Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/3SOaPI_Msj19VwrHcseab-8Xn08.roa
File:                     3SOaPI_Msj19VwrHcseab-8Xn08.roa (raw, json)
Hash identifier:          8ePE7Bck6mb/VXGiXMO5VkpRUkhyFJHTXoGlkTLIpZ4=
Subject key identifier:   DD:23:9A:3C:8F:CC:B2:3D:7D:57:0A:C7:72:C7:9A:6F:EF:17:9F:4F
Certificate issuer:       /CN=0b453b410d3586a6237a951eef3b03f4c44118f0
Certificate serial:       018CC80140676E86195AAC923658D5AD3593
Authority key identifier: 0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/3SOaPI_Msj19VwrHcseab-8Xn08.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        185.65.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 01:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:40:67:6e:86:19:5a:ac:92:36:58:d5:ad:35:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b453b410d3586a6237a951eef3b03f4c44118f0
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd239a3c8fccb23d7d570ac772c79a6fef179f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b3:4f:77:b7:10:88:38:84:f1:c4:77:51:df:
                    c3:9b:7b:7f:99:9f:a0:fd:c3:0e:7c:71:54:e4:13:
                    ca:38:e1:3b:80:bc:9e:fc:56:a3:aa:12:92:4e:82:
                    30:dd:8c:0a:4e:ae:5f:b2:0f:88:97:f0:af:f7:5f:
                    61:28:a4:71:f2:e9:f2:5e:fa:d1:f8:2f:9f:5c:cf:
                    ed:b0:22:15:4f:99:1e:61:19:eb:8a:7f:56:34:16:
                    19:d6:9e:30:f6:49:f4:d5:23:23:83:9c:15:9f:27:
                    4b:4d:ef:47:b3:36:ff:2c:63:68:f5:bd:b6:9d:e7:
                    18:81:b2:64:43:48:5f:7f:80:ea:f5:c7:f8:0d:66:
                    90:16:67:d7:70:07:81:b5:d7:d3:43:f8:61:b9:9e:
                    61:d9:e5:98:34:dc:a8:6e:21:eb:63:52:27:99:23:
                    73:6a:ed:ec:45:95:5a:da:83:9b:2c:3b:4a:74:0f:
                    14:2f:14:0a:44:aa:9d:f6:20:7b:5f:d9:16:3d:63:
                    ab:9b:5c:3b:96:a9:d2:41:6f:15:a8:53:a9:dd:98:
                    4a:3b:de:99:8c:58:19:c2:ef:25:b8:60:7e:35:f8:
                    41:10:67:38:29:70:98:0d:64:a6:c3:f8:bc:06:77:
                    1c:81:c8:5d:3c:4c:8d:e7:1c:fb:47:ba:82:76:d8:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:23:9A:3C:8F:CC:B2:3D:7D:57:0A:C7:72:C7:9A:6F:EF:17:9F:4F
            X509v3 Authority Key Identifier:
                keyid:0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/3SOaPI_Msj19VwrHcseab-8Xn08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:10:b4:88:15:21:5c:5e:0b:17:3a:0b:c7:a7:ec:c4:ae:d8:
         7e:38:47:d9:ab:73:2b:ba:89:f5:f7:a3:b6:55:82:cc:99:93:
         3f:87:b0:fc:e2:91:13:07:8b:f6:bd:87:24:63:9b:16:37:04:
         d6:50:62:29:5c:a6:49:ee:5f:91:f7:1f:6a:52:53:5b:fe:93:
         f1:1d:51:49:a0:a2:ef:b3:c4:07:2d:70:50:fb:5f:55:56:8c:
         6b:19:80:ca:54:40:92:2c:b9:73:a3:5c:4b:26:7b:a2:40:2c:
         fa:b9:96:aa:90:5a:5c:6d:40:b5:a9:bf:85:0a:fb:19:6f:c1:
         a7:54:59:68:6a:5f:b2:c8:9d:cd:14:0c:df:d9:ab:b5:d6:d6:
         44:f6:be:69:25:f0:1b:c6:9a:bf:62:f1:84:46:d3:cf:e2:07:
         b8:6e:36:91:8b:07:06:92:42:7a:6a:47:2b:b1:23:5a:4d:32:
         85:6c:f6:0c:ee:58:d2:4b:91:96:19:f9:dd:ff:8e:65:b2:36:
         01:f6:f6:1b:82:fc:af:fe:dc:fe:61:39:84:6c:ba:86:d8:75:
         ca:3a:43:e5:c2:ce:cb:25:19:eb:d9:a8:de:d7:b0:2f:ed:d2:
         f2:f2:7e:42:da:91:49:65:f0:c8:73:57:81:61:8e:26:ea:71:
         64:50:7a:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUBnboYZWqySNljVrTWTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNDUzYjQxMGQzNTg2YTYyMzdhOTUxZWVmM2IwM2Y0YzQ0
MTE4ZjAwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDIzOWEzYzhmY2NiMjNkN2Q1NzBhYzc3MmM3OWE2ZmVmMTc5ZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbNPd7cQiDiE8cR3Ud/Dm3t/mZ+g
/cMOfHFU5BPKOOE7gLye/FajqhKSToIw3YwKTq5fsg+Il/Cv919hKKRx8unyXvrR
+C+fXM/tsCIVT5keYRnrin9WNBYZ1p4w9kn01SMjg5wVnydLTe9Hszb/LGNo9b22
necYgbJkQ0hff4Dq9cf4DWaQFmfXcAeBtdfTQ/hhuZ5h2eWYNNyobiHrY1InmSNz
au3sRZVa2oObLDtKdA8ULxQKRKqd9iB7X9kWPWOrm1w7lqnSQW8VqFOp3ZhKO96Z
jFgZwu8luGB+NfhBEGc4KXCYDWSmw/i8BnccgchdPEyN5xz7R7qCdth61wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0jmjyPzLI9fVcKx3LHmm/vF59PMB8GA1UdIwQY
MBaAFAtFO0ENNYamI3qVHu87A/TEQRjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWIt
MjlmYTQ3YjY4MDkzLzEvM1NPYVBJX01zajE5VndySGNzZWFiLThYbjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWItMjlmYTQ3YjY4MDkz
LzEvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUFpMA0G
CSqGSIb3DQEBCwUAA4IBAQALELSIFSFcXgsXOgvHp+zErth+OEfZq3Mruon196O2
VYLMmZM/h7D84pETB4v2vYckY5sWNwTWUGIpXKZJ7l+R9x9qUlNb/pPxHVFJoKLv
s8QHLXBQ+19VVoxrGYDKVECSLLlzo1xLJnuiQCz6uZaqkFpcbUC1qb+FCvsZb8Gn
VFloal+yyJ3NFAzf2au11tZE9r5pJfAbxpq/YvGERtPP4ge4bjaRiwcGkkJ6akcr
sSNaTTKFbPYM7ljSS5GWGfnd/45lsjYB9vYbgvyv/tz+YTmEbLqG2HXKOkPlws7L
JRnr2aje17Av7dLy8n5C2pFJZfDIc1eBYY4m6nFkUHoZ
-----END CERTIFICATE-----