Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3rx_h_uYzBKgJrMD3zI_ktLFSP8.roa
File:                     3rx_h_uYzBKgJrMD3zI_ktLFSP8.roa (raw, json)
Hash identifier:          IIBQnQYlajMZQ5Q+O/8oRwKxY1KN4GY2PYl3iycHtrg=
Subject key identifier:   DE:BC:7F:87:FB:98:CC:12:A0:26:B3:03:DF:32:3F:92:D2:C5:48:FF
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018F5E54577C1549A28523A1CC8785646345
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3rx_h_uYzBKgJrMD3zI_ktLFSP8.roa
Signing time:             Thu 09 May 2024 17:08:56 +0000
ROA not before:           Thu 09 May 2024 17:08:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        188.209.133.0/24 maxlen: 24
                          188.209.136.0/24 maxlen: 24
                          188.209.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5e:54:57:7c:15:49:a2:85:23:a1:cc:87:85:64:63:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: May  9 17:08:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=debc7f87fb98cc12a026b303df323f92d2c548ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bd:b6:c2:6a:f2:d7:36:80:f8:9e:c1:cc:84:
                    3e:16:2d:a5:5a:25:26:57:17:55:3e:df:78:25:48:
                    4f:ab:df:c5:8a:79:3b:cf:fd:1d:35:c4:2f:2e:74:
                    e2:b9:f1:0a:29:09:56:41:03:03:a3:86:96:98:61:
                    58:7b:2b:f7:81:e8:8a:99:b1:d2:40:bb:95:ae:4c:
                    62:99:78:06:8f:ff:d5:05:03:43:96:d5:95:bc:7f:
                    53:ad:ea:71:04:49:59:df:81:69:93:da:f3:72:e2:
                    b1:d7:00:95:09:99:56:1d:c0:c7:fa:d7:29:1e:de:
                    3b:12:31:1d:bd:8c:02:19:13:6e:82:07:c4:10:3e:
                    06:86:c2:f2:6c:42:e4:bb:65:3f:f6:17:75:e3:19:
                    83:ee:38:f6:3c:67:b7:51:84:c6:ed:c1:87:6b:e7:
                    91:92:db:0a:d3:a5:8f:cc:cf:a4:4a:d1:13:de:56:
                    bf:5c:b5:a2:ae:94:45:82:67:79:5c:96:1f:72:b3:
                    51:14:58:7b:29:39:04:26:81:8f:a7:ec:17:fa:c0:
                    c0:71:6a:4c:ab:52:1b:d1:f5:f7:f8:83:f8:70:60:
                    03:2c:08:23:74:1d:06:29:79:65:fe:d4:53:04:84:
                    d7:ed:f6:31:68:17:b3:75:b1:41:91:2c:88:2f:ec:
                    70:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BC:7F:87:FB:98:CC:12:A0:26:B3:03:DF:32:3F:92:D2:C5:48:FF
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/3rx_h_uYzBKgJrMD3zI_ktLFSP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24
                  188.209.136.0/24
                  188.209.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:28:9a:2f:f7:46:44:09:27:4b:b7:b9:55:75:ae:04:9d:6b:
         99:3a:be:2f:80:be:43:c4:d1:8a:d4:80:74:35:41:af:a2:9a:
         d9:05:91:56:fb:6d:0c:65:f5:a8:80:15:8b:2a:c6:e1:96:9c:
         bb:68:1c:58:ba:d4:11:e6:e7:c0:3a:a9:88:c4:0d:d5:58:c8:
         6e:d7:49:ed:9b:d7:bb:88:ac:65:4e:2d:cb:49:c3:ef:cd:a6:
         20:62:1c:2e:82:69:48:9e:e0:e6:17:1f:94:3f:82:71:0b:46:
         71:0a:9d:e9:ed:87:15:20:4d:d5:ea:c5:8d:d8:bb:77:90:37:
         a1:98:9c:e2:b9:64:6d:b5:68:67:3d:4a:24:08:94:e9:ae:d3:
         5f:2f:fb:d4:e8:d1:20:7d:da:79:16:e4:f3:9b:0f:f3:bf:39:
         c6:7b:d1:f0:1e:84:81:91:b7:c6:be:c0:b1:7f:7f:cc:08:ac:
         47:ed:c9:c2:5a:39:99:50:06:c4:19:b4:be:86:29:9c:ee:37:
         25:18:95:28:e5:f1:d9:5e:21:a3:35:d2:a5:5d:8d:51:c5:7f:
         20:70:84:96:c3:38:9c:53:89:ab:6f:87:75:5d:dd:ae:e3:59:
         17:6f:da:4d:e8:a1:69:d7:57:b7:c9:89:f7:e8:87:ce:34:86:
         6c:40:3f:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9eVFd8FUmihSOhzIeFZGNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwNTA5MTcwODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJjN2Y4N2ZiOThjYzEyYTAyNmIzMDNkZjMyM2Y5MmQyYzU0OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0722wmry1zaA+J7BzIQ+Fi2lWiUm
VxdVPt94JUhPq9/Fink7z/0dNcQvLnTiufEKKQlWQQMDo4aWmGFYeyv3geiKmbHS
QLuVrkximXgGj//VBQNDltWVvH9TrepxBElZ34Fpk9rzcuKx1wCVCZlWHcDH+tcp
Ht47EjEdvYwCGRNuggfEED4GhsLybELku2U/9hd14xmD7jj2PGe3UYTG7cGHa+eR
ktsK06WPzM+kStET3la/XLWirpRFgmd5XJYfcrNRFFh7KTkEJoGPp+wX+sDAcWpM
q1Ib0fX3+IP4cGADLAgjdB0GKXll/tRTBITX7fYxaBezdbFBkSyIL+xw8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN68f4f7mMwSoCazA98yP5LSxUj/MB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvM3J4X2hfdVl6QktnSnJNRDN6SV9rdExGU1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvNGFAwQA
vNGIAwQAvNGLMA0GCSqGSIb3DQEBCwUAA4IBAQA/KJov90ZECSdLt7lVda4EnWuZ
Or4vgL5DxNGK1IB0NUGvoprZBZFW+20MZfWogBWLKsbhlpy7aBxYutQR5ufAOqmI
xA3VWMhu10ntm9e7iKxlTi3LScPvzaYgYhwugmlInuDmFx+UP4JxC0ZxCp3p7YcV
IE3V6sWN2Lt3kDehmJziuWRttWhnPUokCJTprtNfL/vU6NEgfdp5FuTzmw/zvznG
e9HwHoSBkbfGvsCxf3/MCKxH7cnCWjmZUAbEGbS+himc7jclGJUo5fHZXiGjNdKl
XY1RxX8gcISWwzicU4mrb4d1Xd2u41kXb9pN6KFp11e3yYn36IfONIZsQD+m
-----END CERTIFICATE-----