Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/9k_U0cseiz0W7VC_uLLS3bTLX6Q.roa
File:                     9k_U0cseiz0W7VC_uLLS3bTLX6Q.roa (raw, json)
Hash identifier:          K8IPHZbDLMnvGWmNQB2aZdoUyD0bGcTL4OBSYQ2EFbI=
Subject key identifier:   F6:4F:D4:D1:CB:1E:8B:3D:16:ED:50:BF:B8:B2:D2:DD:B4:CB:5F:A4
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       018CC4939552150E3DB4940E66988D8C2841
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/9k_U0cseiz0W7VC_uLLS3bTLX6Q.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12665
IP address blocks:        212.4.224.0/19 maxlen: 19
                          195.238.144.0/20 maxlen: 20
                          195.238.128.0/19 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:52:15:0e:3d:b4:94:0e:66:98:8d:8c:28:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f64fd4d1cb1e8b3d16ed50bfb8b2d2ddb4cb5fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:84:ed:bf:65:6e:eb:5c:04:42:41:45:fa:70:
                    9a:56:ef:60:7e:81:c6:f2:e0:2e:bc:a4:3a:43:ae:
                    0e:62:25:c0:f6:4c:cd:1f:05:ec:43:b0:c4:7d:12:
                    38:3a:ab:b5:77:cc:c0:00:d8:53:fe:e0:81:cd:ac:
                    88:c3:9e:c0:2e:a9:bd:ce:22:c8:dd:03:06:db:cb:
                    49:7f:d1:b0:58:93:0d:08:75:b3:bb:c6:98:20:ba:
                    c3:10:40:7b:16:77:1e:ff:59:38:e6:9b:55:63:45:
                    f7:29:fe:51:b0:23:c6:e1:d9:a8:ee:6d:70:c4:08:
                    ef:94:d5:02:d1:73:43:19:4d:96:5b:75:8a:0b:ce:
                    50:8b:53:30:09:5a:1f:20:1b:9d:d0:a0:b7:16:2d:
                    af:86:af:cc:7a:e6:96:c6:85:19:66:69:d9:82:15:
                    27:b5:07:fd:57:31:3e:b9:ff:7e:90:59:f1:39:77:
                    03:ac:f3:d9:6b:d4:86:c2:b0:bd:c0:ab:47:ee:00:
                    40:ff:61:24:25:95:55:7b:2a:59:ff:cf:33:ed:17:
                    15:d5:c8:cf:a3:19:bf:0a:88:ce:6b:a4:43:4e:21:
                    46:c5:32:bf:88:7f:e8:23:f6:8f:1a:92:dd:ef:69:
                    0a:83:2d:b6:05:68:7c:52:99:d2:1b:87:ee:bf:e6:
                    62:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4F:D4:D1:CB:1E:8B:3D:16:ED:50:BF:B8:B2:D2:DD:B4:CB:5F:A4
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/9k_U0cseiz0W7VC_uLLS3bTLX6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.128.0/19
                  212.4.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         15:79:6b:12:1d:36:70:83:54:f2:3f:b4:a4:14:50:4a:e5:cb:
         0f:bc:29:16:05:b5:49:b5:95:66:9f:3f:b4:66:7a:80:18:4b:
         24:79:00:af:5e:1a:bf:8d:d8:e1:34:60:6a:bd:8d:d6:96:df:
         d7:4d:c0:1b:96:e5:55:64:1e:16:79:b3:97:47:46:f1:d0:ba:
         2a:ce:a2:25:e2:b9:8e:1c:ed:5f:80:7f:c3:0d:87:50:94:c7:
         f3:26:d0:d5:81:70:98:96:8d:ac:ce:c0:73:50:a1:ad:0d:77:
         5b:1a:7d:3a:fc:f5:1e:93:c1:33:81:e0:2c:af:e3:a6:5e:45:
         64:21:19:8e:8e:d5:53:71:c3:78:48:6e:ae:5c:fd:e3:2a:37:
         d4:72:5d:79:77:0c:83:e0:0c:25:58:cc:fe:6b:c7:f1:88:46:
         44:7d:41:6c:7a:a4:9d:46:2c:ee:50:ae:71:cc:56:be:0d:dd:
         23:d0:1f:77:c6:82:cd:26:4a:d9:b7:55:f5:43:4f:aa:c4:05:
         43:19:ab:0b:7d:85:18:ea:c6:d8:d3:98:61:e4:d2:27:48:5a:
         71:85:d3:e3:a4:b6:b8:32:7c:58:81:59:a0:3d:1e:34:85:f1:
         87:63:da:a0:45:54:e7:b0:81:b5:c0:12:67:5f:cc:1d:44:d9:
         ba:2e:11:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk5VSFQ49tJQOZpiNjChBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRmZDRkMWNiMWU4YjNkMTZlZDUwYmZiOGIyZDJkZGI0Y2I1ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4Ttv2Vu61wEQkFF+nCaVu9gfoHG
8uAuvKQ6Q64OYiXA9kzNHwXsQ7DEfRI4Oqu1d8zAANhT/uCBzayIw57ALqm9ziLI
3QMG28tJf9GwWJMNCHWzu8aYILrDEEB7Fnce/1k45ptVY0X3Kf5RsCPG4dmo7m1w
xAjvlNUC0XNDGU2WW3WKC85Qi1MwCVofIBud0KC3Fi2vhq/MeuaWxoUZZmnZghUn
tQf9VzE+uf9+kFnxOXcDrPPZa9SGwrC9wKtH7gBA/2EkJZVVeypZ/88z7RcV1cjP
oxm/CojOa6RDTiFGxTK/iH/oI/aPGpLd72kKgy22BWh8UpnSG4fuv+ZiCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPZP1NHLHos9Fu1Qv7iy0t20y1+kMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvOWtfVTBjc2VpejBXN1ZDX3VMTFMzYlRMWDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFw+6AAwQF
1ATgMA0GCSqGSIb3DQEBCwUAA4IBAQAVeWsSHTZwg1TyP7SkFFBK5csPvCkWBbVJ
tZVmnz+0ZnqAGEskeQCvXhq/jdjhNGBqvY3Wlt/XTcAbluVVZB4WebOXR0bx0Loq
zqIl4rmOHO1fgH/DDYdQlMfzJtDVgXCYlo2szsBzUKGtDXdbGn06/PUek8EzgeAs
r+OmXkVkIRmOjtVTccN4SG6uXP3jKjfUcl15dwyD4AwlWMz+a8fxiEZEfUFseqSd
RizuUK5xzFa+Dd0j0B93xoLNJkrZt1X1Q0+qxAVDGasLfYUY6sbY05hh5NInSFpx
hdPjpLa4MnxYgVmgPR40hfGHY9qgRVTnsIG1wBJnX8wdRNm6LhGc
-----END CERTIFICATE-----