Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/3pzBBDqAwlRFgvlR5BBlUmgjsvE.roa
File:                     3pzBBDqAwlRFgvlR5BBlUmgjsvE.roa (raw, json)
Hash identifier:          DFWLi38gdJBTfC9P6orsCb5hJhOr5Kn/j+Esew6aKeQ=
Subject key identifier:   DE:9C:C1:04:3A:80:C2:54:45:82:F9:51:E4:10:65:52:68:23:B2:F1
Certificate issuer:       /CN=427a2670508b945123beecbf13145ffbd7bfcde4
Certificate serial:       018CC5DD31004D1DD8B1205F194C3D3CB26A
Authority key identifier: 42:7A:26:70:50:8B:94:51:23:BE:EC:BF:13:14:5F:FB:D7:BF:CD:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnomcFCLlFEjvuy_ExRf-9e_zeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/3pzBBDqAwlRFgvlR5BBlUmgjsvE.roa
Signing time:             Mon 01 Jan 2024 16:30:56 +0000
ROA not before:           Mon 01 Jan 2024 16:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50313
IP address blocks:        185.33.172.0/22 maxlen: 22
                          212.42.32.0/19 maxlen: 19
                          2a0d:9480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/QnomcFCLlFEjvuy_ExRf-9e_zeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/QnomcFCLlFEjvuy_ExRf-9e_zeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnomcFCLlFEjvuy_ExRf-9e_zeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:31:00:4d:1d:d8:b1:20:5f:19:4c:3d:3c:b2:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427a2670508b945123beecbf13145ffbd7bfcde4
        Validity
            Not Before: Jan  1 16:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de9cc1043a80c2544582f951e41065526823b2f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2d:34:67:0c:37:13:db:e1:05:b1:eb:d2:d2:
                    aa:c8:52:3b:c4:01:73:44:b9:3d:3f:9b:cb:e5:8c:
                    db:25:da:18:7f:2d:96:87:d8:c8:bc:3e:94:1e:58:
                    80:47:40:08:e4:a7:ab:08:db:97:04:80:df:f8:0e:
                    6a:a8:94:7d:f1:06:f3:09:a9:4f:54:17:36:0a:87:
                    97:d3:a8:56:de:69:25:dc:74:cc:13:1f:86:ff:63:
                    54:1b:42:f4:5e:03:04:45:17:83:35:cf:54:7c:22:
                    d7:f7:1b:84:df:6a:31:d6:96:61:12:4d:bc:97:0f:
                    ae:a6:e8:09:e1:11:be:6b:54:fb:94:59:99:94:d6:
                    fd:95:0a:96:07:2c:09:64:14:8a:a5:70:71:54:67:
                    15:5a:8c:34:f2:d7:66:e9:86:bf:5f:60:49:f7:57:
                    a6:b1:f7:04:24:bf:78:18:15:c6:04:9c:92:3f:48:
                    5b:6c:e7:a7:3a:95:db:02:cb:4b:ff:f2:38:c9:03:
                    83:b1:62:1d:a7:2b:73:1b:5f:ee:4b:d3:ad:6e:47:
                    80:a4:fd:33:ad:ef:1a:d0:95:96:b4:c1:fe:69:be:
                    82:a0:71:59:60:0c:d0:e1:1a:9a:f2:81:05:97:a1:
                    98:b8:22:47:b6:c2:46:ea:34:d1:80:2c:2e:c2:b5:
                    37:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:9C:C1:04:3A:80:C2:54:45:82:F9:51:E4:10:65:52:68:23:B2:F1
            X509v3 Authority Key Identifier:
                keyid:42:7A:26:70:50:8B:94:51:23:BE:EC:BF:13:14:5F:FB:D7:BF:CD:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnomcFCLlFEjvuy_ExRf-9e_zeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/3pzBBDqAwlRFgvlR5BBlUmgjsvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/ec2e08-f63a-4bd7-b864-06b3cea492ee/1/QnomcFCLlFEjvuy_ExRf-9e_zeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.172.0/22
                  212.42.32.0/19
                IPv6:
                  2a0d:9480::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:04:d4:d9:c4:c6:4f:a8:da:b3:fc:c0:08:4e:64:d3:7b:25:
         8d:73:77:34:2d:0e:c7:48:64:1c:ce:e6:60:4d:f1:df:59:a8:
         d7:fb:cd:0d:b8:93:e0:ae:0b:09:3e:bf:dd:7f:16:ad:0d:22:
         32:5c:cf:b1:9d:eb:2e:54:4c:b2:d4:83:f5:10:c6:3f:b7:ec:
         f1:49:f5:6c:81:9e:b1:a5:ef:77:f7:0d:2a:cb:79:f1:d3:aa:
         f7:ba:95:51:77:04:a9:ed:4c:6d:33:cb:bf:aa:ed:26:bd:69:
         e5:af:a8:de:b8:b4:70:0d:5d:b7:76:45:4b:b2:8e:c2:7a:55:
         20:93:f9:8e:c3:ab:91:38:be:bf:23:30:5a:9d:6e:e3:3f:47:
         b1:80:02:1b:7d:df:38:7b:f5:91:0f:fb:fa:e4:97:0e:dd:6b:
         0d:87:eb:3d:5a:74:f7:06:27:89:6c:59:d7:8b:b2:0d:70:69:
         3a:6f:71:0d:61:03:d2:14:57:c0:0a:29:06:be:eb:ce:68:21:
         16:5b:d0:63:10:e5:33:03:ac:f6:35:2c:31:18:a1:b2:95:1f:
         24:ca:10:0c:85:c4:f7:00:40:7b:bc:11:c4:67:6b:7a:16:34:
         c6:f0:e7:d5:90:0b:a0:4d:f5:e1:08:67:be:c1:fc:5d:ee:66:
         ca:aa:e8:82
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3TEATR3YsSBfGUw9PLJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2EyNjcwNTA4Yjk0NTEyM2JlZWNiZjEzMTQ1ZmZiZDdi
ZmNkZTQwHhcNMjQwMTAxMTYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTljYzEwNDNhODBjMjU0NDU4MmY5NTFlNDEwNjU1MjY4MjNiMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC00Zww3E9vhBbHr0tKqyFI7xAFz
RLk9P5vL5YzbJdoYfy2Wh9jIvD6UHliAR0AI5KerCNuXBIDf+A5qqJR98QbzCalP
VBc2CoeX06hW3mkl3HTMEx+G/2NUG0L0XgMERReDNc9UfCLX9xuE32ox1pZhEk28
lw+upugJ4RG+a1T7lFmZlNb9lQqWBywJZBSKpXBxVGcVWow08tdm6Ya/X2BJ91em
sfcEJL94GBXGBJySP0hbbOenOpXbAstL//I4yQODsWIdpytzG1/uS9OtbkeApP0z
re8a0JWWtMH+ab6CoHFZYAzQ4Rqa8oEFl6GYuCJHtsJG6jTRgCwuwrU3iQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN6cwQQ6gMJURYL5UeQQZVJoI7LxMB8GA1UdIwQY
MBaAFEJ6JnBQi5RRI77svxMUX/vXv83kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW5vbWNGQ0xsRkVqdnV5X0V4UmYtOWVfemVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9lYzJlMDgtZjYzYS00YmQ3LWI4NjQt
MDZiM2NlYTQ5MmVlLzEvM3B6QkJEcUF3bFJGZ3ZsUjVCQmxVbWdqc3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9lYzJlMDgtZjYzYS00YmQ3LWI4NjQtMDZiM2NlYTQ5MmVl
LzEvUW5vbWNGQ0xsRkVqdnV5X0V4UmYtOWVfemVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSGsAwQF
1CogMA0EAgACMAcDBQMqDZSAMA0GCSqGSIb3DQEBCwUAA4IBAQAfBNTZxMZPqNqz
/MAITmTTeyWNc3c0LQ7HSGQczuZgTfHfWajX+80NuJPgrgsJPr/dfxatDSIyXM+x
nesuVEyy1IP1EMY/t+zxSfVsgZ6xpe939w0qy3nx06r3upVRdwSp7UxtM8u/qu0m
vWnlr6jeuLRwDV23dkVLso7CelUgk/mOw6uROL6/IzBanW7jP0exgAIbfd84e/WR
D/v65JcO3WsNh+s9WnT3BieJbFnXi7INcGk6b3ENYQPSFFfACikGvuvOaCEWW9Bj
EOUzA6z2NSwxGKGylR8kyhAMhcT3AEB7vBHEZ2t6FjTG8OfVkAugTfXhCGe+wfxd
7mbKquiC
-----END CERTIFICATE-----