Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i_Rznfzs9-GsDjO5dtgeBxIhJSU.roa
File:                     i_Rznfzs9-GsDjO5dtgeBxIhJSU.roa (raw, json)
Hash identifier:          3xHSQoVMkR40bZSIZByp+NAJJPcNDRqbz8myR6qYVuQ=
Subject key identifier:   8B:F4:73:9D:FC:EC:F7:E1:AC:0E:33:B9:76:D8:1E:07:12:21:25:25
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C7A1F4B4044C7E99F5F0A03FCCBC
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i_Rznfzs9-GsDjO5dtgeBxIhJSU.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210421
IP address blocks:        193.107.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c7:a1:f4:b4:04:4c:7e:99:f5:f0:a0:3f:cc:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bf4739dfcecf7e1ac0e33b976d81e0712212525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:98:08:93:2d:da:81:e9:cc:2c:c5:db:6f:f1:
                    fb:46:68:87:3a:be:26:e7:1b:e4:b8:5d:6d:4b:4b:
                    02:cb:7a:67:21:33:4f:49:38:9a:e2:c4:5d:59:af:
                    89:7f:35:7c:7e:c8:42:d9:eb:69:0b:23:73:b1:89:
                    da:a4:0c:8b:7a:f4:56:73:10:41:42:44:80:d3:98:
                    80:ac:47:38:6f:4f:a4:1c:5e:c4:54:7b:27:4a:1e:
                    44:3f:a7:ce:80:47:f3:71:e9:2d:2a:32:cd:07:24:
                    bd:67:30:a3:a9:f0:59:6b:df:04:ea:9c:bf:23:45:
                    87:15:00:63:dc:c1:22:36:ca:98:fe:f4:8f:09:28:
                    96:ca:35:0a:03:4a:24:cd:74:bc:df:d7:e5:90:55:
                    ff:12:95:80:42:bc:28:6f:ab:f7:f1:3b:c2:31:55:
                    a0:f3:2d:f2:51:31:0e:26:db:d8:7e:eb:73:b5:ec:
                    c3:b4:e7:f2:d6:f5:c6:41:28:cb:9e:97:7a:8d:bf:
                    68:01:e8:c4:d4:dc:7c:e0:7f:a3:2d:13:1e:5e:39:
                    ed:8e:16:eb:4d:75:29:e2:f8:7c:ee:2b:69:f9:f6:
                    0e:f2:51:ff:1b:ad:df:64:b2:1f:88:37:e1:0b:e0:
                    34:cf:8b:61:f6:0a:97:ba:51:ed:49:2b:e0:e3:76:
                    27:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F4:73:9D:FC:EC:F7:E1:AC:0E:33:B9:76:D8:1E:07:12:21:25:25
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i_Rznfzs9-GsDjO5dtgeBxIhJSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:a2:13:27:d0:4d:09:99:05:44:66:35:e3:75:a0:59:78:72:
         53:13:2e:ae:0b:95:85:54:5f:9d:73:f2:53:53:87:91:6e:81:
         72:c9:b9:d8:17:9b:c7:30:55:ca:53:46:17:b7:81:9e:25:2a:
         b1:cd:b2:69:01:a0:ca:4f:f8:04:34:9c:e5:a4:75:18:a9:8d:
         a3:44:01:b7:c9:4d:89:99:ec:06:89:97:61:b1:18:49:05:59:
         7e:dd:0b:6f:49:56:fa:9d:04:f7:5f:b8:6c:5b:d5:69:0e:9a:
         1d:ec:66:7b:ba:38:7c:27:e1:e9:82:22:01:d8:e4:f9:60:71:
         d6:83:29:5f:4a:84:fd:3b:56:ca:d7:b5:f9:87:b1:19:40:82:
         62:25:c7:23:04:d7:21:ed:38:32:57:1a:cd:da:d4:d7:2d:d2:
         a7:49:e7:ad:97:25:b3:e0:1e:5f:cc:7c:57:64:55:e0:06:49:
         16:8f:79:85:1e:0e:3c:24:31:5d:79:83:12:5d:6d:b5:ca:fd:
         49:4c:c2:43:82:24:25:f9:69:df:6d:23:9e:8e:ce:13:56:0c:
         6a:7f:ac:9c:1d:82:4b:2f:5b:a1:17:b0:42:72:00:5f:8c:a2:
         f0:a9:e5:b5:07:3a:7f:60:40:36:97:eb:75:6f:0c:75:6e:0a:
         19:40:c5:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMeh9LQETH6Z9fCgP8y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY0NzM5ZGZjZWNmN2UxYWMwZTMzYjk3NmQ4MWUwNzEyMjEyNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJgIky3agenMLMXbb/H7RmiHOr4m
5xvkuF1tS0sCy3pnITNPSTia4sRdWa+JfzV8fshC2etpCyNzsYnapAyLevRWcxBB
QkSA05iArEc4b0+kHF7EVHsnSh5EP6fOgEfzcektKjLNByS9ZzCjqfBZa98E6py/
I0WHFQBj3MEiNsqY/vSPCSiWyjUKA0okzXS839flkFX/EpWAQrwob6v38TvCMVWg
8y3yUTEOJtvYfutztezDtOfy1vXGQSjLnpd6jb9oAejE1Nx84H+jLRMeXjntjhbr
TXUp4vh87itp+fYO8lH/G63fZLIfiDfhC+A0z4th9gqXulHtSSvg43YnhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIv0c5387PfhrA4zuXbYHgcSISUlMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvaV9Sem5menM5LUdzRGpPNWR0Z2VCeEloSlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWsVMA0G
CSqGSIb3DQEBCwUAA4IBAQBjohMn0E0JmQVEZjXjdaBZeHJTEy6uC5WFVF+dc/JT
U4eRboFyybnYF5vHMFXKU0YXt4GeJSqxzbJpAaDKT/gENJzlpHUYqY2jRAG3yU2J
mewGiZdhsRhJBVl+3QtvSVb6nQT3X7hsW9VpDpod7GZ7ujh8J+HpgiIB2OT5YHHW
gylfSoT9O1bK17X5h7EZQIJiJccjBNch7TgyVxrN2tTXLdKnSeetlyWz4B5fzHxX
ZFXgBkkWj3mFHg48JDFdeYMSXW21yv1JTMJDgiQl+WnfbSOejs4TVgxqf6ycHYJL
L1uhF7BCcgBfjKLwqeW1Bzp/YEA2l+t1bwx1bgoZQMVH
-----END CERTIFICATE-----