Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/_3wOzBC9rrJqyxubFD4O4Lbo4fw.roa
File:                     _3wOzBC9rrJqyxubFD4O4Lbo4fw.roa (raw, json)
Hash identifier:          bH2z+tI8dW0IKYrtS7Fa+9lnbZqpWWw4uQbD39lPGLg=
Subject key identifier:   FF:7C:0E:CC:10:BD:AE:B2:6A:CB:1B:9B:14:3E:0E:E0:B6:E8:E1:FC
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018F7FE243526F12C0EE2A9B3DD66B9601B2
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/_3wOzBC9rrJqyxubFD4O4Lbo4fw.roa
Signing time:             Thu 16 May 2024 05:31:25 +0000
ROA not before:           Thu 16 May 2024 05:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214918
IP address blocks:        217.156.22.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7f:e2:43:52:6f:12:c0:ee:2a:9b:3d:d6:6b:96:01:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: May 16 05:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff7c0ecc10bdaeb26acb1b9b143e0ee0b6e8e1fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e8:e6:4d:2c:c8:25:59:d2:f8:0c:d8:f8:84:
                    9a:c5:73:a2:ca:31:da:05:a6:4c:57:0e:5d:e5:20:
                    ef:91:f3:aa:b1:06:70:e7:2d:44:b0:5e:c2:9a:21:
                    86:63:07:5c:cb:8d:02:9b:98:53:16:b5:2b:d1:00:
                    a4:61:f7:80:06:73:4c:63:c7:58:b6:07:9e:53:85:
                    94:52:57:81:81:c7:4b:28:6f:df:62:c8:b8:d7:a0:
                    71:14:63:b9:44:23:30:99:55:3f:04:62:d6:a0:7e:
                    28:c7:5b:99:a8:d2:45:57:70:2d:8c:08:f1:6e:ae:
                    ef:6f:e6:1d:27:be:60:c5:b7:c2:42:62:8c:ad:25:
                    4c:1c:73:a7:f2:ca:a4:58:72:b6:be:d0:9f:e7:2d:
                    d7:5b:cd:b5:4e:b2:36:ee:04:93:c5:71:de:6b:8d:
                    80:1c:f4:e5:0a:89:8e:dd:90:90:f1:6c:e3:f4:ae:
                    21:82:15:8f:85:9c:2e:b1:e3:76:c5:6e:5f:e7:f0:
                    5c:ac:c8:3d:7b:cb:dc:5a:6b:67:49:28:b4:bf:09:
                    4c:84:43:99:4f:a8:0e:c7:bb:db:e5:43:da:45:45:
                    bd:ad:c3:00:66:ae:9d:71:a8:ca:c7:6b:dc:be:ba:
                    3c:f5:bd:15:a0:04:fd:f6:23:e0:cf:51:bc:f5:8a:
                    3b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7C:0E:CC:10:BD:AE:B2:6A:CB:1B:9B:14:3E:0E:E0:B6:E8:E1:FC
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/_3wOzBC9rrJqyxubFD4O4Lbo4fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:db:7c:d9:10:9b:f7:88:54:d4:b5:12:c6:a6:0c:16:0d:46:
         ce:ca:3f:cb:1c:b6:b8:84:3f:5b:c1:bc:dd:4c:50:e7:93:e0:
         d1:ac:63:9d:d3:41:57:4a:25:e6:24:f9:71:74:08:79:db:24:
         e4:bc:05:4c:4d:7b:d6:ba:f2:b3:4c:98:f1:d8:58:8d:4f:b9:
         b9:d5:19:b2:d6:9b:ed:a5:fe:3a:9c:ea:a0:db:12:33:fe:69:
         5c:a4:54:43:e7:7a:26:e3:57:1a:b6:bd:64:b6:fe:8f:e3:31:
         99:f1:dc:f6:a8:da:f7:ae:15:21:da:25:b0:3f:1a:fc:4d:80:
         2d:b8:53:3b:b1:21:cf:2f:25:5d:be:1b:24:61:39:13:d7:13:
         30:86:a9:29:e3:6f:bd:41:1b:e4:71:57:75:51:b3:34:07:3d:
         95:0f:1b:99:fc:32:63:6e:70:2c:e0:43:4f:43:6c:01:b8:86:
         cc:b5:5b:57:84:3d:3d:a8:cc:4d:73:a6:13:a1:64:5a:c4:63:
         ed:3f:a8:ae:d1:49:f6:56:c0:7e:7b:45:e3:8a:d6:6f:aa:b1:
         d8:4b:34:5d:3e:58:81:22:f8:e0:62:89:51:d7:03:89:03:a5:
         0b:b4:fa:6c:8a:9f:af:5a:36:bb:3b:b3:44:56:be:00:3b:51:
         c4:25:a0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9/4kNSbxLA7iqbPdZrlgGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwNTE2MDUzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdjMGVjYzEwYmRhZWIyNmFjYjFiOWIxNDNlMGVlMGI2ZThlMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvejmTSzIJVnS+AzY+ISaxXOiyjHa
BaZMVw5d5SDvkfOqsQZw5y1EsF7CmiGGYwdcy40Cm5hTFrUr0QCkYfeABnNMY8dY
tgeeU4WUUleBgcdLKG/fYsi416BxFGO5RCMwmVU/BGLWoH4ox1uZqNJFV3AtjAjx
bq7vb+YdJ75gxbfCQmKMrSVMHHOn8sqkWHK2vtCf5y3XW821TrI27gSTxXHea42A
HPTlComO3ZCQ8Wzj9K4hghWPhZwuseN2xW5f5/BcrMg9e8vcWmtnSSi0vwlMhEOZ
T6gOx7vb5UPaRUW9rcMAZq6dcajKx2vcvro89b0VoAT99iPgz1G89Yo7OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP98DswQva6yassbmxQ+DuC26OH8MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvXzN3T3pCQzlyckpxeXh1YkZENE80TGJvNGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ZwWMA0G
CSqGSIb3DQEBCwUAA4IBAQBR23zZEJv3iFTUtRLGpgwWDUbOyj/LHLa4hD9bwbzd
TFDnk+DRrGOd00FXSiXmJPlxdAh52yTkvAVMTXvWuvKzTJjx2FiNT7m51Rmy1pvt
pf46nOqg2xIz/mlcpFRD53om41catr1ktv6P4zGZ8dz2qNr3rhUh2iWwPxr8TYAt
uFM7sSHPLyVdvhskYTkT1xMwhqkp42+9QRvkcVd1UbM0Bz2VDxuZ/DJjbnAs4ENP
Q2wBuIbMtVtXhD09qMxNc6YToWRaxGPtP6iu0Un2VsB+e0XjitZvqrHYSzRdPliB
IvjgYolR1wOJA6ULtPpsip+vWja7O7NEVr4AO1HEJaBp
-----END CERTIFICATE-----