Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3D9RAu1qbdUZxKdhcM5D_D6Hwas.roa
File:                     3D9RAu1qbdUZxKdhcM5D_D6Hwas.roa (raw, json)
Hash identifier:          gkViHvkFLmV5MyRgMb3DxpbQqRbGd/sGy7mHtu9CHJQ=
Subject key identifier:   DC:3F:51:02:ED:6A:6D:D5:19:C4:A7:61:70:CE:43:FC:3E:87:C1:AB
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3B1C060649A30D120F7CF4B742C7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3D9RAu1qbdUZxKdhcM5D_D6Hwas.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209883
IP address blocks:        193.203.127.0/24 maxlen: 24
                          2a0e:f8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3b:1c:06:06:49:a3:0d:12:0f:7c:f4:b7:42:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3f5102ed6a6dd519c4a76170ce43fc3e87c1ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:07:e9:1c:78:ed:60:db:5e:0b:f6:92:07:c7:
                    6f:b9:db:a3:5e:0a:44:8e:83:7e:83:df:e6:06:a9:
                    78:1a:97:8f:c5:a5:ab:06:27:49:b4:3c:3f:f7:e2:
                    fc:98:e7:a3:ab:bc:b4:6f:26:ab:65:d7:e4:66:7c:
                    8c:78:d7:01:17:31:f6:bb:be:e1:73:f9:34:38:f3:
                    36:3d:db:37:6d:ef:ae:3c:08:6d:7f:a8:f1:7f:c7:
                    fc:fd:67:9c:21:5d:d5:e2:e2:2e:34:a5:ba:92:fc:
                    fb:c0:16:ba:e8:d3:cf:be:8b:50:04:13:0f:18:88:
                    dd:b0:0d:a7:94:d5:3c:2e:3e:3b:4e:e7:21:25:f8:
                    88:75:3f:23:a1:52:ef:cc:2f:3d:e2:ae:67:5a:34:
                    7f:d2:d3:85:ae:84:1a:9a:15:2d:53:1c:4e:88:28:
                    31:7a:34:7e:57:8b:fe:2c:cd:93:74:e1:be:56:b8:
                    9a:d9:b2:ce:e0:66:47:29:90:95:1a:a2:25:4a:31:
                    5f:e4:e4:24:9e:1e:cd:09:8f:ba:67:b2:83:60:26:
                    11:fb:88:f5:01:34:0f:45:85:cf:99:42:75:36:f6:
                    aa:aa:c3:b9:cf:73:1e:cd:08:f5:ab:0f:f6:a7:c3:
                    17:40:5d:e9:04:a7:39:3b:84:95:72:f3:91:9c:18:
                    7b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3F:51:02:ED:6A:6D:D5:19:C4:A7:61:70:CE:43:FC:3E:87:C1:AB
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3D9RAu1qbdUZxKdhcM5D_D6Hwas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.127.0/24
                IPv6:
                  2a0e:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:1b:42:71:71:84:8a:fd:e2:a0:79:a3:d2:f4:d9:bc:c1:58:
         f9:60:93:1b:3d:68:05:58:8d:9a:91:85:a4:97:c0:84:41:cd:
         96:ea:d5:06:98:ce:73:4e:b8:7f:cd:da:5e:8d:d3:38:01:b1:
         03:de:2d:ba:cb:40:81:69:a1:08:7b:fb:2f:bd:0e:59:b9:33:
         68:10:83:17:6f:24:fd:39:73:f5:2d:ff:a5:90:84:75:30:e4:
         e6:df:60:9a:58:aa:57:cf:1c:b5:5d:eb:33:80:17:b2:60:c6:
         f5:5b:c2:2f:0d:65:f6:0f:ad:70:88:e2:d3:77:93:d4:37:1d:
         b1:5f:28:b5:42:ed:90:b2:70:25:a0:de:c8:d6:08:4a:01:7a:
         94:f9:ed:72:37:19:a7:1b:a6:e5:01:32:ac:40:37:ca:73:03:
         d5:b3:c8:1f:a3:85:a5:29:53:75:51:bf:7c:3d:b7:94:5c:32:
         54:b2:74:e9:ee:10:90:97:fa:5e:29:54:f2:c6:12:da:79:dd:
         18:7c:ce:44:9f:da:91:02:4f:e0:bb:bb:63:44:d2:1c:a1:bc:
         89:f0:f5:30:e5:9a:16:6d:7f:85:03:7e:8f:ab:8a:00:99:4f:
         3d:ce:2e:8b:e5:c1:21:cb:0c:cb:60:75:05:82:f2:77:91:83:
         23:cc:42:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2zscBgZJow0SD3z0t0LHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNmNTEwMmVkNmE2ZGQ1MTljNGE3NjE3MGNlNDNmYzNlODdjMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQfpHHjtYNteC/aSB8dvudujXgpE
joN+g9/mBql4GpePxaWrBidJtDw/9+L8mOejq7y0byarZdfkZnyMeNcBFzH2u77h
c/k0OPM2Pds3be+uPAhtf6jxf8f8/WecIV3V4uIuNKW6kvz7wBa66NPPvotQBBMP
GIjdsA2nlNU8Lj47TuchJfiIdT8joVLvzC894q5nWjR/0tOFroQamhUtUxxOiCgx
ejR+V4v+LM2TdOG+Vria2bLO4GZHKZCVGqIlSjFf5OQknh7NCY+6Z7KDYCYR+4j1
ATQPRYXPmUJ1NvaqqsO5z3MezQj1qw/2p8MXQF3pBKc5O4SVcvORnBh7ewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNw/UQLtam3VGcSnYXDOQ/w+h8GrMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvM0Q5UkF1MXFiZFVaeEtkaGNNNURfRDZId2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwct/MA0E
AgACMAcDBQMqDvjAMA0GCSqGSIb3DQEBCwUAA4IBAQAdG0JxcYSK/eKgeaPS9Nm8
wVj5YJMbPWgFWI2akYWkl8CEQc2W6tUGmM5zTrh/zdpejdM4AbED3i26y0CBaaEI
e/svvQ5ZuTNoEIMXbyT9OXP1Lf+lkIR1MOTm32CaWKpXzxy1XeszgBeyYMb1W8Iv
DWX2D61wiOLTd5PUNx2xXyi1Qu2QsnAloN7I1ghKAXqU+e1yNxmnG6blATKsQDfK
cwPVs8gfo4WlKVN1Ub98PbeUXDJUsnTp7hCQl/peKVTyxhLaed0YfM5En9qRAk/g
u7tjRNIcobyJ8PUw5ZoWbX+FA36Pq4oAmU89zi6L5cEhywzLYHUFgvJ3kYMjzEKP
-----END CERTIFICATE-----