Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/scZfU-W7CZYppchBjf5IbgNi6Zc.roa
File:                     scZfU-W7CZYppchBjf5IbgNi6Zc.roa (raw, json)
Hash identifier:          VmA+v53hiM9sB9DT7zV4Yuy9JaQcE7lKYq1QCn+xarY=
Subject key identifier:   B1:C6:5F:53:E5:BB:09:96:29:A5:C8:41:8D:FE:48:6E:03:62:E9:97
Certificate issuer:       /CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
Certificate serial:       0190319A9DAC753614F85263E76491E05906
Authority key identifier: C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/scZfU-W7CZYppchBjf5IbgNi6Zc.roa
Signing time:             Wed 19 Jun 2024 17:45:34 +0000
ROA not before:           Wed 19 Jun 2024 17:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399989
IP address blocks:        185.5.144.0/24 maxlen: 24
                          195.64.115.0/24 maxlen: 24
                          195.96.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:31:9a:9d:ac:75:36:14:f8:52:63:e7:64:91:e0:59:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
        Validity
            Not Before: Jun 19 17:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c65f53e5bb099629a5c8418dfe486e0362e997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d6:06:82:7a:08:41:59:ec:1c:91:cd:91:f1:
                    32:9b:4f:19:eb:97:91:1b:c9:bd:0a:9b:64:30:d3:
                    c1:e5:a6:c2:66:f1:9c:d8:d6:43:52:fe:0a:b7:ea:
                    99:09:86:a5:4f:21:52:51:db:49:22:65:95:ca:af:
                    64:b2:77:85:af:f4:41:86:ec:2e:8d:08:e8:fa:64:
                    83:3e:7f:c1:23:df:c6:c1:4f:aa:26:d8:85:00:8e:
                    5d:60:6e:b8:13:69:e0:f1:87:46:51:cc:d5:ea:ec:
                    0d:eb:4c:59:a6:c3:c0:31:c2:4b:28:f1:bc:19:c1:
                    6e:9b:4c:e0:ef:dc:b2:e1:57:58:74:60:ca:d3:45:
                    ea:6e:38:0a:c4:5e:58:a3:2c:5d:03:10:8b:12:5d:
                    31:a7:25:86:ee:65:eb:85:d6:7e:21:d8:41:0d:45:
                    06:b8:64:29:cf:1e:5b:e4:22:be:2d:c4:b1:d1:b1:
                    69:af:2d:6c:a6:a5:0c:7c:5b:3d:3d:56:3c:fc:16:
                    30:a2:d7:c6:1a:69:52:f8:79:8d:2a:73:8a:e7:3f:
                    5e:0a:3f:af:41:ab:e9:db:ab:19:e9:a1:69:ca:df:
                    6f:b4:db:43:51:69:55:d8:68:00:bb:cb:75:4c:ef:
                    81:e8:33:8c:c0:f5:26:6a:44:72:a0:9d:8c:6a:c4:
                    00:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C6:5F:53:E5:BB:09:96:29:A5:C8:41:8D:FE:48:6E:03:62:E9:97
            X509v3 Authority Key Identifier:
                keyid:C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/scZfU-W7CZYppchBjf5IbgNi6Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.144.0/24
                  195.64.115.0/24
                  195.96.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:52:61:3a:67:db:f2:57:12:c5:94:08:36:77:6e:67:34:79:
         e4:cb:23:1e:7c:bd:17:35:0a:d8:72:71:bf:98:28:ef:9e:1b:
         4a:14:e0:f2:a5:93:03:5a:85:c9:c0:fc:46:ba:ec:20:f2:7c:
         7d:f7:57:46:0b:9d:e0:2b:e0:f5:80:50:ca:a1:9c:ac:0b:40:
         b7:a0:52:84:b1:c4:f3:76:77:89:8c:c7:a1:14:a6:6f:ad:da:
         f0:e5:b4:d2:ca:ef:c4:2b:20:88:7f:aa:6c:e4:25:7e:2d:1d:
         46:12:f7:93:75:60:9b:ce:85:37:bc:25:c9:f0:5d:b5:3e:05:
         c4:35:83:05:c2:f9:87:51:c8:c4:ba:11:e1:49:b4:66:c6:33:
         02:66:1b:b7:23:c7:6f:d6:de:62:93:66:bd:76:de:ff:df:a7:
         34:91:e4:65:96:ad:88:db:9f:e4:b1:62:e8:95:6b:4a:a1:da:
         1e:4f:36:83:f0:34:de:e3:33:7a:4d:d5:df:7f:53:b7:b6:e8:
         ac:6e:14:c2:b2:22:f6:6a:04:bb:c7:e9:76:cb:f0:5b:50:fb:
         2c:df:3f:73:95:0a:13:93:ce:ff:96:cf:47:37:71:e0:a1:35:
         f3:1a:e0:f3:47:07:17:c2:6d:28:3e:9e:19:a1:d2:6c:f8:dd:
         d6:ae:4f:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAxmp2sdTYU+FJj52SR4FkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZGEyZmY1YTc3ZTc4ZWVjMzAzM2RkYTU3NDlhNGE4YzFl
NTUxNjQwHhcNMjQwNjE5MTc0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM2NWY1M2U1YmIwOTk2MjlhNWM4NDE4ZGZlNDg2ZTAzNjJlOTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNYGgnoIQVnsHJHNkfEym08Z65eR
G8m9CptkMNPB5abCZvGc2NZDUv4Kt+qZCYalTyFSUdtJImWVyq9ksneFr/RBhuwu
jQjo+mSDPn/BI9/GwU+qJtiFAI5dYG64E2ng8YdGUczV6uwN60xZpsPAMcJLKPG8
GcFum0zg79yy4VdYdGDK00XqbjgKxF5YoyxdAxCLEl0xpyWG7mXrhdZ+IdhBDUUG
uGQpzx5b5CK+LcSx0bFpry1spqUMfFs9PVY8/BYwotfGGmlS+HmNKnOK5z9eCj+v
Qavp26sZ6aFpyt9vtNtDUWlV2GgAu8t1TO+B6DOMwPUmakRyoJ2MasQA+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLHGX1PluwmWKaXIQY3+SG4DYumXMB8GA1UdIwQY
MBaAFMnaL/WnfnjuwwM92ldJpKjB5VFkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMt
NmMwNGE2ZWQxM2M1LzEvc2NaZlUtVzdDWllwcGNoQmpmNUliZ05pNlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMtNmMwNGE2ZWQxM2M1
LzEveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuQWQAwQA
w0BzAwQAw2CGMA0GCSqGSIb3DQEBCwUAA4IBAQApUmE6Z9vyVxLFlAg2d25nNHnk
yyMefL0XNQrYcnG/mCjvnhtKFODypZMDWoXJwPxGuuwg8nx991dGC53gK+D1gFDK
oZysC0C3oFKEscTzdneJjMehFKZvrdrw5bTSyu/EKyCIf6ps5CV+LR1GEveTdWCb
zoU3vCXJ8F21PgXENYMFwvmHUcjEuhHhSbRmxjMCZhu3I8dv1t5ik2a9dt7/36c0
keRllq2I25/ksWLolWtKodoeTzaD8DTe4zN6TdXff1O3tuisbhTCsiL2agS7x+l2
y/BbUPss3z9zlQoTk87/ls9HN3HgoTXzGuDzRwcXwm0oPp4ZodJs+N3Wrk8F
-----END CERTIFICATE-----