Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/RvSCWrrL8CXFeeSBMP3qZvp7orY.roa
File:                     RvSCWrrL8CXFeeSBMP3qZvp7orY.roa (raw, json)
Hash identifier:          BwYqD3EYBYTmnFtDoO0NniEHRjODB97i12FS9zJnKU8=
Subject key identifier:   46:F4:82:5A:BA:CB:F0:25:C5:79:E4:81:30:FD:EA:66:FA:7B:A2:B6
Certificate issuer:       /CN=38728e9bd37399df9ffae587bd06884b350a65b7
Certificate serial:       018CC56EE9AA33CD9883BA4E955CDFBC19F4
Authority key identifier: 38:72:8E:9B:D3:73:99:DF:9F:FA:E5:87:BD:06:88:4B:35:0A:65:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/RvSCWrrL8CXFeeSBMP3qZvp7orY.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20495
IP address blocks:        185.184.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e9:aa:33:cd:98:83:ba:4e:95:5c:df:bc:19:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38728e9bd37399df9ffae587bd06884b350a65b7
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46f4825abacbf025c579e48130fdea66fa7ba2b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c4:30:ac:d6:dd:c7:eb:1e:4c:c9:4a:6b:c1:
                    db:3d:8d:57:b3:33:d3:b0:87:e9:db:0a:15:81:1d:
                    32:07:ce:dc:3f:83:ed:9f:38:85:cb:40:a9:3b:fb:
                    27:b2:ba:24:cc:c8:1f:7b:aa:8d:29:00:89:13:6d:
                    44:17:66:27:90:0f:e5:5f:a2:9f:eb:84:1c:30:f0:
                    9e:20:1f:0b:bb:f3:43:7d:3e:e4:a8:3e:be:02:00:
                    4e:0b:2a:1e:d8:18:8e:0c:a1:80:6e:30:81:6a:39:
                    5b:4d:23:50:e4:9d:a9:05:27:65:81:62:c4:f2:54:
                    de:ba:46:84:88:62:08:4c:47:ff:54:d5:f9:f6:93:
                    53:91:0d:6d:1a:ae:f0:f5:8b:f1:9a:ce:03:37:c5:
                    c6:84:7c:3d:6c:00:8d:a0:88:45:87:bc:34:41:7d:
                    c5:db:d9:2b:e0:e2:5b:1e:2f:30:c0:7d:f3:d1:bc:
                    3e:5c:56:a2:44:ec:84:b1:e9:29:8b:a4:44:66:1d:
                    e8:e5:cb:49:18:b5:c0:49:d8:d4:b7:92:38:f0:5d:
                    05:75:97:53:37:c9:fd:e7:0f:47:ff:43:b5:d6:a9:
                    24:60:6e:7b:38:47:9a:f9:88:16:54:2f:ff:af:9d:
                    cd:85:f3:51:1f:22:5a:78:f4:8c:f6:2f:41:4d:b9:
                    16:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F4:82:5A:BA:CB:F0:25:C5:79:E4:81:30:FD:EA:66:FA:7B:A2:B6
            X509v3 Authority Key Identifier:
                keyid:38:72:8E:9B:D3:73:99:DF:9F:FA:E5:87:BD:06:88:4B:35:0A:65:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/RvSCWrrL8CXFeeSBMP3qZvp7orY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:41:98:72:18:c3:c9:9c:2c:7a:0d:12:d6:93:bc:45:c2:03:
         0a:fa:c8:37:7a:65:e9:a3:a1:b1:77:c1:91:08:69:eb:af:da:
         12:ee:92:a8:a2:ae:08:66:db:d5:e8:63:1d:bf:98:e9:0c:06:
         4f:8f:35:c2:c2:8c:d0:40:ef:6e:d6:f1:94:a0:1f:e1:84:58:
         70:21:ca:b2:c5:de:4d:e9:13:fb:88:1f:d9:42:4d:7e:f7:ca:
         31:4d:e6:fa:a0:9f:7d:0b:ef:5a:6d:70:c8:e3:75:df:90:3a:
         34:0b:16:f0:3f:cf:c0:9e:f5:cc:e1:5f:99:29:ce:51:f9:cf:
         93:fc:61:bd:e0:b7:23:fd:67:22:a7:b1:5e:0d:bc:c1:62:31:
         e9:fe:ab:70:13:bc:60:ca:c2:8c:3e:fe:c3:89:17:78:bd:6c:
         bd:fe:01:34:3f:81:1b:e9:ae:9c:96:1d:26:08:98:9a:bc:53:
         55:64:fb:2c:51:74:08:e6:64:c9:33:f6:ef:db:91:fb:b1:f0:
         48:05:ba:c0:cf:31:bc:bf:b2:81:59:d3:f9:53:6c:01:57:54:
         7a:45:91:24:77:c6:74:bb:f6:1e:e7:0c:48:f4:1d:d9:22:b8:
         16:9b:b6:21:8f:e4:76:14:ed:ac:e9:a3:d5:0b:d8:08:d4:c7:
         1b:2a:6c:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbumqM82Yg7pOlVzfvBn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NzI4ZTliZDM3Mzk5ZGY5ZmZhZTU4N2JkMDY4ODRiMzUw
YTY1YjcwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY0ODI1YWJhY2JmMDI1YzU3OWU0ODEzMGZkZWE2NmZhN2JhMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosQwrNbdx+seTMlKa8HbPY1XszPT
sIfp2woVgR0yB87cP4PtnziFy0CpO/snsrokzMgfe6qNKQCJE21EF2YnkA/lX6Kf
64QcMPCeIB8Lu/NDfT7kqD6+AgBOCyoe2BiODKGAbjCBajlbTSNQ5J2pBSdlgWLE
8lTeukaEiGIITEf/VNX59pNTkQ1tGq7w9Yvxms4DN8XGhHw9bACNoIhFh7w0QX3F
29kr4OJbHi8wwH3z0bw+XFaiROyEsekpi6REZh3o5ctJGLXASdjUt5I48F0FdZdT
N8n95w9H/0O11qkkYG57OEea+YgWVC//r53NhfNRHyJaePSM9i9BTbkWIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb0glq6y/AlxXnkgTD96mb6e6K2MB8GA1UdIwQY
MBaAFDhyjpvTc5nfn/rlh70GiEs1CmW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0hLT205TnptZC1mLXVXSHZRYUlTelVLWmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iZTNlMjUtODgxYy00YWVjLWE5MzIt
ZjhjZmEzM2Q2ODRlLzEvUnZTQ1dyckw4Q1hGZWVTQk1QM3FadnA3b3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iZTNlMjUtODgxYy00YWVjLWE5MzItZjhjZmEzM2Q2ODRl
LzEvT0hLT205TnptZC1mLXVXSHZRYUlTelVLWmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubhsMA0G
CSqGSIb3DQEBCwUAA4IBAQBbQZhyGMPJnCx6DRLWk7xFwgMK+sg3emXpo6Gxd8GR
CGnrr9oS7pKooq4IZtvV6GMdv5jpDAZPjzXCwozQQO9u1vGUoB/hhFhwIcqyxd5N
6RP7iB/ZQk1+98oxTeb6oJ99C+9abXDI43XfkDo0CxbwP8/AnvXM4V+ZKc5R+c+T
/GG94Lcj/Wcip7FeDbzBYjHp/qtwE7xgysKMPv7DiRd4vWy9/gE0P4Eb6a6clh0m
CJiavFNVZPssUXQI5mTJM/bv25H7sfBIBbrAzzG8v7KBWdP5U2wBV1R6RZEkd8Z0
u/Ye5wxI9B3ZIrgWm7Yhj+R2FO2s6aPVC9gI1McbKmzG
-----END CERTIFICATE-----