Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/3vZq4hUVcMiBAY85NaOcEyuKf6A.roa
File:                     3vZq4hUVcMiBAY85NaOcEyuKf6A.roa (raw, json)
Hash identifier:          WEK2U+uZ6iDRs13yjXwzeCDzV7E90Rdmx74htopKK30=
Subject key identifier:   DE:F6:6A:E2:15:15:70:C8:81:01:8F:39:35:A3:9C:13:2B:8A:7F:A0
Certificate issuer:       /CN=877367fef9a2f86e45c642697230fc0ebad9b7a8
Certificate serial:       018CC8DEBC58E8B0F3CD3765D2E09FB5E155
Authority key identifier: 87:73:67:FE:F9:A2:F8:6E:45:C6:42:69:72:30:FC:0E:BA:D9:B7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/3vZq4hUVcMiBAY85NaOcEyuKf6A.roa
Signing time:             Tue 02 Jan 2024 06:31:29 +0000
ROA not before:           Tue 02 Jan 2024 06:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        185.229.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bc:58:e8:b0:f3:cd:37:65:d2:e0:9f:b5:e1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877367fef9a2f86e45c642697230fc0ebad9b7a8
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=def66ae2151570c881018f3935a39c132b8a7fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9c:b6:13:fb:43:de:29:44:dd:cf:6c:e6:b6:
                    3e:bc:59:a4:74:01:d2:78:76:e0:6b:0a:6d:03:1f:
                    73:da:26:81:06:57:01:f5:84:a2:21:1f:b0:41:e5:
                    63:6e:69:50:9c:14:b9:90:a1:81:1a:3c:25:bb:72:
                    8c:3e:f8:8c:42:97:be:d2:6e:be:e5:7f:7c:08:56:
                    bf:f1:e3:f8:1f:92:fc:50:8f:ef:04:82:4b:d6:49:
                    5e:fa:e5:e3:32:5c:e7:c1:1b:36:e9:e9:8a:c5:37:
                    f0:66:a5:f5:00:47:4c:d7:90:76:5b:1a:88:47:8d:
                    5b:22:30:39:d8:72:e8:6e:1e:af:bb:3a:99:f7:e0:
                    d5:28:89:7c:8b:55:ff:df:77:1c:f3:44:83:9f:5f:
                    ce:50:2b:4a:b6:11:72:fc:a6:f5:99:e1:dc:7a:5f:
                    ea:16:b6:19:e6:80:39:d2:97:cd:30:7f:fe:78:cb:
                    ff:8c:38:45:31:2c:04:60:fe:87:a4:14:a5:73:a5:
                    3f:a5:bd:a0:33:a1:e2:c5:d1:eb:2f:9f:e8:0c:93:
                    aa:0a:35:08:03:46:93:3d:a1:29:46:d1:74:72:7b:
                    1a:49:91:35:72:36:47:23:1d:9b:e1:0f:01:a2:dd:
                    b9:8b:f2:dd:3a:b4:a1:60:48:89:8f:44:b1:8b:ee:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F6:6A:E2:15:15:70:C8:81:01:8F:39:35:A3:9C:13:2B:8A:7F:A0
            X509v3 Authority Key Identifier:
                keyid:87:73:67:FE:F9:A2:F8:6E:45:C6:42:69:72:30:FC:0E:BA:D9:B7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/3vZq4hUVcMiBAY85NaOcEyuKf6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/74228e-110c-46aa-8dea-0d145255fbb0/1/h3Nn_vmi-G5FxkJpcjD8DrrZt6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:aa:59:09:f6:24:da:9f:5d:01:f4:d8:99:2b:91:a3:68:c9:
         a4:3b:40:6e:a2:1f:0a:5f:e4:67:f7:5f:9a:7a:a3:24:05:24:
         1a:5a:47:b3:c5:39:6b:9e:86:52:6e:82:1f:6d:20:70:42:9d:
         78:ae:21:3b:55:1b:a8:1e:72:67:97:f2:88:b5:1a:46:58:31:
         dd:fe:71:a8:c2:ad:f4:bb:3b:13:57:b1:dd:85:47:45:0f:5c:
         22:f2:73:78:57:1e:09:38:64:93:8f:5d:b1:57:a1:92:0b:b4:
         ab:ac:65:2e:ea:19:be:d0:e6:93:44:55:36:f6:50:32:21:53:
         e5:f2:88:02:4e:ed:e9:3b:de:22:82:68:c1:33:b5:cc:ea:31:
         ed:ad:43:8f:12:5a:9f:b8:88:42:da:e9:86:9b:54:c5:a5:fc:
         0f:2d:9b:eb:10:23:3f:7e:73:06:70:e1:e5:b2:99:42:f9:20:
         9b:b5:39:0b:01:89:ac:af:3f:93:75:6a:64:d4:29:29:c2:b2:
         04:73:79:e4:a3:0c:ee:56:2f:3a:46:1d:c0:11:54:e8:fc:82:
         c8:c4:02:df:2c:e7:91:a6:2c:05:83:6a:3b:d9:94:eb:7f:3d:
         f5:b2:70:66:d7:bc:45:4d:98:4b:4c:2f:e3:2a:db:ca:d1:ca:
         bf:1c:74:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3rxY6LDzzTdl0uCfteFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzM2N2ZlZjlhMmY4NmU0NWM2NDI2OTcyMzBmYzBlYmFk
OWI3YTgwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWY2NmFlMjE1MTU3MGM4ODEwMThmMzkzNWEzOWMxMzJiOGE3ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspy2E/tD3ilE3c9s5rY+vFmkdAHS
eHbgawptAx9z2iaBBlcB9YSiIR+wQeVjbmlQnBS5kKGBGjwlu3KMPviMQpe+0m6+
5X98CFa/8eP4H5L8UI/vBIJL1kle+uXjMlznwRs26emKxTfwZqX1AEdM15B2WxqI
R41bIjA52HLobh6vuzqZ9+DVKIl8i1X/33cc80SDn1/OUCtKthFy/Kb1meHcel/q
FrYZ5oA50pfNMH/+eMv/jDhFMSwEYP6HpBSlc6U/pb2gM6HixdHrL5/oDJOqCjUI
A0aTPaEpRtF0cnsaSZE1cjZHIx2b4Q8Bot25i/LdOrShYEiJj0Sxi+6MPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN72auIVFXDIgQGPOTWjnBMrin+gMB8GA1UdIwQY
MBaAFIdzZ/75ovhuRcZCaXIw/A662beoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNObl92bWktRzVGeGtKcGNqRDhEcnJadDZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy83NDIyOGUtMTEwYy00NmFhLThkZWEt
MGQxNDUyNTVmYmIwLzEvM3ZacTRoVVZjTWlCQVk4NU5hT2NFeXVLZjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy83NDIyOGUtMTEwYy00NmFhLThkZWEtMGQxNDUyNTVmYmIw
LzEvaDNObl92bWktRzVGeGtKcGNqRDhEcnJadDZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueWgMA0G
CSqGSIb3DQEBCwUAA4IBAQBvqlkJ9iTan10B9NiZK5GjaMmkO0Buoh8KX+Rn91+a
eqMkBSQaWkezxTlrnoZSboIfbSBwQp14riE7VRuoHnJnl/KItRpGWDHd/nGowq30
uzsTV7HdhUdFD1wi8nN4Vx4JOGSTj12xV6GSC7SrrGUu6hm+0OaTRFU29lAyIVPl
8ogCTu3pO94igmjBM7XM6jHtrUOPElqfuIhC2umGm1TFpfwPLZvrECM/fnMGcOHl
splC+SCbtTkLAYmsrz+TdWpk1CkpwrIEc3nkowzuVi86Rh3AEVTo/ILIxALfLOeR
piwFg2o72ZTrfz31snBm17xFTZhLTC/jKtvK0cq/HHRU
-----END CERTIFICATE-----