Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3EKZuF61sSru0jw4x5Xj_xQyu_4.roa
File:                     3EKZuF61sSru0jw4x5Xj_xQyu_4.roa (raw, json)
Hash identifier:          f7lp46aWXnE865Rj9JUZ+Dq8CT5RvIv/bCF/4ba8+Jw=
Subject key identifier:   DC:42:99:B8:5E:B5:B1:2A:EE:D2:3C:38:C7:95:E3:FF:14:32:BB:FE
Certificate issuer:       /CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
Certificate serial:       018CC5DC542EEC383007E05F7E8CF3104EED
Authority key identifier: AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3EKZuF61sSru0jw4x5Xj_xQyu_4.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        91.216.108.0/24 maxlen: 24
                          195.66.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 22:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:54:2e:ec:38:30:07:e0:5f:7e:8c:f3:10:4e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc4299b85eb5b12aeed23c38c795e3ff1432bbfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:6b:85:05:ae:e6:c0:09:f2:d3:3c:af:a8:
                    7f:f8:67:01:75:24:59:ac:f0:c7:d5:30:c8:3e:fd:
                    25:ba:7b:bf:2d:18:fd:53:35:08:bb:7c:7f:45:56:
                    76:1a:40:83:3a:7e:69:b3:e2:c8:ed:3f:10:a5:1d:
                    07:bc:79:e0:7f:f1:f2:6c:75:df:08:eb:ea:3a:01:
                    50:cb:11:7e:f2:26:7b:99:22:10:d0:7f:ef:0a:23:
                    e8:c5:e6:db:22:47:63:1d:ae:65:9c:d2:40:4e:28:
                    79:7d:1e:44:d3:72:cb:f5:dc:1c:7f:f3:f1:a8:61:
                    5d:fb:65:02:5d:bd:a4:1a:30:af:97:14:4e:36:d1:
                    f2:fe:49:cd:84:e6:39:cd:87:13:1d:dd:4d:13:34:
                    26:7f:cc:d9:c5:ab:df:c0:21:be:ab:1e:d6:17:c4:
                    76:88:22:f7:61:72:b2:c9:2b:d8:4c:d7:90:94:e1:
                    0f:08:94:9f:15:0f:f1:bd:f0:ce:21:7b:b6:2b:29:
                    6d:73:a7:5d:8a:68:56:f6:6d:0a:06:af:2f:5b:0b:
                    f5:46:27:be:13:9c:79:46:64:c2:26:1a:5b:58:c1:
                    54:20:d0:6b:7d:40:13:be:13:66:30:e3:37:18:70:
                    01:f6:e1:57:54:c6:94:7a:6c:e0:3f:bd:7b:fe:7b:
                    f3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:42:99:B8:5E:B5:B1:2A:EE:D2:3C:38:C7:95:E3:FF:14:32:BB:FE
            X509v3 Authority Key Identifier:
                keyid:AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3EKZuF61sSru0jw4x5Xj_xQyu_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.108.0/24
                  195.66.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:62:10:16:f4:af:35:b6:ce:03:8f:ac:aa:54:55:56:e0:9a:
         99:d6:ec:81:ae:df:25:ce:58:04:d0:df:7f:3f:1c:06:90:e2:
         d4:a8:1d:d0:29:12:cc:ff:b0:29:92:fe:fb:a6:be:4f:0e:e7:
         15:c2:62:91:cc:9a:fe:b8:7a:67:dd:5a:da:31:d3:cd:7c:a4:
         49:e0:bb:78:2e:d9:18:6b:76:fe:5b:77:b1:3e:15:8a:a3:27:
         f5:78:c2:5e:73:74:30:cc:75:3a:da:4b:ce:b4:49:07:d6:51:
         a1:97:35:08:53:01:1a:2c:e6:04:08:ac:3f:fc:dc:6a:34:57:
         b4:1f:8c:60:b5:51:9c:7a:be:6b:93:a5:79:54:89:44:22:68:
         72:6b:99:9f:73:89:f6:a0:85:89:00:76:d9:98:e0:2e:29:17:
         71:ce:7a:c2:f9:f8:9a:c1:c2:ba:23:47:d5:b7:12:5a:18:89:
         6a:c1:27:c0:b2:73:d3:c9:2d:e9:51:0a:67:e1:55:b4:f7:f7:
         97:4a:ee:6c:62:9e:5f:c4:88:9d:1b:df:d0:c9:d7:8d:32:04:
         8f:e6:81:20:2d:81:e6:a9:55:a4:75:fc:d8:b9:09:fd:f0:ee:
         45:12:cd:5a:35:0c:42:65:ce:08:67:2a:1c:12:ac:9d:c0:52:
         1c:a1:ab:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3FQu7DgwB+BffozzEE7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNGM4MzBiMTEyNjE0ODNhNjJiNjY5NmE0YzM3MjBlOGFk
ODhhMGQwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQyOTliODVlYjViMTJhZWVkMjNjMzhjNzk1ZTNmZjE0MzJiYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkBrhQWu5sAJ8tM8r6h/+GcBdSRZ
rPDH1TDIPv0lunu/LRj9UzUIu3x/RVZ2GkCDOn5ps+LI7T8QpR0HvHngf/HybHXf
COvqOgFQyxF+8iZ7mSIQ0H/vCiPoxebbIkdjHa5lnNJATih5fR5E03LL9dwcf/Px
qGFd+2UCXb2kGjCvlxRONtHy/knNhOY5zYcTHd1NEzQmf8zZxavfwCG+qx7WF8R2
iCL3YXKyySvYTNeQlOEPCJSfFQ/xvfDOIXu2Kyltc6ddimhW9m0KBq8vWwv1Rie+
E5x5RmTCJhpbWMFUINBrfUATvhNmMOM3GHAB9uFXVMaUemzgP717/nvztwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNxCmbhetbEq7tI8OMeV4/8UMrv+MB8GA1UdIwQY
MBaAFK1MgwsRJhSDpitmlqTDcg6K2IoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEt
MjIyY2ViNmMzNDRjLzEvM0VLWnVGNjFzU3J1MGp3NHg1WGpfeFF5dV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEtMjIyY2ViNmMzNDRj
LzEvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9hsAwQA
w0JMMA0GCSqGSIb3DQEBCwUAA4IBAQBuYhAW9K81ts4Dj6yqVFVW4JqZ1uyBrt8l
zlgE0N9/PxwGkOLUqB3QKRLM/7Apkv77pr5PDucVwmKRzJr+uHpn3VraMdPNfKRJ
4Lt4LtkYa3b+W3exPhWKoyf1eMJec3QwzHU62kvOtEkH1lGhlzUIUwEaLOYECKw/
/NxqNFe0H4xgtVGcer5rk6V5VIlEImhya5mfc4n2oIWJAHbZmOAuKRdxznrC+fia
wcK6I0fVtxJaGIlqwSfAsnPTyS3pUQpn4VW09/eXSu5sYp5fxIidG9/QydeNMgSP
5oEgLYHmqVWkdfzYuQn98O5FEs1aNQxCZc4IZyocEqydwFIcoauM
-----END CERTIFICATE-----