Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/PpMYYOCip6g5oqeZSkOs5zkOCwg.roa
File:                     PpMYYOCip6g5oqeZSkOs5zkOCwg.roa (raw, json)
Hash identifier:          uyWDn5siqW7h8UxlEJ7noiaUBDnj0V9nXXRjkkjKpgQ=
Subject key identifier:   3E:93:18:60:E0:A2:A7:A8:39:A2:A7:99:4A:43:AC:E7:39:0E:0B:08
Certificate issuer:       /CN=9b129de9eba6b47516f0a155734205abbb98b7c2
Certificate serial:       018CC6B913E7E3E978A6A7D256A0E95CDF05
Authority key identifier: 9B:12:9D:E9:EB:A6:B4:75:16:F0:A1:55:73:42:05:AB:BB:98:B7:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/PpMYYOCip6g5oqeZSkOs5zkOCwg.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197650
IP address blocks:        185.208.104.0/24 maxlen: 24
                          185.208.106.0/24 maxlen: 24
                          185.208.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:13:e7:e3:e9:78:a6:a7:d2:56:a0:e9:5c:df:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b129de9eba6b47516f0a155734205abbb98b7c2
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e931860e0a2a7a839a2a7994a43ace7390e0b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6f:05:c2:c7:c7:90:7a:12:64:c0:a2:33:0d:
                    52:66:1f:f2:7d:f3:3b:48:a7:66:8e:ce:86:00:cf:
                    bd:5d:70:4e:d8:11:0b:1b:64:a5:74:a5:81:25:0a:
                    d3:0f:ba:0d:ff:c2:10:8c:70:2b:f9:1f:d0:69:5f:
                    29:30:3d:1d:a1:5f:c9:8e:71:ee:e1:0c:b8:b5:a2:
                    c6:5c:b3:2d:08:a2:cc:f6:79:a8:b6:18:61:94:4a:
                    31:2e:08:f2:36:f7:eb:dc:26:37:6f:c7:20:b4:95:
                    75:be:ea:c5:25:d1:09:ed:57:92:1e:46:ee:8c:93:
                    6e:c8:68:60:83:8b:41:d6:91:f7:96:cd:95:45:40:
                    3d:95:45:0c:38:5c:0c:ae:da:91:48:94:6a:05:31:
                    e6:09:ee:45:88:b8:d9:78:4f:17:8f:8d:1d:51:97:
                    ec:2f:63:24:a8:41:b2:d2:f9:f5:19:95:f4:b7:fb:
                    c6:df:e6:2f:8a:a5:98:76:00:ea:46:e4:c5:82:68:
                    90:5a:75:fb:0a:24:29:e2:6d:c7:c5:24:96:17:f9:
                    62:20:86:ad:ab:ad:f7:30:d3:66:0d:2e:5c:ef:5b:
                    69:a3:76:d6:87:3b:66:03:db:fb:98:4e:bd:41:6a:
                    39:ac:5b:9d:ff:22:f4:36:ff:1f:96:77:fc:59:0e:
                    32:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:93:18:60:E0:A2:A7:A8:39:A2:A7:99:4A:43:AC:E7:39:0E:0B:08
            X509v3 Authority Key Identifier:
                keyid:9B:12:9D:E9:EB:A6:B4:75:16:F0:A1:55:73:42:05:AB:BB:98:B7:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/PpMYYOCip6g5oqeZSkOs5zkOCwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.104.0/24
                  185.208.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:5f:25:12:bb:6f:b7:8d:1a:c4:7f:a2:07:77:dc:3c:ed:97:
         58:02:b9:de:3e:b3:eb:79:28:18:e4:49:6c:41:dc:cc:62:6d:
         35:0c:90:74:b7:d4:dc:28:99:57:43:49:f5:35:db:e9:76:36:
         4f:21:f4:86:eb:e0:b1:cb:e6:28:4f:67:83:68:a2:9d:80:50:
         f6:9a:2f:09:9b:71:95:a0:0a:1d:bc:ea:56:7f:f5:eb:39:27:
         5e:69:26:e3:03:b3:7e:9f:bf:15:a8:43:c7:5d:e0:04:c9:1d:
         2e:e3:c0:f9:7d:eb:e4:5a:57:a5:31:10:c8:90:a4:fe:28:30:
         28:5a:ed:8e:f3:23:94:9f:89:86:6d:9c:e2:a3:fb:e7:1f:1d:
         75:cc:f9:d9:b3:74:72:de:42:94:b0:13:df:55:fc:9d:c4:75:
         8c:63:9c:d9:13:25:d4:46:7b:97:7e:3d:76:62:8a:2b:96:d8:
         52:9d:de:bc:be:1b:e1:02:15:e2:56:32:a8:6b:bd:bd:56:92:
         07:ca:72:da:e1:0e:be:06:da:51:37:40:ae:14:68:b4:0e:25:
         0c:aa:07:d7:e1:ef:f3:73:6b:eb:54:f4:a6:cc:fb:8b:93:4d:
         d4:9c:73:9e:1a:64:cf:4a:e3:cf:84:83:90:3c:f3:2b:51:88:
         12:6a:17:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuRPn4+l4pqfSVqDpXN8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTI5ZGU5ZWJhNmI0NzUxNmYwYTE1NTczNDIwNWFiYmI5
OGI3YzIwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTkzMTg2MGUwYTJhN2E4MzlhMmE3OTk0YTQzYWNlNzM5MGUwYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW8FwsfHkHoSZMCiMw1SZh/yffM7
SKdmjs6GAM+9XXBO2BELG2SldKWBJQrTD7oN/8IQjHAr+R/QaV8pMD0doV/JjnHu
4Qy4taLGXLMtCKLM9nmothhhlEoxLgjyNvfr3CY3b8cgtJV1vurFJdEJ7VeSHkbu
jJNuyGhgg4tB1pH3ls2VRUA9lUUMOFwMrtqRSJRqBTHmCe5FiLjZeE8Xj40dUZfs
L2MkqEGy0vn1GZX0t/vG3+YviqWYdgDqRuTFgmiQWnX7CiQp4m3HxSSWF/liIIat
q633MNNmDS5c71tpo3bWhztmA9v7mE69QWo5rFud/yL0Nv8flnf8WQ4yGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6TGGDgoqeoOaKnmUpDrOc5DgsIMB8GA1UdIwQY
MBaAFJsSnenrprR1FvChVXNCBau7mLfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhLZDZldW10SFVXOEtGVmMwSUZxN3VZdDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YjM3M2UtZDMxNC00NDU5LWI4NTgt
Y2YxZDFmMDA3YTM2LzEvUHBNWVlPQ2lwNmc1b3FlWlNrT3M1emtPQ3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YjM3M2UtZDMxNC00NDU5LWI4NTgtY2YxZDFmMDA3YTM2
LzEvbXhLZDZldW10SFVXOEtGVmMwSUZxN3VZdDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudBoAwQB
udBqMA0GCSqGSIb3DQEBCwUAA4IBAQCXXyUSu2+3jRrEf6IHd9w87ZdYArnePrPr
eSgY5ElsQdzMYm01DJB0t9TcKJlXQ0n1NdvpdjZPIfSG6+Cxy+YoT2eDaKKdgFD2
mi8Jm3GVoAodvOpWf/XrOSdeaSbjA7N+n78VqEPHXeAEyR0u48D5fevkWlelMRDI
kKT+KDAoWu2O8yOUn4mGbZzio/vnHx11zPnZs3Ry3kKUsBPfVfydxHWMY5zZEyXU
RnuXfj12YoorlthSnd68vhvhAhXiVjKoa729VpIHynLa4Q6+BtpRN0CuFGi0DiUM
qgfX4e/zc2vrVPSmzPuLk03UnHOeGmTPSuPPhIOQPPMrUYgSahf1
-----END CERTIFICATE-----