Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/3L4pqwZZaYvNywvPAPCl716EsoY.roa
File:                     3L4pqwZZaYvNywvPAPCl716EsoY.roa (raw, json)
Hash identifier:          92jitmjcz3OB4e6OUgOcYqhug0wvCPPdkzYA67BG5xY=
Subject key identifier:   DC:BE:29:AB:06:59:69:8B:CD:CB:0B:CF:00:F0:A5:EF:5E:84:B2:86
Certificate issuer:       /CN=e1f3f6dc4610f6c9bbaa4532111738e493b6adf0
Certificate serial:       019091D3C9A0AADD64C70F41C0C476C53E54
Authority key identifier: E1:F3:F6:DC:46:10:F6:C9:BB:AA:45:32:11:17:38:E4:93:B6:AD:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fP23EYQ9sm7qkUyERc45JO2rfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/3L4pqwZZaYvNywvPAPCl716EsoY.roa
Signing time:             Mon 08 Jul 2024 10:11:34 +0000
ROA not before:           Mon 08 Jul 2024 10:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39689
IP address blocks:        91.212.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/4fP23EYQ9sm7qkUyERc45JO2rfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/4fP23EYQ9sm7qkUyERc45JO2rfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fP23EYQ9sm7qkUyERc45JO2rfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:91:d3:c9:a0:aa:dd:64:c7:0f:41:c0:c4:76:c5:3e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3f6dc4610f6c9bbaa4532111738e493b6adf0
        Validity
            Not Before: Jul  8 10:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcbe29ab0659698bcdcb0bcf00f0a5ef5e84b286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:77:7d:54:64:ba:35:e9:d2:85:c1:e7:c5:a6:
                    bf:59:6b:1d:b9:b5:5e:b3:cb:22:01:a3:1b:52:f2:
                    8f:2d:8f:26:b9:12:31:76:26:d8:1a:b0:bd:38:4e:
                    5a:8e:da:93:88:0f:8e:56:3a:86:a0:f6:75:5d:f6:
                    64:18:3f:f8:5e:f2:db:9a:d2:84:92:b9:37:7c:0f:
                    4e:f2:c1:46:4e:02:ad:a9:05:15:40:85:30:01:ba:
                    7e:2b:9f:25:55:a1:69:34:74:bd:1c:0c:d6:29:19:
                    96:cb:46:8b:a2:e4:a2:ca:73:dd:6a:02:46:86:c6:
                    96:c8:22:08:dc:d0:74:6c:37:41:94:7e:a5:aa:d8:
                    5c:7b:41:6f:4d:75:ad:d5:16:a0:75:4e:55:f2:46:
                    80:99:6b:68:a0:76:86:0b:21:33:1e:24:40:7a:d4:
                    af:5e:22:1d:ee:03:d7:c9:c3:da:d2:31:7a:cc:66:
                    8c:19:39:c3:f7:53:dc:1b:fc:2b:6f:65:fe:06:77:
                    24:f6:3b:16:44:35:ce:b9:2c:58:cb:06:80:40:21:
                    c3:b6:55:22:f6:78:e8:b3:12:ef:f2:c3:ee:d2:54:
                    f8:15:0b:ed:66:a5:09:48:a1:08:08:d2:57:fa:91:
                    57:25:3d:83:ba:6c:0b:e1:c3:f2:72:30:83:ca:59:
                    8c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BE:29:AB:06:59:69:8B:CD:CB:0B:CF:00:F0:A5:EF:5E:84:B2:86
            X509v3 Authority Key Identifier:
                keyid:E1:F3:F6:DC:46:10:F6:C9:BB:AA:45:32:11:17:38:E4:93:B6:AD:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fP23EYQ9sm7qkUyERc45JO2rfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/3L4pqwZZaYvNywvPAPCl716EsoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36132-ca77-4584-8d7b-291b7ad093bf/1/4fP23EYQ9sm7qkUyERc45JO2rfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:d8:06:95:fd:64:ad:fb:bf:36:5b:6b:56:87:07:6b:d7:49:
         b2:a5:0a:41:05:d7:45:91:44:8e:52:5d:77:e3:07:6e:52:0d:
         37:f0:9b:20:f9:02:3b:52:4a:9b:de:c3:2b:95:30:56:b8:6a:
         36:9d:b0:f4:86:bf:06:50:28:9a:3c:20:4a:4d:91:65:4d:21:
         0b:1f:90:24:08:4c:5c:ec:9b:e6:6e:9f:4b:c6:82:d6:7a:61:
         1b:0f:de:66:2e:b4:86:15:07:3b:4f:fd:98:6e:91:15:dc:41:
         bc:cd:eb:31:f3:0b:6d:64:3b:e0:46:1c:5f:aa:a4:8b:ae:cc:
         39:94:93:61:50:2b:da:a3:b0:7f:a5:2d:d6:bb:3b:be:24:39:
         9b:82:e1:f9:ff:1d:7a:e0:cb:fa:86:22:49:91:0f:a3:5e:ca:
         4c:91:2c:c3:95:64:b8:e5:4b:e8:4f:39:df:be:f6:f0:46:dc:
         f6:9c:4c:a8:74:1d:d2:ae:31:31:be:98:d4:21:a4:12:fd:aa:
         72:de:12:e6:22:7a:a8:56:74:c2:4f:9e:eb:2f:6b:c0:88:9f:
         62:28:65:62:1d:7b:a6:c3:29:c6:f1:04:f1:3b:4c:88:28:4f:
         d3:a9:ca:77:f4:24:c4:23:d8:3e:e0:fe:d4:be:9d:e4:b9:d0:
         c9:e4:4d:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCR08mgqt1kxw9BwMR2xT5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZjNmNmRjNDYxMGY2YzliYmFhNDUzMjExMTczOGU0OTNi
NmFkZjAwHhcNMjQwNzA4MTAxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JlMjlhYjA2NTk2OThiY2RjYjBiY2YwMGYwYTVlZjVlODRiMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33d9VGS6NenShcHnxaa/WWsdubVe
s8siAaMbUvKPLY8muRIxdibYGrC9OE5ajtqTiA+OVjqGoPZ1XfZkGD/4XvLbmtKE
krk3fA9O8sFGTgKtqQUVQIUwAbp+K58lVaFpNHS9HAzWKRmWy0aLouSiynPdagJG
hsaWyCII3NB0bDdBlH6lqthce0FvTXWt1RagdU5V8kaAmWtooHaGCyEzHiRAetSv
XiId7gPXycPa0jF6zGaMGTnD91PcG/wrb2X+Bnck9jsWRDXOuSxYywaAQCHDtlUi
9njosxLv8sPu0lT4FQvtZqUJSKEICNJX+pFXJT2DumwL4cPycjCDylmMxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNy+KasGWWmLzcsLzwDwpe9ehLKGMB8GA1UdIwQY
MBaAFOHz9txGEPbJu6pFMhEXOOSTtq3wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGZQMjNFWVE5c203cWtVeUVSYzQ1Sk8ycmZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMzYxMzItY2E3Ny00NTg0LThkN2It
MjkxYjdhZDA5M2JmLzEvM0w0cHF3WlphWXZOeXd2UEFQQ2w3MTZFc29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMzYxMzItY2E3Ny00NTg0LThkN2ItMjkxYjdhZDA5M2Jm
LzEvNGZQMjNFWVE5c203cWtVeUVSYzQ1Sk8ycmZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QEMA0G
CSqGSIb3DQEBCwUAA4IBAQBl2AaV/WSt+782W2tWhwdr10mypQpBBddFkUSOUl13
4wduUg038Jsg+QI7Ukqb3sMrlTBWuGo2nbD0hr8GUCiaPCBKTZFlTSELH5AkCExc
7Jvmbp9LxoLWemEbD95mLrSGFQc7T/2YbpEV3EG8zesx8wttZDvgRhxfqqSLrsw5
lJNhUCvao7B/pS3Wuzu+JDmbguH5/x164Mv6hiJJkQ+jXspMkSzDlWS45UvoTznf
vvbwRtz2nEyodB3SrjExvpjUIaQS/apy3hLmInqoVnTCT57rL2vAiJ9iKGViHXum
wynG8QTxO0yIKE/Tqcp39CTEI9g+4P7Uvp3kudDJ5E01
-----END CERTIFICATE-----