Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/3LczxYwc420sQ1suI4LHuX3UoaY.roa
File:                     3LczxYwc420sQ1suI4LHuX3UoaY.roa (raw, json)
Hash identifier:          kqdLFTiVsJ61yy9AtA0cn4hngdyUSup5Ggnkus/WELM=
Subject key identifier:   DC:B7:33:C5:8C:1C:E3:6D:2C:43:5B:2E:23:82:C7:B9:7D:D4:A1:A6
Certificate issuer:       /CN=a01a1c7dbb9a1571a5bf4924ab3fc50493145f4f
Certificate serial:       018CC6B8494216411C2376505562FE18996E
Authority key identifier: A0:1A:1C:7D:BB:9A:15:71:A5:BF:49:24:AB:3F:C5:04:93:14:5F:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBocfbuaFXGlv0kkqz_FBJMUX08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/3LczxYwc420sQ1suI4LHuX3UoaY.roa
Signing time:             Mon 01 Jan 2024 20:30:15 +0000
ROA not before:           Mon 01 Jan 2024 20:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5582
IP address blocks:        185.113.32.0/23 maxlen: 23
                          185.182.224.0/22 maxlen: 22
                          2a0a:fa80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/oBocfbuaFXGlv0kkqz_FBJMUX08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/oBocfbuaFXGlv0kkqz_FBJMUX08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBocfbuaFXGlv0kkqz_FBJMUX08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:49:42:16:41:1c:23:76:50:55:62:fe:18:99:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a01a1c7dbb9a1571a5bf4924ab3fc50493145f4f
        Validity
            Not Before: Jan  1 20:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb733c58c1ce36d2c435b2e2382c7b97dd4a1a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c5:97:0e:a7:3c:69:2b:8c:84:cc:20:08:4d:
                    8b:84:c7:cb:5e:17:33:43:d0:7f:9b:97:f5:15:fc:
                    54:3f:51:76:fa:f6:9e:a6:64:cb:b4:e7:3d:47:01:
                    30:af:7f:f8:11:34:24:8b:bd:7e:99:6e:02:4c:f3:
                    67:ed:c2:f6:4f:5b:0c:2e:29:b5:9e:f0:df:6c:5a:
                    2a:3e:84:06:ba:61:e9:9d:05:02:c3:05:4c:ef:fb:
                    4b:11:b2:45:d7:db:80:cb:c0:c1:f9:56:bb:f2:27:
                    0c:90:f0:5b:2b:83:2e:99:49:c4:a2:38:26:b0:97:
                    b6:49:7d:4f:33:94:f5:24:a4:e4:8b:f5:51:27:06:
                    47:3a:44:72:04:50:d1:26:fd:82:97:c5:42:fb:cd:
                    c9:7e:ac:b7:bc:c7:a1:c9:6e:bc:5b:9f:8a:35:82:
                    13:bc:69:f5:83:74:4f:1f:dc:04:56:9a:55:50:8a:
                    e3:cb:2d:2c:44:92:d8:5c:7f:eb:c5:1c:b8:f8:fb:
                    d5:8f:c9:94:fc:7d:31:35:af:f6:b7:67:0c:3c:8d:
                    fe:4b:a3:3b:25:e3:8c:02:3f:80:82:e1:b5:88:bb:
                    43:5b:66:a7:97:a9:03:fe:34:15:76:1f:66:34:c8:
                    83:8d:e5:c3:26:4e:e8:34:43:78:cd:2c:7d:6a:22:
                    9e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B7:33:C5:8C:1C:E3:6D:2C:43:5B:2E:23:82:C7:B9:7D:D4:A1:A6
            X509v3 Authority Key Identifier:
                keyid:A0:1A:1C:7D:BB:9A:15:71:A5:BF:49:24:AB:3F:C5:04:93:14:5F:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBocfbuaFXGlv0kkqz_FBJMUX08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/3LczxYwc420sQ1suI4LHuX3UoaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e896b8-0ea0-4bbc-8c35-2262c5bd7a2c/1/oBocfbuaFXGlv0kkqz_FBJMUX08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.32.0/23
                  185.182.224.0/22
                IPv6:
                  2a0a:fa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:c0:19:6d:b1:04:f6:bb:5b:a7:02:88:d6:50:fe:f3:17:ad:
         7c:fb:7c:37:e3:cd:7d:5f:6a:d3:27:ca:79:74:72:58:fe:26:
         7e:ac:0c:b1:17:48:5b:5c:0d:b2:5f:13:40:8f:54:ce:86:49:
         2f:28:44:b2:dd:fd:23:d8:c0:b7:00:48:a8:89:74:76:99:65:
         39:cf:5b:e9:bb:d4:9c:cf:52:e7:d1:eb:98:96:0e:fc:ff:de:
         e0:f0:a1:d5:cb:2c:c6:ce:40:5a:01:e4:7f:09:0d:bb:86:55:
         40:5d:7f:57:91:66:a3:33:66:62:b5:8e:11:46:29:92:c2:21:
         e1:8d:52:84:31:99:97:61:50:a6:bf:23:3d:76:43:fc:72:03:
         ad:96:41:9e:b3:a2:4d:a8:7b:7c:79:37:a5:fd:28:ef:40:e9:
         a3:08:80:d8:e2:3d:7c:85:a4:10:bc:b3:2a:40:c7:ab:da:7b:
         35:3d:6d:b0:05:f1:5e:b2:41:bb:3c:49:7a:ac:dc:e5:28:0f:
         fd:2e:0b:17:e7:0e:71:aa:39:c8:30:7a:1b:e8:54:97:9f:9a:
         ca:a9:6f:19:ca:2b:d5:7c:39:cc:4d:5f:cf:a3:d1:6f:08:73:
         74:56:63:60:cd:b3:e8:d5:1c:b1:b8:d8:13:71:ed:3c:4d:82:
         ac:04:26:1c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuElCFkEcI3ZQVWL+GJluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMWExYzdkYmI5YTE1NzFhNWJmNDkyNGFiM2ZjNTA0OTMx
NDVmNGYwHhcNMjQwMTAxMjAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I3MzNjNThjMWNlMzZkMmM0MzViMmUyMzgyYzdiOTdkZDRhMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8WXDqc8aSuMhMwgCE2LhMfLXhcz
Q9B/m5f1FfxUP1F2+vaepmTLtOc9RwEwr3/4ETQki71+mW4CTPNn7cL2T1sMLim1
nvDfbFoqPoQGumHpnQUCwwVM7/tLEbJF19uAy8DB+Va78icMkPBbK4MumUnEojgm
sJe2SX1PM5T1JKTki/VRJwZHOkRyBFDRJv2Cl8VC+83Jfqy3vMehyW68W5+KNYIT
vGn1g3RPH9wEVppVUIrjyy0sRJLYXH/rxRy4+PvVj8mU/H0xNa/2t2cMPI3+S6M7
JeOMAj+AguG1iLtDW2anl6kD/jQVdh9mNMiDjeXDJk7oNEN4zSx9aiKehQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNy3M8WMHONtLENbLiOCx7l91KGmMB8GA1UdIwQY
MBaAFKAaHH27mhVxpb9JJKs/xQSTFF9PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JvY2ZidWFGWEdsdjBra3F6X0ZCSk1VWDA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9lODk2YjgtMGVhMC00YmJjLThjMzUt
MjI2MmM1YmQ3YTJjLzEvM0xjenhZd2M0MjBzUTFzdUk0TEh1WDNVb2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9lODk2YjgtMGVhMC00YmJjLThjMzUtMjI2MmM1YmQ3YTJj
LzEvb0JvY2ZidWFGWEdsdjBra3F6X0ZCSk1VWDA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBuXEgAwQC
ubbgMA0EAgACMAcDBQMqCvqAMA0GCSqGSIb3DQEBCwUAA4IBAQBcwBltsQT2u1un
AojWUP7zF618+3w34819X2rTJ8p5dHJY/iZ+rAyxF0hbXA2yXxNAj1TOhkkvKESy
3f0j2MC3AEioiXR2mWU5z1vpu9Scz1Ln0euYlg78/97g8KHVyyzGzkBaAeR/CQ27
hlVAXX9XkWajM2ZitY4RRimSwiHhjVKEMZmXYVCmvyM9dkP8cgOtlkGes6JNqHt8
eTel/SjvQOmjCIDY4j18haQQvLMqQMer2ns1PW2wBfFeskG7PEl6rNzlKA/9LgsX
5w5xqjnIMHob6FSXn5rKqW8ZyivVfDnMTV/Po9FvCHN0VmNgzbPo1RyxuNgTce08
TYKsBCYc
-----END CERTIFICATE-----