLoHLsMB8GA1UdIwQY
MBaAFMP7ALIg6nhKBGgwVPy/TktInrQgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd19zQXNpRHFlRW9FYURCVV9MOU9TMGlldENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8yMTAyMTEtZmZlYS00N2VlLTg5YmEt
NmNjY2JhOTk3NGVjLzEvMUlhUTJsbXZ1eFRRenpWQjJFM0JSOHVnY3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8yMTAyMTEtZmZlYS00N2VlLTg5YmEtNmNjY2JhOTk3NGVj
LzEvd19zQXNpRHFlRW9FYURCVV9MOU9TMGlldENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucaaMA0G
CSqGSIb3DQEBCwUAA4IBAQAV2Jool+di/ez9gqpIygD4YMLK+bO3HrT/45JkBeYb
wtslv/fBOTHTBSR64wm+B+KLZiBekGmpJoQd4DffA+aCIer3X8RXNCKhZrq10YlZ
rFpU2844ctBWEriwhxiu8oWaRxZUXTQYBGAYdnUFuXYDC+Dcc0kCWBZu2M/pk4T1
UnBwtjXkSLHPANqjUkgsz+oc9XdylMB5mPoSuvG2S1NozUJoeBDxz+n+1O589bxg
2bKd3gXtFHRF3Te520iZPfTs1HrEyuuHOpbqgSABl0uQG/OFPTTeo4idOLdSzqcc
a4pjh0KW+KaE87QZJxsqOsJ94EPfviUMnur9TGm4zqbp
-----END CERTIFICATE-----