Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/P1ofyT6x4WFl2vaAgUhSbzTodR4.roa
File:                     P1ofyT6x4WFl2vaAgUhSbzTodR4.roa (raw, json)
Hash identifier:          wTIt74aHeJ1gKkNGg3r+b+Iq6loGEdt+xpyaBYcKIvM=
Subject key identifier:   3F:5A:1F:C9:3E:B1:E1:61:65:DA:F6:80:81:48:52:6F:34:E8:75:1E
Certificate issuer:       /CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Certificate serial:       018CC8DE662C4D2186CB9449CD9601A2E3C4
Authority key identifier: AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/P1ofyT6x4WFl2vaAgUhSbzTodR4.roa
Signing time:             Tue 02 Jan 2024 06:31:07 +0000
ROA not before:           Tue 02 Jan 2024 06:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        82.115.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:66:2c:4d:21:86:cb:94:49:cd:96:01:a2:e3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
        Validity
            Not Before: Jan  2 06:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f5a1fc93eb1e16165daf6808148526f34e8751e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d1:11:d7:eb:f2:f1:5b:83:84:08:02:d9:31:
                    2a:c2:f4:6e:bc:78:40:e2:78:5c:89:5d:d6:38:ed:
                    e9:d3:1d:63:cc:73:4c:ea:e2:e4:54:40:bb:a1:5b:
                    3e:cf:6f:cc:9a:bb:28:17:68:52:d1:62:d1:71:8d:
                    6a:4a:38:d7:cd:be:cc:76:67:dd:94:5b:e3:cb:d1:
                    4c:0d:da:36:5f:68:b9:78:5d:75:9f:95:57:28:2a:
                    33:ba:9c:b0:89:e9:28:ca:40:cb:2d:fc:ec:64:cc:
                    3b:4c:78:05:5e:54:13:45:d3:49:f7:3e:12:2a:e6:
                    22:a8:1d:56:82:78:91:25:c1:c3:e4:0a:00:99:ab:
                    e6:6f:e3:f1:34:ad:3a:25:c4:dc:92:bd:d9:09:46:
                    b1:0a:61:86:75:7e:94:75:89:a3:f6:60:6a:7c:62:
                    b6:67:f0:ee:1f:3b:60:a8:fa:68:80:88:60:56:0b:
                    68:7c:0f:6f:3f:6f:54:b4:da:1d:43:2d:74:22:ed:
                    bf:00:e9:a7:1c:30:93:69:5b:d3:c8:48:19:9e:26:
                    c6:9c:4f:02:af:9a:9b:b9:8e:10:f1:1f:ee:9b:1f:
                    13:e3:32:6f:4d:df:2c:7b:cf:15:61:23:60:33:69:
                    69:c8:e4:23:f2:bc:a2:21:cc:b7:7d:32:7e:7f:c4:
                    70:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5A:1F:C9:3E:B1:E1:61:65:DA:F6:80:81:48:52:6F:34:E8:75:1E
            X509v3 Authority Key Identifier:
                keyid:AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/P1ofyT6x4WFl2vaAgUhSbzTodR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:d1:c1:71:ba:88:6c:d0:6b:3a:ab:3b:6e:d4:cb:3a:2b:
         9f:c4:db:be:bb:36:f9:b8:5b:d0:c9:25:e8:2f:a1:65:10:1f:
         09:cf:cf:a4:62:86:c3:90:f1:35:68:7a:5f:52:a0:cb:eb:4e:
         20:b1:e3:69:96:ec:50:5b:c7:e9:81:c6:81:f0:32:a0:ce:84:
         e7:a6:8d:5c:ad:54:22:66:8e:e8:49:d4:e2:07:49:02:f7:ca:
         0f:41:69:26:06:80:ec:8a:86:26:ba:b9:83:4c:8a:a0:b3:fc:
         10:48:27:61:42:5e:d6:64:42:b1:48:e2:31:39:11:32:ad:47:
         20:bc:25:0c:f7:10:a0:0a:0c:eb:56:4b:4b:e0:f8:fe:3d:1b:
         7d:5c:b0:f4:81:a9:d8:59:0b:9d:01:5c:4a:d3:83:e5:54:c9:
         a3:3e:22:b4:3f:a8:82:43:49:87:78:9d:ce:0d:37:b6:69:ff:
         d7:45:ca:2d:8c:d3:fc:41:c2:a9:53:01:0b:a1:48:6d:b3:81:
         c2:cd:e3:1e:44:bb:f5:d9:d7:b9:67:dc:8c:e2:12:32:05:5b:
         59:ff:35:fe:64:44:99:ca:4e:58:0d:a6:0c:53:53:c0:af:fe:
         f9:79:45:6e:d4:7e:8c:60:9c:18:eb:a8:aa:bf:63:72:d3:3b:
         d0:2a:6b:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3mYsTSGGy5RJzZYBouPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTMxNmZjNGE4M2IzZDAzZTI5NzVmOGJlYzI3MGNiMGY0
ZWZiMWQwHhcNMjQwMTAyMDYzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVhMWZjOTNlYjFlMTYxNjVkYWY2ODA4MTQ4NTI2ZjM0ZTg3NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutER1+vy8VuDhAgC2TEqwvRuvHhA
4nhciV3WOO3p0x1jzHNM6uLkVEC7oVs+z2/MmrsoF2hS0WLRcY1qSjjXzb7Mdmfd
lFvjy9FMDdo2X2i5eF11n5VXKCozupywiekoykDLLfzsZMw7THgFXlQTRdNJ9z4S
KuYiqB1WgniRJcHD5AoAmavmb+PxNK06JcTckr3ZCUaxCmGGdX6UdYmj9mBqfGK2
Z/DuHztgqPpogIhgVgtofA9vP29UtNodQy10Iu2/AOmnHDCTaVvTyEgZnibGnE8C
r5qbuY4Q8R/umx8T4zJvTd8se88VYSNgM2lpyOQj8ryiIcy3fTJ+f8Rw4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9aH8k+seFhZdr2gIFIUm806HUeMB8GA1UdIwQY
MBaAFK9TFvxKg7PQPil1+L7CcMsPTvsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEt
ZDEyMDVlMGMwY2NlLzEvUDFvZnlUNng0V0ZsMnZhQWdVaFNielRvZFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEtZDEyMDVlMGMwY2Nl
LzEvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnPXMA0G
CSqGSIb3DQEBCwUAA4IBAQAcR9HBcbqIbNBrOqs7btTLOiufxNu+uzb5uFvQySXo
L6FlEB8Jz8+kYobDkPE1aHpfUqDL604gseNpluxQW8fpgcaB8DKgzoTnpo1crVQi
Zo7oSdTiB0kC98oPQWkmBoDsioYmurmDTIqgs/wQSCdhQl7WZEKxSOIxOREyrUcg
vCUM9xCgCgzrVktL4Pj+PRt9XLD0ganYWQudAVxK04PlVMmjPiK0P6iCQ0mHeJ3O
DTe2af/XRcotjNP8QcKpUwELoUhts4HCzeMeRLv12de5Z9yM4hIyBVtZ/zX+ZESZ
yk5YDaYMU1PAr/75eUVu1H6MYJwY66iqv2Ny0zvQKmtR
-----END CERTIFICATE-----