Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/3WVP9EhpGqUOLIYq9sgrL2mvOcE.roa
File:                     3WVP9EhpGqUOLIYq9sgrL2mvOcE.roa (raw, json)
Hash identifier:          96cpVWj3rjj0afvZhjnKdZnXbIb0MBA/Dc/nJkbOuyk=
Subject key identifier:   DD:65:4F:F4:48:69:1A:A5:0E:2C:86:2A:F6:C8:2B:2F:69:AF:39:C1
Certificate issuer:       /CN=b8458858a1cbde89c929060f42f2b0df924d4e29
Certificate serial:       018CC56E95CE69EDDE8289EE62B479004637
Authority key identifier: B8:45:88:58:A1:CB:DE:89:C9:29:06:0F:42:F2:B0:DF:92:4D:4E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/3WVP9EhpGqUOLIYq9sgrL2mvOcE.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206861
IP address blocks:        185.173.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:95:ce:69:ed:de:82:89:ee:62:b4:79:00:46:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8458858a1cbde89c929060f42f2b0df924d4e29
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd654ff448691aa50e2c862af6c82b2f69af39c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2f:5b:0f:9f:b4:9e:16:eb:0f:32:67:ae:bc:
                    f9:3f:86:be:97:78:96:db:b7:4e:b9:f9:b9:67:3b:
                    19:44:08:96:d6:1f:9e:9b:66:26:65:38:ba:ea:1e:
                    66:66:fc:4c:90:6c:25:ef:4f:1d:f8:24:95:0f:cb:
                    5b:8b:b5:5c:78:bd:37:8b:06:05:a5:92:ce:1b:a4:
                    84:3a:f5:62:52:00:b3:6c:1a:32:bc:20:9c:03:ee:
                    70:90:eb:90:a8:25:1b:6c:43:fb:4a:f4:29:1c:80:
                    7c:b8:66:18:90:f1:9b:1d:51:ee:7b:57:aa:3b:28:
                    03:8f:aa:cc:5a:5b:48:28:00:f6:60:0f:43:d2:fc:
                    54:80:a1:ba:d1:17:31:37:78:63:9c:32:41:55:1c:
                    a7:f1:25:be:a1:e3:0d:fd:1c:1d:cc:95:e0:e2:bf:
                    cf:bc:22:3a:62:3d:dc:69:18:a8:27:7e:0e:07:11:
                    f2:c6:2b:65:0a:a6:0c:de:40:df:76:07:72:86:a3:
                    3e:bd:21:85:b0:21:70:3e:88:86:f0:1b:28:7c:eb:
                    d1:b6:d0:30:97:eb:ae:ff:e4:1c:67:5c:01:54:49:
                    a8:1f:f0:c8:3e:00:5b:b2:12:bf:ca:cb:ca:24:18:
                    06:92:de:b8:d2:fc:52:79:9c:b5:da:de:e5:2e:c4:
                    96:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:65:4F:F4:48:69:1A:A5:0E:2C:86:2A:F6:C8:2B:2F:69:AF:39:C1
            X509v3 Authority Key Identifier:
                keyid:B8:45:88:58:A1:CB:DE:89:C9:29:06:0F:42:F2:B0:DF:92:4D:4E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/3WVP9EhpGqUOLIYq9sgrL2mvOcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:4b:41:7b:d2:77:8f:8c:98:d9:56:46:48:57:b2:35:68:49:
         0d:b0:2f:ac:e3:e8:0c:d5:ff:98:a5:c8:c2:59:42:4c:09:e4:
         98:26:f5:b4:8f:18:70:88:11:7f:28:8c:f8:17:16:63:3b:42:
         ab:73:8a:2b:6b:c4:ca:84:1e:fc:aa:f5:52:af:9a:d6:16:fa:
         a6:a6:7a:a4:5c:4a:a3:59:14:9f:92:77:12:61:8f:b7:b1:af:
         06:d3:e5:97:db:b5:8b:ff:19:08:4c:54:71:82:1b:9f:38:95:
         51:d2:c6:7a:96:ec:8d:50:b2:a0:f7:f9:1e:44:ba:98:8f:3d:
         26:39:f0:3c:3b:51:dc:a8:d6:15:0b:ce:05:bc:0c:6a:74:90:
         af:5a:11:3c:28:9b:ad:fd:67:31:a7:29:f8:a3:21:35:df:b7:
         1c:f8:c3:76:8f:b6:28:2b:4e:b1:94:b4:e1:9a:d3:56:13:db:
         b2:13:9a:77:f3:72:39:94:e5:88:67:70:12:e9:59:1e:d0:67:
         bc:c8:e9:0f:7b:cd:fe:1c:04:f1:06:09:54:67:31:66:8b:69:
         b4:ac:6b:86:f5:a7:d7:0e:60:e1:3e:85:5d:c4:83:ef:17:2e:
         f3:d0:0b:e3:6a:1b:83:e7:ed:e5:3e:5f:ad:25:38:f0:66:05:
         aa:54:c2:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpXOae3egonuYrR5AEY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NDU4ODU4YTFjYmRlODljOTI5MDYwZjQyZjJiMGRmOTI0
ZDRlMjkwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY1NGZmNDQ4NjkxYWE1MGUyYzg2MmFmNmM4MmIyZjY5YWYzOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi9bD5+0nhbrDzJnrrz5P4a+l3iW
27dOufm5ZzsZRAiW1h+em2YmZTi66h5mZvxMkGwl708d+CSVD8tbi7VceL03iwYF
pZLOG6SEOvViUgCzbBoyvCCcA+5wkOuQqCUbbEP7SvQpHIB8uGYYkPGbHVHue1eq
OygDj6rMWltIKAD2YA9D0vxUgKG60RcxN3hjnDJBVRyn8SW+oeMN/RwdzJXg4r/P
vCI6Yj3caRioJ34OBxHyxitlCqYM3kDfdgdyhqM+vSGFsCFwPoiG8BsofOvRttAw
l+uu/+QcZ1wBVEmoH/DIPgBbshK/ysvKJBgGkt640vxSeZy12t7lLsSWsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1lT/RIaRqlDiyGKvbIKy9prznBMB8GA1UdIwQY
MBaAFLhFiFihy96JySkGD0LysN+STU4pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUVXSVdLSEwzb25KS1FZUFF2S3czNUpOVGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9lNjc0ZmItMjY4My00Y2Y0LTk2N2It
YjdjNjdlYWNjM2E1LzEvM1dWUDlFaHBHcVVPTElZcTlzZ3JMMm12T2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9lNjc0ZmItMjY4My00Y2Y0LTk2N2ItYjdjNjdlYWNjM2E1
LzEvdUVXSVdLSEwzb25KS1FZUFF2S3czNUpOVGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua2EMA0G
CSqGSIb3DQEBCwUAA4IBAQBtS0F70nePjJjZVkZIV7I1aEkNsC+s4+gM1f+YpcjC
WUJMCeSYJvW0jxhwiBF/KIz4FxZjO0Krc4ora8TKhB78qvVSr5rWFvqmpnqkXEqj
WRSfkncSYY+3sa8G0+WX27WL/xkITFRxghufOJVR0sZ6luyNULKg9/keRLqYjz0m
OfA8O1HcqNYVC84FvAxqdJCvWhE8KJut/Wcxpyn4oyE137cc+MN2j7YoK06xlLTh
mtNWE9uyE5p383I5lOWIZ3AS6Vke0Ge8yOkPe83+HATxBglUZzFmi2m0rGuG9afX
DmDhPoVdxIPvFy7z0AvjahuD5+3lPl+tJTjwZgWqVMJd
-----END CERTIFICATE-----