Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/3DkjtZvGHqa1v_cj9eia45Rs-84.roa
File:                     3DkjtZvGHqa1v_cj9eia45Rs-84.roa (raw, json)
Hash identifier:          yD01z94X848TTIQw6anOHXTb1z+50fYKxlDSep2uNRA=
Subject key identifier:   DC:39:23:B5:9B:C6:1E:A6:B5:BF:F7:23:F5:E8:9A:E3:94:6C:FB:CE
Certificate issuer:       /CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
Certificate serial:       018CC86F17A5438C1B65A01F9D65650EFFE1
Authority key identifier: 22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/3DkjtZvGHqa1v_cj9eia45Rs-84.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31562
IP address blocks:        83.166.64.0/19 maxlen: 19
                          83.166.64.0/24 maxlen: 24
                          2a03:9600::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 04:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:17:a5:43:8c:1b:65:a0:1f:9d:65:65:0e:ff:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3923b59bc61ea6b5bff723f5e89ae3946cfbce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:13:9e:5e:8f:a6:35:32:d9:d9:fa:af:9c:1f:
                    c6:77:07:b2:b1:65:b7:e1:17:1a:7f:d5:e7:a4:ee:
                    6d:f8:d0:47:93:57:3f:ff:50:68:c3:14:3c:29:3e:
                    73:76:c7:58:10:41:f8:c8:a1:c7:3d:b8:8a:3c:6e:
                    49:e7:20:99:81:2e:3c:5f:df:94:06:8c:07:67:41:
                    ec:7d:d8:ce:0b:3e:9f:fb:5c:13:a2:43:39:cf:23:
                    78:95:ce:1c:93:d7:1b:46:19:ad:17:89:fc:17:85:
                    e8:63:42:e7:8f:5f:26:d8:fc:75:ce:21:73:2f:3a:
                    c2:ad:b6:1a:dd:9f:b1:94:1f:b2:0c:e2:f8:d2:70:
                    15:be:67:e4:a6:07:f2:61:6b:9d:fe:b0:b4:51:76:
                    65:db:f1:07:89:d3:65:b3:86:49:bb:9a:19:0f:55:
                    b5:ed:92:fa:e5:4f:e0:6e:3b:49:2b:9f:d9:60:59:
                    d5:ec:73:87:b5:5d:e6:fb:93:a5:ea:d8:20:a9:d6:
                    ef:40:b3:f9:42:dc:d3:c7:b9:02:c3:53:a6:23:aa:
                    ab:42:50:0a:a2:42:6a:de:18:90:b8:0a:62:b2:67:
                    c9:ea:43:71:60:d8:0c:bb:1f:7e:40:fd:3e:c9:00:
                    0d:48:e2:a4:cb:73:52:89:ed:51:19:e8:98:ca:e3:
                    96:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:39:23:B5:9B:C6:1E:A6:B5:BF:F7:23:F5:E8:9A:E3:94:6C:FB:CE
            X509v3 Authority Key Identifier:
                keyid:22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/3DkjtZvGHqa1v_cj9eia45Rs-84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.166.64.0/19
                IPv6:
                  2a03:9600::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:63:dd:d8:cb:c2:10:49:00:34:89:af:d2:1d:30:00:a0:c3:
         ba:d0:e3:74:94:46:2a:58:cc:ec:a7:af:14:6e:c0:ec:22:46:
         83:e4:3b:d7:5c:83:78:d6:f4:22:9e:63:5f:a3:6a:88:60:32:
         fc:c8:52:9a:c0:16:46:cf:80:13:ff:59:3a:e3:19:3f:89:12:
         bf:85:a8:0b:ac:da:c4:1a:a7:26:23:f0:5d:6b:f7:b9:21:63:
         3e:03:58:f6:2c:da:5a:5d:d7:a3:6c:80:7c:6e:88:44:9f:31:
         87:19:4f:9d:30:f9:91:c5:19:c9:f5:0b:2c:a3:80:a2:4f:25:
         03:78:08:31:fb:e5:cb:e6:65:74:0a:35:30:87:21:3e:99:b7:
         60:70:9a:7d:19:92:8a:29:07:f3:4a:8f:b2:6f:1d:7a:23:22:
         15:1e:7e:e6:55:9e:e4:f4:2b:3a:5e:38:5f:9f:0f:83:a8:e9:
         e6:78:4b:25:c3:f3:5b:5e:1e:70:72:27:67:87:5f:d3:95:75:
         9f:19:cc:c5:8e:fb:ff:d1:25:0a:0a:36:a4:dc:ba:cb:44:58:
         69:b1:3c:5f:dd:42:46:b8:fe:fc:b2:9a:8d:51:f9:75:57:68:
         2d:04:b3:a3:62:72:fd:f8:01:a3:b9:97:53:49:c5:8b:35:27:
         fa:83:c3:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbxelQ4wbZaAfnWVlDv/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZlZDVmNTYyM2VkZWI3OTEwYWNkMzFkNWY2ZWU4MWU1
Y2IxN2UwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM5MjNiNTliYzYxZWE2YjViZmY3MjNmNWU4OWFlMzk0NmNmYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxOeXo+mNTLZ2fqvnB/GdweysWW3
4Rcaf9XnpO5t+NBHk1c//1BowxQ8KT5zdsdYEEH4yKHHPbiKPG5J5yCZgS48X9+U
BowHZ0HsfdjOCz6f+1wTokM5zyN4lc4ck9cbRhmtF4n8F4XoY0Lnj18m2Px1ziFz
LzrCrbYa3Z+xlB+yDOL40nAVvmfkpgfyYWud/rC0UXZl2/EHidNls4ZJu5oZD1W1
7ZL65U/gbjtJK5/ZYFnV7HOHtV3m+5Ol6tggqdbvQLP5QtzTx7kCw1OmI6qrQlAK
okJq3hiQuApismfJ6kNxYNgMux9+QP0+yQANSOKky3NSie1RGeiYyuOWOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNw5I7Wbxh6mtb/3I/XomuOUbPvOMB8GA1UdIwQY
MBaAFCI27V9WI+3reRCs0x1fbugeXLF+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjct
NGQxNmJlOWJhMTMyLzEvM0RranRadkdIcWExdl9jajllaWE0NVJzLTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjctNGQxNmJlOWJhMTMy
LzEvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFU6ZAMA0E
AgACMAcDBQAqA5YAMA0GCSqGSIb3DQEBCwUAA4IBAQAAY93Yy8IQSQA0ia/SHTAA
oMO60ON0lEYqWMzsp68UbsDsIkaD5DvXXIN41vQinmNfo2qIYDL8yFKawBZGz4AT
/1k64xk/iRK/hagLrNrEGqcmI/Bda/e5IWM+A1j2LNpaXdejbIB8bohEnzGHGU+d
MPmRxRnJ9Qsso4CiTyUDeAgx++XL5mV0CjUwhyE+mbdgcJp9GZKKKQfzSo+ybx16
IyIVHn7mVZ7k9Cs6Xjhfnw+DqOnmeEslw/NbXh5wcidnh1/TlXWfGczFjvv/0SUK
Cjak3LrLRFhpsTxf3UJGuP78spqNUfl1V2gtBLOjYnL9+AGjuZdTScWLNSf6g8PL
-----END CERTIFICATE-----