Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/L3ZUOIdqhK94dLdPKbSMuz91P3k.roa
File:                     L3ZUOIdqhK94dLdPKbSMuz91P3k.roa (raw, json)
Hash identifier:          GZgt8N4CqBroFMVDseB0MmzXL4H/VvhVZyj77/NR7xQ=
Subject key identifier:   2F:76:54:38:87:6A:84:AF:78:74:B7:4F:29:B4:8C:BB:3F:75:3F:79
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018F028346A2DE5EB4EF38DB14A47FDF73AD
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/L3ZUOIdqhK94dLdPKbSMuz91P3k.roa
Signing time:             Sun 21 Apr 2024 21:15:08 +0000
ROA not before:           Sun 21 Apr 2024 21:15:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199218
IP address blocks:        83.229.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:02:83:46:a2:de:5e:b4:ef:38:db:14:a4:7f:df:73:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Apr 21 21:15:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f765438876a84af7874b74f29b48cbb3f753f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:02:ec:67:91:c5:5a:2e:46:88:8c:01:b3:21:
                    54:2a:39:fe:24:fb:f1:4b:69:f1:96:b8:5e:04:ba:
                    c8:6d:db:41:3f:16:4a:64:65:fb:eb:88:12:db:f0:
                    92:c1:c7:44:e0:69:f8:b2:d0:c7:42:60:e7:a6:01:
                    21:b0:de:6b:35:50:aa:ac:70:09:84:91:b2:79:0b:
                    61:8c:7c:e4:98:58:b2:ec:09:23:f2:c3:f4:20:db:
                    10:c2:df:ee:7d:f1:30:12:67:54:1f:c7:08:a0:3d:
                    d6:88:64:a4:45:56:e4:1f:f2:a6:e3:72:7e:c5:ff:
                    76:f3:b7:f3:fc:ae:7b:9e:0c:b6:74:f3:b7:65:73:
                    9a:f0:fa:16:14:64:07:91:17:ea:1a:9e:93:9c:42:
                    32:34:54:d2:7f:e1:3f:26:56:58:53:00:12:c5:46:
                    64:8a:02:de:cc:bd:21:3b:d1:81:b5:1d:26:53:8e:
                    a7:a6:28:31:b9:b0:d6:2f:44:c3:63:95:c4:a6:c6:
                    69:fb:29:17:a2:0f:9a:99:c6:c7:ab:fc:f6:43:1a:
                    ff:14:0b:b7:e1:c6:df:8d:9e:19:07:7e:dd:e6:1d:
                    57:d2:93:45:43:59:8c:13:39:19:d6:8c:18:97:86:
                    3b:d9:60:d2:e6:09:9d:ae:a0:89:44:f8:47:a0:98:
                    1d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:76:54:38:87:6A:84:AF:78:74:B7:4F:29:B4:8C:BB:3F:75:3F:79
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/L3ZUOIdqhK94dLdPKbSMuz91P3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.229.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:84:a6:42:8d:9f:72:0a:2a:ff:b2:4b:3c:f3:50:1e:30:97:
         2d:93:7d:77:7a:b8:11:4d:33:85:ec:2f:4e:bb:77:7a:67:bc:
         c9:42:68:fe:c9:96:4b:3c:e0:6a:cd:75:bc:e1:ec:db:4f:b8:
         1a:c3:55:62:d0:4a:35:bb:5e:e4:50:26:9f:fb:e4:94:17:ea:
         3b:85:a9:d3:78:69:28:d7:f8:a2:b6:06:90:fd:76:84:62:1a:
         69:7d:aa:9b:2b:a1:90:e2:c1:6a:1e:e3:cd:68:f4:52:2e:dc:
         0f:76:b4:41:c8:3d:a0:c3:59:a3:58:da:2d:82:5d:00:13:34:
         4e:81:b1:0d:f1:c5:4e:2c:a5:98:b0:ad:b9:09:f7:ea:8c:8b:
         5d:20:fc:ed:56:3a:f9:f4:e8:53:95:86:af:7a:cb:de:d2:09:
         6a:0b:39:23:bd:cb:7b:ef:6e:f7:b2:a6:dd:aa:d3:11:53:ab:
         a0:c7:7b:35:35:10:1c:4f:ed:f9:c5:36:a2:db:38:c6:51:9d:
         35:35:fe:c5:0a:27:b5:de:73:7a:38:fc:c2:9a:dc:87:3c:2b:
         59:c0:9e:b2:89:dd:6f:cc:a9:68:14:99:93:8b:a9:43:7b:eb:
         87:6b:b1:da:e0:cc:d1:3f:d4:d5:cc:4b:be:be:ca:75:20:dd:
         89:24:bb:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Cg0ai3l607zjbFKR/33OtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwNDIxMjExNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc2NTQzODg3NmE4NGFmNzg3NGI3NGYyOWI0OGNiYjNmNzUzZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogLsZ5HFWi5GiIwBsyFUKjn+JPvx
S2nxlrheBLrIbdtBPxZKZGX764gS2/CSwcdE4Gn4stDHQmDnpgEhsN5rNVCqrHAJ
hJGyeQthjHzkmFiy7Akj8sP0INsQwt/uffEwEmdUH8cIoD3WiGSkRVbkH/Km43J+
xf9287fz/K57ngy2dPO3ZXOa8PoWFGQHkRfqGp6TnEIyNFTSf+E/JlZYUwASxUZk
igLezL0hO9GBtR0mU46npigxubDWL0TDY5XEpsZp+ykXog+amcbHq/z2Qxr/FAu3
4cbfjZ4ZB37d5h1X0pNFQ1mMEzkZ1owYl4Y72WDS5gmdrqCJRPhHoJgdywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC92VDiHaoSveHS3Tym0jLs/dT95MB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvTDNaVU9JZHFoSzk0ZExkUEtiU011ejkxUDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU+UXMA0G
CSqGSIb3DQEBCwUAA4IBAQAWhKZCjZ9yCir/sks881AeMJctk313ergRTTOF7C9O
u3d6Z7zJQmj+yZZLPOBqzXW84ezbT7gaw1Vi0Eo1u17kUCaf++SUF+o7hanTeGko
1/iitgaQ/XaEYhppfaqbK6GQ4sFqHuPNaPRSLtwPdrRByD2gw1mjWNotgl0AEzRO
gbEN8cVOLKWYsK25CffqjItdIPztVjr59OhTlYavesve0glqCzkjvct77273sqbd
qtMRU6ugx3s1NRAcT+35xTai2zjGUZ01Nf7FCie13nN6OPzCmtyHPCtZwJ6yid1v
zKloFJmTi6lDe+uHa7Ha4MzRP9TVzEu+vsp1IN2JJLt/
-----END CERTIFICATE-----