Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/ShaDVXJsV8Mv6uLi6v_RmRWEIOs.roa
File:                     ShaDVXJsV8Mv6uLi6v_RmRWEIOs.roa (raw, json)
Hash identifier:          3M3XiG95Oj3CiUKNBmg40s64xAwGRKhEx++cOUPGb8o=
Subject key identifier:   4A:16:83:55:72:6C:57:C3:2F:EA:E2:E2:EA:FF:D1:99:15:84:20:EB
Certificate issuer:       /CN=dd33623619e52729fbf9772a5522d781da3b6325
Certificate serial:       01922B39BA23CD72BB20667CC4861EB1D849
Authority key identifier: DD:33:62:36:19:E5:27:29:FB:F9:77:2A:55:22:D7:81:DA:3B:63:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/ShaDVXJsV8Mv6uLi6v_RmRWEIOs.roa
Signing time:             Wed 25 Sep 2024 22:07:36 +0000
ROA not before:           Wed 25 Sep 2024 22:07:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211854
IP address blocks:        185.119.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2b:39:ba:23:cd:72:bb:20:66:7c:c4:86:1e:b1:d8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd33623619e52729fbf9772a5522d781da3b6325
        Validity
            Not Before: Sep 25 22:07:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a168355726c57c32feae2e2eaffd199158420eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3b:0b:e2:2d:89:60:74:0d:95:9a:79:91:7a:
                    33:f0:b9:c2:b4:2f:fa:92:18:f5:e5:9e:10:f7:33:
                    46:52:62:d5:bb:18:18:f1:a7:e5:3c:36:23:08:c3:
                    8f:5d:9e:95:98:34:52:f7:45:9f:ec:eb:b4:9c:74:
                    63:b7:77:ac:71:26:0b:2b:54:5a:84:ed:08:6f:fe:
                    45:08:78:26:99:63:5d:d1:fc:c5:de:00:1f:84:17:
                    7e:41:d1:5a:2b:10:99:05:8c:1d:0c:49:21:a6:b1:
                    49:c6:71:07:c8:0b:b2:73:47:44:16:f1:e7:f9:78:
                    61:81:ec:6e:af:6b:4f:cf:01:91:71:f6:82:f6:4a:
                    35:9c:18:4d:e6:ce:56:82:d6:69:5b:54:5c:bf:96:
                    a7:ad:1f:e0:91:50:62:5d:6f:56:03:84:8c:18:61:
                    ce:75:83:46:22:40:a6:1c:9d:aa:ee:7e:d6:11:50:
                    ee:96:9d:d7:8f:b4:92:01:0e:ab:df:0c:d2:07:d7:
                    7d:f6:d0:3c:34:d7:62:f9:30:97:ce:0d:4e:da:60:
                    ee:f4:f7:2b:e9:d3:80:c1:70:4b:f7:18:44:6a:68:
                    5d:42:c3:87:0d:bf:38:41:9d:7a:15:d7:85:71:bb:
                    94:0c:8b:da:17:8e:97:03:e4:6a:e2:b1:d9:96:a6:
                    c0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:16:83:55:72:6C:57:C3:2F:EA:E2:E2:EA:FF:D1:99:15:84:20:EB
            X509v3 Authority Key Identifier:
                keyid:DD:33:62:36:19:E5:27:29:FB:F9:77:2A:55:22:D7:81:DA:3B:63:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/ShaDVXJsV8Mv6uLi6v_RmRWEIOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:98:bb:b3:a0:39:f6:da:76:f3:db:f3:98:ca:e4:4b:8b:63:
         50:eb:63:b1:79:c2:73:4c:fe:66:0f:23:31:76:c7:42:dc:6b:
         a1:32:a9:04:0d:e0:ac:80:bf:16:9e:88:05:ff:02:a3:34:50:
         60:60:40:2e:7f:82:33:de:e6:af:03:66:dc:d6:ca:f8:90:82:
         42:13:e0:b0:31:b8:f1:08:26:52:12:86:13:e3:f6:26:99:5f:
         1f:0a:dc:fd:7e:4a:71:4e:6b:ff:cf:74:28:d3:44:79:ae:36:
         a6:dc:16:cb:d8:9a:07:b7:9b:73:77:1a:24:1d:4f:df:05:98:
         48:25:26:2b:d6:09:53:31:60:5e:6b:94:b6:30:6c:26:02:f1:
         f1:9b:05:2b:88:d6:fb:90:6a:75:64:61:f4:ec:6e:30:c3:46:
         10:b6:70:c1:14:1a:83:48:12:12:33:f6:38:3f:58:7b:4f:f0:
         82:33:a3:33:99:cb:dc:3b:2b:0f:5a:c1:e7:d2:49:8f:be:a9:
         5d:d4:a2:5e:e7:9d:da:da:10:6e:c9:28:43:30:6e:ad:6d:21:
         8f:7f:2d:c2:ce:1b:79:70:b2:2a:a8:7d:e0:7e:80:99:ae:a9:
         82:b7:28:48:4f:bd:5e:09:00:9c:c8:c6:d7:d0:cd:97:4a:76:
         56:fe:c6:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIrObojzXK7IGZ8xIYesdhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMzM2MjM2MTllNTI3MjlmYmY5NzcyYTU1MjJkNzgxZGEz
YjYzMjUwHhcNMjQwOTI1MjIwNzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE2ODM1NTcyNmM1N2MzMmZlYWUyZTJlYWZmZDE5OTE1ODQyMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DsL4i2JYHQNlZp5kXoz8LnCtC/6
khj15Z4Q9zNGUmLVuxgY8aflPDYjCMOPXZ6VmDRS90Wf7Ou0nHRjt3escSYLK1Ra
hO0Ib/5FCHgmmWNd0fzF3gAfhBd+QdFaKxCZBYwdDEkhprFJxnEHyAuyc0dEFvHn
+Xhhgexur2tPzwGRcfaC9ko1nBhN5s5WgtZpW1Rcv5anrR/gkVBiXW9WA4SMGGHO
dYNGIkCmHJ2q7n7WEVDulp3Xj7SSAQ6r3wzSB9d99tA8NNdi+TCXzg1O2mDu9Pcr
6dOAwXBL9xhEamhdQsOHDb84QZ16FdeFcbuUDIvaF46XA+Rq4rHZlqbAVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoWg1VybFfDL+ri4ur/0ZkVhCDrMB8GA1UdIwQY
MBaAFN0zYjYZ5Scp+/l3KlUi14HaO2MlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1ROaU5obmxKeW43LVhjcVZTTFhnZG83WXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80YTI5YzktZDE4Ni00OTJjLWJhOTAt
ZGRmYWExYzhhYjlkLzEvU2hhRFZYSnNWOE12NnVMaTZ2X1JtUldFSU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80YTI5YzktZDE4Ni00OTJjLWJhOTAtZGRmYWExYzhhYjlk
LzEvM1ROaU5obmxKeW43LVhjcVZTTFhnZG83WXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXeGMA0G
CSqGSIb3DQEBCwUAA4IBAQA8mLuzoDn22nbz2/OYyuRLi2NQ62OxecJzTP5mDyMx
dsdC3GuhMqkEDeCsgL8WnogF/wKjNFBgYEAuf4Iz3uavA2bc1sr4kIJCE+CwMbjx
CCZSEoYT4/YmmV8fCtz9fkpxTmv/z3Qo00R5rjam3BbL2JoHt5tzdxokHU/fBZhI
JSYr1glTMWBea5S2MGwmAvHxmwUriNb7kGp1ZGH07G4ww0YQtnDBFBqDSBISM/Y4
P1h7T/CCM6MzmcvcOysPWsHn0kmPvqld1KJe553a2hBuyShDMG6tbSGPfy3Czht5
cLIqqH3gfoCZrqmCtyhIT71eCQCcyMbX0M2XSnZW/sZT
-----END CERTIFICATE-----