Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/3jVXFu7sxd7Z7MS11EvasHq1q9w.roa
File:                     3jVXFu7sxd7Z7MS11EvasHq1q9w.roa (raw, json)
Hash identifier:          CPrvOOdN9pWoQFKrRCjpVHmzT25esYwRdYawJlikjJo=
Subject key identifier:   DE:35:57:16:EE:EC:C5:DE:D9:EC:C4:B5:D4:4B:DA:B0:7A:B5:AB:DC
Certificate issuer:       /CN=e4cd6e61c14e8391005a817b2722f7c4a81eb993
Certificate serial:       018CC726ACFDC24A38860F12657A8E07045D
Authority key identifier: E4:CD:6E:61:C1:4E:83:91:00:5A:81:7B:27:22:F7:C4:A8:1E:B9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/3jVXFu7sxd7Z7MS11EvasHq1q9w.roa
Signing time:             Mon 01 Jan 2024 22:30:49 +0000
ROA not before:           Mon 01 Jan 2024 22:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202468
IP address blocks:        5.34.192.0/20 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ac:fd:c2:4a:38:86:0f:12:65:7a:8e:07:04:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4cd6e61c14e8391005a817b2722f7c4a81eb993
        Validity
            Not Before: Jan  1 22:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de355716eeecc5ded9ecc4b5d44bdab07ab5abdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e7:f9:61:9d:03:6f:03:cc:35:9c:d1:79:8b:
                    da:84:d6:48:ac:ae:cc:7c:71:5d:c0:e6:1c:be:5a:
                    fe:3e:39:e2:85:2a:2e:4e:0d:97:46:79:65:af:e7:
                    5f:a0:a8:60:fe:cb:ed:33:a2:41:10:c8:73:88:e5:
                    3e:24:7b:d1:0c:3b:78:78:eb:a2:e8:5e:6b:45:dc:
                    44:5b:21:0f:b1:20:dc:c2:15:0a:17:d2:1d:8e:9c:
                    67:27:26:9d:a0:07:ad:8c:96:be:db:8c:4a:53:ca:
                    c0:80:9a:17:37:d3:b9:91:9b:9c:85:c7:2d:e6:e5:
                    2d:f8:41:17:15:3a:da:15:b4:67:55:7e:ee:b5:07:
                    76:bc:c8:28:33:a7:9b:89:9a:17:8e:7b:9c:69:3b:
                    48:a3:29:cc:a7:70:e3:71:a0:0f:7e:a7:33:c8:1d:
                    f8:98:56:84:23:89:c4:d4:4b:28:f6:06:05:42:72:
                    c6:20:44:f2:3b:56:0b:b0:5d:e4:7e:5c:33:67:e8:
                    8b:a1:b8:d6:a3:8f:d0:46:97:56:6c:a7:c4:82:cc:
                    66:c9:4d:f8:9d:9a:d7:03:95:6e:22:0d:7e:76:8b:
                    b5:cb:fa:4f:0c:31:65:e9:91:da:d6:97:fb:55:6b:
                    07:cd:2e:da:fb:7c:f5:07:22:0c:36:57:bc:59:38:
                    ac:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:35:57:16:EE:EC:C5:DE:D9:EC:C4:B5:D4:4B:DA:B0:7A:B5:AB:DC
            X509v3 Authority Key Identifier:
                keyid:E4:CD:6E:61:C1:4E:83:91:00:5A:81:7B:27:22:F7:C4:A8:1E:B9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/3jVXFu7sxd7Z7MS11EvasHq1q9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         02:7f:88:7b:c7:96:d4:ce:aa:c5:45:53:05:c0:f1:23:c4:73:
         c5:a6:6b:86:0b:fd:8a:ab:c7:0a:9e:5b:ef:fb:4c:1c:ce:95:
         cc:58:51:22:8d:4f:70:30:c3:38:7f:84:01:0b:c0:33:42:a3:
         6b:70:c6:ee:46:b6:7d:0a:7e:a5:5c:45:5b:dc:0d:bb:83:26:
         71:09:e7:63:5b:8c:c8:bf:3b:b8:b6:fe:7d:f7:85:60:2e:f7:
         af:ad:62:49:c9:1c:65:02:52:dd:a2:52:32:f2:8f:d6:1c:5a:
         60:0c:d6:ce:5f:0d:33:f3:de:1b:d8:44:d6:6a:54:9f:af:22:
         b2:88:61:34:63:97:a8:6c:cd:b7:4b:92:60:ae:38:8a:bc:ad:
         7a:3c:84:3b:7c:9a:78:5d:f9:5f:47:12:41:70:48:db:d3:b8:
         66:29:1f:3a:3f:4d:db:13:ea:5a:37:a3:1c:a0:90:b6:ad:65:
         6a:e7:b0:2a:80:12:67:37:2f:8d:69:d7:a1:82:1d:ec:3c:77:
         21:81:fb:21:71:df:5d:27:c6:54:6e:cf:1f:88:f6:4b:09:85:
         61:f8:1e:e5:bc:04:c5:65:83:10:e2:a0:9f:f1:9a:ff:49:9a:
         a7:57:cd:96:03:af:23:cf:ed:8c:b3:f6:f0:ce:90:72:8e:43:
         58:e9:e7:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJqz9wko4hg8SZXqOBwRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Y2Q2ZTYxYzE0ZTgzOTEwMDVhODE3YjI3MjJmN2M0YTgx
ZWI5OTMwHhcNMjQwMTAxMjIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM1NTcxNmVlZWNjNWRlZDllY2M0YjVkNDRiZGFiMDdhYjVhYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOf5YZ0DbwPMNZzReYvahNZIrK7M
fHFdwOYcvlr+PjnihSouTg2XRnllr+dfoKhg/svtM6JBEMhziOU+JHvRDDt4eOui
6F5rRdxEWyEPsSDcwhUKF9IdjpxnJyadoAetjJa+24xKU8rAgJoXN9O5kZuchcct
5uUt+EEXFTraFbRnVX7utQd2vMgoM6ebiZoXjnucaTtIoynMp3DjcaAPfqczyB34
mFaEI4nE1Eso9gYFQnLGIETyO1YLsF3kflwzZ+iLobjWo4/QRpdWbKfEgsxmyU34
nZrXA5VuIg1+dou1y/pPDDFl6ZHa1pf7VWsHzS7a+3z1ByIMNle8WTisDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN41Vxbu7MXe2ezEtdRL2rB6tavcMB8GA1UdIwQY
MBaAFOTNbmHBToORAFqBeyci98SoHrmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU0xdVljRk9nNUVBV29GN0p5TDN4S2dldVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kYTQwY2YtOTgzNi00ODJiLWI3YTYt
YzVhZDE2YTU1YzVmLzEvM2pWWEZ1N3N4ZDdaN01TMTFFdmFzSHExcTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kYTQwY2YtOTgzNi00ODJiLWI3YTYtYzVhZDE2YTU1YzVm
LzEvNU0xdVljRk9nNUVBV29GN0p5TDN4S2dldVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEBSLAMA0G
CSqGSIb3DQEBCwUAA4IBAQACf4h7x5bUzqrFRVMFwPEjxHPFpmuGC/2Kq8cKnlvv
+0wczpXMWFEijU9wMMM4f4QBC8AzQqNrcMbuRrZ9Cn6lXEVb3A27gyZxCedjW4zI
vzu4tv5994VgLvevrWJJyRxlAlLdolIy8o/WHFpgDNbOXw0z894b2ETWalSfryKy
iGE0Y5eobM23S5JgrjiKvK16PIQ7fJp4XflfRxJBcEjb07hmKR86P03bE+paN6Mc
oJC2rWVq57AqgBJnNy+Nadehgh3sPHchgfshcd9dJ8ZUbs8fiPZLCYVh+B7lvATF
ZYMQ4qCf8Zr/SZqnV82WA68jz+2Ms/bwzpByjkNY6ee9
-----END CERTIFICATE-----