Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/xCfTRuUS3uwyEmrVx2w1GJrMFKg.roa
File:                     xCfTRuUS3uwyEmrVx2w1GJrMFKg.roa (raw, json)
Hash identifier:          34fBiPxM8cORffxmx2+b8/RXm5L8WztubAuK7vSGYPo=
Subject key identifier:   C4:27:D3:46:E5:12:DE:EC:32:12:6A:D5:C7:6C:35:18:9A:CC:14:A8
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       018CC50126F5EC70AC92C2E0A9B4C9DED223
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/xCfTRuUS3uwyEmrVx2w1GJrMFKg.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        185.191.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:26:f5:ec:70:ac:92:c2:e0:a9:b4:c9:de:d2:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c427d346e512deec32126ad5c76c35189acc14a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cc:50:ae:1f:b0:89:96:1e:e3:0e:57:47:63:
                    0c:b0:80:7b:0a:16:76:9a:8c:8c:3c:e0:44:b1:2c:
                    a6:2d:31:f3:3b:cb:6b:1a:ad:b4:ae:85:54:61:bb:
                    62:a6:52:d4:19:83:18:63:6b:74:08:c7:47:67:b7:
                    be:1e:51:5c:6b:83:2e:6b:29:17:08:b9:ad:9f:d9:
                    e1:2b:eb:30:d7:13:6d:ad:bb:bf:4f:bc:f8:d1:a5:
                    61:ec:e7:15:d2:5a:34:96:16:90:95:ee:a1:61:ec:
                    7c:79:a5:6d:f2:fa:9d:7b:43:25:f5:f2:db:70:b4:
                    d2:8e:68:da:f4:39:7a:ce:55:dc:48:52:41:0b:0d:
                    fe:43:d5:31:7c:5d:03:65:51:62:9c:34:4c:70:e8:
                    77:93:2a:fe:1d:82:c2:ee:d0:53:b8:d5:95:59:e7:
                    2f:59:8f:48:bf:c1:da:e7:a9:cb:12:7b:17:ac:c3:
                    b8:d3:f3:e7:0e:59:ca:cb:dc:d9:63:a3:94:11:75:
                    74:e3:0c:e2:75:08:b0:04:33:5d:34:2e:ec:49:fd:
                    10:ac:76:ea:fc:26:5d:60:f5:00:f3:d0:3f:8e:7f:
                    c6:ba:2a:91:f6:7a:69:7a:ed:40:74:e3:b9:9e:b1:
                    f8:ef:fd:d1:2d:9b:c3:16:1c:1d:43:5a:fd:9b:30:
                    34:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:27:D3:46:E5:12:DE:EC:32:12:6A:D5:C7:6C:35:18:9A:CC:14:A8
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/xCfTRuUS3uwyEmrVx2w1GJrMFKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:0e:c0:f6:dd:94:b8:92:29:ca:03:71:aa:fa:ac:47:4c:c8:
         bf:0d:6e:94:4e:90:a1:bd:6b:d1:b5:68:38:7c:4c:b3:bb:c3:
         ae:c9:45:e0:87:db:18:ea:fb:b8:d6:7a:0b:0c:cc:7d:a8:1e:
         ad:60:5d:cf:66:53:a7:83:d8:fd:f6:2f:5f:06:03:fa:d1:67:
         b4:58:9e:96:03:e6:53:dd:d0:b3:27:57:e7:59:79:52:d7:9f:
         34:dc:e4:d7:74:f0:e5:fe:5c:cf:50:1c:64:cc:46:9b:04:ea:
         5e:34:1d:38:cc:2b:f7:9d:c3:56:ac:0e:d7:fe:dc:fc:97:6b:
         cc:9a:82:de:68:83:69:89:ae:c9:ed:3a:c2:4b:5c:45:37:96:
         e5:26:bc:ea:bd:e2:bc:bd:e6:91:3b:e6:62:73:f1:60:83:7d:
         e2:e2:1e:71:d7:65:cd:ae:86:f0:0b:5c:9b:b4:68:3a:21:73:
         14:ca:8b:99:9b:7e:72:ae:f1:50:e4:e8:10:7e:7f:9f:13:3f:
         ab:72:60:11:29:b3:5a:16:66:3e:1a:23:33:85:ac:c8:25:b4:
         8a:a5:ea:d2:4a:db:36:27:5e:58:23:40:9c:fe:01:65:30:af:
         b4:6b:01:a1:84:03:93:08:fd:5e:30:57:6c:7e:e5:c1:99:e1:
         f4:72:b4:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASb17HCsksLgqbTJ3tIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQy
Yjg3OTYwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDI3ZDM0NmU1MTJkZWVjMzIxMjZhZDVjNzZjMzUxODlhY2MxNGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosxQrh+wiZYe4w5XR2MMsIB7ChZ2
moyMPOBEsSymLTHzO8trGq20roVUYbtiplLUGYMYY2t0CMdHZ7e+HlFca4MuaykX
CLmtn9nhK+sw1xNtrbu/T7z40aVh7OcV0lo0lhaQle6hYex8eaVt8vqde0Ml9fLb
cLTSjmja9Dl6zlXcSFJBCw3+Q9UxfF0DZVFinDRMcOh3kyr+HYLC7tBTuNWVWecv
WY9Iv8Ha56nLEnsXrMO40/PnDlnKy9zZY6OUEXV04wzidQiwBDNdNC7sSf0QrHbq
/CZdYPUA89A/jn/GuiqR9nppeu1AdOO5nrH47/3RLZvDFhwdQ1r9mzA0jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQn00blEt7sMhJq1cdsNRiazBSoMB8GA1UdIwQY
MBaAFN1kAznlmt3HX9l4EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAt
NjFiNzMzNTRhYmRiLzEveENmVFJ1VVMzdXd5RW1yVngydzFHSnJNRktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRi
LzEvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+SMA0G
CSqGSIb3DQEBCwUAA4IBAQChDsD23ZS4kinKA3Gq+qxHTMi/DW6UTpChvWvRtWg4
fEyzu8OuyUXgh9sY6vu41noLDMx9qB6tYF3PZlOng9j99i9fBgP60We0WJ6WA+ZT
3dCzJ1fnWXlS15803OTXdPDl/lzPUBxkzEabBOpeNB04zCv3ncNWrA7X/tz8l2vM
moLeaINpia7J7TrCS1xFN5blJrzqveK8veaRO+Zic/Fgg33i4h5x12XNrobwC1yb
tGg6IXMUyouZm35yrvFQ5OgQfn+fEz+rcmARKbNaFmY+GiMzhazIJbSKperSSts2
J15YI0Cc/gFlMK+0awGhhAOTCP1eMFdsfuXBmeH0crQu
-----END CERTIFICATE-----