Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/PtXpHIVTEq37PVc5i1oJfGNKhQw.roa
File:                     PtXpHIVTEq37PVc5i1oJfGNKhQw.roa (raw, json)
Hash identifier:          YQQlSF6WMKaDPsx6DJJG1TcvjhP2e8/Y4+fMLmPeT7I=
Subject key identifier:   3E:D5:E9:1C:85:53:12:AD:FB:3D:57:39:8B:5A:09:7C:63:4A:85:0C
Certificate issuer:       /CN=c3ff0489a0641ccf1dc1eb3b674f3f611163baee
Certificate serial:       018CC3B6E1D372AC6D3CDA1C18191F95727C
Authority key identifier: C3:FF:04:89:A0:64:1C:CF:1D:C1:EB:3B:67:4F:3F:61:11:63:BA:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_8EiaBkHM8dwes7Z08_YRFjuu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/PtXpHIVTEq37PVc5i1oJfGNKhQw.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48685
IP address blocks:        185.119.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/w_8EiaBkHM8dwes7Z08_YRFjuu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/w_8EiaBkHM8dwes7Z08_YRFjuu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_8EiaBkHM8dwes7Z08_YRFjuu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e1:d3:72:ac:6d:3c:da:1c:18:19:1f:95:72:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3ff0489a0641ccf1dc1eb3b674f3f611163baee
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ed5e91c855312adfb3d57398b5a097c634a850c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:26:bb:b1:3b:a3:a2:ad:2b:0d:56:62:32:d5:
                    6a:60:4b:0f:31:be:48:39:5b:9b:80:bd:ef:bc:54:
                    3f:0a:f7:a8:d3:2e:c3:a3:ed:83:e4:fb:8d:85:78:
                    57:d1:15:6a:52:71:62:36:bd:f8:a5:83:b5:40:d7:
                    f5:a0:6c:1b:64:36:23:9e:24:19:17:08:97:e5:65:
                    5a:13:d1:bf:8f:b8:31:01:b0:f9:fe:fa:e5:bf:92:
                    c0:7b:61:0b:3f:b5:24:e8:b2:a5:b7:f3:eb:48:55:
                    fa:dd:66:e3:b4:4b:4f:87:75:80:fe:fd:3a:ef:1f:
                    96:18:51:c8:8f:c4:12:9e:70:b7:42:d1:39:bd:0b:
                    f4:e7:ec:5a:f3:67:6e:5a:9c:09:f8:a8:d6:72:cb:
                    4b:e5:02:8f:a7:88:70:85:30:b9:67:4c:42:b7:da:
                    0a:19:06:f3:ba:3a:16:f3:9a:ac:b2:45:3a:3c:46:
                    12:d3:9e:5c:ac:f6:ae:d4:b7:22:13:f7:65:5e:20:
                    24:c1:21:8a:f4:08:7f:f0:a2:1e:19:7d:95:24:83:
                    79:20:a9:7a:bf:77:06:8c:e2:7d:d0:0a:e1:8a:2c:
                    37:8c:c8:bb:7a:49:15:f5:3c:1f:26:b9:e6:c8:55:
                    fb:94:1d:f4:98:e8:f1:23:bf:0e:72:eb:d9:2e:9f:
                    28:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D5:E9:1C:85:53:12:AD:FB:3D:57:39:8B:5A:09:7C:63:4A:85:0C
            X509v3 Authority Key Identifier:
                keyid:C3:FF:04:89:A0:64:1C:CF:1D:C1:EB:3B:67:4F:3F:61:11:63:BA:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_8EiaBkHM8dwes7Z08_YRFjuu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/PtXpHIVTEq37PVc5i1oJfGNKhQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/e2767c-e447-4d77-87f0-883e0ebed6bf/1/w_8EiaBkHM8dwes7Z08_YRFjuu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:3e:50:01:af:9d:ec:7e:c8:7f:b3:f7:da:d4:c7:24:90:b4:
         87:c9:a0:94:54:d7:69:67:33:3a:19:4b:ef:f5:45:bb:73:c8:
         c0:c3:ac:30:a6:df:ad:07:5a:82:a7:be:f4:14:81:7f:24:66:
         76:6b:54:45:94:03:f1:21:de:62:5e:02:e9:b1:dc:50:1e:f3:
         80:6f:f1:9a:4b:ec:de:8e:1f:1b:11:0a:f6:84:38:d3:f1:64:
         e2:25:fd:13:ae:ba:8d:bc:48:29:f1:1e:ef:8c:2f:85:91:9a:
         2e:ee:73:be:42:0f:72:bc:41:dd:73:19:2d:df:68:dd:32:4f:
         7f:ca:0b:e7:f3:33:0b:7e:73:29:94:cc:f6:e9:64:ce:eb:36:
         ae:ba:cf:15:fb:b2:6c:15:28:f5:b8:c5:29:9f:4f:49:50:7d:
         86:76:e0:93:c7:f5:4c:fc:4e:86:9d:10:fa:a1:84:58:9f:b0:
         a7:b6:25:76:2a:02:8b:a6:b8:8b:d7:59:9b:12:3f:0b:4f:5d:
         f7:d5:76:74:83:3b:93:c3:f8:33:5f:c3:20:e3:43:72:e3:ab:
         ff:f5:14:61:db:74:dc:16:69:1e:82:70:45:d4:d9:0b:4d:9f:
         cc:f8:86:47:a9:8a:91:d0:4b:60:86:40:f9:1e:45:5d:51:54:
         0c:22:d7:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuHTcqxtPNocGBkflXJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmYwNDg5YTA2NDFjY2YxZGMxZWIzYjY3NGYzZjYxMTE2
M2JhZWUwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ1ZTkxYzg1NTMxMmFkZmIzZDU3Mzk4YjVhMDk3YzYzNGE4NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCa7sTujoq0rDVZiMtVqYEsPMb5I
OVubgL3vvFQ/Cveo0y7Do+2D5PuNhXhX0RVqUnFiNr34pYO1QNf1oGwbZDYjniQZ
FwiX5WVaE9G/j7gxAbD5/vrlv5LAe2ELP7Uk6LKlt/PrSFX63WbjtEtPh3WA/v06
7x+WGFHIj8QSnnC3QtE5vQv05+xa82duWpwJ+KjWcstL5QKPp4hwhTC5Z0xCt9oK
GQbzujoW85qsskU6PEYS055crPau1LciE/dlXiAkwSGK9Ah/8KIeGX2VJIN5IKl6
v3cGjOJ90Arhiiw3jMi7ekkV9TwfJrnmyFX7lB30mOjxI78OcuvZLp8obwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7V6RyFUxKt+z1XOYtaCXxjSoUMMB8GA1UdIwQY
MBaAFMP/BImgZBzPHcHrO2dPP2ERY7ruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd184RWlhQmtITThkd2VzN1owOF9ZUkZqdXU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9lMjc2N2MtZTQ0Ny00ZDc3LTg3ZjAt
ODgzZTBlYmVkNmJmLzEvUHRYcEhJVlRFcTM3UFZjNWkxb0pmR05LaFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9lMjc2N2MtZTQ0Ny00ZDc3LTg3ZjAtODgzZTBlYmVkNmJm
LzEvd184RWlhQmtITThkd2VzN1owOF9ZUkZqdXU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXd8MA0G
CSqGSIb3DQEBCwUAA4IBAQC2PlABr53sfsh/s/fa1MckkLSHyaCUVNdpZzM6GUvv
9UW7c8jAw6wwpt+tB1qCp770FIF/JGZ2a1RFlAPxId5iXgLpsdxQHvOAb/GaS+ze
jh8bEQr2hDjT8WTiJf0TrrqNvEgp8R7vjC+FkZou7nO+Qg9yvEHdcxkt32jdMk9/
ygvn8zMLfnMplMz26WTO6zauus8V+7JsFSj1uMUpn09JUH2GduCTx/VM/E6GnRD6
oYRYn7CntiV2KgKLpriL11mbEj8LT1331XZ0gzuTw/gzX8Mg40Ny46v/9RRh23Tc
FmkegnBF1NkLTZ/M+IZHqYqR0EtghkD5HkVdUVQMItdK
-----END CERTIFICATE-----