Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/ciATZQc93HGhX5gAVAObQTJsAnQ.roa
File:                     ciATZQc93HGhX5gAVAObQTJsAnQ.roa (raw, json)
Hash identifier:          NYapWYDMa0zMTjlI8Uhxu/x5TjBEXleJzWxS2FLcbss=
Subject key identifier:   72:20:13:65:07:3D:DC:71:A1:5F:98:00:54:03:9B:41:32:6C:02:74
Certificate issuer:       /CN=d0bfadf29239ed8cf3f6c693d8bdb79f42000abc
Certificate serial:       018CC492E451B67F842EC907B9BF81C32FDE
Authority key identifier: D0:BF:AD:F2:92:39:ED:8C:F3:F6:C6:93:D8:BD:B7:9F:42:00:0A:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0L-t8pI57Yzz9saT2L23n0IACrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/ciATZQc93HGhX5gAVAObQTJsAnQ.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38934
IP address blocks:        80.251.48.0/20 maxlen: 24
                          193.178.120.0/22 maxlen: 24
                          5.158.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/0L-t8pI57Yzz9saT2L23n0IACrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/0L-t8pI57Yzz9saT2L23n0IACrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0L-t8pI57Yzz9saT2L23n0IACrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e4:51:b6:7f:84:2e:c9:07:b9:bf:81:c3:2f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0bfadf29239ed8cf3f6c693d8bdb79f42000abc
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72201365073ddc71a15f980054039b41326c0274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b3:54:9a:2b:60:b6:c0:93:80:3d:7c:1a:56:
                    6e:c8:53:b1:28:26:10:91:20:f9:61:1a:81:91:78:
                    08:d2:aa:66:29:82:8e:b2:f4:fe:da:b1:7d:81:2e:
                    c3:a0:5a:a2:9f:a5:d6:fa:29:50:6b:88:ee:3d:fc:
                    53:34:a9:55:dd:64:e6:5a:ba:cb:87:ed:51:72:7a:
                    1e:70:17:49:86:42:89:19:d0:13:d4:4f:10:3b:af:
                    42:c0:9b:53:cb:6f:7c:f2:82:2b:20:40:5a:f9:76:
                    d3:f8:2e:de:45:6b:bf:76:8f:40:44:f3:4f:6e:4a:
                    47:b1:f2:cf:43:b9:37:eb:99:fe:ea:4e:bb:39:f9:
                    76:14:58:ec:d6:f2:07:de:a3:a1:5f:9a:ad:26:95:
                    c6:b3:86:28:b1:2c:0f:4d:bd:20:6e:22:a8:ab:47:
                    c4:20:24:3d:f9:2b:ca:dd:fe:a6:56:87:23:11:76:
                    db:c6:c5:ca:92:05:45:59:b5:98:88:4e:08:54:e8:
                    1a:e9:e6:73:f6:21:30:6e:8d:05:ae:51:73:45:7c:
                    1a:14:17:4a:43:b8:3c:40:af:28:a6:b6:15:62:79:
                    88:6c:58:ff:11:59:be:1f:38:1c:c4:7d:7c:8c:5c:
                    63:ba:84:97:ef:91:8e:49:fe:0f:b4:93:2c:a4:7a:
                    55:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:20:13:65:07:3D:DC:71:A1:5F:98:00:54:03:9B:41:32:6C:02:74
            X509v3 Authority Key Identifier:
                keyid:D0:BF:AD:F2:92:39:ED:8C:F3:F6:C6:93:D8:BD:B7:9F:42:00:0A:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0L-t8pI57Yzz9saT2L23n0IACrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/ciATZQc93HGhX5gAVAObQTJsAnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/cfa9cd-8d7b-4a35-82d0-7bb365f34c6c/1/0L-t8pI57Yzz9saT2L23n0IACrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.96.0/19
                  80.251.48.0/20
                  193.178.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:83:5b:7a:8c:53:d5:cf:69:f4:c2:ef:64:df:eb:3f:6e:53:
         d6:78:80:e5:1c:be:db:34:b2:7d:50:82:7c:13:8e:b5:b9:77:
         05:9a:3a:6b:d1:22:c0:78:8a:29:c6:9b:93:e1:0a:28:39:31:
         91:4f:02:a0:40:b2:2e:70:ad:e7:85:f9:9f:0b:6e:0e:ad:63:
         81:37:b4:a6:e1:e3:ba:ab:3c:99:97:79:2f:6d:aa:d0:c8:f1:
         c0:2b:05:26:31:24:55:71:e6:68:2f:5b:30:1c:85:5b:eb:be:
         b0:1a:47:00:f2:a6:7b:30:6b:23:96:4c:2e:13:30:de:10:a5:
         32:c8:a8:a9:8e:83:22:8e:c0:47:2d:eb:28:83:8e:8a:ce:a9:
         9f:41:04:31:78:69:03:34:72:95:a5:cc:9d:c0:d6:b3:c0:13:
         b0:94:ed:3f:35:fe:26:e0:92:e3:43:62:26:26:da:4e:8c:b2:
         10:24:e7:fd:f7:be:ab:79:b3:b3:84:d0:c5:ce:39:8e:0e:06:
         fc:b2:bf:8f:48:df:de:af:2b:c6:08:5a:c0:e9:a0:57:3e:9d:
         47:76:0d:6b:70:f6:05:97:f4:b0:90:d8:65:15:f9:33:64:18:
         8f:00:fd:45:a5:59:fc:5c:93:49:12:bf:19:ae:10:bc:58:0b:
         12:88:ba:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkuRRtn+ELskHub+Bwy/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYmZhZGYyOTIzOWVkOGNmM2Y2YzY5M2Q4YmRiNzlmNDIw
MDBhYmMwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjIwMTM2NTA3M2RkYzcxYTE1Zjk4MDA1NDAzOWI0MTMyNmMwMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLNUmitgtsCTgD18GlZuyFOxKCYQ
kSD5YRqBkXgI0qpmKYKOsvT+2rF9gS7DoFqin6XW+ilQa4juPfxTNKlV3WTmWrrL
h+1RcnoecBdJhkKJGdAT1E8QO69CwJtTy2988oIrIEBa+XbT+C7eRWu/do9ARPNP
bkpHsfLPQ7k365n+6k67Ofl2FFjs1vIH3qOhX5qtJpXGs4YosSwPTb0gbiKoq0fE
ICQ9+SvK3f6mVocjEXbbxsXKkgVFWbWYiE4IVOga6eZz9iEwbo0FrlFzRXwaFBdK
Q7g8QK8oprYVYnmIbFj/EVm+HzgcxH18jFxjuoSX75GOSf4PtJMspHpVBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIgE2UHPdxxoV+YAFQDm0EybAJ0MB8GA1UdIwQY
MBaAFNC/rfKSOe2M8/bGk9i9t59CAAq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEwtdDhwSTU3WXp6OXNhVDJMMjNuMElBQ3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jZmE5Y2QtOGQ3Yi00YTM1LTgyZDAt
N2JiMzY1ZjM0YzZjLzEvY2lBVFpRYzkzSEdoWDVnQVZBT2JRVEpzQW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jZmE5Y2QtOGQ3Yi00YTM1LTgyZDAtN2JiMzY1ZjM0YzZj
LzEvMEwtdDhwSTU3WXp6OXNhVDJMMjNuMElBQ3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFBZ5gAwQE
UPswAwQCwbJ4MA0GCSqGSIb3DQEBCwUAA4IBAQAUg1t6jFPVz2n0wu9k3+s/blPW
eIDlHL7bNLJ9UIJ8E461uXcFmjpr0SLAeIopxpuT4QooOTGRTwKgQLIucK3nhfmf
C24OrWOBN7Sm4eO6qzyZl3kvbarQyPHAKwUmMSRVceZoL1swHIVb676wGkcA8qZ7
MGsjlkwuEzDeEKUyyKipjoMijsBHLesog46KzqmfQQQxeGkDNHKVpcydwNazwBOw
lO0/Nf4m4JLjQ2ImJtpOjLIQJOf9976rebOzhNDFzjmODgb8sr+PSN/eryvGCFrA
6aBXPp1Hdg1rcPYFl/SwkNhlFfkzZBiPAP1FpVn8XJNJEr8ZrhC8WAsSiLq+
-----END CERTIFICATE-----