Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/3_nN2t9qhaaMc4DY7CYSZUAQdVc.roa
File:                     3_nN2t9qhaaMc4DY7CYSZUAQdVc.roa (raw, json)
Hash identifier:          mxY9QZ578dZXi71vtkfvbUKbget3MJB+jraz+1GfPp4=
Subject key identifier:   DF:F9:CD:DA:DF:6A:85:A6:8C:73:80:D8:EC:26:12:65:40:10:75:57
Certificate issuer:       /CN=26bd5ffbce6bf8707fa3e5967e0d38b455d9d4e1
Certificate serial:       018CC9BC0E83F6565B5BA04144C2538FCFE0
Authority key identifier: 26:BD:5F:FB:CE:6B:F8:70:7F:A3:E5:96:7E:0D:38:B4:55:D9:D4:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/3_nN2t9qhaaMc4DY7CYSZUAQdVc.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5602
IP address blocks:        185.169.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0e:83:f6:56:5b:5b:a0:41:44:c2:53:8f:cf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26bd5ffbce6bf8707fa3e5967e0d38b455d9d4e1
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dff9cddadf6a85a68c7380d8ec26126540107557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ae:dd:9c:f9:b7:31:e5:3f:8a:1b:1d:8d:21:
                    b8:c9:6b:3d:cb:ce:1d:c9:6d:1d:c0:e5:50:a3:36:
                    5c:51:2e:91:a1:58:53:7d:06:30:47:8f:a3:02:a8:
                    0c:b0:cb:cc:81:5e:17:48:1f:b7:28:c1:83:6c:4d:
                    5c:e8:90:f0:aa:3a:1d:1d:3f:1a:83:17:e8:d3:58:
                    76:61:79:e3:6e:82:ed:1e:a7:30:85:44:0c:0d:88:
                    f2:1a:1f:2d:64:2d:86:55:be:70:0a:c5:26:db:57:
                    ab:38:9a:cb:f1:fb:a0:3d:d3:38:51:6c:bd:fa:9b:
                    34:a4:77:10:2a:dc:4e:24:75:d3:5e:2b:b7:c1:60:
                    cd:e6:b0:d3:7b:f4:db:56:4a:65:6c:6b:1b:11:75:
                    29:fc:bb:b4:44:80:de:ba:34:5a:bf:39:70:d0:4a:
                    0a:08:60:03:53:43:5e:88:d3:c8:13:10:6f:14:76:
                    6f:12:3b:cf:90:7c:61:2e:73:7c:1d:f2:c9:08:23:
                    18:24:08:98:eb:57:6b:2e:50:e6:dd:9a:31:fa:4f:
                    e2:57:73:4e:ea:7e:76:35:66:2b:b8:cf:ec:97:42:
                    e0:88:44:db:a6:70:89:ac:3e:4d:00:54:ff:d5:1e:
                    96:a9:8a:bc:c5:a6:f6:26:77:29:5b:83:46:6c:aa:
                    a5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F9:CD:DA:DF:6A:85:A6:8C:73:80:D8:EC:26:12:65:40:10:75:57
            X509v3 Authority Key Identifier:
                keyid:26:BD:5F:FB:CE:6B:F8:70:7F:A3:E5:96:7E:0D:38:B4:55:D9:D4:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/3_nN2t9qhaaMc4DY7CYSZUAQdVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:29:13:9d:25:8e:77:82:72:32:05:a1:37:a1:db:8a:50:a0:
         6e:65:4d:b3:e4:f7:8c:5d:ea:70:97:ab:62:71:25:d3:8d:c7:
         34:26:4b:69:61:fa:db:f5:2d:c0:85:cf:e7:d2:8b:49:63:8f:
         ea:9d:6a:a5:78:39:1d:fe:bc:95:82:d9:fe:de:5a:df:54:e5:
         63:76:2d:1a:e5:81:f1:c3:a2:d3:d4:00:41:14:7d:8b:f5:4c:
         5e:ea:d8:43:a4:e1:af:7f:d5:49:da:a6:b2:62:9b:c5:a5:81:
         72:12:cb:1b:91:a1:ad:9a:62:36:93:f9:a0:f9:6d:ee:d9:4a:
         e2:89:f5:85:1c:9f:56:ff:ac:11:fb:86:47:9d:20:4d:a0:03:
         d1:2c:30:b3:86:8e:f2:0d:e8:0d:5d:e7:6f:ac:23:48:e2:76:
         a1:59:b3:c9:18:fa:7f:84:4a:0c:01:59:89:bf:5b:5b:a4:dd:
         de:f8:62:15:ad:c5:06:6f:37:5d:53:0d:44:5c:b8:ea:81:95:
         de:ea:63:04:6f:2f:cd:d5:95:8e:54:aa:f8:53:c7:98:9b:53:
         87:ac:62:a3:4c:c2:ef:06:cf:b0:b8:8a:5e:3a:62:12:ff:40:
         8c:68:32:d2:1d:ae:9a:c3:72:1b:e2:b4:a8:43:9d:88:37:90:
         f5:c7:de:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvA6D9lZbW6BBRMJTj8/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YmQ1ZmZiY2U2YmY4NzA3ZmEzZTU5NjdlMGQzOGI0NTVk
OWQ0ZTEwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY5Y2RkYWRmNmE4NWE2OGM3MzgwZDhlYzI2MTI2NTQwMTA3NTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv67dnPm3MeU/ihsdjSG4yWs9y84d
yW0dwOVQozZcUS6RoVhTfQYwR4+jAqgMsMvMgV4XSB+3KMGDbE1c6JDwqjodHT8a
gxfo01h2YXnjboLtHqcwhUQMDYjyGh8tZC2GVb5wCsUm21erOJrL8fugPdM4UWy9
+ps0pHcQKtxOJHXTXiu3wWDN5rDTe/TbVkplbGsbEXUp/Lu0RIDeujRavzlw0EoK
CGADU0NeiNPIExBvFHZvEjvPkHxhLnN8HfLJCCMYJAiY61drLlDm3Zox+k/iV3NO
6n52NWYruM/sl0LgiETbpnCJrD5NAFT/1R6WqYq8xab2JncpW4NGbKqlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/5zdrfaoWmjHOA2OwmEmVAEHVXMB8GA1UdIwQY
MBaAFCa9X/vOa/hwf6Plln4NOLRV2dThMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnIxZi04NXItSEJfby1XV2ZnMDR0RlhaMU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9mNDk4YTItZDg2ZC00Yzc1LWJmZDMt
ZThjNTU5YzcxZDY2LzEvM19uTjJ0OXFoYWFNYzREWTdDWVNaVUFRZFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9mNDk4YTItZDg2ZC00Yzc1LWJmZDMtZThjNTU5YzcxZDY2
LzEvSnIxZi04NXItSEJfby1XV2ZnMDR0RlhaMU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuamwMA0G
CSqGSIb3DQEBCwUAA4IBAQCWKROdJY53gnIyBaE3oduKUKBuZU2z5PeMXepwl6ti
cSXTjcc0JktpYfrb9S3Ahc/n0otJY4/qnWqleDkd/ryVgtn+3lrfVOVjdi0a5YHx
w6LT1ABBFH2L9Uxe6thDpOGvf9VJ2qayYpvFpYFyEssbkaGtmmI2k/mg+W3u2Uri
ifWFHJ9W/6wR+4ZHnSBNoAPRLDCzho7yDegNXedvrCNI4nahWbPJGPp/hEoMAVmJ
v1tbpN3e+GIVrcUGbzddUw1EXLjqgZXe6mMEby/N1ZWOVKr4U8eYm1OHrGKjTMLv
Bs+wuIpeOmIS/0CMaDLSHa6aw3Ib4rSoQ52IN5D1x96Y
-----END CERTIFICATE-----