Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3CvCe0AZDnlUUuV71Oh5mDkHyZE.roa
File:                     3CvCe0AZDnlUUuV71Oh5mDkHyZE.roa (raw, json)
Hash identifier:          ss5JMLiPa0Qa5B/PM/BeUTpZ7wVdHzyrTWlUDuPKKNA=
Subject key identifier:   DC:2B:C2:7B:40:19:0E:79:54:52:E5:7B:D4:E8:79:98:39:07:C9:91
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018CC2DB32F3912316CD907ED344604B0785
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3CvCe0AZDnlUUuV71Oh5mDkHyZE.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41378
IP address blocks:        185.83.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:32:f3:91:23:16:cd:90:7e:d3:44:60:4b:07:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc2bc27b40190e795452e57bd4e879983907c991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4c:98:bd:bd:3b:6c:f4:7c:9c:8c:99:40:9c:
                    46:d8:e4:f9:fa:c4:02:f0:8a:70:c2:3e:0d:c6:09:
                    8f:e1:0c:f4:88:95:6a:e2:b0:1a:89:f3:57:f9:df:
                    40:e2:5c:89:fd:00:1b:94:25:cb:0c:4d:75:8f:6b:
                    a6:41:59:1c:2a:50:65:0d:81:71:f2:13:b1:f2:11:
                    47:f2:20:4e:f8:31:18:cf:0f:81:fd:c4:8b:d7:7e:
                    25:ad:f5:f7:5c:3f:3a:a4:a8:41:e1:73:15:70:af:
                    71:c7:1b:4a:d8:94:9f:99:f0:4e:ef:f6:db:c5:0c:
                    e2:89:58:53:c3:a6:ff:e9:3f:d4:86:1b:80:50:c6:
                    c5:37:3b:80:7f:c8:68:0c:0e:a2:b2:bd:8c:dd:3e:
                    20:65:35:9f:e7:e2:6e:23:c2:01:0a:1a:dd:de:47:
                    b5:57:aa:07:60:32:12:86:a4:aa:0b:e9:93:2f:95:
                    f0:1a:b9:1e:81:55:c0:59:18:70:4c:68:40:6b:6e:
                    c1:9e:c9:4c:21:02:45:ad:a3:01:b4:f1:4b:46:b0:
                    dc:bf:84:b8:c9:03:ab:21:8a:5f:0f:7d:65:9a:e3:
                    16:58:11:42:3e:bb:86:14:a2:0c:23:76:ee:c9:5b:
                    2c:bb:91:f2:8a:2e:e4:44:81:4b:b0:5f:5d:ca:ba:
                    c9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:2B:C2:7B:40:19:0E:79:54:52:E5:7B:D4:E8:79:98:39:07:C9:91
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3CvCe0AZDnlUUuV71Oh5mDkHyZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:7a:7e:9a:8e:c1:84:94:ac:06:60:4c:32:5e:9e:32:88:97:
         bb:61:14:1c:7d:5b:bd:e0:e9:33:c8:84:cd:1d:89:24:4c:01:
         25:1f:75:a1:09:ed:9c:48:bf:53:7c:4f:27:24:ae:f2:f2:df:
         cc:7c:f0:84:d6:5d:b5:38:fd:3f:ae:42:c0:f5:b4:ec:2f:87:
         2c:2a:42:6b:98:ae:7f:c3:5c:99:e8:ea:74:04:a1:71:32:21:
         43:f8:c1:4a:aa:65:cc:23:03:a9:88:e8:30:8b:a7:c6:c2:de:
         b1:d1:df:b4:82:bc:63:c5:78:a3:80:38:8a:73:3b:f6:ba:46:
         f3:ce:05:92:20:3e:cf:71:9b:b4:aa:5d:87:92:3a:fb:7b:60:
         81:85:ab:10:06:ee:b2:f7:4c:8b:31:b5:69:f4:3e:e7:06:0f:
         1f:3b:95:d7:9a:6c:a1:70:51:c8:62:80:99:36:8d:75:75:f3:
         2a:d1:46:e2:f5:86:09:ae:b2:f6:cc:c7:a7:a6:9c:97:55:b3:
         db:dd:83:85:1d:1f:4e:98:18:ff:e0:2c:65:1d:4f:17:57:1d:
         58:83:1f:9f:0e:4e:20:3a:81:db:41:01:75:a7:a7:e0:25:2b:
         db:e4:a1:0e:e8:e3:4a:73:06:69:5e:03:bf:c4:2e:f6:91:e4:
         ed:8f:a1:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zLzkSMWzZB+00RgSweFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzJiYzI3YjQwMTkwZTc5NTQ1MmU1N2JkNGU4Nzk5ODM5MDdjOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkyYvb07bPR8nIyZQJxG2OT5+sQC
8Ipwwj4NxgmP4Qz0iJVq4rAaifNX+d9A4lyJ/QAblCXLDE11j2umQVkcKlBlDYFx
8hOx8hFH8iBO+DEYzw+B/cSL134lrfX3XD86pKhB4XMVcK9xxxtK2JSfmfBO7/bb
xQziiVhTw6b/6T/UhhuAUMbFNzuAf8hoDA6isr2M3T4gZTWf5+JuI8IBChrd3ke1
V6oHYDIShqSqC+mTL5XwGrkegVXAWRhwTGhAa27BnslMIQJFraMBtPFLRrDcv4S4
yQOrIYpfD31lmuMWWBFCPruGFKIMI3buyVssu5Hyii7kRIFLsF9dyrrJ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwrwntAGQ55VFLle9ToeZg5B8mRMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvM0N2Q2UwQVpEbmxVVXVWNzFPaDVtRGtIeVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVPKMA0G
CSqGSIb3DQEBCwUAA4IBAQA9en6ajsGElKwGYEwyXp4yiJe7YRQcfVu94OkzyITN
HYkkTAElH3WhCe2cSL9TfE8nJK7y8t/MfPCE1l21OP0/rkLA9bTsL4csKkJrmK5/
w1yZ6Op0BKFxMiFD+MFKqmXMIwOpiOgwi6fGwt6x0d+0grxjxXijgDiKczv2ukbz
zgWSID7PcZu0ql2Hkjr7e2CBhasQBu6y90yLMbVp9D7nBg8fO5XXmmyhcFHIYoCZ
No11dfMq0Ubi9YYJrrL2zMenppyXVbPb3YOFHR9OmBj/4CxlHU8XVx1Ygx+fDk4g
OoHbQQF1p6fgJSvb5KEO6ONKcwZpXgO/xC72keTtj6El
-----END CERTIFICATE-----