Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/SS3aTwiL60wc9yE3keWpUAWx4cI.roa
File:                     SS3aTwiL60wc9yE3keWpUAWx4cI.roa (raw, json)
Hash identifier:          TUGg2BvbUglXeItyuMliHOBiLTxZFf6zvIv007fYfio=
Subject key identifier:   49:2D:DA:4F:08:8B:EB:4C:1C:F7:21:37:91:E5:A9:50:05:B1:E1:C2
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5D07CA6CDD340BA6B1C75FD80467
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/SS3aTwiL60wc9yE3keWpUAWx4cI.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133480
IP address blocks:        185.190.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5d:07:ca:6c:dd:34:0b:a6:b1:c7:5f:d8:04:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=492dda4f088beb4c1cf7213791e5a95005b1e1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e3:17:2e:77:a8:1c:91:79:e3:50:18:c3:d5:
                    cc:b5:47:80:e3:89:5d:fe:c3:96:fa:ab:9c:9f:ef:
                    4d:f0:81:21:4c:a4:45:87:f4:3a:07:60:ba:c2:5c:
                    8b:6c:ef:85:24:68:cb:f8:1e:fa:fc:38:e8:3c:d3:
                    49:19:59:f3:1b:ab:97:27:16:12:e0:91:f4:7a:12:
                    c2:0b:89:09:e5:5b:d5:f0:32:54:d2:42:c5:e0:2f:
                    b5:ad:7b:2d:f2:16:2f:2b:01:9c:41:e0:10:c9:5e:
                    a8:7d:f6:24:5b:74:e7:28:6f:41:d9:f2:94:60:1f:
                    86:e9:39:44:2a:01:1d:6b:30:a2:5a:bc:54:14:7e:
                    5c:74:bc:0d:27:12:4c:64:9c:5a:3d:c0:ec:0a:00:
                    09:7f:31:92:36:2c:69:5b:83:c5:cb:8a:24:ae:3e:
                    43:29:76:91:99:97:bb:86:cc:29:a1:a2:5e:44:ee:
                    c2:04:95:67:8b:e0:dd:b7:0b:c6:9d:56:fa:1b:9c:
                    5c:db:82:af:a1:6f:7f:32:3a:96:bb:b2:74:79:5f:
                    68:d2:68:aa:8e:f2:8c:14:af:b5:34:50:bb:8b:47:
                    fb:ed:fd:47:22:64:55:a5:b5:5d:5a:13:9f:79:4f:
                    64:52:c6:de:83:b3:3d:f3:0b:1d:d4:ca:4e:4a:ad:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:2D:DA:4F:08:8B:EB:4C:1C:F7:21:37:91:E5:A9:50:05:B1:E1:C2
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/SS3aTwiL60wc9yE3keWpUAWx4cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0d:ec:b5:b2:b1:0a:6c:42:d0:b6:80:33:e8:c0:a1:cd:f4:
         6b:d4:e1:a6:2a:ae:50:e4:1a:fe:09:8e:68:bf:3e:dd:81:00:
         ee:ce:57:ee:c4:49:b8:e9:a2:d2:4f:01:2f:60:2c:46:a5:30:
         95:15:69:cf:c0:bf:9d:b0:28:ff:64:0c:83:20:a9:c0:26:ce:
         40:bb:1e:72:eb:54:57:52:ba:6b:71:32:05:d8:cd:6a:6e:5a:
         62:5e:d2:cb:0f:cc:81:73:f3:ca:d3:67:d4:e2:38:67:22:80:
         07:09:0e:a9:59:71:0d:d8:48:7d:95:c7:f2:93:13:38:e9:6c:
         2d:ba:00:2f:eb:2e:85:8b:8a:94:82:a9:f6:6c:b3:af:59:a9:
         2f:95:c3:c1:83:24:17:c9:ad:27:7a:81:41:a6:c2:79:a1:91:
         cd:fa:3b:e4:97:cc:a3:2f:c9:ca:80:a1:17:89:61:24:99:9c:
         cf:bb:0c:2e:f4:79:1d:03:37:42:4b:18:03:7c:bf:a0:1f:2e:
         20:4f:b6:ef:8f:c0:79:21:5f:9d:48:20:48:22:ef:99:ae:58:
         87:3a:50:e0:8d:77:25:4a:8f:23:34:32:d8:4f:25:5a:86:36:
         07:e1:34:7a:c0:83:d4:16:7c:ad:51:db:04:26:97:9f:cc:c8:
         a2:57:bd:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK10HymzdNAumscdf2ARnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTJkZGE0ZjA4OGJlYjRjMWNmNzIxMzc5MWU1YTk1MDA1YjFlMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uMXLneoHJF541AYw9XMtUeA44ld
/sOW+qucn+9N8IEhTKRFh/Q6B2C6wlyLbO+FJGjL+B76/DjoPNNJGVnzG6uXJxYS
4JH0ehLCC4kJ5VvV8DJU0kLF4C+1rXst8hYvKwGcQeAQyV6offYkW3TnKG9B2fKU
YB+G6TlEKgEdazCiWrxUFH5cdLwNJxJMZJxaPcDsCgAJfzGSNixpW4PFy4okrj5D
KXaRmZe7hswpoaJeRO7CBJVni+DdtwvGnVb6G5xc24KvoW9/MjqWu7J0eV9o0miq
jvKMFK+1NFC7i0f77f1HImRVpbVdWhOfeU9kUsbeg7M98wsd1MpOSq0JlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkt2k8Ii+tMHPchN5HlqVAFseHCMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvU1MzYVR3aUw2MHdjOXlFM2tlV3BVQVd4NGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub5TMA0G
CSqGSIb3DQEBCwUAA4IBAQCjDey1srEKbELQtoAz6MChzfRr1OGmKq5Q5Br+CY5o
vz7dgQDuzlfuxEm46aLSTwEvYCxGpTCVFWnPwL+dsCj/ZAyDIKnAJs5Aux5y61RX
UrprcTIF2M1qblpiXtLLD8yBc/PK02fU4jhnIoAHCQ6pWXEN2Eh9lcfykxM46Wwt
ugAv6y6Fi4qUgqn2bLOvWakvlcPBgyQXya0neoFBpsJ5oZHN+jvkl8yjL8nKgKEX
iWEkmZzPuwwu9HkdAzdCSxgDfL+gHy4gT7bvj8B5IV+dSCBIIu+ZrliHOlDgjXcl
So8jNDLYTyVahjYH4TR6wIPUFnytUdsEJpefzMiiV718
-----END CERTIFICATE-----