Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/PK3lw2L-NVTsYbsaZ0_A2zith4w.roa
File:                     PK3lw2L-NVTsYbsaZ0_A2zith4w.roa (raw, json)
Hash identifier:          I8cZOmoOKEkWWAUwZwbfJpavjrLiHfseDpMCZaN0L0M=
Subject key identifier:   3C:AD:E5:C3:62:FE:35:54:EC:61:BB:1A:67:4F:C0:DB:38:AD:87:8C
Certificate issuer:       /CN=759d27ce072ca336d3afaab8879f94ec63455669
Certificate serial:       018CC795037E79C8B13E7AB59967C48FC229
Authority key identifier: 75:9D:27:CE:07:2C:A3:36:D3:AF:AA:B8:87:9F:94:EC:63:45:56:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/PK3lw2L-NVTsYbsaZ0_A2zith4w.roa
Signing time:             Tue 02 Jan 2024 00:31:20 +0000
ROA not before:           Tue 02 Jan 2024 00:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199342
IP address blocks:        185.11.152.0/22 maxlen: 22
                          185.11.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:03:7e:79:c8:b1:3e:7a:b5:99:67:c4:8f:c2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=759d27ce072ca336d3afaab8879f94ec63455669
        Validity
            Not Before: Jan  2 00:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cade5c362fe3554ec61bb1a674fc0db38ad878c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f5:07:f5:b3:8b:5b:35:88:e9:52:a4:53:15:
                    6f:2d:b6:24:c5:b2:35:65:e2:fd:3c:12:e4:df:bc:
                    3b:a3:f1:ba:99:0a:ed:5e:29:b3:17:f5:d0:4f:64:
                    df:f6:c4:45:af:2d:bb:7b:f6:09:1c:27:4f:eb:48:
                    ab:c4:69:c2:b7:61:bf:79:0e:6b:4b:42:f6:51:b7:
                    57:51:81:d7:33:fd:d9:58:32:2b:f5:46:36:85:95:
                    32:14:43:15:13:fb:df:ad:af:23:42:e9:31:45:51:
                    6f:47:c8:70:9b:b4:0a:79:7f:bf:3d:1b:85:dd:a5:
                    97:c4:3b:33:f4:4f:01:27:47:a2:b9:52:2f:6f:89:
                    c1:f3:d3:c9:4a:11:49:0e:aa:76:40:cc:07:97:ce:
                    ff:d8:22:92:30:77:5c:60:fb:6b:83:f1:2e:dc:e6:
                    b0:02:03:8b:d3:90:b8:a0:80:db:a9:5d:b6:bb:9a:
                    1c:68:04:56:7e:b5:9c:b3:9e:21:02:58:5e:54:22:
                    8a:4d:ab:a2:86:77:91:a4:f4:4e:4e:ce:84:e4:23:
                    e4:6d:97:8b:c1:c9:72:4b:e3:24:1f:da:a2:49:0f:
                    3c:12:94:8a:94:a4:75:2f:29:fb:79:13:30:a2:99:
                    25:59:bf:5f:2a:dd:65:f5:04:39:d6:7e:bd:7e:79:
                    d8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:AD:E5:C3:62:FE:35:54:EC:61:BB:1A:67:4F:C0:DB:38:AD:87:8C
            X509v3 Authority Key Identifier:
                keyid:75:9D:27:CE:07:2C:A3:36:D3:AF:AA:B8:87:9F:94:EC:63:45:56:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/PK3lw2L-NVTsYbsaZ0_A2zith4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:12:6f:ed:70:14:81:3c:e9:f2:c3:14:91:1c:08:6a:dc:3c:
         60:d7:a9:6b:2e:0d:64:eb:3c:29:19:49:9a:f3:1c:b9:bb:0f:
         99:39:67:30:83:74:ce:ee:4d:0b:b7:4b:6b:5b:8a:05:59:2e:
         98:4e:1f:fd:d9:05:e5:e2:96:14:fb:6d:9a:b3:da:b8:41:1e:
         f0:77:20:fe:15:87:43:a4:96:03:cd:6a:a6:69:4e:4f:cb:8f:
         e8:f4:8c:ab:6a:31:36:7d:a0:dd:b0:d7:fe:32:6e:73:6a:79:
         25:be:81:2c:89:8f:d7:a3:9f:56:c9:c8:84:3f:da:55:e8:b5:
         14:3a:ca:1d:97:bf:49:76:d7:da:f1:e5:67:b6:20:8e:08:cd:
         f9:04:0a:43:b0:ae:ad:08:d2:b3:3d:c3:56:be:73:42:a8:66:
         9c:b4:8d:31:f5:08:1a:e3:96:dc:4d:e4:7d:5f:bc:88:1f:c1:
         97:9e:b5:6c:58:7c:39:6e:43:36:26:19:3f:f6:2c:ed:bd:ff:
         a8:0d:0f:0a:74:9c:4a:79:8c:85:fc:d7:95:04:d2:18:9a:43:
         f8:b8:de:d9:10:87:8a:99:c7:5e:7a:4c:00:0f:7d:0c:e1:7f:
         d3:9c:1e:bc:98:a6:88:dc:33:6c:52:72:14:ae:81:76:eb:31:
         f2:32:a5:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQN+ecixPnq1mWfEj8IpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OWQyN2NlMDcyY2EzMzZkM2FmYWFiODg3OWY5NGVjNjM0
NTU2NjkwHhcNMjQwMTAyMDAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FkZTVjMzYyZmUzNTU0ZWM2MWJiMWE2NzRmYzBkYjM4YWQ4NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfUH9bOLWzWI6VKkUxVvLbYkxbI1
ZeL9PBLk37w7o/G6mQrtXimzF/XQT2Tf9sRFry27e/YJHCdP60irxGnCt2G/eQ5r
S0L2UbdXUYHXM/3ZWDIr9UY2hZUyFEMVE/vfra8jQukxRVFvR8hwm7QKeX+/PRuF
3aWXxDsz9E8BJ0eiuVIvb4nB89PJShFJDqp2QMwHl87/2CKSMHdcYPtrg/Eu3Oaw
AgOL05C4oIDbqV22u5ocaARWfrWcs54hAlheVCKKTauihneRpPROTs6E5CPkbZeL
wclyS+MkH9qiSQ88EpSKlKR1Lyn7eRMwopklWb9fKt1l9QQ51n69fnnYTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyt5cNi/jVU7GG7GmdPwNs4rYeMMB8GA1UdIwQY
MBaAFHWdJ84HLKM206+quIeflOxjRVZpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFowbnpnY3NvemJUcjZxNGg1LVU3R05GVm1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9mMTdhMjctNDU5OS00NWI1LWE2NmUt
NzAxMjNmNDk1MTEwLzEvUEszbHcyTC1OVlRzWWJzYVowX0Eyeml0aDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9mMTdhMjctNDU5OS00NWI1LWE2NmUtNzAxMjNmNDk1MTEw
LzEvZFowbnpnY3NvemJUcjZxNGg1LVU3R05GVm1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQuYMA0G
CSqGSIb3DQEBCwUAA4IBAQACEm/tcBSBPOnywxSRHAhq3Dxg16lrLg1k6zwpGUma
8xy5uw+ZOWcwg3TO7k0Lt0trW4oFWS6YTh/92QXl4pYU+22as9q4QR7wdyD+FYdD
pJYDzWqmaU5Py4/o9IyrajE2faDdsNf+Mm5zanklvoEsiY/Xo59WyciEP9pV6LUU
Osodl79Jdtfa8eVntiCOCM35BApDsK6tCNKzPcNWvnNCqGactI0x9Qga45bcTeR9
X7yIH8GXnrVsWHw5bkM2Jhk/9iztvf+oDQ8KdJxKeYyF/NeVBNIYmkP4uN7ZEIeK
mcdeekwAD30M4X/TnB68mKaI3DNsUnIUroF26zHyMqV0
-----END CERTIFICATE-----