Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/_SFn2MyonC-lroeohQhy6gmesGY.roa
File:                     _SFn2MyonC-lroeohQhy6gmesGY.roa (raw, json)
Hash identifier:          gPMwOLYSGjZUfCiW3lad0xqtZJ0Ise+kub0gK3oN2s8=
Subject key identifier:   FD:21:67:D8:CC:A8:9C:2F:A5:AE:87:A8:85:08:72:EA:09:9E:B0:66
Certificate issuer:       /CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
Certificate serial:       018D63B9C8B4594272760580171D59D28BA7
Authority key identifier: F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/_SFn2MyonC-lroeohQhy6gmesGY.roa
Signing time:             Thu 01 Feb 2024 08:12:16 +0000
ROA not before:           Thu 01 Feb 2024 08:12:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.195.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:63:b9:c8:b4:59:42:72:76:05:80:17:1d:59:d2:8b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
        Validity
            Not Before: Feb  1 08:12:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd2167d8cca89c2fa5ae87a8850872ea099eb066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3a:d0:c9:e1:bd:60:2a:8e:c3:37:25:50:e7:
                    1b:9e:b7:ff:50:ab:85:39:ce:b9:5f:4b:32:7e:20:
                    8b:33:1e:f5:3e:d1:21:ac:d1:07:cf:2e:10:84:f7:
                    25:a2:6e:af:b2:78:bf:1c:01:87:4c:dc:18:4e:11:
                    92:0a:89:16:09:34:b4:e7:4f:8a:ea:eb:97:c2:9c:
                    b1:2e:b2:52:d7:67:7b:b1:5b:86:b6:5b:ef:30:ea:
                    43:cf:b9:3d:bd:fc:84:a7:45:9f:9d:14:98:bb:d6:
                    12:ff:2f:d4:35:e3:a9:70:7a:f0:e7:84:8a:5f:4c:
                    6e:9f:9b:69:6f:e3:52:90:5d:a6:ce:13:a9:a6:70:
                    9c:c3:09:32:da:1f:64:ce:bf:7a:b2:53:c0:4c:1c:
                    f0:b8:74:f3:79:b9:43:8e:41:98:78:09:26:7d:e5:
                    19:fc:32:99:c2:b2:7e:bf:08:c9:55:57:83:7a:56:
                    f7:f9:11:41:89:75:fd:65:59:ab:5c:ca:61:15:0a:
                    72:7c:0e:3d:4e:62:35:db:71:59:9b:10:16:09:93:
                    1e:26:31:e7:17:15:bc:be:f9:f8:2c:14:b9:31:60:
                    88:f6:c0:97:b2:af:0c:30:31:74:ee:23:17:b6:48:
                    94:84:b9:50:54:0d:ef:4d:c4:ce:b8:58:b2:ff:38:
                    ad:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:21:67:D8:CC:A8:9C:2F:A5:AE:87:A8:85:08:72:EA:09:9E:B0:66
            X509v3 Authority Key Identifier:
                keyid:F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/_SFn2MyonC-lroeohQhy6gmesGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:e2:c8:7a:72:13:a5:8f:ba:74:3a:ed:a9:0e:35:f1:c5:f0:
         bb:de:99:b1:89:46:87:1d:56:98:fd:45:42:e1:23:82:11:f8:
         c3:c5:17:d7:83:77:73:74:44:3f:fa:7b:30:46:ff:c7:0c:8e:
         6d:10:bf:45:e4:a6:22:1c:d0:8a:9c:d6:63:ca:fd:73:f6:e1:
         02:46:aa:28:83:0f:83:8d:dc:28:ca:d0:65:0e:0e:34:c1:e1:
         89:a9:d9:bd:35:59:73:f0:37:48:a1:3b:90:d3:89:9f:70:91:
         a9:3d:d8:b4:b5:94:df:05:09:c1:65:0e:27:16:8f:86:1e:4f:
         2e:9c:fa:cf:25:b7:af:75:e1:eb:01:76:35:3e:df:56:6e:4a:
         c5:6d:e5:c0:f4:8f:42:0b:6d:d7:3c:c7:ce:90:5b:2a:d2:5d:
         11:84:ab:bd:76:1c:5b:93:25:24:b4:6c:cf:17:f9:c5:a0:75:
         7f:e6:a7:44:e7:95:57:58:3b:18:74:9c:2c:3b:57:db:08:f5:
         79:1d:a6:fb:43:d3:02:17:73:49:45:f7:de:2c:87:c4:ec:49:
         9e:b5:0c:ba:61:bc:35:60:50:33:b1:e6:c0:aa:4b:cd:c5:9f:
         09:c6:14:91:1b:f3:75:4b:73:89:6c:2b:91:30:ef:ea:f5:76:
         c6:88:4e:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1juci0WUJydgWAFx1Z0ounMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZGUzNDZiNTgwNTMyN2JiYzlkZjVlNDliMTZjOTk3ZWEz
YTEyNTQwHhcNMjQwMjAxMDgxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDIxNjdkOGNjYTg5YzJmYTVhZTg3YTg4NTA4NzJlYTA5OWViMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDrQyeG9YCqOwzclUOcbnrf/UKuF
Oc65X0syfiCLMx71PtEhrNEHzy4QhPclom6vsni/HAGHTNwYThGSCokWCTS050+K
6uuXwpyxLrJS12d7sVuGtlvvMOpDz7k9vfyEp0WfnRSYu9YS/y/UNeOpcHrw54SK
X0xun5tpb+NSkF2mzhOppnCcwwky2h9kzr96slPATBzwuHTzeblDjkGYeAkmfeUZ
/DKZwrJ+vwjJVVeDelb3+RFBiXX9ZVmrXMphFQpyfA49TmI123FZmxAWCZMeJjHn
FxW8vvn4LBS5MWCI9sCXsq8MMDF07iMXtkiUhLlQVA3vTcTOuFiy/zitoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0hZ9jMqJwvpa6HqIUIcuoJnrBmMB8GA1UdIwQY
MBaAFPbeNGtYBTJ7vJ315JsWyZfqOhJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUt
NzNhYjg1NjRiOWNhLzEvX1NGbjJNeW9uQy1scm9lb2hRaHk2Z21lc0dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUtNzNhYjg1NjRiOWNh
LzEvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucOUMA0G
CSqGSIb3DQEBCwUAA4IBAQBj4sh6chOlj7p0Ou2pDjXxxfC73pmxiUaHHVaY/UVC
4SOCEfjDxRfXg3dzdEQ/+nswRv/HDI5tEL9F5KYiHNCKnNZjyv1z9uECRqoogw+D
jdwoytBlDg40weGJqdm9NVlz8DdIoTuQ04mfcJGpPdi0tZTfBQnBZQ4nFo+GHk8u
nPrPJbevdeHrAXY1Pt9WbkrFbeXA9I9CC23XPMfOkFsq0l0RhKu9dhxbkyUktGzP
F/nFoHV/5qdE55VXWDsYdJwsO1fbCPV5Hab7Q9MCF3NJRffeLIfE7EmetQy6Ybw1
YFAzsebAqkvNxZ8JxhSRG/N1S3OJbCuRMO/q9XbGiE5t
-----END CERTIFICATE-----