Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/3UxM6eOi0NoNMqbiSWfa6SgmtzY.roa
File:                     3UxM6eOi0NoNMqbiSWfa6SgmtzY.roa (raw, json)
Hash identifier:          JCvhiy9PM8OgUTMhTkuazTIA8kiccmkHUULWQezxJa8=
Subject key identifier:   DD:4C:4C:E9:E3:A2:D0:DA:0D:32:A6:E2:49:67:DA:E9:28:26:B7:36
Certificate issuer:       /CN=1f2cb35b874780cb93dc44210b9d79d6ed94fe5e
Certificate serial:       018CC4253CC8008871B609E6B6421D2A2E20
Authority key identifier: 1F:2C:B3:5B:87:47:80:CB:93:DC:44:21:0B:9D:79:D6:ED:94:FE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/3UxM6eOi0NoNMqbiSWfa6SgmtzY.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24951
IP address blocks:        217.196.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3c:c8:00:88:71:b6:09:e6:b6:42:1d:2a:2e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f2cb35b874780cb93dc44210b9d79d6ed94fe5e
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd4c4ce9e3a2d0da0d32a6e24967dae92826b736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:1b:15:c2:ad:a7:72:cb:f3:aa:c3:77:72:
                    48:76:04:4c:1d:0e:45:57:1a:9d:5f:a7:e3:6a:65:
                    37:82:4a:6c:d3:87:e0:12:e0:bf:58:ee:cf:54:dc:
                    44:3c:8e:95:8a:28:85:a7:78:a1:83:0d:46:71:bd:
                    f5:dd:bd:22:b8:8a:5f:d8:bf:6c:cc:87:a8:e2:fa:
                    55:a2:a8:7d:81:05:d0:cf:92:6f:39:98:a0:3d:2a:
                    20:47:06:99:5b:03:88:8d:03:bd:cc:e3:d5:d8:10:
                    3a:0f:26:48:89:0c:c8:58:89:bc:7e:96:02:03:6b:
                    a9:80:99:33:bb:12:bc:aa:ae:24:1b:c4:c2:6d:0a:
                    0a:5c:9e:3c:38:06:8f:6a:14:cf:a9:bd:cb:58:68:
                    25:10:96:7e:50:ed:bb:e3:32:8f:b6:97:be:ad:94:
                    b7:61:74:a7:71:1d:98:24:cf:bb:a5:5a:cd:42:4a:
                    37:45:1f:30:96:8c:cd:e7:32:b7:97:21:bd:5e:5a:
                    e4:31:ff:b5:b4:1b:36:33:cd:3c:60:60:59:ff:a8:
                    a2:44:32:76:02:31:9b:ec:f3:20:21:a8:4f:11:16:
                    83:51:ce:01:19:c7:7f:b1:37:e8:44:d1:a9:0e:d4:
                    a4:3a:30:d5:56:31:d2:6b:ca:e0:2b:c8:35:ac:14:
                    45:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4C:4C:E9:E3:A2:D0:DA:0D:32:A6:E2:49:67:DA:E9:28:26:B7:36
            X509v3 Authority Key Identifier:
                keyid:1F:2C:B3:5B:87:47:80:CB:93:DC:44:21:0B:9D:79:D6:ED:94:FE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/3UxM6eOi0NoNMqbiSWfa6SgmtzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:41:c5:ca:ad:a1:e8:fd:a9:5b:d0:56:38:a5:27:6d:77:27:
         63:6a:ac:02:7d:f4:23:96:03:a7:bc:ae:c4:0f:c7:ae:77:f9:
         51:17:bd:f9:f3:19:af:78:cf:67:51:0e:44:80:bc:f2:00:5c:
         a8:a0:02:0f:be:e9:c3:56:dd:1a:fd:a4:eb:ab:74:a7:88:9c:
         9f:bd:1a:22:26:52:cd:08:02:00:c0:b1:27:77:6b:98:35:fe:
         77:65:d4:2f:c8:38:15:13:6c:da:63:7c:4c:8c:e4:5e:81:08:
         b5:b9:b2:58:c4:84:92:6d:5a:00:ba:5c:a2:0a:22:df:08:ca:
         5b:d7:ff:1f:ca:c5:7c:19:13:e5:6c:56:66:ae:ae:05:da:82:
         6b:15:56:5a:a7:4c:ca:77:a3:20:38:04:b1:ad:db:b7:26:e9:
         3d:36:f5:3b:f2:0b:40:ce:b6:b1:12:53:2f:ca:07:ab:0e:16:
         cf:83:7e:93:55:1f:9a:90:4f:63:c5:1a:62:a1:e0:39:f6:50:
         3e:cf:e3:74:ab:8c:ff:58:4d:73:5b:84:f5:f4:94:e4:09:6f:
         3f:e0:e4:67:e1:ee:52:98:83:4c:d9:e7:74:50:9c:64:d5:28:
         15:70:9c:54:7f:39:61:a7:c7:ee:a2:d3:9e:6d:0e:89:72:0e:
         d1:76:9c:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTzIAIhxtgnmtkIdKi4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMmNiMzViODc0NzgwY2I5M2RjNDQyMTBiOWQ3OWQ2ZWQ5
NGZlNWUwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRjNGNlOWUzYTJkMGRhMGQzMmE2ZTI0OTY3ZGFlOTI4MjZiNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4sbFcKtp3LL86rDd3JIdgRMHQ5F
VxqdX6fjamU3gkps04fgEuC/WO7PVNxEPI6ViiiFp3ihgw1Gcb313b0iuIpf2L9s
zIeo4vpVoqh9gQXQz5JvOZigPSogRwaZWwOIjQO9zOPV2BA6DyZIiQzIWIm8fpYC
A2upgJkzuxK8qq4kG8TCbQoKXJ48OAaPahTPqb3LWGglEJZ+UO274zKPtpe+rZS3
YXSncR2YJM+7pVrNQko3RR8wlozN5zK3lyG9XlrkMf+1tBs2M808YGBZ/6iiRDJ2
AjGb7PMgIahPERaDUc4BGcd/sTfoRNGpDtSkOjDVVjHSa8rgK8g1rBRF2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1MTOnjotDaDTKm4kln2ukoJrc2MB8GA1UdIwQY
MBaAFB8ss1uHR4DLk9xEIQudedbtlP5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHl5elc0ZEhnTXVUM0VRaEM1MTUxdTJVX2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9mMDM3MmEtYzMzMi00ODVmLWIyOTMt
YTZkMjY4NGE5NDI1LzEvM1V4TTZlT2kwTm9OTXFiaVNXZmE2U2dtdHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9mMDM3MmEtYzMzMi00ODVmLWIyOTMtYTZkMjY4NGE5NDI1
LzEvSHl5elc0ZEhnTXVUM0VRaEM1MTUxdTJVX2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2cSwMA0G
CSqGSIb3DQEBCwUAA4IBAQBIQcXKraHo/alb0FY4pSdtdydjaqwCffQjlgOnvK7E
D8eud/lRF7358xmveM9nUQ5EgLzyAFyooAIPvunDVt0a/aTrq3SniJyfvRoiJlLN
CAIAwLEnd2uYNf53ZdQvyDgVE2zaY3xMjORegQi1ubJYxISSbVoAulyiCiLfCMpb
1/8fysV8GRPlbFZmrq4F2oJrFVZap0zKd6MgOASxrdu3Juk9NvU78gtAzraxElMv
ygerDhbPg36TVR+akE9jxRpioeA59lA+z+N0q4z/WE1zW4T19JTkCW8/4ORn4e5S
mINM2ed0UJxk1SgVcJxUfzlhp8fuotOebQ6Jcg7Rdpzm
-----END CERTIFICATE-----