Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3SvQRHoh97ZHjEX52OFRoFDjQ3k.roa
File:                     3SvQRHoh97ZHjEX52OFRoFDjQ3k.roa (raw, json)
Hash identifier:          rxN/LhGtEY/wOnUe4nThFZkyo9cgiXucVstw6Rz5rwg=
Subject key identifier:   DD:2B:D0:44:7A:21:F7:B6:47:8C:45:F9:D8:E1:51:A0:50:E3:43:79
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01919F2625989E7FDB56122FB36558F01DC2
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3SvQRHoh97ZHjEX52OFRoFDjQ3k.roa
Signing time:             Thu 29 Aug 2024 17:19:22 +0000
ROA not before:           Thu 29 Aug 2024 17:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53850
IP address blocks:        5.83.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9f:26:25:98:9e:7f:db:56:12:2f:b3:65:58:f0:1d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 29 17:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd2bd0447a21f7b6478c45f9d8e151a050e34379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ec:f7:85:76:3c:3d:6d:a2:9a:33:b9:2c:45:
                    1a:1c:d6:9c:d0:38:f7:0b:25:b8:2e:bb:b2:b3:5b:
                    9b:bd:8d:b8:86:2e:b4:3e:12:4d:dd:f4:85:9c:c4:
                    b0:3f:46:69:ae:93:ab:1f:c9:5a:17:b9:36:bf:10:
                    3d:88:6b:a1:d9:2a:a7:e1:bb:24:37:ab:66:90:65:
                    df:67:0c:bc:a9:33:a8:c5:5d:88:a3:bb:ae:87:69:
                    48:f3:b7:25:92:bc:14:b3:a1:9d:08:9a:a5:4c:63:
                    24:9c:ff:65:85:43:5d:48:a5:2d:d3:bc:0b:1a:e0:
                    e0:4f:47:77:c4:9d:8a:33:f9:69:b6:b5:e7:b4:b6:
                    f5:38:94:7e:3b:52:b9:34:74:8a:04:29:9c:1b:e9:
                    62:40:04:0b:11:d0:fb:d3:de:a9:9b:33:a8:3e:32:
                    75:d0:98:1a:61:f9:28:12:85:d4:52:1a:25:fe:eb:
                    21:85:47:37:08:77:33:17:b4:c8:4f:cb:33:8f:12:
                    6a:af:66:94:69:3f:de:f7:af:9d:cf:bd:0a:07:49:
                    a7:09:a1:25:39:e1:7f:96:8b:6e:53:c3:74:0a:80:
                    e1:d0:58:14:ae:c2:13:09:b9:cc:cd:14:df:c3:66:
                    78:23:a6:32:c6:6a:b3:fb:2e:2b:9c:a4:6f:15:38:
                    a7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2B:D0:44:7A:21:F7:B6:47:8C:45:F9:D8:E1:51:A0:50:E3:43:79
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3SvQRHoh97ZHjEX52OFRoFDjQ3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:82:32:15:91:af:29:9d:28:a0:4b:74:1e:ab:ac:59:0a:fc:
         c5:6c:51:23:cc:c4:d4:a1:8f:90:4a:92:bb:0e:a0:4b:42:05:
         64:77:6c:f1:d8:26:6a:a9:95:a3:1a:df:60:e6:b4:57:f6:21:
         4d:50:b9:e9:f6:cc:a2:36:1f:b8:f8:1a:f1:b3:c8:5b:9c:2a:
         3d:7e:b7:67:1f:11:e8:ff:9d:85:48:fc:89:24:f9:94:7c:5e:
         79:af:f0:9c:eb:86:13:66:c0:42:91:61:f2:6d:0c:2a:8c:db:
         a2:bb:44:75:29:8e:07:45:20:fd:fd:f9:0e:95:65:12:cf:a1:
         c5:8e:f7:52:1f:6d:b7:a6:02:fd:49:82:cc:3b:34:a4:a6:77:
         c4:e3:c3:01:af:4e:1d:f3:46:62:9e:fc:07:1d:52:13:32:a6:
         87:1e:f0:ec:9d:a1:0a:96:7b:44:ab:8d:17:a3:c5:7e:5d:63:
         0d:a7:1c:d0:41:73:0a:e9:63:12:f5:b4:80:33:9e:b5:68:9a:
         12:f5:51:d5:c0:25:2f:d5:73:77:c4:e2:e2:7e:d1:a8:5c:9f:
         74:9b:75:3d:a1:92:4f:ac:ca:85:b1:67:62:97:4f:33:85:a4:
         2d:43:09:49:1e:70:26:27:f0:1d:f1:0f:9b:15:80:e5:f4:cc:
         45:20:60:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGfJiWYnn/bVhIvs2VY8B3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwODI5MTcxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJiZDA0NDdhMjFmN2I2NDc4YzQ1ZjlkOGUxNTFhMDUwZTM0Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruz3hXY8PW2imjO5LEUaHNac0Dj3
CyW4Lruys1ubvY24hi60PhJN3fSFnMSwP0ZprpOrH8laF7k2vxA9iGuh2Sqn4bsk
N6tmkGXfZwy8qTOoxV2Io7uuh2lI87clkrwUs6GdCJqlTGMknP9lhUNdSKUt07wL
GuDgT0d3xJ2KM/lptrXntLb1OJR+O1K5NHSKBCmcG+liQAQLEdD7096pmzOoPjJ1
0JgaYfkoEoXUUhol/ushhUc3CHczF7TIT8szjxJqr2aUaT/e96+dz70KB0mnCaEl
OeF/lotuU8N0CoDh0FgUrsITCbnMzRTfw2Z4I6Yyxmqz+y4rnKRvFTinGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0r0ER6Ife2R4xF+djhUaBQ40N5MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvM1N2UVJIb2g5N1pIakVYNTJPRlJvRkRqUTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVOQMA0G
CSqGSIb3DQEBCwUAA4IBAQChgjIVka8pnSigS3Qeq6xZCvzFbFEjzMTUoY+QSpK7
DqBLQgVkd2zx2CZqqZWjGt9g5rRX9iFNULnp9syiNh+4+Brxs8hbnCo9frdnHxHo
/52FSPyJJPmUfF55r/Cc64YTZsBCkWHybQwqjNuiu0R1KY4HRSD9/fkOlWUSz6HF
jvdSH223pgL9SYLMOzSkpnfE48MBr04d80ZinvwHHVITMqaHHvDsnaEKlntEq40X
o8V+XWMNpxzQQXMK6WMS9bSAM561aJoS9VHVwCUv1XN3xOLiftGoXJ90m3U9oZJP
rMqFsWdil08zhaQtQwlJHnAmJ/Ad8Q+bFYDl9MxFIGAR
-----END CERTIFICATE-----