Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/3oPPC7GhgZE-YYKiteCljoiwKBU.roa
File:                     3oPPC7GhgZE-YYKiteCljoiwKBU.roa (raw, json)
Hash identifier:          htcMSXNQ+BDnI3lz4G4yDNlK4PqXpM47uEcpJA67HnA=
Subject key identifier:   DE:83:CF:0B:B1:A1:81:91:3E:61:82:A2:B5:E0:A5:8E:88:B0:28:15
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       018CCA29DB33118C443EAE37760F0D3F87DC
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/3oPPC7GhgZE-YYKiteCljoiwKBU.roa
Signing time:             Tue 02 Jan 2024 12:33:09 +0000
ROA not before:           Tue 02 Jan 2024 12:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203727
IP address blocks:        5.42.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:db:33:11:8c:44:3e:ae:37:76:0f:0d:3f:87:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Jan  2 12:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de83cf0bb1a181913e6182a2b5e0a58e88b02815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f5:cb:1a:d9:a4:b0:80:83:d9:f5:15:9e:4a:
                    dd:e7:11:dd:14:f0:ea:17:df:e0:fe:0b:af:36:6c:
                    6b:b3:c4:d0:ae:e1:e7:42:59:ad:d7:2b:b1:ec:56:
                    fe:dd:91:d7:e7:b0:2a:5a:48:1b:aa:72:b1:82:1c:
                    c7:2c:4c:a5:95:94:25:53:11:5c:bb:17:a2:de:7c:
                    e8:c1:80:19:e7:7b:cb:28:29:dd:2c:a1:4e:17:e1:
                    b9:3d:01:93:66:82:2a:0c:73:ad:3e:a7:09:a7:3c:
                    ad:4e:98:1a:55:4d:75:5a:c0:27:9a:35:f2:a5:da:
                    73:3c:ba:7f:b8:17:77:59:9a:0d:bc:0c:bc:ff:67:
                    60:0a:a0:fc:c7:4e:78:f6:82:5f:64:c2:32:26:c8:
                    0b:f6:70:1c:2e:31:7d:0d:73:ea:17:8d:c0:7e:79:
                    94:44:2d:05:fc:e3:48:9a:fd:08:5a:c4:5f:26:18:
                    1b:fe:01:2f:d6:a4:8e:f3:a7:8c:14:a3:a1:7a:0a:
                    8b:13:c9:3f:d3:27:5f:db:b9:2f:8b:97:d7:04:cb:
                    3e:f9:28:3c:73:45:7a:08:bf:b6:e4:ba:b3:8e:5d:
                    43:29:fa:ad:67:d4:7a:2d:4f:d5:44:0a:fe:58:c6:
                    cc:91:81:2e:06:c0:88:26:3c:a2:0a:75:c1:8b:61:
                    48:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:83:CF:0B:B1:A1:81:91:3E:61:82:A2:B5:E0:A5:8E:88:B0:28:15
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/3oPPC7GhgZE-YYKiteCljoiwKBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:d3:a3:bb:be:03:df:f3:69:21:9e:7d:4d:8f:5e:76:dd:fd:
         36:3c:35:2b:1d:16:7c:c1:51:25:c1:fd:ec:9a:aa:6a:37:c9:
         ef:36:c5:ae:6a:20:59:a6:a4:8f:c9:1f:28:fb:af:a0:65:f0:
         22:cd:f4:e4:55:b0:5d:cb:79:83:9c:1b:b1:28:a9:bc:ea:56:
         cf:61:de:57:cb:50:81:26:72:41:7d:f9:e2:39:cf:b0:23:a7:
         b8:44:49:f4:81:f5:a3:ea:bb:3c:73:4a:c3:40:92:7a:d6:1c:
         f4:94:c7:60:87:5f:50:ff:a1:0a:8f:2c:8c:f1:b6:9a:b4:f7:
         7d:12:d0:86:8b:47:ef:35:c2:0d:9e:e7:51:3c:ad:ea:d4:8f:
         d8:35:f2:f2:af:41:9e:d1:eb:82:47:87:e1:4c:a7:f8:89:fc:
         24:8d:07:9b:4c:9c:36:52:ed:c1:fe:8c:3b:f5:f2:28:49:03:
         f2:8a:fa:94:19:41:ca:a1:b6:e1:fb:34:2a:ee:71:3d:f1:1d:
         83:a4:40:ce:f2:9c:d9:51:60:8b:3c:b6:0d:d4:9d:6d:f2:91:
         c7:54:ce:df:7d:36:dc:38:0b:9a:54:e2:9a:a5:69:16:d2:57:
         6c:5b:9b:ab:e1:43:37:69:1e:f1:03:53:78:0b:e6:40:23:8a:
         7a:f4:0e:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdszEYxEPq43dg8NP4fcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwMTAyMTIzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTgzY2YwYmIxYTE4MTkxM2U2MTgyYTJiNWUwYTU4ZTg4YjAyODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvXLGtmksICD2fUVnkrd5xHdFPDq
F9/g/guvNmxrs8TQruHnQlmt1yux7Fb+3ZHX57AqWkgbqnKxghzHLEyllZQlUxFc
uxei3nzowYAZ53vLKCndLKFOF+G5PQGTZoIqDHOtPqcJpzytTpgaVU11WsAnmjXy
pdpzPLp/uBd3WZoNvAy8/2dgCqD8x0549oJfZMIyJsgL9nAcLjF9DXPqF43AfnmU
RC0F/ONImv0IWsRfJhgb/gEv1qSO86eMFKOhegqLE8k/0ydf27kvi5fXBMs++Sg8
c0V6CL+25Lqzjl1DKfqtZ9R6LU/VRAr+WMbMkYEuBsCIJjyiCnXBi2FIgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6DzwuxoYGRPmGCorXgpY6IsCgVMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvM29QUEM3R2hnWkUtWVlLaXRlQ2xqb2l3S0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSpcMA0G
CSqGSIb3DQEBCwUAA4IBAQDP06O7vgPf82khnn1Nj1523f02PDUrHRZ8wVElwf3s
mqpqN8nvNsWuaiBZpqSPyR8o+6+gZfAizfTkVbBdy3mDnBuxKKm86lbPYd5Xy1CB
JnJBffniOc+wI6e4REn0gfWj6rs8c0rDQJJ61hz0lMdgh19Q/6EKjyyM8baatPd9
EtCGi0fvNcINnudRPK3q1I/YNfLyr0Ge0euCR4fhTKf4ifwkjQebTJw2Uu3B/ow7
9fIoSQPyivqUGUHKobbh+zQq7nE98R2DpEDO8pzZUWCLPLYN1J1t8pHHVM7ffTbc
OAuaVOKapWkW0ldsW5ur4UM3aR7xA1N4C+ZAI4p69A5E
-----END CERTIFICATE-----