Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/RnB3-Fef9lQHvNgNT5VkGAHomSQ.roa
File:                     RnB3-Fef9lQHvNgNT5VkGAHomSQ.roa (raw, json)
Hash identifier:          ++wWLgtGqdvQ+KXbTHtKiKgBzUXqz5XXigjKnOyGryk=
Subject key identifier:   46:70:77:F8:57:9F:F6:54:07:BC:D8:0D:4F:95:64:18:01:E8:99:24
Certificate issuer:       /CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
Certificate serial:       0190258B7376BF4C349FE7269ED388928AB3
Authority key identifier: 38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/RnB3-Fef9lQHvNgNT5VkGAHomSQ.roa
Signing time:             Mon 17 Jun 2024 09:33:34 +0000
ROA not before:           Mon 17 Jun 2024 09:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198843
IP address blocks:        185.158.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 15:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:8b:73:76:bf:4c:34:9f:e7:26:9e:d3:88:92:8a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
        Validity
            Not Before: Jun 17 09:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=467077f8579ff65407bcd80d4f95641801e89924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3d:6d:5d:14:f4:11:e2:ca:35:86:50:d7:7f:
                    c6:4b:45:a6:9e:58:37:4e:4b:7f:3b:60:f4:a6:fb:
                    da:db:97:f7:7b:98:af:e2:f2:09:c1:f9:81:3a:34:
                    86:92:e9:6a:0c:62:ac:60:df:2e:9d:e3:fb:59:09:
                    e2:14:ff:8e:f1:59:e8:96:37:c6:7b:eb:31:51:ba:
                    17:36:8a:d3:2b:4b:44:ea:86:3e:9b:60:8d:a8:65:
                    0b:f7:4b:d7:b4:3a:13:4c:a4:c6:0f:1f:42:ac:41:
                    30:90:47:ae:6e:26:26:64:dc:e3:ec:a1:41:d1:65:
                    df:30:81:f7:2b:e2:36:96:19:b6:67:a8:24:c8:45:
                    3f:ff:fb:22:96:62:80:d2:f0:45:30:85:7e:29:1b:
                    de:0c:2c:06:77:11:1a:17:de:6d:26:f0:b4:a1:3c:
                    22:c9:15:44:2e:80:d8:06:bb:7b:c1:89:52:5a:63:
                    7d:11:a9:ee:7b:2d:05:4d:de:1a:57:b3:c2:ba:59:
                    ad:26:5c:2d:bc:db:73:37:98:8a:f1:37:4b:95:ce:
                    03:18:98:fd:20:7d:f8:a4:cb:94:02:bb:5d:69:75:
                    5a:25:cf:b5:04:0f:fc:84:69:15:57:4c:e4:f8:e2:
                    e6:0c:b5:07:86:df:fc:74:eb:3a:84:e5:48:dd:33:
                    a9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:70:77:F8:57:9F:F6:54:07:BC:D8:0D:4F:95:64:18:01:E8:99:24
            X509v3 Authority Key Identifier:
                keyid:38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/RnB3-Fef9lQHvNgNT5VkGAHomSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:d2:8a:be:e3:83:3f:a4:97:7d:54:dd:6a:aa:6c:2c:83:17:
         bf:7f:f4:78:d1:ca:48:0c:3a:91:ff:8d:d2:1b:d2:de:d5:4d:
         6d:c3:c7:c7:82:01:34:7c:8d:16:a1:d8:df:1f:e5:22:26:78:
         2f:a4:be:45:0b:63:5c:3c:29:4d:93:3e:0c:fe:a1:62:d0:a7:
         2f:ec:16:9f:71:5f:58:ae:57:7a:18:5a:92:30:e9:a1:eb:83:
         1c:d2:74:00:e6:a8:35:91:23:3c:03:fb:ea:6b:40:11:00:33:
         a4:64:04:4a:6d:f3:1a:53:53:bc:51:86:fe:fb:b4:08:19:ca:
         02:dc:7d:10:fc:c7:ee:9c:cd:78:08:e2:d0:3f:68:93:43:86:
         ba:5a:04:2e:98:19:f5:96:ed:ca:ad:65:cb:fd:b5:54:d2:5f:
         6e:8c:a3:23:86:80:0a:f7:8f:47:45:6e:56:12:9a:2b:3c:a6:
         ab:d8:b8:5b:8f:aa:28:ae:64:7f:70:da:26:ca:00:fb:d0:9b:
         9d:c0:e1:33:b9:92:7b:7e:8c:41:ab:a2:c2:35:c8:b3:f8:6b:
         f9:e7:f2:a1:bb:1a:d1:72:0f:59:b4:e4:5e:f1:aa:29:9f:ec:
         6e:8b:cb:ee:a3:d6:11:21:3f:06:c2:78:3e:00:34:e5:34:59:
         00:72:33:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAli3N2v0w0n+cmntOIkoqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGVmN2ZmNWI1NGY1M2ZjZjIzMTJhYmUyZWMzZjU5NThi
YTE0MjUwHhcNMjQwNjE3MDkzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjcwNzdmODU3OWZmNjU0MDdiY2Q4MGQ0Zjk1NjQxODAxZTg5OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6z1tXRT0EeLKNYZQ13/GS0Wmnlg3
Tkt/O2D0pvva25f3e5iv4vIJwfmBOjSGkulqDGKsYN8uneP7WQniFP+O8VnoljfG
e+sxUboXNorTK0tE6oY+m2CNqGUL90vXtDoTTKTGDx9CrEEwkEeubiYmZNzj7KFB
0WXfMIH3K+I2lhm2Z6gkyEU///silmKA0vBFMIV+KRveDCwGdxEaF95tJvC0oTwi
yRVELoDYBrt7wYlSWmN9Eanuey0FTd4aV7PCulmtJlwtvNtzN5iK8TdLlc4DGJj9
IH34pMuUArtdaXVaJc+1BA/8hGkVV0zk+OLmDLUHht/8dOs6hOVI3TOp+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZwd/hXn/ZUB7zYDU+VZBgB6JkkMB8GA1UdIwQY
MBaAFDgO9/9bVPU/zyMSq+LsP1lYuhQlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEt
ZjA0Y2MxYzIzMGNmLzEvUm5CMy1GZWY5bFFIdk5nTlQ1VmtHQUhvbVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEtZjA0Y2MxYzIzMGNm
LzEvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ4kMA0G
CSqGSIb3DQEBCwUAA4IBAQBe0oq+44M/pJd9VN1qqmwsgxe/f/R40cpIDDqR/43S
G9Le1U1tw8fHggE0fI0WodjfH+UiJngvpL5FC2NcPClNkz4M/qFi0Kcv7BafcV9Y
rld6GFqSMOmh64Mc0nQA5qg1kSM8A/vqa0ARADOkZARKbfMaU1O8UYb++7QIGcoC
3H0Q/MfunM14COLQP2iTQ4a6WgQumBn1lu3KrWXL/bVU0l9ujKMjhoAK949HRW5W
EporPKar2Lhbj6oormR/cNomygD70JudwOEzuZJ7foxBq6LCNciz+Gv55/KhuxrR
cg9ZtORe8aopn+xui8vuo9YRIT8Gwng+ADTlNFkAcjMQ
-----END CERTIFICATE-----