Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/3p97eb_nPKQl9h75_z6MeKVSS_4.roa
File:                     3p97eb_nPKQl9h75_z6MeKVSS_4.roa (raw, json)
Hash identifier:          2fmYI0EbsOrzqb8wH8j7+Lg8HrIgluI9+lMApId/k8s=
Subject key identifier:   DE:9F:7B:79:BF:E7:3C:A4:25:F6:1E:F9:FF:3E:8C:78:A5:52:4B:FE
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E93E2CE62AF8B9068651B3193F6F8
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/3p97eb_nPKQl9h75_z6MeKVSS_4.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51575
IP address blocks:        92.45.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:93:e2:ce:62:af:8b:90:68:65:1b:31:93:f6:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de9f7b79bfe73ca425f61ef9ff3e8c78a5524bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e0:30:8b:13:54:21:57:72:e1:3e:e9:88:f7:
                    51:5d:2a:f6:34:b9:76:09:b4:f3:f2:94:3d:63:08:
                    99:37:5a:55:04:89:35:1f:33:3c:3a:b0:40:f6:2c:
                    2e:dc:5a:dd:90:a5:e1:0d:5c:fb:93:da:21:98:17:
                    ee:9a:a3:a5:af:8c:58:f0:4d:97:cc:37:75:f4:30:
                    96:1a:5c:9d:3f:9b:d4:82:61:51:97:c8:a0:03:a4:
                    60:81:6d:98:5b:54:0f:1a:bb:96:99:96:ca:53:c9:
                    17:ce:b1:d0:bc:d9:e0:87:39:7d:db:f3:92:e5:b2:
                    4f:dd:99:65:74:71:91:50:41:b7:e7:12:2b:a2:4b:
                    80:36:1a:4e:ff:f7:bd:b8:03:13:f2:60:2a:d3:ed:
                    b6:3f:ec:f5:ea:c9:32:e6:ba:7b:79:3b:d5:87:8c:
                    4e:08:02:fb:a3:a3:8c:0e:9c:1b:ce:a8:f0:cd:3e:
                    27:cb:ec:a5:f4:8c:39:bb:52:99:16:3b:3f:a3:ff:
                    98:04:af:cc:5a:70:07:ae:c1:41:ed:4c:07:1f:25:
                    b3:fc:c8:ae:ce:20:eb:03:73:13:fe:8b:75:2d:82:
                    28:33:17:98:3b:b6:71:24:00:e6:a8:0a:7c:74:ea:
                    61:20:22:e3:bd:ac:e5:8e:f9:5f:32:a4:f9:8b:cb:
                    b4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:9F:7B:79:BF:E7:3C:A4:25:F6:1E:F9:FF:3E:8C:78:A5:52:4B:FE
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/3p97eb_nPKQl9h75_z6MeKVSS_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6d:ec:c8:3f:23:ef:d6:c7:15:65:35:c8:4f:6a:7a:d4:f9:
         55:c2:68:69:1f:98:85:8f:cf:de:ea:15:56:bb:a0:30:65:37:
         49:8a:e5:a2:31:95:7c:ed:c3:95:9c:98:23:c0:62:a8:e3:18:
         e0:c0:ad:3d:73:aa:6f:5c:78:8b:ff:98:a7:06:9d:68:ae:56:
         20:c7:64:e0:18:af:02:6d:6a:16:20:ca:98:95:f6:d9:3e:b7:
         d7:b2:c1:69:fd:69:4b:56:51:2a:b1:d9:dc:c5:1f:8c:8a:07:
         8a:24:ed:5c:46:3e:4b:66:3b:5a:ff:47:0b:2c:23:de:ee:4c:
         00:e7:86:84:d7:c0:e3:ae:32:9a:62:3a:0c:9f:7b:05:52:26:
         f2:b4:2a:3e:bf:f0:30:68:98:ba:08:55:65:95:27:b5:ac:f9:
         17:b9:63:b6:21:33:dc:30:11:aa:6f:b8:3a:cb:64:0a:79:e7:
         25:24:d6:f3:4b:01:b5:31:90:3a:44:29:21:02:ae:14:f5:ef:
         96:69:f7:87:a7:32:02:ba:54:89:b3:d2:11:29:77:9e:cc:14:
         d4:9e:1a:0a:ac:bc:62:d8:b9:93:8d:ba:21:c2:da:53:52:ae:
         55:85:5d:7e:35:30:b9:9f:58:da:6e:f3:48:39:7e:1b:6b:98:
         ca:10:fd:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpPizmKvi5BoZRsxk/b4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTlmN2I3OWJmZTczY2E0MjVmNjFlZjlmZjNlOGM3OGE1NTI0YmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseAwixNUIVdy4T7piPdRXSr2NLl2
CbTz8pQ9YwiZN1pVBIk1HzM8OrBA9iwu3FrdkKXhDVz7k9ohmBfumqOlr4xY8E2X
zDd19DCWGlydP5vUgmFRl8igA6RggW2YW1QPGruWmZbKU8kXzrHQvNnghzl92/OS
5bJP3ZlldHGRUEG35xIrokuANhpO//e9uAMT8mAq0+22P+z16sky5rp7eTvVh4xO
CAL7o6OMDpwbzqjwzT4ny+yl9Iw5u1KZFjs/o/+YBK/MWnAHrsFB7UwHHyWz/Miu
ziDrA3MT/ot1LYIoMxeYO7ZxJADmqAp8dOphICLjvazljvlfMqT5i8u0oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6fe3m/5zykJfYe+f8+jHilUkv+MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvM3A5N2ViX25QS1FsOWg3NV96Nk1lS1ZTU180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXC1CMA0G
CSqGSIb3DQEBCwUAA4IBAQAjbezIPyPv1scVZTXIT2p61PlVwmhpH5iFj8/e6hVW
u6AwZTdJiuWiMZV87cOVnJgjwGKo4xjgwK09c6pvXHiL/5inBp1orlYgx2TgGK8C
bWoWIMqYlfbZPrfXssFp/WlLVlEqsdncxR+MigeKJO1cRj5LZjta/0cLLCPe7kwA
54aE18DjrjKaYjoMn3sFUibytCo+v/AwaJi6CFVllSe1rPkXuWO2ITPcMBGqb7g6
y2QKeeclJNbzSwG1MZA6RCkhAq4U9e+WafeHpzICulSJs9IRKXeezBTUnhoKrLxi
2LmTjbohwtpTUq5VhV1+NTC5n1jabvNIOX4ba5jKEP2x
-----END CERTIFICATE-----