Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/ZCQ3_ttv9Oemi5GZgn6-OrBhdnA.roa
File:                     ZCQ3_ttv9Oemi5GZgn6-OrBhdnA.roa (raw, json)
Hash identifier:          J2Tul/t+3vXj89aadwLZVMC/CKBjJ9LVvtjJBLDDNUE=
Subject key identifier:   64:24:37:FE:DB:6F:F4:E7:A6:8B:91:99:82:7E:BE:3A:B0:61:76:70
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726EC2031E8C755EF72DA3382A124D9
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/ZCQ3_ttv9Oemi5GZgn6-OrBhdnA.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60700
IP address blocks:        194.44.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ec:20:31:e8:c7:55:ef:72:da:33:82:a1:24:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642437fedb6ff4e7a68b9199827ebe3ab0617670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:33:7e:e1:a4:c5:01:19:80:75:7c:7e:16:97:
                    d3:60:37:83:a2:7b:dc:2f:f9:84:a5:e1:b7:bb:e8:
                    5a:47:77:cc:19:4c:87:1d:2f:e3:cc:6a:3a:34:e0:
                    76:71:62:1d:e5:8e:87:a9:2d:2e:18:29:0d:1e:d8:
                    7b:4b:3e:2d:54:36:5e:97:41:76:86:8b:38:e9:60:
                    51:4c:e8:74:51:3c:95:42:59:67:37:e4:b9:2a:92:
                    63:24:46:d5:5c:b7:3b:1e:7f:11:bb:25:9f:71:b3:
                    52:be:ad:e3:8c:85:cf:4d:ad:83:fa:78:74:a2:7e:
                    60:4a:8a:61:95:88:db:fe:f2:db:44:67:73:a4:28:
                    b3:5b:84:9e:25:f6:20:49:41:92:48:f1:22:a5:21:
                    be:bb:ba:67:f8:f9:7b:22:e1:ef:71:16:8a:0f:81:
                    14:66:2a:ca:d4:66:f7:a9:dd:0b:60:01:13:48:a0:
                    d5:3f:99:ed:46:b2:04:c9:17:1d:78:32:34:d7:a0:
                    b2:9c:79:51:5e:5f:3d:60:b1:23:49:d8:92:4c:31:
                    72:01:d2:39:44:f4:8f:12:f7:ae:cb:5d:dc:59:8e:
                    72:24:46:c4:a9:1d:40:ea:5f:8c:aa:95:ac:ad:16:
                    ca:19:03:eb:28:c5:d0:97:2e:4f:6c:5a:8e:bd:ed:
                    17:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:24:37:FE:DB:6F:F4:E7:A6:8B:91:99:82:7E:BE:3A:B0:61:76:70
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/ZCQ3_ttv9Oemi5GZgn6-OrBhdnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:00:34:0c:c5:40:64:9c:a3:28:df:54:66:07:34:64:0a:25:
         ef:8e:5c:15:53:8e:cd:19:0a:6a:da:8b:40:b9:bc:2f:5c:cb:
         46:f2:54:c6:48:8b:6f:e8:85:56:8b:96:35:5d:ba:3d:4b:2e:
         e1:ae:5b:76:1f:60:4f:17:83:7c:9c:35:58:19:d8:ef:c1:1c:
         52:ec:9f:35:d3:cc:a5:a8:27:d8:dc:28:5a:d4:30:3b:48:4f:
         6e:cd:b3:9a:dc:16:57:c1:53:cd:84:11:b4:4a:a7:96:dd:cf:
         58:c8:4f:28:4f:57:0d:e9:c1:39:d2:65:f3:d3:23:21:cb:27:
         82:c0:71:ce:dd:84:a5:b5:a9:26:3e:9d:a9:ff:6e:51:fc:af:
         22:50:7c:11:31:b9:7b:b1:b4:06:00:de:79:de:5e:2e:3d:67:
         ec:27:d7:5b:a4:48:83:6d:ec:5e:f9:95:d1:d3:92:b6:e4:7e:
         f1:e0:83:35:b5:b3:21:db:b8:9a:ed:ea:70:55:96:a7:b5:49:
         91:40:f4:ed:9b:fd:76:de:cc:d6:61:99:c8:bf:95:b3:de:00:
         ea:08:86:fc:95:b9:fa:3a:24:6d:17:be:62:33:f1:a7:59:f8:
         3e:cd:d0:41:1e:71:f4:c1:d1:61:29:3f:9e:67:7a:78:eb:c8:
         a7:f2:cd:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuwgMejHVe9y2jOCoSTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI0MzdmZWRiNmZmNGU3YTY4YjkxOTk4MjdlYmUzYWIwNjE3NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTN+4aTFARmAdXx+FpfTYDeDonvc
L/mEpeG3u+haR3fMGUyHHS/jzGo6NOB2cWId5Y6HqS0uGCkNHth7Sz4tVDZel0F2
hos46WBRTOh0UTyVQllnN+S5KpJjJEbVXLc7Hn8RuyWfcbNSvq3jjIXPTa2D+nh0
on5gSophlYjb/vLbRGdzpCizW4SeJfYgSUGSSPEipSG+u7pn+Pl7IuHvcRaKD4EU
ZirK1Gb3qd0LYAETSKDVP5ntRrIEyRcdeDI016CynHlRXl89YLEjSdiSTDFyAdI5
RPSPEveuy13cWY5yJEbEqR1A6l+MqpWsrRbKGQPrKMXQly5PbFqOve0XdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQkN/7bb/TnpouRmYJ+vjqwYXZwMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvWkNRM190dHY5T2VtaTVHWmduNi1PckJoZG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiweMA0G
CSqGSIb3DQEBCwUAA4IBAQBCADQMxUBknKMo31RmBzRkCiXvjlwVU47NGQpq2otA
ubwvXMtG8lTGSItv6IVWi5Y1Xbo9Sy7hrlt2H2BPF4N8nDVYGdjvwRxS7J8108yl
qCfY3Cha1DA7SE9uzbOa3BZXwVPNhBG0SqeW3c9YyE8oT1cN6cE50mXz0yMhyyeC
wHHO3YSltakmPp2p/25R/K8iUHwRMbl7sbQGAN553l4uPWfsJ9dbpEiDbexe+ZXR
05K25H7x4IM1tbMh27ia7epwVZantUmRQPTtm/123szWYZnIv5Wz3gDqCIb8lbn6
OiRtF75iM/GnWfg+zdBBHnH0wdFhKT+eZ3p468in8s2B
-----END CERTIFICATE-----