Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3Hfwcb6LFPRPa1zF8-NRKaFhG0k.roa
File:                     3Hfwcb6LFPRPa1zF8-NRKaFhG0k.roa (raw, json)
Hash identifier:          KYCB7OJFjqaWxwny8OXARun7ConMD0SQZhWmOiq5gf4=
Subject key identifier:   DC:77:F0:71:BE:8B:14:F4:4F:6B:5C:C5:F3:E3:51:29:A1:61:1B:49
Certificate issuer:       /CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
Certificate serial:       018CC5DC53E784BAC2CAD1C594361CFD3E5C
Authority key identifier: AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3Hfwcb6LFPRPa1zF8-NRKaFhG0k.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8879
IP address blocks:        91.216.108.0/24 maxlen: 24
                          195.66.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:53:e7:84:ba:c2:ca:d1:c5:94:36:1c:fd:3e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc77f071be8b14f44f6b5cc5f3e35129a1611b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6d:44:d6:da:6f:dc:aa:ba:e1:3b:1f:64:3a:
                    96:5e:59:28:14:aa:0a:59:ff:46:fb:a1:d3:60:af:
                    85:7d:8e:90:19:5e:d2:b9:1a:af:1f:af:5e:04:aa:
                    a9:c8:e8:22:91:fa:6d:6a:57:f3:ff:78:8f:e1:58:
                    73:3e:e7:7d:49:13:8b:e2:ba:b9:b8:af:b5:eb:da:
                    2a:86:aa:d8:6f:d4:5e:af:da:cf:59:16:23:6c:09:
                    48:ac:da:d5:1d:c5:1f:f0:60:6f:20:99:2e:ed:2e:
                    df:6e:04:6e:6a:0f:28:27:76:76:ad:ad:71:05:6b:
                    e1:88:8e:c2:12:04:9a:59:25:a2:35:db:bc:0d:77:
                    c6:ef:d9:82:83:ca:f9:83:16:58:65:93:d0:d4:5d:
                    0b:4c:db:69:ac:ee:d6:83:00:4c:b3:ac:7b:92:a5:
                    04:6b:cc:03:a9:1f:50:6b:a1:89:16:4f:7f:28:fa:
                    f5:ec:a6:1d:6c:ac:23:38:a0:7d:ef:f8:60:c0:2a:
                    b4:1f:1d:9b:a7:e0:8a:b0:bb:c9:66:ea:7a:3f:bc:
                    b6:13:00:50:12:2e:38:2b:a7:43:cc:1f:aa:d6:64:
                    da:75:1c:4e:65:18:ca:d3:53:07:5d:11:cf:77:46:
                    5f:c8:a1:6d:c8:68:eb:34:68:b6:69:62:5b:eb:ef:
                    29:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:77:F0:71:BE:8B:14:F4:4F:6B:5C:C5:F3:E3:51:29:A1:61:1B:49
            X509v3 Authority Key Identifier:
                keyid:AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/3Hfwcb6LFPRPa1zF8-NRKaFhG0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.108.0/24
                  195.66.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:00:a8:30:56:e4:f3:e9:69:e0:91:98:48:56:f8:21:64:d3:
         9a:eb:ae:03:85:e2:ee:cb:97:63:43:cc:45:65:4a:a9:e4:1d:
         ed:df:04:ef:51:7d:51:5e:69:22:84:15:70:cf:5c:9d:e8:0c:
         94:96:77:e9:db:68:f5:07:b3:7e:f1:25:45:d8:6f:12:8f:39:
         fd:14:53:88:c3:1e:34:43:b8:df:a9:ae:ff:a9:bb:b8:06:89:
         91:0d:fc:66:d4:aa:52:ed:54:10:3c:7b:c5:85:42:f6:bc:1c:
         a0:16:aa:b2:1b:9d:6c:56:d0:54:92:c0:67:45:b1:f7:87:3c:
         b3:ab:fb:b0:9c:1a:f2:b5:9e:1d:44:b0:9b:b0:2a:06:3c:41:
         44:c5:a4:e2:70:42:4d:81:25:d9:f3:f1:fe:cf:e3:0f:34:0d:
         95:e0:06:3d:28:98:cd:11:a9:ea:6d:d7:b5:ff:08:83:d3:be:
         26:08:3a:f1:ad:51:d6:37:69:38:71:02:6c:6e:47:03:c7:7f:
         35:fd:a9:5e:84:6d:2a:ab:18:fe:ea:a4:54:e6:64:fc:7b:eb:
         db:c7:cf:50:33:dc:61:ac:d1:fe:d9:9c:1f:de:30:62:02:29:
         d4:5c:1e:a8:c0:45:e4:8e:14:90:7e:20:29:39:23:07:2b:4b:
         8e:b5:78:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3FPnhLrCytHFlDYc/T5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNGM4MzBiMTEyNjE0ODNhNjJiNjY5NmE0YzM3MjBlOGFk
ODhhMGQwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc3ZjA3MWJlOGIxNGY0NGY2YjVjYzVmM2UzNTEyOWExNjExYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG1E1tpv3Kq64TsfZDqWXlkoFKoK
Wf9G+6HTYK+FfY6QGV7SuRqvH69eBKqpyOgikfptalfz/3iP4VhzPud9SROL4rq5
uK+169oqhqrYb9Rer9rPWRYjbAlIrNrVHcUf8GBvIJku7S7fbgRuag8oJ3Z2ra1x
BWvhiI7CEgSaWSWiNdu8DXfG79mCg8r5gxZYZZPQ1F0LTNtprO7WgwBMs6x7kqUE
a8wDqR9Qa6GJFk9/KPr17KYdbKwjOKB97/hgwCq0Hx2bp+CKsLvJZup6P7y2EwBQ
Ei44K6dDzB+q1mTadRxOZRjK01MHXRHPd0ZfyKFtyGjrNGi2aWJb6+8pDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNx38HG+ixT0T2tcxfPjUSmhYRtJMB8GA1UdIwQY
MBaAFK1MgwsRJhSDpitmlqTDcg6K2IoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEt
MjIyY2ViNmMzNDRjLzEvM0hmd2NiNkxGUFJQYTF6RjgtTlJLYUZoRzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEtMjIyY2ViNmMzNDRj
LzEvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9hsAwQA
w0JMMA0GCSqGSIb3DQEBCwUAA4IBAQCEAKgwVuTz6WngkZhIVvghZNOa664DheLu
y5djQ8xFZUqp5B3t3wTvUX1RXmkihBVwz1yd6AyUlnfp22j1B7N+8SVF2G8Sjzn9
FFOIwx40Q7jfqa7/qbu4BomRDfxm1KpS7VQQPHvFhUL2vBygFqqyG51sVtBUksBn
RbH3hzyzq/uwnBrytZ4dRLCbsCoGPEFExaTicEJNgSXZ8/H+z+MPNA2V4AY9KJjN
Eanqbde1/wiD074mCDrxrVHWN2k4cQJsbkcDx381/alehG0qqxj+6qRU5mT8e+vb
x89QM9xhrNH+2Zwf3jBiAinUXB6owEXkjhSQfiApOSMHK0uOtXh1
-----END CERTIFICATE-----