Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/ln3XRPjn3IW91qVhLNl1Ehl0ebE.roa
File:                     ln3XRPjn3IW91qVhLNl1Ehl0ebE.roa (raw, json)
Hash identifier:          lZmjM+uImUYfJf+I7HtL9e+ehFxeI9N2A5CCaBskAhw=
Subject key identifier:   96:7D:D7:44:F8:E7:DC:85:BD:D6:A5:61:2C:D9:75:12:19:74:79:B1
Certificate issuer:       /CN=8fa2f88926e0bd8401c73cedb77e99c94dcc52d7
Certificate serial:       018CC3491DE88D4A69AB472D0BD270E67E90
Authority key identifier: 8F:A2:F8:89:26:E0:BD:84:01:C7:3C:ED:B7:7E:99:C9:4D:CC:52:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6L4iSbgvYQBxzztt36ZyU3MUtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/ln3XRPjn3IW91qVhLNl1Ehl0ebE.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212903
IP address blocks:        91.211.3.0/24 maxlen: 24
                          2a0c:8740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/j6L4iSbgvYQBxzztt36ZyU3MUtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/j6L4iSbgvYQBxzztt36ZyU3MUtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6L4iSbgvYQBxzztt36ZyU3MUtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:e8:8d:4a:69:ab:47:2d:0b:d2:70:e6:7e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fa2f88926e0bd8401c73cedb77e99c94dcc52d7
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=967dd744f8e7dc85bdd6a5612cd97512197479b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d3:5e:aa:0c:43:32:95:72:1b:78:be:19:9f:
                    f4:da:94:7b:72:a2:1a:46:54:fa:ae:9e:19:5c:ee:
                    53:3d:7a:e9:32:e4:a8:a8:83:4f:1c:00:9d:0b:56:
                    62:8c:cb:82:87:97:aa:90:ac:0a:2f:18:01:88:0c:
                    86:38:0c:85:5c:62:47:a7:82:80:7b:98:8c:36:4f:
                    f0:93:6e:71:b7:3d:13:76:ee:b6:56:78:da:e8:ae:
                    92:82:33:d9:e0:ac:02:bf:7d:a1:fe:1c:1a:5b:3d:
                    0f:e9:b6:b6:01:23:17:e1:64:51:0d:95:d9:cc:1e:
                    5a:ac:a8:e8:52:3e:18:d3:85:8a:44:69:8c:cb:cb:
                    c7:36:72:f2:bf:87:ad:f5:e7:8d:2a:00:9e:46:1e:
                    14:d0:35:a5:75:07:b9:de:66:52:3e:40:d8:a7:de:
                    f9:5f:9c:90:27:8a:79:f4:7c:38:d3:49:b4:44:d6:
                    b8:5a:a2:d1:76:0f:d9:97:60:09:99:29:f4:81:06:
                    32:db:04:65:e9:25:c4:3b:11:1c:56:c6:b8:55:07:
                    b7:cc:c0:6c:1a:40:21:b7:44:a4:b1:20:3e:5b:a9:
                    a0:fd:2b:60:61:5f:b1:2a:5a:10:fc:2c:a1:da:71:
                    82:0c:cc:67:11:c9:83:b2:46:3f:22:44:eb:81:0a:
                    c3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7D:D7:44:F8:E7:DC:85:BD:D6:A5:61:2C:D9:75:12:19:74:79:B1
            X509v3 Authority Key Identifier:
                keyid:8F:A2:F8:89:26:E0:BD:84:01:C7:3C:ED:B7:7E:99:C9:4D:CC:52:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6L4iSbgvYQBxzztt36ZyU3MUtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/ln3XRPjn3IW91qVhLNl1Ehl0ebE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/deb648-f433-43f1-9c83-d0edec9728e5/1/j6L4iSbgvYQBxzztt36ZyU3MUtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.3.0/24
                IPv6:
                  2a0c:8740::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:b8:99:12:4d:06:47:5f:85:f6:4d:59:6c:a5:4f:67:4b:db:
         ab:bf:64:85:94:a3:2f:69:94:64:a3:91:16:32:cf:a5:62:10:
         a6:68:bd:61:fc:43:a3:ce:fd:33:0b:c9:fb:99:9f:0d:74:d9:
         36:df:46:de:4e:4d:2a:4d:e9:db:ed:fb:ee:62:1b:7e:f3:ab:
         7f:ff:57:8f:14:44:56:f9:f7:26:57:e9:47:d8:d5:ba:44:da:
         60:8e:a2:8a:17:fa:10:08:48:ff:66:2d:0e:51:5d:b1:80:10:
         0a:65:fe:6b:63:24:1e:4d:c7:8f:91:40:9a:40:37:a5:3d:ae:
         9b:f2:8c:92:71:36:a4:4f:3e:3e:29:fc:f9:0f:47:ee:10:cf:
         22:4d:b0:2f:4a:f5:7a:4a:94:4b:85:31:9e:a7:71:bc:46:74:
         81:70:3b:90:4a:7a:f1:9d:bf:01:ce:7a:cb:9b:3d:c5:3d:b6:
         a8:f4:17:ef:04:ca:20:4a:54:90:08:b6:29:34:f9:98:15:05:
         0a:03:f2:5a:ed:b2:5f:3c:2e:2b:d9:59:43:5c:1b:75:d3:0e:
         40:fb:10:6b:5a:19:cf:c5:a7:73:56:37:f7:70:87:d6:b3:c2:
         d3:d6:6c:7d:17:e8:3a:d9:c7:ba:a0:6e:b6:47:3a:a7:29:19:
         e8:ff:1a:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSR3ojUppq0ctC9Jw5n6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYTJmODg5MjZlMGJkODQwMWM3M2NlZGI3N2U5OWM5NGRj
YzUyZDcwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdkZDc0NGY4ZTdkYzg1YmRkNmE1NjEyY2Q5NzUxMjE5NzQ3OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dNeqgxDMpVyG3i+GZ/02pR7cqIa
RlT6rp4ZXO5TPXrpMuSoqINPHACdC1ZijMuCh5eqkKwKLxgBiAyGOAyFXGJHp4KA
e5iMNk/wk25xtz0Tdu62Vnja6K6SgjPZ4KwCv32h/hwaWz0P6ba2ASMX4WRRDZXZ
zB5arKjoUj4Y04WKRGmMy8vHNnLyv4et9eeNKgCeRh4U0DWldQe53mZSPkDYp975
X5yQJ4p59Hw400m0RNa4WqLRdg/Zl2AJmSn0gQYy2wRl6SXEOxEcVsa4VQe3zMBs
GkAht0SksSA+W6mg/StgYV+xKloQ/Cyh2nGCDMxnEcmDskY/IkTrgQrDWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJZ910T459yFvdalYSzZdRIZdHmxMB8GA1UdIwQY
MBaAFI+i+Ikm4L2EAcc87bd+mclNzFLXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZMNGlTYmd2WVFCeHp6dHQzNlp5VTNNVXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9kZWI2NDgtZjQzMy00M2YxLTljODMt
ZDBlZGVjOTcyOGU1LzEvbG4zWFJQam4zSVc5MXFWaExObDFFaGwwZWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9kZWI2NDgtZjQzMy00M2YxLTljODMtZDBlZGVjOTcyOGU1
LzEvajZMNGlTYmd2WVFCeHp6dHQzNlp5VTNNVXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9MDMA0E
AgACMAcDBQMqDIdAMA0GCSqGSIb3DQEBCwUAA4IBAQCluJkSTQZHX4X2TVlspU9n
S9urv2SFlKMvaZRko5EWMs+lYhCmaL1h/EOjzv0zC8n7mZ8NdNk230beTk0qTenb
7fvuYht+86t//1ePFERW+fcmV+lH2NW6RNpgjqKKF/oQCEj/Zi0OUV2xgBAKZf5r
YyQeTcePkUCaQDelPa6b8oyScTakTz4+Kfz5D0fuEM8iTbAvSvV6SpRLhTGep3G8
RnSBcDuQSnrxnb8BznrLmz3FPbao9BfvBMogSlSQCLYpNPmYFQUKA/Ja7bJfPC4r
2VlDXBt10w5A+xBrWhnPxadzVjf3cIfWs8LT1mx9F+g62ce6oG62RzqnKRno/xoQ
-----END CERTIFICATE-----