Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/3Xc3X_kThEUg1Yxk1G5N0GtBLjE.roa
File:                     3Xc3X_kThEUg1Yxk1G5N0GtBLjE.roa (raw, json)
Hash identifier:          TMIj2tAJm7IjTQ9HSnECQbtnBkXIXfKwDWQK1fAZWbI=
Subject key identifier:   DD:77:37:5F:F9:13:84:45:20:D5:8C:64:D4:6E:4D:D0:6B:41:2E:31
Certificate issuer:       /CN=f0d444bc7d5334da14de805172b2625e9830763f
Certificate serial:       018DACB0A6C926598C8A8431694D9074BAD3
Authority key identifier: F0:D4:44:BC:7D:53:34:DA:14:DE:80:51:72:B2:62:5E:98:30:76:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NREvH1TNNoU3oBRcrJiXpgwdj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/3Xc3X_kThEUg1Yxk1G5N0GtBLjE.roa
Signing time:             Thu 15 Feb 2024 12:14:34 +0000
ROA not before:           Thu 15 Feb 2024 12:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215573
IP address blocks:        185.246.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/8NREvH1TNNoU3oBRcrJiXpgwdj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/8NREvH1TNNoU3oBRcrJiXpgwdj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NREvH1TNNoU3oBRcrJiXpgwdj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:b0:a6:c9:26:59:8c:8a:84:31:69:4d:90:74:ba:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d444bc7d5334da14de805172b2625e9830763f
        Validity
            Not Before: Feb 15 12:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd77375ff913844520d58c64d46e4dd06b412e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:ff:d2:30:b5:76:e7:82:59:44:85:82:c6:
                    16:d4:40:54:ca:1b:eb:27:80:0e:58:58:55:d0:29:
                    23:f7:c2:7c:2b:64:63:80:c2:7b:58:83:50:6e:47:
                    e8:3c:91:01:c1:b5:6d:8f:07:e1:87:ae:62:d5:ea:
                    70:18:e7:c2:0c:08:20:61:97:0c:26:1e:54:9d:02:
                    97:1b:07:32:7e:23:f8:9b:9c:4d:73:fa:0f:4d:33:
                    ad:b1:49:36:df:6e:c6:37:6c:7e:3b:e3:4e:d3:15:
                    f9:ad:28:18:aa:c0:72:e8:71:76:7e:0b:a0:b4:c4:
                    60:85:ed:53:fe:cf:a9:e0:38:cf:4c:ae:d5:a0:dc:
                    b7:6b:5d:6d:f7:ff:f3:1b:fb:aa:e1:85:65:e7:a0:
                    7e:88:e3:15:25:57:d0:0d:33:a5:7e:8c:26:90:1c:
                    7a:f4:d3:f0:bb:59:ca:6c:31:04:ae:b9:ef:fd:85:
                    ee:5a:da:09:35:16:37:43:cb:ad:cd:3f:4c:3d:fb:
                    e6:ed:88:98:b9:da:ba:2b:f9:33:bd:97:23:ac:52:
                    47:af:81:75:26:d0:68:48:25:99:f1:c3:16:73:bc:
                    90:4f:ae:46:7a:c6:70:49:de:9d:70:cc:fe:d3:5e:
                    44:30:d1:27:49:a4:2a:c9:ec:7d:89:8b:55:27:9b:
                    3d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:77:37:5F:F9:13:84:45:20:D5:8C:64:D4:6E:4D:D0:6B:41:2E:31
            X509v3 Authority Key Identifier:
                keyid:F0:D4:44:BC:7D:53:34:DA:14:DE:80:51:72:B2:62:5E:98:30:76:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NREvH1TNNoU3oBRcrJiXpgwdj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/3Xc3X_kThEUg1Yxk1G5N0GtBLjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/5dc27d-5adb-4df3-99c2-98d9c4257fc6/1/8NREvH1TNNoU3oBRcrJiXpgwdj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:db:b4:e6:36:cd:df:d4:e3:2a:f0:7e:9b:9f:4d:29:31:f8:
         ef:77:b8:7d:df:ef:a7:76:c6:b8:4a:e0:5a:40:f9:5e:a2:32:
         6a:fb:a1:95:52:0a:c3:0d:9e:40:26:d5:a9:5f:54:cc:12:1e:
         a1:f7:f0:0d:03:d0:72:ce:37:e2:67:3c:a0:cc:56:69:4a:7c:
         37:79:6c:e4:b5:3e:7f:56:2d:c4:1b:ba:d5:a0:98:5f:75:e2:
         30:d9:06:29:4b:d3:b6:a6:c2:06:47:a9:ef:e9:1c:bc:b2:1f:
         c0:14:aa:96:47:3f:1f:7f:db:60:5b:90:7e:af:87:1a:ca:f9:
         37:2f:d4:4a:ef:52:d6:6c:69:ae:da:36:11:86:6d:16:e2:f7:
         87:14:c8:ee:84:cd:6b:2b:57:69:56:60:1b:94:9e:59:ef:d4:
         6e:88:b2:27:f7:0d:3f:3b:b6:63:b6:e3:f2:6c:df:05:31:cc:
         5b:c6:9a:04:59:60:17:44:eb:13:2f:02:67:ed:ae:61:be:dc:
         b4:2c:26:93:5b:70:32:2f:84:6e:2c:0a:cb:5e:5a:c9:c4:5e:
         e5:9d:2d:a8:ac:48:bd:91:d9:b4:77:de:36:67:05:56:f7:2a:
         b3:6e:b9:79:e5:5f:80:24:e3:ab:05:42:42:47:94:f2:ac:9a:
         48:02:21:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2ssKbJJlmMioQxaU2QdLrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDQ0NGJjN2Q1MzM0ZGExNGRlODA1MTcyYjI2MjVlOTgz
MDc2M2YwHhcNMjQwMjE1MTIxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc3Mzc1ZmY5MTM4NDQ1MjBkNThjNjRkNDZlNGRkMDZiNDEyZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOb/0jC1dueCWUSFgsYW1EBUyhvr
J4AOWFhV0Ckj98J8K2RjgMJ7WINQbkfoPJEBwbVtjwfhh65i1epwGOfCDAggYZcM
Jh5UnQKXGwcyfiP4m5xNc/oPTTOtsUk2327GN2x+O+NO0xX5rSgYqsBy6HF2fgug
tMRghe1T/s+p4DjPTK7VoNy3a11t9//zG/uq4YVl56B+iOMVJVfQDTOlfowmkBx6
9NPwu1nKbDEErrnv/YXuWtoJNRY3Q8utzT9MPfvm7YiYudq6K/kzvZcjrFJHr4F1
JtBoSCWZ8cMWc7yQT65GesZwSd6dcMz+015EMNEnSaQqyex9iYtVJ5s9yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN13N1/5E4RFINWMZNRuTdBrQS4xMB8GA1UdIwQY
MBaAFPDURLx9UzTaFN6AUXKyYl6YMHY/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5SRXZIMVROTm9VM29CUmNySmlYcGd3ZGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy81ZGMyN2QtNWFkYi00ZGYzLTk5YzIt
OThkOWM0MjU3ZmM2LzEvM1hjM1hfa1RoRVVnMVl4azFHNU4wR3RCTGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy81ZGMyN2QtNWFkYi00ZGYzLTk5YzItOThkOWM0MjU3ZmM2
LzEvOE5SRXZIMVROTm9VM29CUmNySmlYcGd3ZGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufawMA0G
CSqGSIb3DQEBCwUAA4IBAQBR27TmNs3f1OMq8H6bn00pMfjvd7h93++ndsa4SuBa
QPleojJq+6GVUgrDDZ5AJtWpX1TMEh6h9/ANA9ByzjfiZzygzFZpSnw3eWzktT5/
Vi3EG7rVoJhfdeIw2QYpS9O2psIGR6nv6Ry8sh/AFKqWRz8ff9tgW5B+r4cayvk3
L9RK71LWbGmu2jYRhm0W4veHFMjuhM1rK1dpVmAblJ5Z79RuiLIn9w0/O7ZjtuPy
bN8FMcxbxpoEWWAXROsTLwJn7a5hvty0LCaTW3AyL4RuLArLXlrJxF7lnS2orEi9
kdm0d942ZwVW9yqzbrl55V+AJOOrBUJCR5TyrJpIAiGY
-----END CERTIFICATE-----