Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/M0kO4o4UntXZGqsoARX-T22Wq_U.roa
File:                     M0kO4o4UntXZGqsoARX-T22Wq_U.roa (raw, json)
Hash identifier:          0JAaEUsQm+wVuKSAfpqXStIYuE+dRm0eK2ESykLkLXQ=
Subject key identifier:   33:49:0E:E2:8E:14:9E:D5:D9:1A:AB:28:01:15:FE:4F:6D:96:AB:F5
Certificate issuer:       /CN=c3dcb23dea58f97fad5a797b457741d5bfe6b1b0
Certificate serial:       018CC6B7D9BEDE0DFA97943EF4604E0529DD
Authority key identifier: C3:DC:B2:3D:EA:58:F9:7F:AD:5A:79:7B:45:77:41:D5:BF:E6:B1:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w9yyPepY-X-tWnl7RXdB1b_msbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/M0kO4o4UntXZGqsoARX-T22Wq_U.roa
Signing time:             Mon 01 Jan 2024 20:29:46 +0000
ROA not before:           Mon 01 Jan 2024 20:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204570
IP address blocks:        185.246.148.0/22 maxlen: 24
                          2a0d:8680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/w9yyPepY-X-tWnl7RXdB1b_msbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/w9yyPepY-X-tWnl7RXdB1b_msbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w9yyPepY-X-tWnl7RXdB1b_msbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d9:be:de:0d:fa:97:94:3e:f4:60:4e:05:29:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3dcb23dea58f97fad5a797b457741d5bfe6b1b0
        Validity
            Not Before: Jan  1 20:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33490ee28e149ed5d91aab280115fe4f6d96abf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:be:cd:be:1c:19:01:29:24:86:f3:2c:3d:
                    b5:56:36:ff:51:05:23:e1:cd:0c:10:cf:4e:91:b4:
                    3b:f7:b0:83:d9:c6:59:70:2b:1e:16:8a:ab:de:0e:
                    86:61:e3:7a:5c:1a:76:f2:ff:c0:62:36:0b:01:4f:
                    e7:f8:45:44:89:22:a4:f5:67:91:b2:13:2c:9d:00:
                    ee:1f:ad:93:4d:f6:4d:67:eb:bd:1c:2f:62:b4:24:
                    fd:19:6f:b1:44:41:01:0a:dd:f3:c9:91:e0:56:b9:
                    93:00:d4:fe:d0:e1:b1:0e:b4:34:27:ac:12:fb:b3:
                    e1:f6:f3:9e:6a:49:d2:dc:e6:20:36:ec:fc:66:98:
                    3d:5b:51:02:e5:65:6d:30:25:bb:6e:7c:4f:11:13:
                    45:c3:f9:01:9d:b5:74:ca:b1:c7:54:99:30:6f:b9:
                    4e:5e:d7:5c:6d:1b:a0:1e:d9:fb:9a:bd:e9:32:1d:
                    e4:9e:ae:ca:3d:b4:c7:a8:47:7a:6d:b6:a8:b3:14:
                    c7:69:06:75:73:5e:35:f6:0f:b9:c3:11:35:0a:3b:
                    9d:a2:55:05:9e:d2:30:9c:21:06:c9:28:ae:cb:e5:
                    28:0d:be:21:c7:59:a2:bf:15:a5:b0:0a:55:52:4c:
                    04:82:a5:ff:ea:8c:b1:e7:ac:a9:74:09:98:96:68:
                    df:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:49:0E:E2:8E:14:9E:D5:D9:1A:AB:28:01:15:FE:4F:6D:96:AB:F5
            X509v3 Authority Key Identifier:
                keyid:C3:DC:B2:3D:EA:58:F9:7F:AD:5A:79:7B:45:77:41:D5:BF:E6:B1:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w9yyPepY-X-tWnl7RXdB1b_msbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/M0kO4o4UntXZGqsoARX-T22Wq_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/6ec66d-d6b6-430f-8fcb-e70a911a1c7b/1/w9yyPepY-X-tWnl7RXdB1b_msbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.148.0/22
                IPv6:
                  2a0d:8680::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:09:99:98:07:0b:98:80:ce:70:3f:3d:32:84:4d:fb:d8:1d:
         93:4b:76:c1:66:ec:b0:ee:00:77:a9:4d:1a:3c:b8:41:f1:8b:
         48:d8:9c:a3:e9:d4:a7:72:d1:83:a0:18:24:56:91:bf:36:33:
         1d:d6:33:01:19:c5:2d:b6:6b:d8:32:8c:c1:93:b2:13:41:57:
         8e:09:60:87:b0:34:fe:36:43:80:72:66:70:c7:fd:ed:1d:50:
         26:9f:8a:f7:66:7e:9d:00:e7:f5:db:c8:62:5b:3d:f4:80:0a:
         b7:75:fe:4b:c1:99:dc:96:e7:09:93:ef:f3:9a:4a:1c:76:77:
         2f:e3:fd:5d:8e:b1:aa:04:f7:cf:fe:54:2b:1d:d1:59:31:50:
         70:7b:bf:b9:b5:96:60:49:cc:cb:a8:7e:78:69:b6:83:06:33:
         47:8d:0a:c9:32:41:ae:c5:f8:7d:ec:fb:a4:f7:7d:98:59:53:
         ec:4e:39:4e:10:80:67:38:05:21:af:f5:be:8d:86:bf:95:de:
         45:1f:67:e9:30:52:47:37:55:08:e5:46:25:e2:5f:6f:3f:d1:
         40:0b:d3:7d:9a:48:83:b9:11:0a:c0:fb:b6:1a:1c:70:a1:97:
         e4:a1:92:b5:dd:e1:07:fa:f3:fd:13:fb:6a:31:88:12:7c:cc:
         5c:c1:38:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt9m+3g36l5Q+9GBOBSndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZGNiMjNkZWE1OGY5N2ZhZDVhNzk3YjQ1Nzc0MWQ1YmZl
NmIxYjAwHhcNMjQwMTAxMjAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQ5MGVlMjhlMTQ5ZWQ1ZDkxYWFiMjgwMTE1ZmU0ZjZkOTZhYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArau+zb4cGQEpJIbzLD21Vjb/UQUj
4c0MEM9OkbQ797CD2cZZcCseFoqr3g6GYeN6XBp28v/AYjYLAU/n+EVEiSKk9WeR
shMsnQDuH62TTfZNZ+u9HC9itCT9GW+xREEBCt3zyZHgVrmTANT+0OGxDrQ0J6wS
+7Ph9vOeaknS3OYgNuz8Zpg9W1EC5WVtMCW7bnxPERNFw/kBnbV0yrHHVJkwb7lO
XtdcbRugHtn7mr3pMh3knq7KPbTHqEd6bbaosxTHaQZ1c1419g+5wxE1CjudolUF
ntIwnCEGySiuy+UoDb4hx1mivxWlsApVUkwEgqX/6oyx56ypdAmYlmjfSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDNJDuKOFJ7V2RqrKAEV/k9tlqv1MB8GA1UdIwQY
MBaAFMPcsj3qWPl/rVp5e0V3QdW/5rGwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzl5eVBlcFktWC10V25sN1JYZEIxYl9tc2JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ZWM2NmQtZDZiNi00MzBmLThmY2It
ZTcwYTkxMWExYzdiLzEvTTBrTzRvNFVudFhaR3Fzb0FSWC1UMjJXcV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ZWM2NmQtZDZiNi00MzBmLThmY2ItZTcwYTkxMWExYzdi
LzEvdzl5eVBlcFktWC10V25sN1JYZEIxYl9tc2JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufaUMA0E
AgACMAcDBQAqDYaAMA0GCSqGSIb3DQEBCwUAA4IBAQBZCZmYBwuYgM5wPz0yhE37
2B2TS3bBZuyw7gB3qU0aPLhB8YtI2Jyj6dSnctGDoBgkVpG/NjMd1jMBGcUttmvY
MozBk7ITQVeOCWCHsDT+NkOAcmZwx/3tHVAmn4r3Zn6dAOf128hiWz30gAq3df5L
wZnclucJk+/zmkocdncv4/1djrGqBPfP/lQrHdFZMVBwe7+5tZZgSczLqH54abaD
BjNHjQrJMkGuxfh97Puk932YWVPsTjlOEIBnOAUhr/W+jYa/ld5FH2fpMFJHN1UI
5UYl4l9vP9FAC9N9mkiDuREKwPu2GhxwoZfkoZK13eEH+vP9E/tqMYgSfMxcwTh4
-----END CERTIFICATE-----