Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/B3BGrd39iLup3n47Z9l43RfIi-4.roa
File:                     B3BGrd39iLup3n47Z9l43RfIi-4.roa (raw, json)
Hash identifier:          KWHp3C5fy2/IL4fYJAKdAQyuTSn59RjUoLDEYLMuRvM=
Subject key identifier:   07:70:46:AD:DD:FD:88:BB:A9:DE:7E:3B:67:D9:78:DD:17:C8:8B:EE
Certificate issuer:       /CN=7d32deda31fe8eafcdad6e2a06fde236e7d11d61
Certificate serial:       018CC3B68744843022D71409C6D003A2C345
Authority key identifier: 7D:32:DE:DA:31:FE:8E:AF:CD:AD:6E:2A:06:FD:E2:36:E7:D1:1D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTLe2jH-jq_NrW4qBv3iNufRHWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/B3BGrd39iLup3n47Z9l43RfIi-4.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197450
IP address blocks:        185.113.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/fTLe2jH-jq_NrW4qBv3iNufRHWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/fTLe2jH-jq_NrW4qBv3iNufRHWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fTLe2jH-jq_NrW4qBv3iNufRHWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:87:44:84:30:22:d7:14:09:c6:d0:03:a2:c3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d32deda31fe8eafcdad6e2a06fde236e7d11d61
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=077046adddfd88bba9de7e3b67d978dd17c88bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:25:84:f2:90:c2:23:e6:10:0a:62:19:b6:
                    8c:a3:c8:af:b2:c7:46:a7:f6:5b:8e:73:4f:cf:1e:
                    81:3a:08:8c:d7:8a:98:f0:4a:b4:88:b7:33:c5:44:
                    13:0b:37:a7:fd:80:5d:27:4a:30:05:71:b9:77:fd:
                    3b:16:92:61:57:22:32:18:95:b9:1f:83:c7:a9:89:
                    1b:85:f4:2b:4c:a4:e2:7d:b0:2d:ba:5f:62:ba:5c:
                    56:b4:09:d2:60:dc:00:56:24:5c:a6:a1:16:bc:1c:
                    cd:36:31:43:fb:bc:e4:cf:be:83:4b:a2:2d:be:b8:
                    28:ac:bf:b0:1f:1c:58:8b:91:a0:4f:2e:78:07:ca:
                    96:3b:31:77:db:d5:bb:80:81:d3:8f:cf:6c:8c:7d:
                    30:7d:4e:db:dd:90:d6:3b:78:2c:79:98:f7:83:a5:
                    3a:87:2d:87:a6:30:8b:26:e6:e1:14:75:75:2a:2e:
                    f2:a0:b9:d7:4f:b0:b3:cc:62:9f:7a:88:b2:ff:f2:
                    32:5e:1f:e6:6c:75:57:99:f3:55:7c:e0:3f:b9:81:
                    85:36:f6:2c:89:cf:d4:0a:5e:54:c7:df:aa:e1:7a:
                    3c:f4:7f:f4:b6:2e:16:ed:83:d7:17:0d:f9:34:ac:
                    0d:84:09:0a:6e:b2:8d:8a:86:5a:cc:e7:ae:02:70:
                    2f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:70:46:AD:DD:FD:88:BB:A9:DE:7E:3B:67:D9:78:DD:17:C8:8B:EE
            X509v3 Authority Key Identifier:
                keyid:7D:32:DE:DA:31:FE:8E:AF:CD:AD:6E:2A:06:FD:E2:36:E7:D1:1D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTLe2jH-jq_NrW4qBv3iNufRHWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/B3BGrd39iLup3n47Z9l43RfIi-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c43ed2-70b3-45d8-aa28-53fb018a8c0e/1/fTLe2jH-jq_NrW4qBv3iNufRHWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:3b:07:72:26:6d:a2:b0:fc:65:f7:4a:9b:97:76:6f:9a:
         7b:ad:b2:8f:24:bd:9f:9a:79:9f:cd:f2:13:50:4d:17:c2:b6:
         7a:ca:50:82:48:08:9a:b5:d5:17:4c:59:24:bd:bc:a6:51:4a:
         ef:39:5e:e9:ab:aa:e5:ee:e3:e7:45:93:76:7e:a6:13:9d:4d:
         64:7d:e3:6c:f9:91:f6:d3:e7:5b:e7:98:50:a3:74:e8:31:c0:
         11:40:40:22:bc:ad:88:3f:d6:8d:b3:14:1f:73:1c:63:40:84:
         28:20:e0:15:33:ae:9e:01:b9:44:bf:0e:1c:2e:72:a2:f8:6a:
         fa:6d:7d:4e:44:30:a4:84:df:34:a1:08:12:dd:fc:3a:a9:51:
         6d:55:ba:14:99:6f:3e:9f:c2:3a:a1:95:26:22:b5:f7:6b:ad:
         65:6a:4f:4d:84:b4:9a:e1:c1:2e:98:25:d0:c9:8a:bc:26:e1:
         45:51:57:f0:5a:09:24:8b:13:7b:11:8e:40:b1:ed:c3:4c:53:
         20:60:c6:0b:9d:05:3e:04:44:c8:0d:e4:96:79:8e:32:81:a2:
         3f:5e:31:87:5c:04:a6:b4:03:b2:f7:85:09:3b:8d:30:e9:c2:
         1b:9f:e3:f4:25:bf:21:28:62:7a:08:3e:6f:8d:77:0f:7c:c1:
         5b:1d:45:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtodEhDAi1xQJxtADosNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMzJkZWRhMzFmZThlYWZjZGFkNmUyYTA2ZmRlMjM2ZTdk
MTFkNjEwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzcwNDZhZGRkZmQ4OGJiYTlkZTdlM2I2N2Q5NzhkZDE3Yzg4YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQYlhPKQwiPmEApiGbaMo8ivssdG
p/ZbjnNPzx6BOgiM14qY8Eq0iLczxUQTCzen/YBdJ0owBXG5d/07FpJhVyIyGJW5
H4PHqYkbhfQrTKTifbAtul9iulxWtAnSYNwAViRcpqEWvBzNNjFD+7zkz76DS6It
vrgorL+wHxxYi5GgTy54B8qWOzF329W7gIHTj89sjH0wfU7b3ZDWO3gseZj3g6U6
hy2HpjCLJubhFHV1Ki7yoLnXT7CzzGKfeoiy//IyXh/mbHVXmfNVfOA/uYGFNvYs
ic/UCl5Ux9+q4Xo89H/0ti4W7YPXFw35NKwNhAkKbrKNioZazOeuAnAvaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdwRq3d/Yi7qd5+O2fZeN0XyIvuMB8GA1UdIwQY
MBaAFH0y3tox/o6vza1uKgb94jbn0R1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRMZTJqSC1qcV9Oclc0cUJ2M2lOdWZSSFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jNDNlZDItNzBiMy00NWQ4LWFhMjgt
NTNmYjAxOGE4YzBlLzEvQjNCR3JkMzlpTHVwM240N1o5bDQzUmZJaS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jNDNlZDItNzBiMy00NWQ4LWFhMjgtNTNmYjAxOGE4YzBl
LzEvZlRMZTJqSC1qcV9Oclc0cUJ2M2lOdWZSSFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXHfMA0G
CSqGSIb3DQEBCwUAA4IBAQCD7TsHciZtorD8ZfdKm5d2b5p7rbKPJL2fmnmfzfIT
UE0XwrZ6ylCCSAiatdUXTFkkvbymUUrvOV7pq6rl7uPnRZN2fqYTnU1kfeNs+ZH2
0+db55hQo3ToMcARQEAivK2IP9aNsxQfcxxjQIQoIOAVM66eAblEvw4cLnKi+Gr6
bX1ORDCkhN80oQgS3fw6qVFtVboUmW8+n8I6oZUmIrX3a61lak9NhLSa4cEumCXQ
yYq8JuFFUVfwWgkkixN7EY5Ase3DTFMgYMYLnQU+BETIDeSWeY4ygaI/XjGHXASm
tAOy94UJO40w6cIbn+P0Jb8hKGJ6CD5vjXcPfMFbHUUW
-----END CERTIFICATE-----