Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/A8kWWY5wZpY9Av4R4iDHI3zKJg4.roa
File:                     A8kWWY5wZpY9Av4R4iDHI3zKJg4.roa (raw, json)
Hash identifier:          zaWh4QjeKHJuYgqzAJtR3tkid5GnoEFEIDbnhTEBDwE=
Subject key identifier:   03:C9:16:59:8E:70:66:96:3D:02:FE:11:E2:20:C7:23:7C:CA:26:0E
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       018CC42451CD5F896909E5016B355E69711F
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/A8kWWY5wZpY9Av4R4iDHI3zKJg4.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29553
IP address blocks:        217.76.112.0/20 maxlen: 20
                          188.246.128.0/19 maxlen: 19
                          188.246.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:51:cd:5f:89:69:09:e5:01:6b:35:5e:69:71:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03c916598e7066963d02fe11e220c7237cca260e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b1:4a:67:09:6e:b2:7a:56:87:f7:74:21:75:
                    e8:62:b8:d8:f1:ca:81:56:15:a0:93:67:69:3a:53:
                    d9:a8:95:9a:6b:42:c9:e0:58:a2:0f:fe:56:be:a9:
                    ad:ed:e4:0b:00:f0:89:1d:0f:a0:88:39:85:68:7c:
                    1c:af:79:45:9b:8c:52:5b:bd:9d:21:c6:aa:7a:69:
                    2f:03:c5:34:68:dc:9e:73:7b:23:34:6e:29:19:b3:
                    31:00:5c:ed:c9:18:cd:61:5c:46:06:1c:1a:47:ea:
                    dc:3d:f4:af:ed:82:3f:e4:65:dd:de:29:f3:f6:ff:
                    73:e3:f7:31:d5:a4:09:7f:ca:98:a9:23:e8:93:29:
                    a2:78:6a:60:fe:61:75:16:af:9f:6a:89:f8:ca:4d:
                    7d:ea:3c:96:c1:7e:59:af:ef:9b:08:2d:25:1a:34:
                    a0:b6:4e:ef:b2:b3:dc:79:12:c1:a5:b1:86:4d:10:
                    54:48:3f:e1:ad:ea:f3:4f:eb:78:2e:dc:e8:b8:bb:
                    1e:b2:f2:b9:d0:3d:2d:6f:90:f6:94:1e:dc:b6:77:
                    45:c5:02:e3:d3:f8:5a:f8:87:e2:0d:3c:a9:46:5b:
                    c6:69:80:ea:9b:ec:e6:44:58:07:c6:50:ba:f7:1e:
                    fa:6e:93:22:f4:70:fc:2f:cd:ba:c5:09:a7:7f:af:
                    af:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C9:16:59:8E:70:66:96:3D:02:FE:11:E2:20:C7:23:7C:CA:26:0E
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/A8kWWY5wZpY9Av4R4iDHI3zKJg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.128.0/19
                  217.76.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         86:89:43:4d:f7:b8:79:ca:62:99:c4:2a:b7:5e:14:30:e1:b8:
         e5:83:4d:3e:e6:19:35:a1:de:74:32:7f:7a:f6:4f:c2:1b:59:
         aa:84:f9:b9:25:26:70:06:bd:8f:9c:f7:89:51:4f:32:78:98:
         5a:ad:9a:93:7f:31:c6:18:1e:07:ae:aa:83:fc:8a:f8:27:6d:
         f1:c0:38:23:88:b5:11:77:73:c7:10:77:08:86:89:0b:fb:a8:
         3f:94:01:c6:a7:6a:ba:28:ce:10:2c:28:e9:3c:7a:2b:14:13:
         65:ef:bc:0d:53:e4:17:24:cd:5d:69:9b:0f:04:31:18:f2:d1:
         38:f9:e8:3a:fa:1a:1f:7e:9c:f3:42:78:fb:f4:fc:80:36:c9:
         64:5f:44:43:18:99:4d:88:b9:f8:65:fa:c7:5d:16:9a:8d:59:
         0e:d1:77:7f:22:2a:70:d3:d3:5d:22:a1:6d:16:f7:1d:90:0a:
         39:aa:48:78:47:b5:43:b7:34:80:54:a9:3c:03:c8:13:ed:2b:
         26:b9:77:8d:87:8f:bd:0b:58:6f:a3:ab:06:dd:46:59:e7:ef:
         52:2f:6b:e5:8e:84:62:7d:7c:ca:2a:d5:cb:b2:bf:e1:a3:b8:
         35:ee:cd:ae:7d:bb:ad:d0:11:4b:8c:69:b3:a5:ef:7f:b6:7c:
         2b:d5:4c:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJFHNX4lpCeUBazVeaXEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M5MTY1OThlNzA2Njk2M2QwMmZlMTFlMjIwYzcyMzdjY2EyNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorFKZwlusnpWh/d0IXXoYrjY8cqB
VhWgk2dpOlPZqJWaa0LJ4FiiD/5Wvqmt7eQLAPCJHQ+giDmFaHwcr3lFm4xSW72d
IcaqemkvA8U0aNyec3sjNG4pGbMxAFztyRjNYVxGBhwaR+rcPfSv7YI/5GXd3inz
9v9z4/cx1aQJf8qYqSPokymieGpg/mF1Fq+faon4yk196jyWwX5Zr++bCC0lGjSg
tk7vsrPceRLBpbGGTRBUSD/hrerzT+t4LtzouLsesvK50D0tb5D2lB7ctndFxQLj
0/ha+IfiDTypRlvGaYDqm+zmRFgHxlC69x76bpMi9HD8L826xQmnf6+vZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAPJFlmOcGaWPQL+EeIgxyN8yiYOMB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvQThrV1dZNXdacFk5QXY0UjRpREhJM3pLSmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFvPaAAwQE
2UxwMA0GCSqGSIb3DQEBCwUAA4IBAQCGiUNN97h5ymKZxCq3XhQw4bjlg00+5hk1
od50Mn969k/CG1mqhPm5JSZwBr2PnPeJUU8yeJharZqTfzHGGB4HrqqD/Ir4J23x
wDgjiLURd3PHEHcIhokL+6g/lAHGp2q6KM4QLCjpPHorFBNl77wNU+QXJM1daZsP
BDEY8tE4+eg6+hoffpzzQnj79PyANslkX0RDGJlNiLn4ZfrHXRaajVkO0Xd/Iipw
09NdIqFtFvcdkAo5qkh4R7VDtzSAVKk8A8gT7SsmuXeNh4+9C1hvo6sG3UZZ5+9S
L2vljoRifXzKKtXLsr/ho7g17s2ufbut0BFLjGmzpe9/tnwr1UzL
-----END CERTIFICATE-----