Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/r3mxfQBFdxKmvAvtxIjbQHR20h0.roa
File:                     r3mxfQBFdxKmvAvtxIjbQHR20h0.roa (raw, json)
Hash identifier:          DFWq1POuIWUTqi4GT04pqoYU19Zs2smk0HCviv82Gks=
Subject key identifier:   AF:79:B1:7D:00:45:77:12:A6:BC:0B:ED:C4:88:DB:40:74:76:D2:1D
Certificate issuer:       /CN=b0d8f469b90711a1282bf490d00f156096597760
Certificate serial:       018CC4938D3A7E6EB8F4D2FAA6D21927A26F
Authority key identifier: B0:D8:F4:69:B9:07:11:A1:28:2B:F4:90:D0:0F:15:60:96:59:77:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sNj0abkHEaEoK_SQ0A8VYJZZd2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/r3mxfQBFdxKmvAvtxIjbQHR20h0.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205514
IP address blocks:        185.201.0.0/23 maxlen: 23
                          185.201.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/sNj0abkHEaEoK_SQ0A8VYJZZd2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/sNj0abkHEaEoK_SQ0A8VYJZZd2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sNj0abkHEaEoK_SQ0A8VYJZZd2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jul 2024 20:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8d:3a:7e:6e:b8:f4:d2:fa:a6:d2:19:27:a2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0d8f469b90711a1282bf490d00f156096597760
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af79b17d00457712a6bc0bedc488db407476d21d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fe:10:6e:ee:0f:d1:b4:34:b8:52:c3:47:47:
                    36:0c:04:ce:08:29:29:47:f0:59:4d:13:1b:26:69:
                    04:79:1e:9e:6b:51:4f:23:56:9f:28:2a:04:27:20:
                    eb:fd:ff:3e:30:c8:36:96:6b:9b:26:c3:ff:c0:f7:
                    e4:b7:c7:66:a1:14:91:f2:bc:5b:1a:7c:1c:9e:f9:
                    4c:d3:e5:89:54:5c:5f:de:ed:3b:fd:43:7b:cc:26:
                    94:6f:52:37:40:63:53:5d:f8:1d:38:90:e1:16:f9:
                    2d:a6:be:4e:4c:73:00:cb:fb:8c:48:0b:f2:d3:42:
                    8c:da:eb:3f:13:c2:a2:6e:ef:35:f0:b9:e5:73:5d:
                    9d:e2:35:2e:3b:f9:c8:69:bc:de:8b:28:a9:7a:ef:
                    45:85:65:1c:c8:07:1c:7e:6d:ee:b3:2d:00:fc:db:
                    46:41:31:1c:75:06:ec:8f:71:7a:b6:0c:ed:9b:dc:
                    ce:b1:f2:5e:35:89:81:6a:ea:4b:d4:06:61:2d:40:
                    70:81:0e:9b:b0:7d:42:38:f7:df:ae:6b:4f:84:e3:
                    76:bf:68:a3:37:b3:49:4f:cd:1c:84:c8:90:9a:4e:
                    45:a0:30:1b:1d:2a:f6:54:e5:55:f2:5e:a1:03:d0:
                    16:b6:17:8c:23:01:a9:3a:10:96:81:0d:8f:e6:c0:
                    01:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:79:B1:7D:00:45:77:12:A6:BC:0B:ED:C4:88:DB:40:74:76:D2:1D
            X509v3 Authority Key Identifier:
                keyid:B0:D8:F4:69:B9:07:11:A1:28:2B:F4:90:D0:0F:15:60:96:59:77:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sNj0abkHEaEoK_SQ0A8VYJZZd2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/r3mxfQBFdxKmvAvtxIjbQHR20h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/530c2b-9442-4621-8e91-d0e48680f232/1/sNj0abkHEaEoK_SQ0A8VYJZZd2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.0.0-185.201.2.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:96:3b:ec:d8:72:67:51:9c:75:2e:1a:c8:43:92:ac:a4:06:
         be:33:02:0f:8d:0b:bd:92:6b:61:c3:6a:52:63:21:ab:a7:17:
         d2:fc:54:cc:1b:99:06:0a:02:4a:1d:97:86:c8:b2:09:ee:7c:
         e3:44:46:66:d5:bf:8f:df:0e:db:d7:66:f1:bd:9b:6c:4d:c8:
         3d:10:4d:b2:d4:c5:66:c1:ec:cf:21:0f:3a:ce:c8:b3:7a:8a:
         68:64:3a:70:ed:ad:fe:59:09:d4:fb:1f:1c:ab:e0:9b:29:14:
         d2:f0:0d:7a:85:89:a0:6d:8f:e4:9d:51:ab:20:93:cb:17:9f:
         81:aa:21:a8:0f:7a:bc:ac:62:08:6e:be:51:39:d4:f0:69:21:
         44:b9:26:15:b5:5e:26:f9:3e:18:70:3e:4c:a1:72:48:96:ab:
         10:b5:d0:a7:76:f9:1b:30:04:c7:6d:60:8d:4a:ec:78:01:64:
         fd:73:13:d1:4f:18:6d:0f:be:f3:af:9c:c8:b3:71:ec:42:3e:
         c9:73:d4:b7:49:4b:ff:db:12:fd:e1:79:0a:67:ad:1e:a5:8b:
         5e:c4:0b:8b:e8:5f:69:05:70:2f:d0:20:75:7a:37:34:5d:5b:
         5d:ef:d5:71:a8:75:d9:1e:26:f2:d9:a4:cc:fa:72:f6:0e:ac:
         09:01:99:85
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzEk406fm649NL6ptIZJ6JvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZDhmNDY5YjkwNzExYTEyODJiZjQ5MGQwMGYxNTYwOTY1
OTc3NjAwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc5YjE3ZDAwNDU3NzEyYTZiYzBiZWRjNDg4ZGI0MDc0NzZkMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP4Qbu4P0bQ0uFLDR0c2DATOCCkp
R/BZTRMbJmkEeR6ea1FPI1afKCoEJyDr/f8+MMg2lmubJsP/wPfkt8dmoRSR8rxb
GnwcnvlM0+WJVFxf3u07/UN7zCaUb1I3QGNTXfgdOJDhFvktpr5OTHMAy/uMSAvy
00KM2us/E8Kibu818Lnlc12d4jUuO/nIabzeiyipeu9FhWUcyAccfm3usy0A/NtG
QTEcdQbsj3F6tgztm9zOsfJeNYmBaupL1AZhLUBwgQ6bsH1COPffrmtPhON2v2ij
N7NJT80chMiQmk5FoDAbHSr2VOVV8l6hA9AWtheMIwGpOhCWgQ2P5sABvQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFK95sX0ARXcSprwL7cSI20B0dtIdMB8GA1UdIwQY
MBaAFLDY9Gm5BxGhKCv0kNAPFWCWWXdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc05qMGFia0hFYUVvS19TUTBBOFZZSlpaZDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81MzBjMmItOTQ0Mi00NjIxLThlOTEt
ZDBlNDg2ODBmMjMyLzEvcjNteGZRQkZkeEttdkF2dHhJamJRSFIyMGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81MzBjMmItOTQ0Mi00NjIxLThlOTEtZDBlNDg2ODBmMjMy
LzEvc05qMGFia0hFYUVvS19TUTBBOFZZSlpaZDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwC5yQME
ALnJAjANBgkqhkiG9w0BAQsFAAOCAQEAW5Y77NhyZ1GcdS4ayEOSrKQGvjMCD40L
vZJrYcNqUmMhq6cX0vxUzBuZBgoCSh2XhsiyCe5840RGZtW/j98O29dm8b2bbE3I
PRBNstTFZsHszyEPOs7Is3qKaGQ6cO2t/lkJ1PsfHKvgmykU0vANeoWJoG2P5J1R
qyCTyxefgaohqA96vKxiCG6+UTnU8GkhRLkmFbVeJvk+GHA+TKFySJarELXQp3b5
GzAEx21gjUrseAFk/XMT0U8YbQ++86+cyLNx7EI+yXPUt0lL/9sS/eF5CmetHqWL
XsQLi+hfaQVwL9AgdXo3NF1bXe/Vcah12R4m8tmkzPpy9g6sCQGZhQ==
-----END CERTIFICATE-----