Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/FeX7nnlz-bT3OG3Eu7pJX4WJ8dU.roa
File:                     FeX7nnlz-bT3OG3Eu7pJX4WJ8dU.roa (raw, json)
Hash identifier:          zgXG0dxwc+flkxFfrJjZzwbaNLBFfj/AwGtci8VqOgQ=
Subject key identifier:   15:E5:FB:9E:79:73:F9:B4:F7:38:6D:C4:BB:BA:49:5F:85:89:F1:D5
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       018CCA2B0C9C3E9E3AFE6685A0C127B04943
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/FeX7nnlz-bT3OG3Eu7pJX4WJ8dU.roa
Signing time:             Tue 02 Jan 2024 12:34:28 +0000
ROA not before:           Tue 02 Jan 2024 12:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204723
IP address blocks:        213.83.5.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0c:9c:3e:9e:3a:fe:66:85:a0:c1:27:b0:49:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  2 12:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15e5fb9e7973f9b4f7386dc4bbba495f8589f1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:95:7a:4a:51:0b:27:ce:33:d7:c8:9c:59:90:
                    f0:d0:c3:4d:a2:5a:d6:73:5d:05:24:cc:0e:af:ca:
                    04:0f:a1:97:e7:a9:43:fe:a4:9e:68:22:d0:a1:83:
                    04:fd:0e:76:69:e6:ac:62:09:88:0a:a9:9e:83:92:
                    6c:d5:59:25:5d:4e:6c:19:bd:51:76:78:08:b8:9c:
                    36:38:2f:8b:fd:02:62:3b:be:d5:fa:bb:ff:e3:c8:
                    0c:af:0d:02:98:aa:bd:36:e4:61:26:79:a4:c3:ae:
                    4a:fb:92:de:5d:d9:cf:ab:1b:00:a4:82:3e:d4:90:
                    8a:e7:3d:08:a5:74:df:94:33:fe:38:28:e0:39:3d:
                    4b:65:8b:52:1d:26:fc:f2:ca:f7:04:23:7a:e8:1c:
                    77:88:25:9b:ec:97:fe:07:0b:63:a1:40:f7:af:0e:
                    af:34:57:55:ee:ef:ea:5c:58:86:a9:d2:57:cb:81:
                    ca:9b:7b:3c:d8:98:1e:9d:55:ab:0b:8a:0c:4f:fa:
                    c3:c0:78:1c:b5:d8:25:47:55:a4:94:21:22:3b:86:
                    9e:0d:d3:6d:9c:1b:ab:82:6c:bb:16:c6:fd:36:5a:
                    da:fc:87:b0:02:7c:08:ae:13:29:00:b8:e6:fc:03:
                    16:1f:5d:14:89:56:ca:02:b5:45:28:3a:2e:1d:e8:
                    8f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E5:FB:9E:79:73:F9:B4:F7:38:6D:C4:BB:BA:49:5F:85:89:F1:D5
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/FeX7nnlz-bT3OG3Eu7pJX4WJ8dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.83.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c5:0a:eb:e8:50:74:62:01:d8:da:b0:b5:9a:f2:08:fc:78:
         6c:3c:3f:b4:4d:e8:74:80:ae:04:a7:10:d9:80:55:a6:c7:28:
         73:49:d0:8b:cc:8b:e6:6e:46:49:64:e1:6c:40:2d:d4:a8:8f:
         37:18:cf:52:c1:34:a2:c9:a2:a7:d6:c5:72:31:43:e6:dd:44:
         99:5a:0c:2f:a0:4a:5b:ba:57:ca:d8:6e:4c:27:5a:59:41:fb:
         07:93:39:57:43:69:6c:a0:14:75:bb:5c:4a:d5:33:4e:82:9d:
         6d:4d:ea:2a:9d:3e:5f:0f:81:4a:5e:e9:2a:30:85:82:99:82:
         91:e4:d3:5a:4c:7c:d6:22:63:66:d8:d6:da:5b:8b:e6:e5:3a:
         8d:c8:57:04:ef:f4:2b:a0:23:5f:cd:c3:03:7b:27:fa:62:a7:
         63:3c:ef:52:5d:15:af:47:de:bd:a6:66:20:0c:15:28:b3:65:
         11:2d:7a:9e:1d:32:80:90:63:a8:62:6f:ae:8a:c0:2b:d2:0d:
         7b:f7:3c:56:e8:1b:aa:c9:20:4f:d8:d5:2e:6e:ac:67:7e:6a:
         68:6c:37:87:dc:ed:97:cb:98:91:58:1f:0c:9b:10:55:de:d0:
         22:ee:00:13:0a:1a:45:1c:45:71:ce:d2:e1:0a:8f:ff:fa:9b:
         cc:e8:ca:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKwycPp46/maFoMEnsElDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjQwMTAyMTIzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWU1ZmI5ZTc5NzNmOWI0ZjczODZkYzRiYmJhNDk1Zjg1ODlmMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZV6SlELJ84z18icWZDw0MNNolrW
c10FJMwOr8oED6GX56lD/qSeaCLQoYME/Q52aeasYgmICqmeg5Js1VklXU5sGb1R
dngIuJw2OC+L/QJiO77V+rv/48gMrw0CmKq9NuRhJnmkw65K+5LeXdnPqxsApII+
1JCK5z0IpXTflDP+OCjgOT1LZYtSHSb88sr3BCN66Bx3iCWb7Jf+BwtjoUD3rw6v
NFdV7u/qXFiGqdJXy4HKm3s82JgenVWrC4oMT/rDwHgctdglR1WklCEiO4aeDdNt
nBurgmy7Fsb9Nlra/IewAnwIrhMpALjm/AMWH10UiVbKArVFKDouHeiPxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXl+555c/m09zhtxLu6SV+FifHVMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvRmVYN25ubHotYlQzT0czRXU3cEpYNFdKOGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VMFMA0G
CSqGSIb3DQEBCwUAA4IBAQA9xQrr6FB0YgHY2rC1mvII/HhsPD+0Teh0gK4EpxDZ
gFWmxyhzSdCLzIvmbkZJZOFsQC3UqI83GM9SwTSiyaKn1sVyMUPm3USZWgwvoEpb
ulfK2G5MJ1pZQfsHkzlXQ2lsoBR1u1xK1TNOgp1tTeoqnT5fD4FKXukqMIWCmYKR
5NNaTHzWImNm2NbaW4vm5TqNyFcE7/QroCNfzcMDeyf6YqdjPO9SXRWvR969pmYg
DBUos2URLXqeHTKAkGOoYm+uisAr0g179zxW6BuqySBP2NUubqxnfmpobDeH3O2X
y5iRWB8MmxBV3tAi7gATChpFHEVxztLhCo//+pvM6Mp3
-----END CERTIFICATE-----