Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/s3FrPyT1m7gX9QAs_auIWqfOBX0.roa
File:                     s3FrPyT1m7gX9QAs_auIWqfOBX0.roa (raw, json)
Hash identifier:          ydS2l3/k+ryzAn13C+3R1KRBv6D7zKuFe1W8TSBsFzY=
Subject key identifier:   B3:71:6B:3F:24:F5:9B:B8:17:F5:00:2C:FD:AB:88:5A:A7:CE:05:7D
Certificate issuer:       /CN=60f6bcf6e2b109ba2a14a73b975ad954484b4ba5
Certificate serial:       018CC72720AFDE9BEC54FAECC5865CB3704F
Authority key identifier: 60:F6:BC:F6:E2:B1:09:BA:2A:14:A7:3B:97:5A:D9:54:48:4B:4B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPa89uKxCboqFKc7l1rZVEhLS6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/s3FrPyT1m7gX9QAs_auIWqfOBX0.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51337
IP address blocks:        178.212.40.0/21 maxlen: 21
                          178.215.192.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/YPa89uKxCboqFKc7l1rZVEhLS6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/YPa89uKxCboqFKc7l1rZVEhLS6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPa89uKxCboqFKc7l1rZVEhLS6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:20:af:de:9b:ec:54:fa:ec:c5:86:5c:b3:70:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60f6bcf6e2b109ba2a14a73b975ad954484b4ba5
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3716b3f24f59bb817f5002cfdab885aa7ce057d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ed:f0:c2:33:a8:77:ee:e1:dd:07:78:76:6c:
                    3b:ad:49:ae:3f:cf:12:ea:b8:c9:63:fc:ec:e0:8f:
                    cc:e2:d3:8d:7e:0f:40:76:2b:b8:82:da:07:4a:c2:
                    a5:01:68:69:5f:95:2e:95:e2:02:cf:25:e2:b5:7d:
                    fd:6e:0d:2b:ad:7f:fc:1a:3d:6c:02:c7:92:dc:8e:
                    7b:ab:5d:0f:0a:fb:60:36:90:84:b3:22:ea:ac:be:
                    a0:ae:24:3a:45:0d:7e:42:d6:a0:4a:bf:0c:c8:4b:
                    30:9e:e5:6c:09:63:52:52:46:a7:73:27:7a:30:4d:
                    b3:bf:b9:f5:fa:ff:d6:20:c5:22:56:20:90:10:ab:
                    05:36:87:c0:11:4f:35:d5:c7:5e:49:d5:4a:f3:e1:
                    88:63:56:27:ec:d6:bd:2e:26:1f:87:da:2e:6e:c7:
                    3e:c9:c6:e9:3c:39:16:78:38:f7:2c:2b:28:4b:48:
                    3f:96:2f:10:e1:35:d7:99:d6:a7:0c:2f:d7:b6:a9:
                    c4:46:fa:30:ac:07:b5:71:4e:7a:87:78:90:10:22:
                    b3:26:51:98:14:db:bc:b0:30:74:af:a3:a8:0b:77:
                    36:5e:7d:9e:0a:30:d3:73:63:d5:4c:18:93:69:15:
                    30:50:f6:df:18:f3:34:eb:43:3c:bb:8c:f3:7d:d8:
                    30:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:71:6B:3F:24:F5:9B:B8:17:F5:00:2C:FD:AB:88:5A:A7:CE:05:7D
            X509v3 Authority Key Identifier:
                keyid:60:F6:BC:F6:E2:B1:09:BA:2A:14:A7:3B:97:5A:D9:54:48:4B:4B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPa89uKxCboqFKc7l1rZVEhLS6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/s3FrPyT1m7gX9QAs_auIWqfOBX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/83adbb-3627-4b87-9f7d-ab40253b5e2b/1/YPa89uKxCboqFKc7l1rZVEhLS6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.40.0/21
                  178.215.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         25:88:3d:e7:6d:fd:88:fb:ef:d5:c7:70:3c:f8:bb:2e:e0:f6:
         d8:a3:9f:ff:08:83:29:31:b3:97:88:e3:75:fb:e6:51:cd:f6:
         a7:e1:01:6a:49:ea:7d:68:9c:d6:35:b7:e6:d3:35:f7:c3:a6:
         da:5f:09:2d:f1:bc:5d:44:4e:00:d5:a8:83:de:c8:3e:fd:e2:
         df:81:31:9e:ca:09:cd:f7:9f:5d:2c:ed:c4:4b:7c:e9:0d:e7:
         53:bf:13:5a:5c:09:ae:86:38:d7:42:fa:d0:43:23:98:da:41:
         c0:a7:f1:a0:2f:87:ed:63:40:ee:21:a6:a1:cc:ee:f3:af:38:
         60:ec:80:9b:c2:f3:f7:ec:bd:9c:b2:03:e0:2e:77:2c:03:b3:
         49:c1:5f:a7:16:47:3f:55:f1:54:44:ad:cf:be:50:7e:e1:24:
         a9:72:ce:6a:1b:0c:ea:15:91:f9:cf:25:01:2d:3b:d6:f3:d7:
         84:cd:c6:66:b5:ae:95:55:69:2d:13:63:3c:09:9e:a3:bf:2a:
         9a:c2:6b:5b:f4:ee:82:45:13:a4:15:e8:f0:53:16:c7:a4:d7:
         bc:b7:4a:7c:02:c4:1a:79:0d:d5:54:4e:0f:b6:88:23:ae:d4:
         52:0c:1f:2a:7f:8f:78:97:a3:7f:cd:d4:0d:fc:8e:fd:25:79:
         b5:94:ff:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJyCv3pvsVPrsxYZcs3BPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZjZiY2Y2ZTJiMTA5YmEyYTE0YTczYjk3NWFkOTU0NDg0
YjRiYTUwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzcxNmIzZjI0ZjU5YmI4MTdmNTAwMmNmZGFiODg1YWE3Y2UwNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+3wwjOod+7h3Qd4dmw7rUmuP88S
6rjJY/zs4I/M4tONfg9Adiu4gtoHSsKlAWhpX5UuleICzyXitX39bg0rrX/8Gj1s
AseS3I57q10PCvtgNpCEsyLqrL6griQ6RQ1+QtagSr8MyEswnuVsCWNSUkancyd6
ME2zv7n1+v/WIMUiViCQEKsFNofAEU811cdeSdVK8+GIY1Yn7Na9LiYfh9oubsc+
ycbpPDkWeDj3LCsoS0g/li8Q4TXXmdanDC/XtqnERvowrAe1cU56h3iQECKzJlGY
FNu8sDB0r6OoC3c2Xn2eCjDTc2PVTBiTaRUwUPbfGPM060M8u4zzfdgwXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLNxaz8k9Zu4F/UALP2riFqnzgV9MB8GA1UdIwQY
MBaAFGD2vPbisQm6KhSnO5da2VRIS0ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVBhODl1S3hDYm9xRktjN2wxclpWRWhMUzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84M2FkYmItMzYyNy00Yjg3LTlmN2Qt
YWI0MDI1M2I1ZTJiLzEvczNGclB5VDFtN2dYOVFBc19hdUlXcWZPQlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84M2FkYmItMzYyNy00Yjg3LTlmN2QtYWI0MDI1M2I1ZTJi
LzEvWVBhODl1S3hDYm9xRktjN2wxclpWRWhMUzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDstQoAwQE
stfAMA0GCSqGSIb3DQEBCwUAA4IBAQAliD3nbf2I++/Vx3A8+Lsu4PbYo5//CIMp
MbOXiON1++ZRzfan4QFqSep9aJzWNbfm0zX3w6baXwkt8bxdRE4A1aiD3sg+/eLf
gTGeygnN959dLO3ES3zpDedTvxNaXAmuhjjXQvrQQyOY2kHAp/GgL4ftY0DuIaah
zO7zrzhg7ICbwvP37L2csgPgLncsA7NJwV+nFkc/VfFURK3PvlB+4SSpcs5qGwzq
FZH5zyUBLTvW89eEzcZmta6VVWktE2M8CZ6jvyqawmtb9O6CRROkFejwUxbHpNe8
t0p8AsQaeQ3VVE4PtogjrtRSDB8qf494l6N/zdQN/I79JXm1lP8V
-----END CERTIFICATE-----