Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/P3twMpp-FHp0jrnbLFZX0pWnd8c.roa
File:                     P3twMpp-FHp0jrnbLFZX0pWnd8c.roa (raw, json)
Hash identifier:          KEzhtQI4pUI/sDr0tB8LKdI2i8X3a5ZOuG0UkvQl06E=
Subject key identifier:   3F:7B:70:32:9A:7E:14:7A:74:8E:B9:DB:2C:56:57:D2:95:A7:77:C7
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       018D31294713A7EF6BACB9E833BC69B1F632
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/P3twMpp-FHp0jrnbLFZX0pWnd8c.roa
Signing time:             Mon 22 Jan 2024 12:33:25 +0000
ROA not before:           Mon 22 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        45.11.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:29:47:13:a7:ef:6b:ac:b9:e8:33:bc:69:b1:f6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Jan 22 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f7b70329a7e147a748eb9db2c5657d295a777c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fb:e7:85:dd:31:34:93:ac:c9:d1:3d:e4:c0:
                    30:fd:73:4b:f8:00:f1:3c:89:44:60:61:36:ab:58:
                    05:46:a7:ba:e9:0e:56:93:50:5c:35:e3:d4:6a:66:
                    b0:cd:f7:82:ba:18:c7:10:67:0c:29:62:de:65:e3:
                    1f:18:0d:8f:cf:a5:85:08:eb:36:51:b3:a2:20:31:
                    82:87:89:e3:4e:1a:e8:9d:fd:aa:b4:f6:da:db:29:
                    36:e9:a6:7b:3b:49:10:f0:12:17:be:df:25:20:c7:
                    18:27:85:35:20:09:b5:04:ef:ea:8e:67:7e:af:d8:
                    06:78:a6:75:0c:60:26:ec:70:72:fc:61:4e:e3:0f:
                    30:61:64:b4:33:72:c5:97:e8:9c:08:53:72:9e:24:
                    9f:ed:11:6b:49:b5:d2:1d:7c:ce:59:8c:98:db:ab:
                    77:52:51:a1:8d:7a:6d:2f:05:96:05:61:79:5b:a1:
                    45:eb:f8:e6:55:51:9a:6d:a6:f4:2f:30:12:e1:d6:
                    89:6a:65:65:9c:33:d7:0c:9b:35:ee:e7:f6:f1:e8:
                    f8:10:0e:5b:bf:ba:0f:f9:d0:c6:d7:d0:83:bb:1b:
                    06:02:36:1e:97:d3:2b:f2:f6:bb:d3:5b:70:36:47:
                    5c:d3:83:29:c9:54:67:3a:ba:36:61:ad:44:fd:88:
                    f7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:7B:70:32:9A:7E:14:7A:74:8E:B9:DB:2C:56:57:D2:95:A7:77:C7
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/P3twMpp-FHp0jrnbLFZX0pWnd8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:d5:27:1d:2c:02:af:22:da:d7:ec:7f:d6:3f:40:6a:9f:c7:
         61:94:82:8b:08:35:e6:c4:e7:af:a9:03:de:2c:eb:c2:53:8d:
         62:28:f7:ed:10:97:af:ff:19:1e:66:96:b2:6b:22:4f:2b:6d:
         a4:a0:f8:aa:ac:b0:fd:b3:bf:6f:12:bf:53:0a:6c:30:6c:7d:
         0c:81:07:57:9e:cc:17:92:55:be:2a:b3:00:b6:b6:f5:78:d2:
         eb:f7:1e:7f:e5:4c:30:7a:e1:16:96:6f:4b:dd:44:b8:60:5b:
         01:54:af:fe:e1:15:4e:f1:bd:2d:a6:7e:0b:f4:ad:5d:98:8e:
         90:ed:ab:45:83:fe:88:4b:45:b3:47:2f:26:b3:6e:63:b6:c4:
         61:27:0d:15:4e:af:11:59:02:7f:6b:61:6e:1c:01:14:06:13:
         3a:3a:59:07:cf:83:a3:2a:00:c2:bf:b2:07:f9:43:bd:27:db:
         cb:2b:79:dc:5a:2a:3f:95:18:17:f8:51:bf:28:06:20:3c:94:
         2a:93:05:7b:22:67:73:b1:f3:65:d5:a7:30:f4:c5:25:b8:5c:
         32:b9:d2:a6:36:06:e0:f2:2f:b2:67:b0:fe:f3:ea:b3:20:f6:
         24:87:c6:76:1d:2e:3c:49:72:ac:9c:5e:41:85:99:b0:8a:df:
         21:72:ae:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0xKUcTp+9rrLnoM7xpsfYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjQwMTIyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjdiNzAzMjlhN2UxNDdhNzQ4ZWI5ZGIyYzU2NTdkMjk1YTc3N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfvnhd0xNJOsydE95MAw/XNL+ADx
PIlEYGE2q1gFRqe66Q5Wk1BcNePUamawzfeCuhjHEGcMKWLeZeMfGA2Pz6WFCOs2
UbOiIDGCh4njThronf2qtPba2yk26aZ7O0kQ8BIXvt8lIMcYJ4U1IAm1BO/qjmd+
r9gGeKZ1DGAm7HBy/GFO4w8wYWS0M3LFl+icCFNyniSf7RFrSbXSHXzOWYyY26t3
UlGhjXptLwWWBWF5W6FF6/jmVVGabab0LzAS4daJamVlnDPXDJs17uf28ej4EA5b
v7oP+dDG19CDuxsGAjYel9Mr8va701twNkdc04MpyVRnOro2Ya1E/Yj3nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD97cDKafhR6dI652yxWV9KVp3fHMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvUDN0d01wcC1GSHAwanJuYkxGWlgwcFduZDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQuvMA0G
CSqGSIb3DQEBCwUAA4IBAQCs1ScdLAKvItrX7H/WP0Bqn8dhlIKLCDXmxOevqQPe
LOvCU41iKPftEJev/xkeZpayayJPK22koPiqrLD9s79vEr9TCmwwbH0MgQdXnswX
klW+KrMAtrb1eNLr9x5/5UwweuEWlm9L3US4YFsBVK/+4RVO8b0tpn4L9K1dmI6Q
7atFg/6IS0WzRy8ms25jtsRhJw0VTq8RWQJ/a2FuHAEUBhM6OlkHz4OjKgDCv7IH
+UO9J9vLK3ncWio/lRgX+FG/KAYgPJQqkwV7ImdzsfNl1acw9MUluFwyudKmNgbg
8i+yZ7D+8+qzIPYkh8Z2HS48SXKsnF5BhZmwit8hcq4M
-----END CERTIFICATE-----