Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/3d6rmL0uXgX_zfTOKnp1wQ_be4E.roa
File:                     3d6rmL0uXgX_zfTOKnp1wQ_be4E.roa (raw, json)
Hash identifier:          RL6M05yZ8SWV5Q6/DqEliE8OXZ/ya4LO48aWAA6fgtQ=
Subject key identifier:   DD:DE:AB:98:BD:2E:5E:05:FF:CD:F4:CE:2A:7A:75:C1:0F:DB:7B:81
Certificate issuer:       /CN=30f08f840e317e95205ba13497d9dbc7377b9e57
Certificate serial:       018CC492326CCDCA88A889A24D853F36A98A
Authority key identifier: 30:F0:8F:84:0E:31:7E:95:20:5B:A1:34:97:D9:DB:C7:37:7B:9E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPCPhA4xfpUgW6E0l9nbxzd7nlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/3d6rmL0uXgX_zfTOKnp1wQ_be4E.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35450
IP address blocks:        193.192.42.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/MPCPhA4xfpUgW6E0l9nbxzd7nlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/MPCPhA4xfpUgW6E0l9nbxzd7nlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPCPhA4xfpUgW6E0l9nbxzd7nlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:32:6c:cd:ca:88:a8:89:a2:4d:85:3f:36:a9:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f08f840e317e95205ba13497d9dbc7377b9e57
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dddeab98bd2e5e05ffcdf4ce2a7a75c10fdb7b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:99:12:77:73:d2:cd:e6:47:b4:bb:ff:c5:56:
                    b5:9b:c5:e6:10:42:1a:de:64:49:cd:f9:fb:47:97:
                    3c:ff:27:62:15:08:d3:56:57:e9:52:49:78:43:87:
                    97:12:d6:3d:96:e9:4a:37:47:d8:a6:38:2d:4c:2f:
                    df:48:df:cb:28:d8:79:ac:1f:50:71:99:b2:88:bc:
                    37:50:94:53:37:9f:8f:1a:49:ec:71:42:15:f5:79:
                    16:d9:cd:2c:d5:c9:76:04:c9:e3:20:1c:ae:30:e3:
                    6f:a4:c2:6a:57:60:57:42:08:ae:f3:47:6d:9d:24:
                    62:6a:c1:e6:83:8a:1c:91:d4:be:bf:8b:98:71:00:
                    78:85:85:cb:3f:cc:71:1c:03:5e:f3:dd:2c:19:89:
                    29:0f:7d:b1:cf:d5:02:4a:f4:03:e3:dc:94:b0:ce:
                    a8:b6:13:f0:c1:95:c7:41:39:9d:0b:84:f3:08:b6:
                    39:dc:15:2b:da:af:b7:58:60:a4:e7:b3:c9:25:89:
                    2d:a4:d0:90:47:43:4f:c6:f3:40:4b:20:27:85:20:
                    e0:39:71:4a:12:ea:e2:ef:18:4c:cb:f1:5e:d8:1f:
                    15:ec:51:35:a2:6c:0a:2c:77:f1:3e:c8:4e:2f:8d:
                    af:f7:1f:2a:26:66:31:df:26:a6:9f:98:bf:eb:38:
                    f8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:DE:AB:98:BD:2E:5E:05:FF:CD:F4:CE:2A:7A:75:C1:0F:DB:7B:81
            X509v3 Authority Key Identifier:
                keyid:30:F0:8F:84:0E:31:7E:95:20:5B:A1:34:97:D9:DB:C7:37:7B:9E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPCPhA4xfpUgW6E0l9nbxzd7nlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/3d6rmL0uXgX_zfTOKnp1wQ_be4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/adc0fe-a24f-4736-afb8-796b38796f69/1/MPCPhA4xfpUgW6E0l9nbxzd7nlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:4f:e0:c4:2b:37:24:71:90:7b:67:23:76:a3:af:ce:21:23:
         38:8b:c9:6b:48:fa:5c:d3:93:42:52:89:74:35:21:5e:48:0d:
         96:70:0e:58:ec:5e:fe:a4:07:66:03:96:a7:d0:04:f8:01:c4:
         0c:10:99:0f:22:94:23:6a:54:63:a8:74:97:60:2b:9e:85:d1:
         9f:b6:75:3c:0a:9a:e8:4b:e7:aa:bb:e0:6e:92:5e:c0:a7:ce:
         05:5f:e6:36:1b:5e:ae:44:97:39:a6:9f:bf:db:06:b2:21:b0:
         ec:19:3b:f6:40:29:09:ac:ac:af:bf:9e:6c:19:6b:39:c2:ec:
         60:9d:b0:14:9f:d8:32:56:73:dc:cc:f6:ec:b8:fb:df:d9:ef:
         98:95:8a:f5:9d:40:62:19:91:a1:ac:e5:83:79:af:83:a6:75:
         20:52:8a:aa:a4:32:78:f5:94:3a:1a:d8:df:5a:fc:c5:50:6f:
         63:b1:c0:b4:c9:25:59:06:78:ad:cf:a4:51:45:fe:b9:f9:a1:
         60:4f:3c:12:2a:a6:80:3d:d0:fe:71:e2:f2:85:b4:c1:c7:b9:
         0b:6c:76:0a:6e:9e:0e:e2:57:77:2f:33:7d:db:54:c5:7b:1d:
         17:e9:32:9a:e0:01:c0:d1:64:4b:86:c5:dd:a6:8d:b7:62:94:
         eb:32:06:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjJszcqIqImiTYU/NqmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjA4Zjg0MGUzMTdlOTUyMDViYTEzNDk3ZDlkYmM3Mzc3
YjllNTcwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGRlYWI5OGJkMmU1ZTA1ZmZjZGY0Y2UyYTdhNzVjMTBmZGI3YjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJkSd3PSzeZHtLv/xVa1m8XmEEIa
3mRJzfn7R5c8/ydiFQjTVlfpUkl4Q4eXEtY9lulKN0fYpjgtTC/fSN/LKNh5rB9Q
cZmyiLw3UJRTN5+PGknscUIV9XkW2c0s1cl2BMnjIByuMONvpMJqV2BXQgiu80dt
nSRiasHmg4ockdS+v4uYcQB4hYXLP8xxHANe890sGYkpD32xz9UCSvQD49yUsM6o
thPwwZXHQTmdC4TzCLY53BUr2q+3WGCk57PJJYktpNCQR0NPxvNASyAnhSDgOXFK
Euri7xhMy/Fe2B8V7FE1omwKLHfxPshOL42v9x8qJmYx3yamn5i/6zj4AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3eq5i9Ll4F/830zip6dcEP23uBMB8GA1UdIwQY
MBaAFDDwj4QOMX6VIFuhNJfZ28c3e55XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBDUGhBNHhmcFVnVzZFMGw5bmJ4emQ3bmxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hZGMwZmUtYTI0Zi00NzM2LWFmYjgt
Nzk2YjM4Nzk2ZjY5LzEvM2Q2cm1MMHVYZ1hfemZUT0tucDF3UV9iZTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hZGMwZmUtYTI0Zi00NzM2LWFmYjgtNzk2YjM4Nzk2ZjY5
LzEvTVBDUGhBNHhmcFVnVzZFMGw5bmJ4emQ3bmxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcAqMA0G
CSqGSIb3DQEBCwUAA4IBAQAiT+DEKzckcZB7ZyN2o6/OISM4i8lrSPpc05NCUol0
NSFeSA2WcA5Y7F7+pAdmA5an0AT4AcQMEJkPIpQjalRjqHSXYCuehdGftnU8Cpro
S+equ+Bukl7Ap84FX+Y2G16uRJc5pp+/2wayIbDsGTv2QCkJrKyvv55sGWs5wuxg
nbAUn9gyVnPczPbsuPvf2e+YlYr1nUBiGZGhrOWDea+DpnUgUoqqpDJ49ZQ6Gtjf
WvzFUG9jscC0ySVZBnitz6RRRf65+aFgTzwSKqaAPdD+ceLyhbTBx7kLbHYKbp4O
4ld3LzN921TFex0X6TKa4AHA0WRLhsXdpo23YpTrMgbT
-----END CERTIFICATE-----