Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/o3kEcEQUg-JsD1DdmuOumtjiDvU.roa
File:                     o3kEcEQUg-JsD1DdmuOumtjiDvU.roa (raw, json)
Hash identifier:          VSzC23+dHl5rOdFSO7mP6g+Hxe3tglvR/TJf4hxkrdU=
Subject key identifier:   A3:79:04:70:44:14:83:E2:6C:0F:50:DD:9A:E3:AE:9A:D8:E2:0E:F5
Certificate issuer:       /CN=521d2c07c28ac7b726a825d3693afe2397209de6
Certificate serial:       018CCA296261CDE6B8991A3495C79C0B473F
Authority key identifier: 52:1D:2C:07:C2:8A:C7:B7:26:A8:25:D3:69:3A:FE:23:97:20:9D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/o3kEcEQUg-JsD1DdmuOumtjiDvU.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25100
IP address blocks:        81.5.64.0/18 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:62:61:cd:e6:b8:99:1a:34:95:c7:9c:0b:47:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521d2c07c28ac7b726a825d3693afe2397209de6
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3790470441483e26c0f50dd9ae3ae9ad8e20ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e5:36:79:e6:f8:9f:02:ad:f8:34:b0:93:52:
                    c1:69:b2:30:d4:51:ae:56:4f:6b:a5:cf:06:ea:e9:
                    f8:0b:fd:0d:83:44:df:f1:86:bc:78:b6:c0:c0:fb:
                    ba:1d:80:60:ba:46:b9:88:86:c5:57:07:34:7d:bb:
                    9d:a6:ce:12:f3:fd:ae:b9:73:4c:06:ac:f0:74:d5:
                    4c:46:bf:d8:4a:43:71:b9:72:c8:eb:5c:0f:ec:92:
                    ee:f0:90:73:20:2e:e2:f6:5a:3b:f3:14:80:1b:5a:
                    d7:8b:43:db:58:70:27:dd:9b:88:8c:55:02:f5:6e:
                    78:59:08:8a:b8:2a:82:45:a4:18:de:50:54:6d:a4:
                    d5:6e:c6:f7:3e:08:e1:8d:1e:7c:03:b8:61:47:5f:
                    68:1a:aa:66:2a:2f:28:b7:6c:a3:92:18:79:c4:fd:
                    f9:a3:20:b7:2a:3b:68:5b:53:23:60:47:90:64:b7:
                    ea:2e:59:4c:ad:17:36:7f:16:a7:83:b9:d8:8e:67:
                    fc:5a:c1:cd:f4:5a:3b:8b:4a:35:55:37:02:8f:ef:
                    13:d1:71:9b:41:40:9e:33:7f:ce:cb:90:0e:d7:0f:
                    48:b8:f8:7a:eb:dd:53:02:3f:33:cd:24:79:a4:77:
                    01:9c:31:da:cb:b9:ba:16:6a:81:1f:22:4b:e1:3a:
                    1f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:79:04:70:44:14:83:E2:6C:0F:50:DD:9A:E3:AE:9A:D8:E2:0E:F5
            X509v3 Authority Key Identifier:
                keyid:52:1D:2C:07:C2:8A:C7:B7:26:A8:25:D3:69:3A:FE:23:97:20:9D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/o3kEcEQUg-JsD1DdmuOumtjiDvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7a:df:dd:0a:fb:d3:98:b2:85:c1:2c:cb:06:b1:a3:66:9e:04:
         ba:98:b5:bd:eb:58:fe:42:f3:02:c9:d1:d3:a7:64:9a:98:45:
         ee:45:5d:2d:d4:a9:57:92:2c:14:c8:29:de:47:2b:8d:04:c8:
         c0:59:c5:8d:f0:3a:e4:ee:1c:10:b5:78:67:99:df:cb:83:6c:
         fa:51:1e:29:20:3a:8e:ab:c8:2d:8f:72:1c:f9:c1:ae:c0:39:
         a0:8b:ef:20:0f:bf:a3:50:e1:2d:fa:2b:04:98:3a:94:28:5b:
         9b:8a:ec:f1:fc:46:04:7a:3f:2a:4e:a3:e7:1d:78:d7:21:2a:
         5c:89:af:c3:b5:9d:a5:4e:ad:1a:d8:ff:c4:5f:d5:e2:ea:28:
         f1:09:1b:a0:c6:2a:42:9f:f7:e8:3d:f3:05:73:4c:32:7c:db:
         bd:62:f1:df:fc:c1:4c:66:45:c1:8a:67:e6:ea:8b:06:f4:25:
         51:d6:4d:8b:92:24:2f:e6:43:57:e6:61:f0:ce:58:f8:a3:a3:
         d6:2f:a1:be:50:18:67:35:a5:f1:56:dd:d6:3f:9a:1d:c3:61:
         77:70:7d:e6:27:9f:e9:6e:3d:2e:87:51:db:aa:68:2a:69:f3:
         f0:f8:73:be:81:f5:19:b9:f8:f9:d1:0e:1d:85:9f:a5:0a:bd:
         a0:01:9b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKWJhzea4mRo0lcecC0c/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWQyYzA3YzI4YWM3YjcyNmE4MjVkMzY5M2FmZTIzOTcy
MDlkZTYwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzc5MDQ3MDQ0MTQ4M2UyNmMwZjUwZGQ5YWUzYWU5YWQ4ZTIwZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOU2eeb4nwKt+DSwk1LBabIw1FGu
Vk9rpc8G6un4C/0Ng0Tf8Ya8eLbAwPu6HYBguka5iIbFVwc0fbudps4S8/2uuXNM
BqzwdNVMRr/YSkNxuXLI61wP7JLu8JBzIC7i9lo78xSAG1rXi0PbWHAn3ZuIjFUC
9W54WQiKuCqCRaQY3lBUbaTVbsb3PgjhjR58A7hhR19oGqpmKi8ot2yjkhh5xP35
oyC3KjtoW1MjYEeQZLfqLllMrRc2fxang7nYjmf8WsHN9Fo7i0o1VTcCj+8T0XGb
QUCeM3/Oy5AO1w9IuPh6691TAj8zzSR5pHcBnDHay7m6FmqBHyJL4Tof9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKN5BHBEFIPibA9Q3ZrjrprY4g71MB8GA1UdIwQY
MBaAFFIdLAfCise3Jqgl02k6/iOXIJ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWgwc0I4S0t4N2NtcUNYVGFUci1JNWNnbmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xN2FjNjctMmQ1Zi00MzlhLThmZjkt
Y2FjZmI2N2JmZjlkLzEvbzNrRWNFUVVnLUpzRDFEZG11T3VtdGppRHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xN2FjNjctMmQ1Zi00MzlhLThmZjktY2FjZmI2N2JmZjlk
LzEvVWgwc0I4S0t4N2NtcUNYVGFUci1JNWNnbmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGUQVAMA0G
CSqGSIb3DQEBCwUAA4IBAQB6390K+9OYsoXBLMsGsaNmngS6mLW961j+QvMCydHT
p2SamEXuRV0t1KlXkiwUyCneRyuNBMjAWcWN8Drk7hwQtXhnmd/Lg2z6UR4pIDqO
q8gtj3Ic+cGuwDmgi+8gD7+jUOEt+isEmDqUKFubiuzx/EYEej8qTqPnHXjXISpc
ia/DtZ2lTq0a2P/EX9Xi6ijxCRugxipCn/foPfMFc0wyfNu9YvHf/MFMZkXBimfm
6osG9CVR1k2LkiQv5kNX5mHwzlj4o6PWL6G+UBhnNaXxVt3WP5odw2F3cH3mJ5/p
bj0uh1HbqmgqafPw+HO+gfUZufj50Q4dhZ+lCr2gAZtO
-----END CERTIFICATE-----