Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/u3WIe-VcEocqZJ9IkzGe0eNdqJ0.roa
File:                     u3WIe-VcEocqZJ9IkzGe0eNdqJ0.roa (raw, json)
Hash identifier:          R8Yn0AIIfzUTXgtAj8oPw2ErSWxDeNJn4vmB8P4Cyf4=
Subject key identifier:   BB:75:88:7B:E5:5C:12:87:2A:64:9F:48:93:31:9E:D1:E3:5D:A8:9D
Certificate issuer:       /CN=d9a988916d51406f9a269f30a02d0086b57f4d5a
Certificate serial:       018CCA2B788E82D2DEE0BDA9F9134A32344D
Authority key identifier: D9:A9:88:91:6D:51:40:6F:9A:26:9F:30:A0:2D:00:86:B5:7F:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/u3WIe-VcEocqZJ9IkzGe0eNdqJ0.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56324
IP address blocks:        185.6.28.0/23 maxlen: 23
                          185.6.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:78:8e:82:d2:de:e0:bd:a9:f9:13:4a:32:34:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9a988916d51406f9a269f30a02d0086b57f4d5a
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb75887be55c12872a649f4893319ed1e35da89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3c:d8:6d:b4:68:36:77:e8:ee:f1:63:5d:4a:
                    cd:12:37:23:78:1e:f9:24:57:9d:29:6f:eb:d8:c8:
                    e8:cd:d9:76:b1:71:45:e5:2c:d8:5c:63:33:71:ad:
                    cc:46:66:b9:b9:d9:0b:d7:51:c0:4b:b3:45:74:e0:
                    38:af:9d:ac:3a:63:b5:b2:13:dc:b0:48:0b:0a:7c:
                    83:3f:51:ae:7a:3d:0e:58:2b:9d:70:27:c3:d0:5f:
                    04:5d:40:43:e5:13:6b:ed:5d:9b:17:2b:18:99:82:
                    2f:be:c9:21:4d:af:6e:1c:c5:fb:90:93:2e:43:0b:
                    25:ab:a1:36:ec:f6:0d:9b:a9:32:60:74:71:03:b1:
                    be:a2:cf:17:cd:40:d4:ca:3f:88:33:51:3c:bf:37:
                    91:48:08:ec:a7:92:36:d5:cb:53:db:94:16:b5:16:
                    24:76:a5:69:97:63:48:36:6f:78:36:a0:92:2b:2e:
                    18:bb:6f:20:7c:05:f1:b5:de:60:3a:8c:b0:84:1e:
                    55:b9:9d:c2:9e:ad:70:bd:46:b4:0a:97:06:97:b8:
                    e5:5c:5d:61:9d:b2:88:b4:5d:71:30:98:b6:18:d8:
                    68:2b:6a:d3:82:7e:1d:74:fc:a1:1d:5d:bc:7b:8b:
                    d8:00:39:07:b1:0c:1f:64:60:3d:6c:23:27:3a:57:
                    8e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:75:88:7B:E5:5C:12:87:2A:64:9F:48:93:31:9E:D1:E3:5D:A8:9D
            X509v3 Authority Key Identifier:
                keyid:D9:A9:88:91:6D:51:40:6F:9A:26:9F:30:A0:2D:00:86:B5:7F:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/u3WIe-VcEocqZJ9IkzGe0eNdqJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.28.0-185.6.30.255

    Signature Algorithm: sha256WithRSAEncryption
         26:dc:fd:51:aa:5a:e7:a3:2e:2e:ea:af:be:e1:a1:19:2b:94:
         b9:a2:e7:b0:0f:1b:90:3f:45:67:1f:4b:3f:4d:06:43:c7:b1:
         a6:fc:d9:38:8f:ac:cb:e7:4f:bd:99:9d:d0:b1:bd:ce:eb:3e:
         2f:f5:80:0f:d1:ad:05:6f:1e:cf:70:93:31:17:fd:fa:85:9b:
         12:f7:4c:f8:55:e6:62:00:fa:72:90:67:ce:8b:8c:dd:a7:2f:
         c4:63:9a:22:11:1c:71:28:a6:8d:ea:12:cc:ba:b5:1a:22:64:
         ea:1e:97:21:34:d5:01:a8:af:5a:ce:85:e3:82:3d:a0:9c:ae:
         60:bf:db:6a:4b:fc:79:ab:d8:e7:63:94:63:73:33:aa:e2:eb:
         18:db:6d:a8:3e:ad:95:3d:df:57:c9:43:4d:a4:aa:13:e8:8c:
         33:53:c2:c2:57:dd:db:49:85:e5:9b:da:90:71:02:28:2d:e9:
         5d:6b:61:5f:a5:13:d9:89:90:77:c6:88:0b:be:22:28:f1:58:
         0c:d3:b7:e3:63:65:5b:b9:40:c7:cb:32:cf:cb:8a:08:b5:c3:
         ae:c1:f7:4c:56:71:6b:c4:2f:27:a8:3a:5c:7a:bb:2e:c6:98:
         c5:1b:32:53:2a:ea:15:98:ee:0d:13:c0:65:c4:1b:c6:c9:d7:
         b1:5d:77:7e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKK3iOgtLe4L2p+RNKMjRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YTk4ODkxNmQ1MTQwNmY5YTI2OWYzMGEwMmQwMDg2YjU3
ZjRkNWEwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjc1ODg3YmU1NWMxMjg3MmE2NDlmNDg5MzMxOWVkMWUzNWRhODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzzYbbRoNnfo7vFjXUrNEjcjeB75
JFedKW/r2Mjozdl2sXFF5SzYXGMzca3MRma5udkL11HAS7NFdOA4r52sOmO1shPc
sEgLCnyDP1Guej0OWCudcCfD0F8EXUBD5RNr7V2bFysYmYIvvskhTa9uHMX7kJMu
Qwslq6E27PYNm6kyYHRxA7G+os8XzUDUyj+IM1E8vzeRSAjsp5I21ctT25QWtRYk
dqVpl2NINm94NqCSKy4Yu28gfAXxtd5gOoywhB5VuZ3Cnq1wvUa0CpcGl7jlXF1h
nbKItF1xMJi2GNhoK2rTgn4ddPyhHV28e4vYADkHsQwfZGA9bCMnOleO/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLt1iHvlXBKHKmSfSJMxntHjXaidMB8GA1UdIwQY
MBaAFNmpiJFtUUBvmiafMKAtAIa1f01aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmFtSWtXMVJRRy1hSnA4d29DMEFoclZfVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85NjJiM2YtZmMyNi00NTQ5LWFlMDIt
NGQwNDlhMWVhZjJmLzEvdTNXSWUtVmNFb2NxWko5SWt6R2UwZU5kcUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85NjJiM2YtZmMyNi00NTQ5LWFlMDItNGQwNDlhMWVhZjJm
LzEvMmFtSWtXMVJRRy1hSnA4d29DMEFoclZfVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5BhwD
BAC5Bh4wDQYJKoZIhvcNAQELBQADggEBACbc/VGqWuejLi7qr77hoRkrlLmi57AP
G5A/RWcfSz9NBkPHsab82TiPrMvnT72ZndCxvc7rPi/1gA/RrQVvHs9wkzEX/fqF
mxL3TPhV5mIA+nKQZ86LjN2nL8RjmiIRHHEopo3qEsy6tRoiZOoelyE01QGor1rO
heOCPaCcrmC/22pL/Hmr2OdjlGNzM6ri6xjbbag+rZU931fJQ02kqhPojDNTwsJX
3dtJheWb2pBxAigt6V1rYV+lE9mJkHfGiAu+IijxWAzTt+NjZVu5QMfLMs/Ligi1
w67B90xWcWvELyeoOlx6uy7GmMUbMlMq6hWY7g0TwGXEG8bJ17Fdd34=
-----END CERTIFICATE-----