Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/3RqDZT4MfGn456AnZVtQd-i8aWc.roa
File:                     3RqDZT4MfGn456AnZVtQd-i8aWc.roa (raw, json)
Hash identifier:          W+cDU5IUUbcxyoCTk9rswhNlzv7/qEO/YNkzAwLmFLw=
Subject key identifier:   DD:1A:83:65:3E:0C:7C:69:F8:E7:A0:27:65:5B:50:77:E8:BC:69:67
Certificate issuer:       /CN=1fd5fef692b4c2d22bdd031fabfa7110b7b36e81
Certificate serial:       018CC8023F4CD9FBD5386F06548409A64524
Authority key identifier: 1F:D5:FE:F6:92:B4:C2:D2:2B:DD:03:1F:AB:FA:71:10:B7:B3:6E:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9X-9pK0wtIr3QMfq_pxELezboE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/3RqDZT4MfGn456AnZVtQd-i8aWc.roa
Signing time:             Tue 02 Jan 2024 02:30:39 +0000
ROA not before:           Tue 02 Jan 2024 02:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20542
IP address blocks:        185.55.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/H9X-9pK0wtIr3QMfq_pxELezboE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/H9X-9pK0wtIr3QMfq_pxELezboE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H9X-9pK0wtIr3QMfq_pxELezboE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:3f:4c:d9:fb:d5:38:6f:06:54:84:09:a6:45:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd5fef692b4c2d22bdd031fabfa7110b7b36e81
        Validity
            Not Before: Jan  2 02:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd1a83653e0c7c69f8e7a027655b5077e8bc6967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:a3:0e:19:fe:77:26:24:82:08:cc:50:bd:
                    9c:38:99:63:64:98:53:50:98:35:70:3d:a8:72:38:
                    c4:ee:64:c8:a6:de:21:0c:53:3d:0d:5d:95:27:c8:
                    bb:1c:bf:dd:23:e8:e8:6f:1a:e9:fd:e9:38:4c:0c:
                    fc:d1:da:e1:04:28:5b:b2:12:72:1c:81:45:3f:e0:
                    7e:80:70:9a:c2:58:2e:26:af:45:d3:1b:df:eb:ac:
                    c3:4d:aa:62:7a:2e:c9:3f:d4:e8:a2:70:a2:95:de:
                    b3:83:fa:3f:0e:d4:27:f8:3b:a6:f0:7d:69:fc:e0:
                    23:c8:f2:97:a7:5a:62:59:89:8f:2d:52:8b:a0:b9:
                    4d:04:90:10:53:50:91:cd:e1:f8:c1:05:5e:ec:a0:
                    a7:d5:e9:ac:c5:e7:d7:be:da:7f:b8:29:19:60:14:
                    de:c2:e2:be:6b:ac:2a:0d:ca:5c:ef:ba:3a:70:93:
                    e6:86:e5:ee:78:12:5d:d0:37:cb:c6:fa:18:44:8e:
                    35:6d:c3:08:68:47:e9:9d:03:df:dd:45:3e:14:bc:
                    93:06:72:92:40:73:b6:12:7b:54:ef:8d:32:a7:58:
                    38:0e:7b:71:48:43:d5:21:87:e2:0c:8d:f3:bd:ba:
                    7f:15:7a:1e:7c:88:a2:86:5f:bf:69:38:ad:d9:0e:
                    b8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1A:83:65:3E:0C:7C:69:F8:E7:A0:27:65:5B:50:77:E8:BC:69:67
            X509v3 Authority Key Identifier:
                keyid:1F:D5:FE:F6:92:B4:C2:D2:2B:DD:03:1F:AB:FA:71:10:B7:B3:6E:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9X-9pK0wtIr3QMfq_pxELezboE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/3RqDZT4MfGn456AnZVtQd-i8aWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/48e1ae-90e8-4e42-af3d-5101be5dd615/1/H9X-9pK0wtIr3QMfq_pxELezboE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:5e:64:13:a7:ef:1c:f3:2b:69:73:09:ad:93:59:36:ba:ff:
         ee:81:4d:df:02:32:1d:85:ac:b8:e3:d0:1f:c4:f5:ef:0f:fe:
         d7:1f:c6:05:2d:45:18:e9:a5:14:fb:27:86:3c:ae:ac:c3:7c:
         3c:7b:14:c4:31:e8:91:de:0e:b5:74:4c:e8:4c:00:5c:1d:31:
         7a:1b:b8:28:00:0c:1e:1c:09:2e:19:b7:ef:d5:0d:9f:71:6d:
         fc:a1:c9:1c:6a:b8:c8:64:ae:08:98:f9:85:82:4c:cd:95:a9:
         98:0e:b6:28:96:0b:ca:8e:8e:98:14:8a:73:f9:cd:d8:49:cd:
         3a:c4:3c:3e:bd:3f:d0:0d:84:0f:8c:06:c7:71:ed:df:a6:04:
         9b:1b:e7:bf:62:3e:12:21:73:7f:bd:66:3c:78:85:ea:37:49:
         73:4f:01:b9:81:32:da:43:18:9f:d9:9a:86:e0:28:e5:eb:b0:
         f5:82:07:d1:0e:6c:5b:ea:9f:9b:5b:95:ba:ab:e3:24:62:d8:
         04:16:08:70:5f:92:70:46:07:17:c3:26:88:7a:cb:59:fb:f3:
         f1:10:c9:3e:a7:88:a6:f0:71:20:49:95:6e:03:d5:9d:a0:80:
         33:73:f9:4a:ef:88:c2:98:9d:ef:09:55:8d:2a:23:e5:3f:ec:
         61:dd:0d:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAj9M2fvVOG8GVIQJpkUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDVmZWY2OTJiNGMyZDIyYmRkMDMxZmFiZmE3MTEwYjdi
MzZlODEwHhcNMjQwMTAyMDIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDFhODM2NTNlMGM3YzY5ZjhlN2EwMjc2NTViNTA3N2U4YmM2OTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXijDhn+dyYkggjMUL2cOJljZJhT
UJg1cD2ocjjE7mTIpt4hDFM9DV2VJ8i7HL/dI+jobxrp/ek4TAz80drhBChbshJy
HIFFP+B+gHCawlguJq9F0xvf66zDTapiei7JP9ToonCild6zg/o/DtQn+Dum8H1p
/OAjyPKXp1piWYmPLVKLoLlNBJAQU1CRzeH4wQVe7KCn1emsxefXvtp/uCkZYBTe
wuK+a6wqDcpc77o6cJPmhuXueBJd0DfLxvoYRI41bcMIaEfpnQPf3UU+FLyTBnKS
QHO2EntU740yp1g4DntxSEPVIYfiDI3zvbp/FXoefIiihl+/aTit2Q64pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0ag2U+DHxp+OegJ2VbUHfovGlnMB8GA1UdIwQY
MBaAFB/V/vaStMLSK90DH6v6cRC3s26BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDlYLTlwSzB3dElyM1FNZnFfcHhFTGV6Ym9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80OGUxYWUtOTBlOC00ZTQyLWFmM2Qt
NTEwMWJlNWRkNjE1LzEvM1JxRFpUNE1mR240NTZBblpWdFFkLWk4YVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80OGUxYWUtOTBlOC00ZTQyLWFmM2QtNTEwMWJlNWRkNjE1
LzEvSDlYLTlwSzB3dElyM1FNZnFfcHhFTGV6Ym9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTcgMA0G
CSqGSIb3DQEBCwUAA4IBAQCMXmQTp+8c8ytpcwmtk1k2uv/ugU3fAjIdhay449Af
xPXvD/7XH8YFLUUY6aUU+yeGPK6sw3w8exTEMeiR3g61dEzoTABcHTF6G7goAAwe
HAkuGbfv1Q2fcW38ockcarjIZK4ImPmFgkzNlamYDrYolgvKjo6YFIpz+c3YSc06
xDw+vT/QDYQPjAbHce3fpgSbG+e/Yj4SIXN/vWY8eIXqN0lzTwG5gTLaQxif2ZqG
4Cjl67D1ggfRDmxb6p+bW5W6q+MkYtgEFghwX5JwRgcXwyaIestZ+/PxEMk+p4im
8HEgSZVuA9WdoIAzc/lK74jCmJ3vCVWNKiPlP+xh3Q2p
-----END CERTIFICATE-----