Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/3qcEpPj-gch_0TgYE5s2RElkVy8.roa
File:                     3qcEpPj-gch_0TgYE5s2RElkVy8.roa (raw, json)
Hash identifier:          fDIUb2zMTyTHLl4DR23JOI6IBvcS8KogfsENKk6YEho=
Subject key identifier:   DE:A7:04:A4:F8:FE:81:C8:7F:D1:38:18:13:9B:36:44:49:64:57:2F
Certificate issuer:       /CN=d14f747f42d6f2606f808f8829f43c90dd48ca0b
Certificate serial:       018CC6B90DE2F89C91527B975C9F17FD3D58
Authority key identifier: D1:4F:74:7F:42:D6:F2:60:6F:80:8F:88:29:F4:3C:90:DD:48:CA:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0U90f0LW8mBvgI-IKfQ8kN1Iygs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/3qcEpPj-gch_0TgYE5s2RElkVy8.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        185.238.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/0U90f0LW8mBvgI-IKfQ8kN1Iygs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/0U90f0LW8mBvgI-IKfQ8kN1Iygs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0U90f0LW8mBvgI-IKfQ8kN1Iygs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0d:e2:f8:9c:91:52:7b:97:5c:9f:17:fd:3d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14f747f42d6f2606f808f8829f43c90dd48ca0b
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dea704a4f8fe81c87fd13818139b36444964572f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:66:87:1c:0d:c0:10:d5:c2:c8:f1:87:a8:
                    d5:37:af:b6:22:78:7d:57:57:e4:e2:0a:0c:94:f3:
                    0b:e2:03:02:9f:6c:0e:f2:af:b9:8c:9b:e8:e7:de:
                    bf:45:57:a7:24:a6:8f:02:40:ea:91:77:50:f3:70:
                    74:0c:49:f6:24:8d:14:45:6d:07:b2:95:84:09:9e:
                    9a:ed:d1:37:bd:22:45:be:ec:55:73:a0:c1:45:75:
                    ec:db:5d:46:f8:a2:67:91:50:65:c5:99:ed:d2:1f:
                    00:d1:75:c9:ba:46:c6:f2:1c:56:b6:c1:41:f1:01:
                    b3:af:b3:8b:de:ba:d5:1a:fb:90:dd:ab:39:1e:c0:
                    17:ef:46:12:a5:ca:22:4e:73:0b:6e:af:88:84:9a:
                    a6:9d:7e:a9:3d:97:79:58:03:60:61:d4:36:f2:64:
                    25:0a:9b:72:5f:30:40:79:76:29:9e:7a:35:ec:03:
                    44:30:48:e8:52:af:c0:f1:ef:c6:a7:4b:b1:98:be:
                    f1:d9:dd:b7:70:fb:4a:07:8b:f3:51:e7:51:cb:ed:
                    2d:06:22:f2:d4:5a:68:9b:10:c4:48:15:f7:10:0e:
                    11:52:4b:f8:3d:c5:13:56:bd:8d:44:28:95:84:4f:
                    ed:53:cf:31:46:47:74:7d:00:03:e2:af:40:01:73:
                    aa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A7:04:A4:F8:FE:81:C8:7F:D1:38:18:13:9B:36:44:49:64:57:2F
            X509v3 Authority Key Identifier:
                keyid:D1:4F:74:7F:42:D6:F2:60:6F:80:8F:88:29:F4:3C:90:DD:48:CA:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0U90f0LW8mBvgI-IKfQ8kN1Iygs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/3qcEpPj-gch_0TgYE5s2RElkVy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7029b3-2ca8-4ba1-aa92-e6d472d3a825/1/0U90f0LW8mBvgI-IKfQ8kN1Iygs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:13:4c:39:f4:74:11:31:79:47:50:4b:82:d2:c4:af:83:e6:
         7f:a5:3a:15:9e:ee:fc:c0:ee:cf:d8:74:d2:d0:e8:66:af:d6:
         92:8d:66:8a:4a:d3:d5:1e:da:4c:94:d6:28:58:bd:78:69:63:
         af:b2:d7:6c:4a:68:89:d8:d0:d4:b1:0d:74:c1:ef:eb:92:0f:
         f0:8a:56:1d:04:47:db:c3:db:96:b2:be:a3:b3:df:dc:d2:18:
         f8:a5:4e:50:fd:4f:12:a0:e1:85:a3:39:5c:98:5c:6c:ef:69:
         34:e3:72:e2:ad:e6:70:ef:f0:05:5a:ae:42:33:6e:3b:cc:80:
         e2:b3:e0:b4:8e:84:8b:3f:c8:79:60:e6:57:c2:fe:34:a2:03:
         d9:17:41:d3:eb:0a:1e:0d:69:93:fa:81:5b:5c:f4:ad:c2:48:
         76:79:0f:46:be:ba:29:7c:9b:32:d7:4e:b2:cd:e8:dd:b9:ba:
         7f:97:62:d3:03:1d:9d:1d:0c:f2:5c:8a:b7:a7:f4:07:50:a0:
         21:06:0d:b2:f0:2d:f9:08:57:27:15:91:80:7c:31:f0:b1:2b:
         97:9c:d6:8f:bf:1c:d1:c9:f0:63:07:fc:57:fe:fd:4a:5f:03:
         72:77:99:2c:fc:0d:7c:ba:a3:fe:9e:97:87:b5:00:49:58:51:
         a3:be:5e:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQ3i+JyRUnuXXJ8X/T1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNGY3NDdmNDJkNmYyNjA2ZjgwOGY4ODI5ZjQzYzkwZGQ0
OGNhMGIwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWE3MDRhNGY4ZmU4MWM4N2ZkMTM4MTgxMzliMzY0NDQ5NjQ1NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfdmhxwNwBDVwsjxh6jVN6+2Inh9
V1fk4goMlPML4gMCn2wO8q+5jJvo596/RVenJKaPAkDqkXdQ83B0DEn2JI0URW0H
spWECZ6a7dE3vSJFvuxVc6DBRXXs211G+KJnkVBlxZnt0h8A0XXJukbG8hxWtsFB
8QGzr7OL3rrVGvuQ3as5HsAX70YSpcoiTnMLbq+IhJqmnX6pPZd5WANgYdQ28mQl
CptyXzBAeXYpnno17ANEMEjoUq/A8e/Gp0uxmL7x2d23cPtKB4vzUedRy+0tBiLy
1FpomxDESBX3EA4RUkv4PcUTVr2NRCiVhE/tU88xRkd0fQAD4q9AAXOq3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6nBKT4/oHIf9E4GBObNkRJZFcvMB8GA1UdIwQY
MBaAFNFPdH9C1vJgb4CPiCn0PJDdSMoLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFU5MGYwTFc4bUJ2Z0ktSUtmUThrTjFJeWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83MDI5YjMtMmNhOC00YmExLWFhOTIt
ZTZkNDcyZDNhODI1LzEvM3FjRXBQai1nY2hfMFRnWUU1czJSRWxrVnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83MDI5YjMtMmNhOC00YmExLWFhOTItZTZkNDcyZDNhODI1
LzEvMFU5MGYwTFc4bUJ2Z0ktSUtmUThrTjFJeWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6OMA0G
CSqGSIb3DQEBCwUAA4IBAQAXE0w59HQRMXlHUEuC0sSvg+Z/pToVnu78wO7P2HTS
0Ohmr9aSjWaKStPVHtpMlNYoWL14aWOvstdsSmiJ2NDUsQ10we/rkg/wilYdBEfb
w9uWsr6js9/c0hj4pU5Q/U8SoOGFozlcmFxs72k043LireZw7/AFWq5CM247zIDi
s+C0joSLP8h5YOZXwv40ogPZF0HT6woeDWmT+oFbXPStwkh2eQ9GvropfJsy106y
zejdubp/l2LTAx2dHQzyXIq3p/QHUKAhBg2y8C35CFcnFZGAfDHwsSuXnNaPvxzR
yfBjB/xX/v1KXwNyd5ks/A18uqP+npeHtQBJWFGjvl4K
-----END CERTIFICATE-----