Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/A-3Gf3UgxQIZ6Ky-Cazaqu17xIk.roa
File:                     A-3Gf3UgxQIZ6Ky-Cazaqu17xIk.roa (raw, json)
Hash identifier:          dgrM7o+8O9wsrCrNpqji+jQERTikBcq3GEqjrSbA/CI=
Subject key identifier:   03:ED:C6:7F:75:20:C5:02:19:E8:AC:BE:09:AC:DA:AA:ED:7B:C4:89
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C4A83C1E4831B3FD4CBB523A12E9
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/A-3Gf3UgxQIZ6Ky-Cazaqu17xIk.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        193.108.102.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c4:a8:3c:1e:48:31:b3:fd:4c:bb:52:3a:12:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03edc67f7520c50219e8acbe09acdaaaed7bc489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:dc:2c:66:b4:9e:de:e3:2c:ae:a5:93:45:94:
                    dc:fd:06:98:80:81:a4:55:6e:e4:ba:5e:af:71:2d:
                    03:38:85:a1:a3:c2:ff:a9:9c:f1:bf:f9:d1:8e:a9:
                    fa:26:57:8d:8f:d8:81:17:72:1d:55:4f:ea:da:ad:
                    37:38:d0:c2:a6:c0:08:e5:d5:90:bd:60:34:53:16:
                    96:76:97:d6:25:84:f1:3d:03:6c:de:a0:74:3e:ea:
                    de:4c:78:57:10:91:95:96:f6:fc:7e:b9:4f:26:a1:
                    a8:94:f3:9a:3e:36:dc:9e:28:bd:25:82:6b:1b:78:
                    36:18:1f:8b:00:7f:02:f0:48:52:e6:cc:45:ea:1c:
                    f1:f0:f1:51:4d:65:d6:f9:d8:b6:e1:cb:fe:8f:fd:
                    88:84:2d:66:db:70:f3:44:82:a2:31:a7:6c:59:f2:
                    db:fc:ab:cf:6a:e0:d1:dd:d0:5d:df:16:7d:62:87:
                    f1:6e:c8:3b:3f:b2:44:98:82:20:0e:11:2c:cd:17:
                    38:10:ff:dc:1f:ba:10:db:9e:f6:48:d4:ad:c7:23:
                    42:e7:44:cf:9f:be:c8:f9:b9:ca:d4:d7:81:3a:bb:
                    77:b6:b6:46:b5:df:13:4a:b8:d6:99:9b:f1:5c:b4:
                    e4:d9:94:49:f1:70:3a:80:25:d7:2b:cc:71:a1:e5:
                    30:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:ED:C6:7F:75:20:C5:02:19:E8:AC:BE:09:AC:DA:AA:ED:7B:C4:89
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/A-3Gf3UgxQIZ6Ky-Cazaqu17xIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:ee:5e:4b:f2:5a:c2:d3:57:08:7b:04:4e:f2:d6:48:df:76:
         5b:6e:9b:5b:7e:ff:48:4f:d5:c1:f9:20:c0:62:d3:89:ad:cf:
         bf:e6:49:d9:c0:f6:81:8e:03:9f:bb:d2:60:23:6e:8d:82:ab:
         54:92:53:a6:4b:8b:0f:15:aa:9e:41:95:d3:16:f0:30:a0:fd:
         8b:1b:8c:83:07:e7:62:fb:32:08:83:17:d9:cd:88:62:34:6a:
         40:18:fa:b0:47:52:f7:10:57:e5:d6:eb:8e:d1:80:bc:db:3f:
         bb:a7:de:8d:1b:e2:8a:11:42:47:65:29:58:0c:db:68:ca:41:
         7d:b9:d7:91:26:9b:40:8e:a4:2c:f9:d0:9b:19:e6:16:3e:d2:
         39:e9:aa:f9:71:9c:39:8c:11:66:74:88:19:f2:c7:fd:c0:ab:
         c9:ea:bc:95:50:32:b8:06:ad:ef:fc:4c:68:ad:30:61:38:cb:
         89:15:c3:0f:e5:1b:68:70:1b:be:bd:7c:b8:2d:61:0a:7f:89:
         49:9b:45:f3:ab:4a:7b:4a:94:c8:a8:01:ae:dc:a1:50:60:29:
         d8:b8:01:e7:d3:0f:98:af:ee:51:d2:7c:b7:c3:9e:36:7b:a0:
         d0:ee:1d:2e:8e:13:e0:a5:4a:70:ce:0b:a6:0d:3b:54:1c:e0:
         1e:76:3c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMSoPB5IMbP9TLtSOhLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2VkYzY3Zjc1MjBjNTAyMTllOGFjYmUwOWFjZGFhYWVkN2JjNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtwsZrSe3uMsrqWTRZTc/QaYgIGk
VW7kul6vcS0DOIWho8L/qZzxv/nRjqn6JleNj9iBF3IdVU/q2q03ONDCpsAI5dWQ
vWA0UxaWdpfWJYTxPQNs3qB0PureTHhXEJGVlvb8frlPJqGolPOaPjbcnii9JYJr
G3g2GB+LAH8C8EhS5sxF6hzx8PFRTWXW+di24cv+j/2IhC1m23DzRIKiMadsWfLb
/KvPauDR3dBd3xZ9Yofxbsg7P7JEmIIgDhEszRc4EP/cH7oQ2572SNStxyNC50TP
n77I+bnK1NeBOrt3trZGtd8TSrjWmZvxXLTk2ZRJ8XA6gCXXK8xxoeUwVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPtxn91IMUCGeisvgms2qrte8SJMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvQS0zR2YzVWd4UUlaNkt5LUNhemFxdTE3eElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwWxmMA0G
CSqGSIb3DQEBCwUAA4IBAQCu7l5L8lrC01cIewRO8tZI33Zbbptbfv9IT9XB+SDA
YtOJrc+/5knZwPaBjgOfu9JgI26NgqtUklOmS4sPFaqeQZXTFvAwoP2LG4yDB+di
+zIIgxfZzYhiNGpAGPqwR1L3EFfl1uuO0YC82z+7p96NG+KKEUJHZSlYDNtoykF9
udeRJptAjqQs+dCbGeYWPtI56ar5cZw5jBFmdIgZ8sf9wKvJ6ryVUDK4Bq3v/Exo
rTBhOMuJFcMP5RtocBu+vXy4LWEKf4lJm0Xzq0p7SpTIqAGu3KFQYCnYuAHn0w+Y
r+5R0ny3w542e6DQ7h0ujhPgpUpwzgumDTtUHOAedjz6
-----END CERTIFICATE-----