Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/e3IMh0o0RaYzrIqzE_YjHHYRaCg.roa
File:                     e3IMh0o0RaYzrIqzE_YjHHYRaCg.roa (raw, json)
Hash identifier:          A8KwH8nbfEmN6m/82peu1KyVxYiu8v+S3RDtlkmxaIA=
Subject key identifier:   7B:72:0C:87:4A:34:45:A6:33:AC:8A:B3:13:F6:23:1C:76:11:68:28
Certificate issuer:       /CN=a3698b01053911607edb2a76090a6aced95a3ed5
Certificate serial:       018CC5DC267E29E6D47370D78465DB1D0D69
Authority key identifier: A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/e3IMh0o0RaYzrIqzE_YjHHYRaCg.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        194.61.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:26:7e:29:e6:d4:73:70:d7:84:65:db:1d:0d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3698b01053911607edb2a76090a6aced95a3ed5
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b720c874a3445a633ac8ab313f6231c76116828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:77:6c:fc:47:f4:fd:b8:20:91:ad:9c:fe:89:
                    6d:36:5b:e7:97:d5:af:dd:2c:25:95:2b:51:f2:da:
                    e7:e8:14:11:52:99:2e:6b:e6:1e:b4:47:f3:a1:6b:
                    62:5f:57:c2:e0:45:da:16:10:db:e4:34:a8:74:fb:
                    c7:8e:3a:37:97:4a:41:c5:fb:da:79:3f:2e:ba:26:
                    36:e9:a5:a9:fa:6c:8f:9f:04:d7:b4:3e:5a:1d:05:
                    33:7e:43:8a:8d:4e:d6:f1:a6:d7:76:8a:01:c2:08:
                    97:d0:ef:65:33:de:9d:7e:5f:ae:91:9e:48:79:27:
                    14:18:cc:0e:36:f1:d8:c0:d2:07:fd:05:04:ac:80:
                    18:0f:6c:af:a8:f1:70:f4:8f:63:ea:ad:a9:25:f2:
                    dd:a4:f9:85:4e:a0:f4:8f:89:9a:52:ac:fc:ee:ee:
                    c8:40:b1:e3:e3:74:04:d1:d7:f8:ce:f4:e8:22:31:
                    80:7f:a9:ea:38:bf:00:5e:d2:50:27:7b:a2:00:c9:
                    87:94:fd:2b:c6:79:66:73:05:52:ef:ea:62:81:f7:
                    e0:48:b5:fa:8f:d6:d8:5a:bc:03:1c:7a:47:17:3c:
                    0e:db:eb:95:3f:ea:2a:5f:76:dd:dc:81:85:9f:a6:
                    ff:12:28:14:c6:be:f1:04:d3:cd:ea:48:75:cd:db:
                    38:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:72:0C:87:4A:34:45:A6:33:AC:8A:B3:13:F6:23:1C:76:11:68:28
            X509v3 Authority Key Identifier:
                keyid:A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/e3IMh0o0RaYzrIqzE_YjHHYRaCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:7d:31:d4:d0:60:32:4a:52:60:71:db:de:25:69:0a:4c:82:
         f0:b5:3d:e8:60:8c:6f:b5:ab:dd:1c:de:b9:63:a3:00:95:cd:
         e8:52:f2:9f:45:4f:b7:54:df:08:13:d1:37:61:ff:26:71:9e:
         0c:65:5d:c7:9c:51:a2:b0:03:6e:86:bc:62:42:ab:06:40:ee:
         80:78:50:78:5d:eb:91:16:0b:a9:42:ff:8c:b8:da:a1:c7:d1:
         86:a5:d0:e6:95:98:62:11:f2:1e:7c:ec:0f:6e:b3:06:71:8d:
         36:ed:51:2b:38:f7:30:4e:e0:4f:bc:c8:b3:8a:7b:6a:32:93:
         44:99:5c:c1:33:47:97:f8:7f:19:37:c5:51:b6:0d:04:8d:4e:
         e8:a6:78:c5:d4:fc:d4:9c:4d:5b:d9:b2:1e:2b:10:3f:33:8c:
         cd:71:65:9b:3f:65:85:7a:99:7a:eb:58:2c:0e:f6:54:45:26:
         28:c4:bb:77:0c:69:4b:bd:ea:37:87:c3:cc:20:34:54:f1:d1:
         84:bc:00:c5:c1:80:11:d7:75:0f:a8:77:35:76:ab:ce:29:fb:
         cf:df:46:5b:96:b5:dc:2d:31:6f:b1:8a:d5:2a:5a:ec:35:8d:
         55:4d:11:76:77:ec:43:0c:91:0a:07:f3:1a:07:0a:00:25:6e:
         55:9a:c7:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CZ+KebUc3DXhGXbHQ1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjk4YjAxMDUzOTExNjA3ZWRiMmE3NjA5MGE2YWNlZDk1
YTNlZDUwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjcyMGM4NzRhMzQ0NWE2MzNhYzhhYjMxM2Y2MjMxYzc2MTE2ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknds/Ef0/bggka2c/oltNlvnl9Wv
3SwllStR8trn6BQRUpkua+YetEfzoWtiX1fC4EXaFhDb5DSodPvHjjo3l0pBxfva
eT8uuiY26aWp+myPnwTXtD5aHQUzfkOKjU7W8abXdooBwgiX0O9lM96dfl+ukZ5I
eScUGMwONvHYwNIH/QUErIAYD2yvqPFw9I9j6q2pJfLdpPmFTqD0j4maUqz87u7I
QLHj43QE0df4zvToIjGAf6nqOL8AXtJQJ3uiAMmHlP0rxnlmcwVS7+pigffgSLX6
j9bYWrwDHHpHFzwO2+uVP+oqX3bd3IGFn6b/EigUxr7xBNPN6kh1zds42wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtyDIdKNEWmM6yKsxP2Ixx2EWgoMB8GA1UdIwQY
MBaAFKNpiwEFORFgftsqdgkKas7ZWj7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTIt
YmJkMzExMTg2OTUwLzEvZTNJTWgwbzBSYVl6cklxekVfWWpISFlSYUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTItYmJkMzExMTg2OTUw
LzEvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj3gMA0G
CSqGSIb3DQEBCwUAA4IBAQB0fTHU0GAySlJgcdveJWkKTILwtT3oYIxvtavdHN65
Y6MAlc3oUvKfRU+3VN8IE9E3Yf8mcZ4MZV3HnFGisANuhrxiQqsGQO6AeFB4XeuR
FgupQv+MuNqhx9GGpdDmlZhiEfIefOwPbrMGcY027VErOPcwTuBPvMizintqMpNE
mVzBM0eX+H8ZN8VRtg0EjU7opnjF1PzUnE1b2bIeKxA/M4zNcWWbP2WFepl661gs
DvZURSYoxLt3DGlLveo3h8PMIDRU8dGEvADFwYAR13UPqHc1dqvOKfvP30ZblrXc
LTFvsYrVKlrsNY1VTRF2d+xDDJEKB/MaBwoAJW5VmseT
-----END CERTIFICATE-----