Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jZgqpqem90tXAgZCRL3UhRFRbRw.roa
File:                     jZgqpqem90tXAgZCRL3UhRFRbRw.roa (raw, json)
Hash identifier:          e1boVwfKMTb5WtxTaA0WvQLcmDJFoXji2lWsbyXPOPU=
Subject key identifier:   8D:98:2A:A6:A7:A6:F7:4B:57:02:06:42:44:BD:D4:85:11:51:6D:1C
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018F0C1190896AFDF3B374CF3619D55E4EEB
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jZgqpqem90tXAgZCRL3UhRFRbRw.roa
Signing time:             Tue 23 Apr 2024 17:47:08 +0000
ROA not before:           Tue 23 Apr 2024 17:47:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        213.209.129.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:11:90:89:6a:fd:f3:b3:74:cf:36:19:d5:5e:4e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Apr 23 17:47:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d982aa6a7a6f74b5702064244bdd48511516d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:97:35:25:22:39:32:2e:40:f1:3e:a5:7f:50:
                    d6:03:68:8a:32:c8:de:8b:f2:29:87:30:6b:06:48:
                    7c:a7:20:6b:7b:6f:d4:5a:25:28:ee:82:d0:ff:3d:
                    90:2d:97:a0:ce:f1:fc:dd:77:10:52:51:e1:42:9c:
                    35:66:ce:f8:7c:89:c3:e9:62:55:92:4a:4c:e7:60:
                    0e:e2:c4:b7:29:eb:4c:33:5a:e8:6a:99:4b:e2:7f:
                    b2:c3:5f:23:11:f5:0b:35:91:59:90:a9:e7:4a:57:
                    95:69:71:26:ca:86:3d:2b:64:36:19:b3:cc:bc:70:
                    53:d3:a6:a0:4d:c1:fe:cc:f0:33:f6:14:96:f2:20:
                    aa:17:a3:3b:bf:e6:13:e0:96:60:0b:8e:1a:ff:e2:
                    6f:cf:3e:27:ce:2b:b9:8a:e4:c2:1c:86:87:0a:2c:
                    00:e6:04:ba:ad:ec:1e:6b:c1:e5:df:e1:46:f1:50:
                    c9:03:bc:ad:03:a9:de:91:6e:63:fa:28:e2:75:a6:
                    70:bc:24:53:33:3e:54:df:44:d3:17:b4:31:85:5b:
                    eb:8c:3c:c2:44:fb:0c:57:05:68:b8:59:7b:25:3e:
                    35:77:f5:fd:27:7d:e6:e7:69:c0:90:c7:b5:c8:09:
                    11:b1:9e:13:3d:e8:af:05:ff:e0:23:82:46:ba:1b:
                    5b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:98:2A:A6:A7:A6:F7:4B:57:02:06:42:44:BD:D4:85:11:51:6D:1C
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jZgqpqem90tXAgZCRL3UhRFRbRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.129.0/24
                  213.209.143.0/24
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ee:d6:dd:45:3e:e5:7c:8a:a5:56:8a:a1:71:b9:30:63:11:
         81:14:f9:b0:f1:13:d8:e0:16:63:30:ad:e1:6f:fc:5a:b6:4d:
         43:30:6b:c3:6b:93:0c:04:0c:9f:50:fb:75:6b:62:af:61:5e:
         da:87:86:51:6b:e9:d9:79:de:d5:02:20:99:06:bc:6e:3e:3f:
         fe:72:64:35:83:c9:29:e0:23:b4:92:0c:8b:17:35:8f:bc:59:
         f3:58:1f:38:0c:ad:f8:0f:15:9f:e0:00:d4:4e:8b:c0:c9:cd:
         86:84:5e:07:37:a5:7a:92:91:91:1c:87:c8:06:94:52:84:b3:
         47:9f:fa:54:75:c8:36:3d:4a:d5:30:98:ac:d2:e1:06:f6:bb:
         07:22:61:cc:dd:2a:d8:35:bd:c3:6c:da:7b:d8:9a:db:9f:38:
         78:97:4e:11:1c:c6:73:aa:e7:f1:05:bc:8e:96:d3:43:19:73:
         d0:96:d0:d6:bf:f3:dc:ac:2a:4f:9e:db:b1:ff:83:72:24:3d:
         df:bc:97:9a:dc:3b:8e:10:d0:90:e3:51:1f:db:86:35:f3:c2:
         b2:4b:4c:7a:b3:05:9a:49:1b:ff:ec:cb:9f:b7:7d:ce:2c:41:
         4d:fc:16:4c:88:8f:da:b8:1e:02:5d:67:e6:d1:aa:bf:8f:d0:
         f9:e7:3f:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8MEZCJav3zs3TPNhnVXk7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwNDIzMTc0NzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk4MmFhNmE3YTZmNzRiNTcwMjA2NDI0NGJkZDQ4NTExNTE2ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5c1JSI5Mi5A8T6lf1DWA2iKMsje
i/IphzBrBkh8pyBre2/UWiUo7oLQ/z2QLZegzvH83XcQUlHhQpw1Zs74fInD6WJV
kkpM52AO4sS3KetMM1roaplL4n+yw18jEfULNZFZkKnnSleVaXEmyoY9K2Q2GbPM
vHBT06agTcH+zPAz9hSW8iCqF6M7v+YT4JZgC44a/+Jvzz4nziu5iuTCHIaHCiwA
5gS6rewea8Hl3+FG8VDJA7ytA6nekW5j+ijidaZwvCRTMz5U30TTF7QxhVvrjDzC
RPsMVwVouFl7JT41d/X9J33m52nAkMe1yAkRsZ4TPeivBf/gI4JGuhtb2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI2YKqanpvdLVwIGQkS91IURUW0cMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvalpncXBxZW05MHRYQWdaQ1JMM1VoUkZSYlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1dGBAwQA
1dGPAwQA1dGdMA0GCSqGSIb3DQEBCwUAA4IBAQCZ7tbdRT7lfIqlVoqhcbkwYxGB
FPmw8RPY4BZjMK3hb/xatk1DMGvDa5MMBAyfUPt1a2KvYV7ah4ZRa+nZed7VAiCZ
BrxuPj/+cmQ1g8kp4CO0kgyLFzWPvFnzWB84DK34DxWf4ADUTovAyc2GhF4HN6V6
kpGRHIfIBpRShLNHn/pUdcg2PUrVMJis0uEG9rsHImHM3SrYNb3DbNp72Jrbnzh4
l04RHMZzqufxBbyOltNDGXPQltDWv/PcrCpPntux/4NyJD3fvJea3DuOENCQ41Ef
24Y188KyS0x6swWaSRv/7Muft33OLEFN/BZMiI/auB4CXWfm0aq/j9D55z/7
-----END CERTIFICATE-----