Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/3K4pp3qaIF9XTqBqgZ8jyMfLemU.roa
File:                     3K4pp3qaIF9XTqBqgZ8jyMfLemU.roa (raw, json)
Hash identifier:          X+MDIB7Rr78bMpbaVFzH9IfOhGyfgO7Dh7tccHgwg/4=
Subject key identifier:   DC:AE:29:A7:7A:9A:20:5F:57:4E:A0:6A:81:9F:23:C8:C7:CB:7A:65
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       019176361AECFB9E46DDFE37BEB4568CDF91
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/3K4pp3qaIF9XTqBqgZ8jyMfLemU.roa
Signing time:             Wed 21 Aug 2024 18:32:22 +0000
ROA not before:           Wed 21 Aug 2024 18:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.91.148.0/24 maxlen: 24
                          194.62.16.0/24 maxlen: 24
                          213.109.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:36:1a:ec:fb:9e:46:dd:fe:37:be:b4:56:8c:df:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Aug 21 18:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcae29a77a9a205f574ea06a819f23c8c7cb7a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:d3:eb:23:4d:69:c5:2d:a0:fd:d2:cb:f2:
                    55:97:3d:a5:32:a7:0e:81:ee:7a:bd:25:7f:d6:46:
                    b9:9e:d0:2d:94:ec:03:30:9d:6d:7e:25:1c:67:9a:
                    78:9a:c9:4f:d8:c4:27:e6:84:cb:88:0f:fd:f2:93:
                    58:a3:ca:57:e6:48:29:eb:f5:dd:7a:64:ae:5c:70:
                    22:b9:38:7f:1a:98:ba:5e:6f:b0:0e:e2:93:01:33:
                    da:55:17:f5:f5:9d:b0:8f:6d:be:80:0e:cb:08:34:
                    cc:6e:a3:a7:3a:6b:4b:df:0a:43:dd:d5:e0:56:65:
                    20:ea:51:1f:12:7c:5d:62:97:b4:ae:b7:51:e2:c1:
                    67:7c:7e:fb:7a:c9:08:5e:4b:a9:f6:61:0c:48:b6:
                    71:fd:e7:fd:73:49:b9:4d:fa:23:cf:a5:fb:37:83:
                    eb:12:d9:9a:1e:cb:e8:88:d5:d9:2a:87:5d:71:f6:
                    30:d3:da:10:3b:b4:99:d7:a7:db:18:18:a0:20:0c:
                    b4:4f:ff:d2:f6:e2:32:0a:47:69:a6:f3:5a:05:23:
                    ba:a0:cf:de:c8:d6:cd:bc:eb:77:23:ca:61:34:5d:
                    6d:a4:16:ca:c8:25:c0:e6:f8:2d:6f:f5:e1:b2:42:
                    b3:49:58:43:15:26:cd:fe:52:af:db:32:56:c4:98:
                    0b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:AE:29:A7:7A:9A:20:5F:57:4E:A0:6A:81:9F:23:C8:C7:CB:7A:65
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/3K4pp3qaIF9XTqBqgZ8jyMfLemU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.148.0/24
                  194.62.16.0/24
                  213.109.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:00:b8:16:32:3c:de:a0:2d:c3:6f:e5:95:b2:e7:c7:6c:90:
         13:bc:df:e4:a7:9d:6e:a9:ee:45:0b:b8:4c:d0:aa:f4:c3:24:
         a2:bf:50:61:35:79:41:69:c5:fb:0b:d1:1f:36:06:6e:78:69:
         41:db:f3:3b:ed:59:74:3b:84:f1:9f:8f:0a:cd:5c:a0:f5:e4:
         be:39:ff:b0:07:bf:5c:5d:10:e4:57:88:ae:40:a2:27:7b:e4:
         7c:85:0e:26:10:72:4f:2b:10:83:4c:16:48:de:66:88:93:ec:
         3f:00:5a:57:38:0f:74:90:bb:37:b0:1d:ab:09:91:0b:1c:ee:
         8c:08:1a:dd:85:fd:83:e9:00:19:14:33:c2:e9:4e:ea:92:34:
         b5:05:96:6f:5a:d7:2a:21:cc:ca:d5:77:9b:52:cd:78:56:24:
         a3:b0:d2:81:77:ac:9b:d8:b4:f8:31:06:56:d7:f4:e0:78:75:
         dd:03:86:b8:40:c0:40:0b:07:75:fe:47:f5:d9:4c:b9:27:1b:
         b3:2d:14:7d:ff:0f:9a:a2:1e:d7:5f:96:78:02:9b:0b:54:77:
         e5:59:0c:05:31:a1:ec:63:c6:c9:9f:f2:13:2d:62:1a:b9:f6:
         92:e3:8a:72:fe:fa:0a:a9:cb:2c:fe:74:0f:26:4b:4b:b1:4b:
         3c:ed:04:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZF2Nhrs+55G3f43vrRWjN+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwODIxMTgzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2FlMjlhNzdhOWEyMDVmNTc0ZWEwNmE4MTlmMjNjOGM3Y2I3YTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXjT6yNNacUtoP3Sy/JVlz2lMqcO
ge56vSV/1ka5ntAtlOwDMJ1tfiUcZ5p4mslP2MQn5oTLiA/98pNYo8pX5kgp6/Xd
emSuXHAiuTh/Gpi6Xm+wDuKTATPaVRf19Z2wj22+gA7LCDTMbqOnOmtL3wpD3dXg
VmUg6lEfEnxdYpe0rrdR4sFnfH77eskIXkup9mEMSLZx/ef9c0m5Tfojz6X7N4Pr
EtmaHsvoiNXZKoddcfYw09oQO7SZ16fbGBigIAy0T//S9uIyCkdppvNaBSO6oM/e
yNbNvOt3I8phNF1tpBbKyCXA5vgtb/XhskKzSVhDFSbN/lKv2zJWxJgLBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNyuKad6miBfV06gaoGfI8jHy3plMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvM0s0cHAzcWFJRjlYVHFCcWdaOGp5TWZMZW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVuUAwQA
wj4QAwQA1W2YMA0GCSqGSIb3DQEBCwUAA4IBAQBpALgWMjzeoC3Db+WVsufHbJAT
vN/kp51uqe5FC7hM0Kr0wySiv1BhNXlBacX7C9EfNgZueGlB2/M77Vl0O4Txn48K
zVyg9eS+Of+wB79cXRDkV4iuQKIne+R8hQ4mEHJPKxCDTBZI3maIk+w/AFpXOA90
kLs3sB2rCZELHO6MCBrdhf2D6QAZFDPC6U7qkjS1BZZvWtcqIczK1XebUs14ViSj
sNKBd6yb2LT4MQZW1/TgeHXdA4a4QMBACwd1/kf12Uy5JxuzLRR9/w+aoh7XX5Z4
ApsLVHflWQwFMaHsY8bJn/ITLWIaufaS44py/voKqcss/nQPJktLsUs87QRJ
-----END CERTIFICATE-----