Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/3ecYOcddtIrrHW_9l_uKT55zPqI.roa
File:                     3ecYOcddtIrrHW_9l_uKT55zPqI.roa (raw, json)
Hash identifier:          IGTMMoG13TlA1Sn3q22fFvkwJzF3rN8DM18C0yNidIk=
Subject key identifier:   DD:E7:18:39:C7:5D:B4:8A:EB:1D:6F:FD:97:FB:8A:4F:9E:73:3E:A2
Certificate issuer:       /CN=8572d5acc25167699c7fcf3a1b804ea325ac4e5d
Certificate serial:       018CC94E645868C4C4B0B625E9293B6AC53C
Authority key identifier: 85:72:D5:AC:C2:51:67:69:9C:7F:CF:3A:1B:80:4E:A3:25:AC:4E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hXLVrMJRZ2mcf886G4BOoyWsTl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/3ecYOcddtIrrHW_9l_uKT55zPqI.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202746
IP address blocks:        185.43.52.0/22 maxlen: 24
                          2a04:94c0::/30 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/hXLVrMJRZ2mcf886G4BOoyWsTl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/hXLVrMJRZ2mcf886G4BOoyWsTl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hXLVrMJRZ2mcf886G4BOoyWsTl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:64:58:68:c4:c4:b0:b6:25:e9:29:3b:6a:c5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8572d5acc25167699c7fcf3a1b804ea325ac4e5d
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dde71839c75db48aeb1d6ffd97fb8a4f9e733ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a6:86:5d:38:18:34:2b:ad:1d:8c:d3:8b:5a:
                    b6:73:da:37:64:f2:1d:f5:5e:19:31:71:39:20:0d:
                    94:aa:04:0b:24:39:42:38:9b:11:40:a1:e8:44:d4:
                    a9:a7:eb:b3:90:d5:99:88:4e:c8:56:ac:bf:64:d3:
                    61:f3:7d:77:c3:81:ed:c6:d6:27:bf:50:0c:a8:0e:
                    69:00:28:e5:3e:9b:6f:be:01:1f:84:61:38:57:65:
                    eb:f8:94:58:c5:50:a3:a7:0f:5d:74:45:e2:8c:cc:
                    bf:cb:64:d2:f3:64:65:90:0a:f7:3a:2b:21:6e:9f:
                    be:55:96:22:5e:81:45:98:60:e0:e2:02:b3:7f:a2:
                    d4:2e:9d:84:a0:60:71:97:37:9c:4e:60:36:e9:89:
                    ae:91:9f:a6:d9:e3:e4:e9:d4:0b:fa:81:e6:90:18:
                    07:dc:59:f0:ae:99:0e:8c:99:4a:aa:e6:72:6d:e3:
                    df:6f:e1:4e:98:55:9d:72:0a:07:0d:16:e9:ee:11:
                    22:d0:a9:f5:c5:46:f6:7c:68:de:9a:0c:c3:23:e3:
                    be:7c:a8:9e:98:95:c9:37:f0:7d:27:ad:f7:c2:bc:
                    0c:4c:28:c4:56:cf:20:b4:2f:bb:d3:c8:56:c5:17:
                    74:6b:88:bf:d2:40:02:4d:07:46:b0:16:34:a4:b4:
                    d4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E7:18:39:C7:5D:B4:8A:EB:1D:6F:FD:97:FB:8A:4F:9E:73:3E:A2
            X509v3 Authority Key Identifier:
                keyid:85:72:D5:AC:C2:51:67:69:9C:7F:CF:3A:1B:80:4E:A3:25:AC:4E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hXLVrMJRZ2mcf886G4BOoyWsTl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/3ecYOcddtIrrHW_9l_uKT55zPqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/hXLVrMJRZ2mcf886G4BOoyWsTl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.52.0/22
                IPv6:
                  2a04:94c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         8b:93:5d:aa:23:0f:9b:03:a1:5d:ca:1a:02:61:2d:52:69:c0:
         71:68:d9:d3:00:f3:74:19:84:3b:3c:b6:ac:24:c5:2e:24:2d:
         47:0f:32:97:57:69:bd:8d:21:a2:95:95:1f:6d:f6:56:c0:25:
         ba:4f:ab:56:81:47:9a:23:65:da:ad:e2:e6:01:ab:db:6b:8e:
         30:33:00:2b:25:b4:71:16:45:f0:66:bb:de:26:18:cc:72:04:
         fc:ab:e1:26:60:5a:29:12:50:f3:a8:ee:0a:be:ec:cb:4c:de:
         b6:48:28:ba:f5:3e:e9:55:ed:67:b4:61:60:f6:82:25:53:89:
         d6:d8:7d:8b:06:80:c6:a1:29:06:e0:2d:04:43:d5:61:30:8f:
         cf:b4:db:7f:05:2f:47:c8:09:ff:9e:44:e6:ae:82:06:53:fb:
         63:21:39:2f:19:d0:b1:f7:57:29:ca:0e:1d:f2:9b:1a:73:21:
         c9:24:f0:05:80:f3:58:4d:aa:f5:26:b7:b8:70:74:55:9e:a2:
         56:4a:97:d0:0d:33:79:bb:72:83:36:df:05:9c:66:71:ea:11:
         7d:0c:49:dd:a3:dc:3e:af:4f:ca:94:8a:d2:7e:4c:44:80:e8:
         f1:8c:47:83:4b:10:8b:28:77:21:f5:0f:3a:32:c7:ef:45:bd:
         3a:2a:3d:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTmRYaMTEsLYl6Sk7asU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NzJkNWFjYzI1MTY3Njk5YzdmY2YzYTFiODA0ZWEzMjVh
YzRlNWQwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGU3MTgzOWM3NWRiNDhhZWIxZDZmZmQ5N2ZiOGE0ZjllNzMzZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqaGXTgYNCutHYzTi1q2c9o3ZPId
9V4ZMXE5IA2UqgQLJDlCOJsRQKHoRNSpp+uzkNWZiE7IVqy/ZNNh8313w4HtxtYn
v1AMqA5pACjlPptvvgEfhGE4V2Xr+JRYxVCjpw9ddEXijMy/y2TS82RlkAr3Oish
bp++VZYiXoFFmGDg4gKzf6LULp2EoGBxlzecTmA26YmukZ+m2ePk6dQL+oHmkBgH
3FnwrpkOjJlKquZybePfb+FOmFWdcgoHDRbp7hEi0Kn1xUb2fGjemgzDI+O+fKie
mJXJN/B9J633wrwMTCjEVs8gtC+708hWxRd0a4i/0kACTQdGsBY0pLTUmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN3nGDnHXbSK6x1v/Zf7ik+ecz6iMB8GA1UdIwQY
MBaAFIVy1azCUWdpnH/POhuATqMlrE5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFhMVnJNSlJaMm1jZjg4Nkc0Qk9veVdzVGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMTEyMzQtY2ZiNy00Mjc1LTlmNzkt
NDBkYzQ0NWM2NjlhLzEvM2VjWU9jZGR0SXJySFdfOWxfdUtUNTV6UHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMTEyMzQtY2ZiNy00Mjc1LTlmNzktNDBkYzQ0NWM2Njlh
LzEvaFhMVnJNSlJaMm1jZjg4Nkc0Qk9veVdzVGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSs0MA0E
AgACMAcDBQIqBJTAMA0GCSqGSIb3DQEBCwUAA4IBAQCLk12qIw+bA6FdyhoCYS1S
acBxaNnTAPN0GYQ7PLasJMUuJC1HDzKXV2m9jSGilZUfbfZWwCW6T6tWgUeaI2Xa
reLmAavba44wMwArJbRxFkXwZrveJhjMcgT8q+EmYFopElDzqO4KvuzLTN62SCi6
9T7pVe1ntGFg9oIlU4nW2H2LBoDGoSkG4C0EQ9VhMI/PtNt/BS9HyAn/nkTmroIG
U/tjITkvGdCx91cpyg4d8psacyHJJPAFgPNYTar1Jre4cHRVnqJWSpfQDTN5u3KD
Nt8FnGZx6hF9DEndo9w+r0/KlIrSfkxEgOjxjEeDSxCLKHch9Q86MsfvRb06Kj2o
-----END CERTIFICATE-----