Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/0CO3VT1FRLIAjDnYL1mplbht5Fg.roa
File:                     0CO3VT1FRLIAjDnYL1mplbht5Fg.roa (raw, json)
Hash identifier:          m3Oun7CNqF8GLdjaZnY76AvLjd8H6VmpGylrree1smA=
Subject key identifier:   D0:23:B7:55:3D:45:44:B2:00:8C:39:D8:2F:59:A9:95:B8:6D:E4:58
Certificate issuer:       /CN=8bdea2d4ab1380f0a3b7fe7d4fa7828e1c943558
Certificate serial:       018CC7273112D75CF56FCAC67A78E2CC4AA6
Authority key identifier: 8B:DE:A2:D4:AB:13:80:F0:A3:B7:FE:7D:4F:A7:82:8E:1C:94:35:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i96i1KsTgPCjt_59T6eCjhyUNVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/0CO3VT1FRLIAjDnYL1mplbht5Fg.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204356
IP address blocks:        185.252.103.0/24 maxlen: 24
                          185.252.100.0/24 maxlen: 24
                          185.252.101.0/24 maxlen: 24
                          185.252.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/i96i1KsTgPCjt_59T6eCjhyUNVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/i96i1KsTgPCjt_59T6eCjhyUNVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i96i1KsTgPCjt_59T6eCjhyUNVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:12:d7:5c:f5:6f:ca:c6:7a:78:e2:cc:4a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdea2d4ab1380f0a3b7fe7d4fa7828e1c943558
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d023b7553d4544b2008c39d82f59a995b86de458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cb:84:80:c1:f7:3b:15:02:67:82:f2:4d:13:
                    7f:33:a1:8a:d4:74:34:43:31:1a:47:bb:95:a0:07:
                    1d:05:7a:fd:95:a6:63:cc:fe:58:41:7d:7d:a9:59:
                    ac:41:a8:1a:1b:8b:33:fc:ac:d4:1b:b7:ea:3f:73:
                    99:83:8b:ff:c8:a7:80:6a:75:f0:fc:78:d3:b8:ff:
                    2c:fe:9f:19:36:51:83:53:55:c1:00:13:be:46:f3:
                    ff:c4:44:43:9e:37:c0:79:63:f8:35:b8:ef:ee:ed:
                    82:58:27:ac:1b:85:04:59:26:af:40:38:46:e1:46:
                    28:75:3a:f6:64:7a:20:b9:43:8c:70:de:c1:67:99:
                    ba:26:bf:42:c9:72:8d:01:b9:80:33:03:c2:04:86:
                    37:c2:48:34:51:7a:70:34:9d:82:6a:fa:57:6b:9c:
                    b8:61:6d:0d:08:67:f9:de:59:4a:d1:83:f6:f1:de:
                    84:c7:bf:93:29:54:85:79:97:2f:e7:c6:f4:5b:ef:
                    b2:9e:ed:fa:ed:67:4a:b3:d1:74:4e:5d:73:f2:ba:
                    dc:f4:94:a9:9d:3b:23:e6:79:41:f1:df:f7:66:e4:
                    3a:38:98:cf:6a:1b:52:f4:cd:14:67:00:6e:83:f2:
                    40:b3:bb:9b:86:3e:7a:31:f7:bd:ed:01:ca:43:69:
                    a3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:23:B7:55:3D:45:44:B2:00:8C:39:D8:2F:59:A9:95:B8:6D:E4:58
            X509v3 Authority Key Identifier:
                keyid:8B:DE:A2:D4:AB:13:80:F0:A3:B7:FE:7D:4F:A7:82:8E:1C:94:35:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i96i1KsTgPCjt_59T6eCjhyUNVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/0CO3VT1FRLIAjDnYL1mplbht5Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c67d90-d304-481b-8a64-1e326deba4d0/1/i96i1KsTgPCjt_59T6eCjhyUNVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:53:98:fe:94:13:c2:39:b4:ba:fd:6f:11:0f:03:b8:ce:4c:
         a6:0d:a5:b2:b3:b6:18:69:9d:13:c0:c2:c6:c5:fb:60:85:52:
         a6:30:9c:7c:b2:b4:d3:b0:3a:c4:5f:26:df:15:2a:b0:d9:1c:
         57:a2:b8:06:9e:89:30:55:16:c8:70:36:9f:d1:6e:ee:8d:7a:
         cd:5e:3c:c4:66:34:c8:ba:db:35:76:db:3d:0b:76:9a:5a:87:
         d7:6e:94:83:ab:03:28:bf:7d:25:29:59:4b:9d:83:fe:f6:97:
         fd:02:c3:5c:fb:e5:86:fe:9d:ee:11:86:ad:a7:73:c3:ef:56:
         5a:35:80:6f:f5:d7:08:ad:61:05:c8:11:c7:93:8f:39:c4:cf:
         f2:04:4d:64:46:1c:ce:a5:30:eb:8d:b4:ea:57:4f:c4:7c:ff:
         9a:43:7b:60:ab:b8:01:bf:10:c7:28:f5:58:fb:6d:15:12:44:
         20:51:11:fb:5d:8f:04:cf:62:b3:7b:c0:65:6d:9f:b4:56:63:
         85:7f:bd:a1:31:91:f4:f8:10:e1:a5:e9:f4:37:dc:71:94:60:
         6a:a1:34:b9:97:6c:a4:0b:1e:35:4b:27:c2:fa:10:05:23:29:
         80:49:98:3c:b7:f2:07:5a:f0:b2:23:ec:4f:d4:3d:34:bd:1f:
         f9:b1:44:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzES11z1b8rGenjizEqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGVhMmQ0YWIxMzgwZjBhM2I3ZmU3ZDRmYTc4MjhlMWM5
NDM1NTgwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDIzYjc1NTNkNDU0NGIyMDA4YzM5ZDgyZjU5YTk5NWI4NmRlNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMuEgMH3OxUCZ4LyTRN/M6GK1HQ0
QzEaR7uVoAcdBXr9laZjzP5YQX19qVmsQagaG4sz/KzUG7fqP3OZg4v/yKeAanXw
/HjTuP8s/p8ZNlGDU1XBABO+RvP/xERDnjfAeWP4Nbjv7u2CWCesG4UEWSavQDhG
4UYodTr2ZHoguUOMcN7BZ5m6Jr9CyXKNAbmAMwPCBIY3wkg0UXpwNJ2CavpXa5y4
YW0NCGf53llK0YP28d6Ex7+TKVSFeZcv58b0W++ynu367WdKs9F0Tl1z8rrc9JSp
nTsj5nlB8d/3ZuQ6OJjPahtS9M0UZwBug/JAs7ubhj56Mfe97QHKQ2mjgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAjt1U9RUSyAIw52C9ZqZW4beRYMB8GA1UdIwQY
MBaAFIveotSrE4Dwo7f+fU+ngo4clDVYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk2aTFLc1RnUENqdF81OVQ2ZUNqaHlVTlZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jNjdkOTAtZDMwNC00ODFiLThhNjQt
MWUzMjZkZWJhNGQwLzEvMENPM1ZUMUZSTElBakRuWUwxbXBsYmh0NUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jNjdkOTAtZDMwNC00ODFiLThhNjQtMWUzMjZkZWJhNGQw
LzEvaTk2aTFLc1RnUENqdF81OVQ2ZUNqaHlVTlZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufxkMA0G
CSqGSIb3DQEBCwUAA4IBAQB6U5j+lBPCObS6/W8RDwO4zkymDaWys7YYaZ0TwMLG
xftghVKmMJx8srTTsDrEXybfFSqw2RxXorgGnokwVRbIcDaf0W7ujXrNXjzEZjTI
uts1dts9C3aaWofXbpSDqwMov30lKVlLnYP+9pf9AsNc++WG/p3uEYatp3PD71Za
NYBv9dcIrWEFyBHHk485xM/yBE1kRhzOpTDrjbTqV0/EfP+aQ3tgq7gBvxDHKPVY
+20VEkQgURH7XY8Ez2Kze8BlbZ+0VmOFf72hMZH0+BDhpen0N9xxlGBqoTS5l2yk
Cx41SyfC+hAFIymASZg8t/IHWvCyI+xP1D00vR/5sUQZ
-----END CERTIFICATE-----