Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/atcxNQOmRrWRBt1fCUGsMMQJ73Y.roa
File:                     atcxNQOmRrWRBt1fCUGsMMQJ73Y.roa (raw, json)
Hash identifier:          Rmvuh+O5rrdCfEUzfeTIw/nAFYNg7OcWElkpW61ch0I=
Subject key identifier:   6A:D7:31:35:03:A6:46:B5:91:06:DD:5F:09:41:AC:30:C4:09:EF:76
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F84BF04DD3B3DE2B1BF9C0B650EC3
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/atcxNQOmRrWRBt1fCUGsMMQJ73Y.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9094
IP address blocks:        213.9.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:84:bf:04:dd:3b:3d:e2:b1:bf:9c:0b:65:0e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad7313503a646b59106dd5f0941ac30c409ef76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:57:96:98:be:c6:7c:0b:8b:e1:90:0a:24:32:
                    b0:e9:1d:f9:35:b2:58:ad:4e:2e:a8:ce:33:ae:e7:
                    7d:f2:36:49:f1:35:70:3a:ca:b4:2a:de:08:70:ed:
                    c9:68:8f:e3:ea:9a:d9:e4:ef:5d:65:cd:ca:f2:98:
                    ff:d1:50:7d:20:2a:0b:76:63:5d:30:fc:57:34:8f:
                    f0:f4:b2:97:a7:35:b9:01:95:01:ec:f7:94:f5:8a:
                    7e:e0:af:53:6e:20:66:6e:fa:8b:6e:db:11:52:ea:
                    8e:ca:67:dc:a0:29:96:f4:65:fd:06:02:2d:b5:e6:
                    b9:25:81:d5:73:a8:0f:e9:ce:37:39:45:81:1f:4e:
                    f4:98:bf:2c:ae:51:1e:9b:37:32:19:c4:84:68:b6:
                    06:be:6a:86:10:85:ee:b1:88:99:94:c4:60:3b:b3:
                    24:55:6d:11:13:58:09:dd:e2:05:0b:ef:80:43:30:
                    38:0e:97:5f:05:88:82:d6:8d:46:51:02:14:eb:36:
                    7e:2a:19:b3:cb:a1:46:c7:0f:64:ad:09:22:ad:f3:
                    b0:2d:ca:ce:da:d8:a4:80:65:3c:21:b7:fd:00:e2:
                    7a:60:c8:a3:da:b7:b2:4a:1a:02:3d:71:58:57:77:
                    cc:94:2d:f2:41:3e:7a:60:fd:8d:c6:a3:6e:b9:9a:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D7:31:35:03:A6:46:B5:91:06:DD:5F:09:41:AC:30:C4:09:EF:76
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/atcxNQOmRrWRBt1fCUGsMMQJ73Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.9.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:12:7e:58:5f:65:42:97:ef:29:1b:28:3f:9b:d9:9d:71:69:
         3a:8a:78:24:37:0e:3b:ab:83:f3:24:62:56:62:04:6d:c5:38:
         05:af:5b:9d:34:9d:40:12:53:ff:5c:51:5b:8d:73:a5:83:8b:
         e7:72:31:58:0f:ad:30:e0:2b:04:d0:5d:28:e8:66:a4:46:b2:
         24:72:2d:9e:f3:c5:1b:e3:59:72:38:63:17:fa:37:96:56:29:
         6f:5c:62:ec:d7:ee:8a:9d:be:2d:c4:84:44:5a:4f:9c:5e:c4:
         87:24:28:ca:63:23:14:20:66:1a:47:89:7e:59:11:36:55:b0:
         06:06:a0:b6:d3:dd:47:96:e8:03:a2:35:d7:14:ba:60:4a:02:
         56:67:55:e4:71:34:de:3f:2b:40:75:b6:dd:8f:a2:7e:fe:a3:
         cd:7b:71:af:0f:f7:c9:90:fc:73:80:09:f5:50:7a:a4:99:b5:
         17:f0:d4:99:94:f7:cf:cb:a7:36:51:bc:cc:ef:29:c2:41:83:
         b9:6e:fd:46:b7:c7:a0:70:5c:63:7d:c3:7b:2c:c3:0a:9a:18:
         d2:0a:f6:48:d0:fa:8b:a2:a0:59:67:a2:ea:ef:54:9e:e6:c2:
         1d:3a:a4:dc:80:8b:82:48:60:56:58:70:d0:1c:6e:6e:57:72:
         96:50:de:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4S/BN07PeKxv5wLZQ7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ3MzEzNTAzYTY0NmI1OTEwNmRkNWYwOTQxYWMzMGM0MDllZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+1eWmL7GfAuL4ZAKJDKw6R35NbJY
rU4uqM4zrud98jZJ8TVwOsq0Kt4IcO3JaI/j6prZ5O9dZc3K8pj/0VB9ICoLdmNd
MPxXNI/w9LKXpzW5AZUB7PeU9Yp+4K9TbiBmbvqLbtsRUuqOymfcoCmW9GX9BgIt
tea5JYHVc6gP6c43OUWBH070mL8srlEemzcyGcSEaLYGvmqGEIXusYiZlMRgO7Mk
VW0RE1gJ3eIFC++AQzA4DpdfBYiC1o1GUQIU6zZ+Khmzy6FGxw9krQkirfOwLcrO
2tikgGU8Ibf9AOJ6YMij2reyShoCPXFYV3fMlC3yQT56YP2NxqNuuZrC6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrXMTUDpka1kQbdXwlBrDDECe92MB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvYXRjeE5RT21ScldSQnQxZkNVR3NNTVFKNzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1QnzMA0G
CSqGSIb3DQEBCwUAA4IBAQBqEn5YX2VCl+8pGyg/m9mdcWk6ingkNw47q4PzJGJW
YgRtxTgFr1udNJ1AElP/XFFbjXOlg4vncjFYD60w4CsE0F0o6GakRrIkci2e88Ub
41lyOGMX+jeWVilvXGLs1+6Knb4txIREWk+cXsSHJCjKYyMUIGYaR4l+WRE2VbAG
BqC2091HlugDojXXFLpgSgJWZ1XkcTTePytAdbbdj6J+/qPNe3GvD/fJkPxzgAn1
UHqkmbUX8NSZlPfPy6c2UbzM7ynCQYO5bv1Gt8egcFxjfcN7LMMKmhjSCvZI0PqL
oqBZZ6Lq71Se5sIdOqTcgIuCSGBWWHDQHG5uV3KWUN6K
-----END CERTIFICATE-----