Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/fF3QBOp4oTpOnWHPvCPLB1yHDKQ.roa
File:                     fF3QBOp4oTpOnWHPvCPLB1yHDKQ.roa (raw, json)
Hash identifier:          xJX0akuVL4D+9te3uOrJAO0gcWsRGuhmnCi9+Vnvzhk=
Subject key identifier:   7C:5D:D0:04:EA:78:A1:3A:4E:9D:61:CF:BC:23:CB:07:5C:87:0C:A4
Certificate issuer:       /CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Certificate serial:       018CC6B934C81E223CC180F568C21A41E73C
Authority key identifier: 3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/fF3QBOp4oTpOnWHPvCPLB1yHDKQ.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201470
IP address blocks:        155.133.24.0/23 maxlen: 23
                          2a02:28e9::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 16:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:c8:1e:22:3c:c1:80:f5:68:c2:1a:41:e7:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5dd004ea78a13a4e9d61cfbc23cb075c870ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1b:93:84:30:ec:8a:1d:9f:58:85:66:e9:26:
                    2b:74:09:27:59:08:ba:82:2f:55:63:5c:1b:ef:d9:
                    7d:15:92:64:62:f5:a9:f3:c8:53:86:48:bb:c5:06:
                    6b:b3:57:a6:0f:14:f5:2b:73:96:81:ed:df:f1:01:
                    c1:66:b0:b6:2d:f3:c8:82:be:1b:17:d4:31:56:e9:
                    16:0f:bb:4c:da:01:8f:ec:bb:b8:aa:89:8d:ce:70:
                    f5:f9:a1:24:71:6a:51:e7:8c:b6:b5:c7:5f:8b:18:
                    eb:82:10:ed:e8:48:90:89:31:e0:b5:28:3d:d1:ec:
                    61:03:45:c4:c7:42:66:aa:f8:b9:27:ee:a5:9f:54:
                    03:2b:76:e6:8b:e1:e8:01:11:df:b0:f7:d8:f8:e2:
                    ee:b1:93:a0:68:69:33:96:aa:70:a7:dd:32:ab:3e:
                    26:82:c8:96:c9:fa:60:c2:de:a2:85:37:75:40:cd:
                    97:68:37:44:16:9e:d3:72:9e:19:0e:33:b1:d3:b6:
                    07:36:96:65:4b:23:5a:27:52:92:6b:98:85:1a:27:
                    e6:e9:e5:82:5d:90:1c:e4:d2:31:4b:7b:50:fb:a6:
                    dc:23:90:c7:3f:8f:b2:3c:5c:b5:ef:02:0d:94:76:
                    1e:21:32:62:51:65:47:7c:20:6b:05:66:da:4f:08:
                    ac:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:5D:D0:04:EA:78:A1:3A:4E:9D:61:CF:BC:23:CB:07:5C:87:0C:A4
            X509v3 Authority Key Identifier:
                keyid:3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/fF3QBOp4oTpOnWHPvCPLB1yHDKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.24.0/23
                IPv6:
                  2a02:28e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:ee:9b:c7:e1:46:59:ce:78:79:d5:b5:be:65:b0:d6:95:2b:
         0a:2c:31:d9:5e:d9:c9:43:91:65:a4:a6:8f:c9:22:f1:84:09:
         ba:5c:b4:0d:e1:40:58:7a:4a:b9:b0:2c:62:0f:4e:45:d7:57:
         8f:b8:52:2e:bd:bc:1e:b9:6d:5e:dc:e9:b4:18:0c:ac:4a:58:
         90:47:01:9d:63:fe:e5:42:64:91:a8:17:59:42:67:7a:fa:90:
         d7:ae:ba:92:15:09:0f:11:29:72:3e:a6:d8:dc:4a:f8:25:60:
         1c:2e:79:20:7f:35:cf:30:f4:1d:9a:9e:80:96:02:2b:6c:11:
         d0:6b:8f:a8:c8:8c:03:41:a0:91:45:50:ca:56:d0:c1:0e:f8:
         07:51:e0:fc:0a:92:82:60:21:eb:a9:57:94:39:d6:7b:fa:d7:
         0c:49:8d:31:e5:67:17:f6:59:78:3a:6d:8f:9f:25:d8:ea:d8:
         02:5e:3c:f3:8b:df:56:90:95:d7:37:b5:e8:50:fa:e4:37:69:
         0f:71:b3:a8:e9:5f:44:19:1d:bc:c2:57:f1:a2:be:33:81:42:
         e9:42:20:03:77:26:1c:7b:a1:d3:30:2f:c9:d7:f7:d2:c5:6f:
         46:6c:2c:ce:81:a5:16:92:bb:25:6c:45:3b:63:f9:0a:59:a9:
         6f:e8:15:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuTTIHiI8wYD1aMIaQec8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZjMyNWVmNGNiYWE2NmNjNzFmZmNjNjg4MDg3N2U3NmUx
NDlhZmQwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzVkZDAwNGVhNzhhMTNhNGU5ZDYxY2ZiYzIzY2IwNzVjODcwY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xuThDDsih2fWIVm6SYrdAknWQi6
gi9VY1wb79l9FZJkYvWp88hThki7xQZrs1emDxT1K3OWge3f8QHBZrC2LfPIgr4b
F9QxVukWD7tM2gGP7Lu4qomNznD1+aEkcWpR54y2tcdfixjrghDt6EiQiTHgtSg9
0exhA0XEx0Jmqvi5J+6ln1QDK3bmi+HoARHfsPfY+OLusZOgaGkzlqpwp90yqz4m
gsiWyfpgwt6ihTd1QM2XaDdEFp7Tcp4ZDjOx07YHNpZlSyNaJ1KSa5iFGifm6eWC
XZAc5NIxS3tQ+6bcI5DHP4+yPFy17wINlHYeITJiUWVHfCBrBWbaTwisNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHxd0ATqeKE6Tp1hz7wjywdchwykMB8GA1UdIwQY
MBaAFD7zJe9MuqZsxx/8xogId+duFJr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUt
MzRkNzE0ODVjNTQ3LzEvZkYzUUJPcDRvVHBPbldIUHZDUExCMXlIREtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUtMzRkNzE0ODVjNTQ3
LzEvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBm4UYMA0E
AgACMAcDBQAqAijpMA0GCSqGSIb3DQEBCwUAA4IBAQCw7pvH4UZZznh51bW+ZbDW
lSsKLDHZXtnJQ5FlpKaPySLxhAm6XLQN4UBYekq5sCxiD05F11ePuFIuvbweuW1e
3Om0GAysSliQRwGdY/7lQmSRqBdZQmd6+pDXrrqSFQkPESlyPqbY3Er4JWAcLnkg
fzXPMPQdmp6AlgIrbBHQa4+oyIwDQaCRRVDKVtDBDvgHUeD8CpKCYCHrqVeUOdZ7
+tcMSY0x5WcX9ll4Om2PnyXY6tgCXjzzi99WkJXXN7XoUPrkN2kPcbOo6V9EGR28
wlfxor4zgULpQiADdyYce6HTMC/J1/fSxW9GbCzOgaUWkrslbEU7Y/kKWalv6BUq
-----END CERTIFICATE-----