Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/3WSvUUMaVvzA-YyrSH299fVfwLs.roa
File:                     3WSvUUMaVvzA-YyrSH299fVfwLs.roa (raw, json)
Hash identifier:          3fN8f4K0/j12dSft3+xxEEH+4qD0Fy3jh2DbdzrDYEE=
Subject key identifier:   DD:64:AF:51:43:1A:56:FC:C0:F9:8C:AB:48:7D:BD:F5:F5:5F:C0:BB
Certificate issuer:       /CN=6d2d574092ba939a2fff71aa1f8e8ed961530b30
Certificate serial:       018CC9BCC5DABB6449D616DECF5FC17F2CEA
Authority key identifier: 6D:2D:57:40:92:BA:93:9A:2F:FF:71:AA:1F:8E:8E:D9:61:53:0B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bS1XQJK6k5ov_3GqH46O2WFTCzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/3WSvUUMaVvzA-YyrSH299fVfwLs.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210220
IP address blocks:        194.169.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/bS1XQJK6k5ov_3GqH46O2WFTCzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/bS1XQJK6k5ov_3GqH46O2WFTCzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bS1XQJK6k5ov_3GqH46O2WFTCzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 01:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c5:da:bb:64:49:d6:16:de:cf:5f:c1:7f:2c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d2d574092ba939a2fff71aa1f8e8ed961530b30
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd64af51431a56fcc0f98cab487dbdf5f55fc0bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fc:e1:a5:0a:37:0c:35:e0:5c:ad:f4:03:f3:
                    07:c7:b7:a2:1c:77:82:28:17:47:9a:a3:ce:32:75:
                    51:bc:a7:0b:85:b8:34:46:f4:0f:aa:a5:d9:a8:e9:
                    5c:36:58:51:b8:ea:a3:a5:c8:a4:d9:7a:08:50:f6:
                    c4:b5:57:f0:4d:f0:42:0c:b2:7c:f7:ce:d3:a8:5e:
                    c6:43:04:bb:d9:0c:5e:4d:78:e5:8c:54:eb:c4:c2:
                    10:ea:d9:e1:4b:3e:99:81:88:9f:76:3c:53:ae:3a:
                    fe:eb:45:34:0e:e6:51:c3:fe:1e:6b:fc:4f:5c:be:
                    4d:26:65:c1:b7:00:ed:68:f7:f8:d0:49:11:97:73:
                    bb:93:16:0b:b1:70:38:31:6f:24:a0:b2:6f:73:28:
                    2c:31:39:cf:b0:c6:05:09:7b:27:4d:b8:e1:f4:24:
                    37:e8:40:6c:10:57:8e:35:84:f4:c4:4d:3c:2e:22:
                    2d:83:14:8b:8e:cd:aa:cc:b7:bd:69:c3:8e:bb:d6:
                    18:2f:78:14:a2:60:f4:46:07:1b:19:71:dc:5a:23:
                    b2:23:75:46:96:10:96:c8:6a:58:79:6a:c9:39:91:
                    c0:57:de:ab:29:50:7b:09:64:54:ea:e7:1b:d7:6b:
                    20:57:42:f1:b0:d1:7a:ad:f7:b2:f8:3b:7a:be:da:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:64:AF:51:43:1A:56:FC:C0:F9:8C:AB:48:7D:BD:F5:F5:5F:C0:BB
            X509v3 Authority Key Identifier:
                keyid:6D:2D:57:40:92:BA:93:9A:2F:FF:71:AA:1F:8E:8E:D9:61:53:0B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bS1XQJK6k5ov_3GqH46O2WFTCzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/3WSvUUMaVvzA-YyrSH299fVfwLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/597cc3-3611-4628-bd7c-dbad1f4a4123/1/bS1XQJK6k5ov_3GqH46O2WFTCzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c0:40:5b:c8:55:95:97:6d:d2:fd:92:65:f7:71:66:9e:5b:
         25:d7:85:41:90:5f:a1:99:96:fc:a2:93:50:af:86:03:0d:60:
         e6:c2:47:44:ce:45:4b:ce:b2:3e:61:d1:a6:22:47:be:31:66:
         52:e9:3e:17:e5:39:a8:09:78:00:c3:b9:37:5e:6d:d7:b9:c3:
         6c:d3:94:b9:31:3b:cc:1c:26:bb:05:d5:1f:cb:67:69:39:20:
         04:d6:8a:44:b2:5b:55:83:1e:13:03:d1:ae:cf:25:df:1c:65:
         08:e8:37:88:1a:d2:65:d9:b2:32:de:6a:06:ce:09:af:4c:c7:
         a5:b0:89:e5:07:c2:c3:c7:25:ec:b5:d7:d0:e2:5b:f0:22:21:
         2c:dc:0c:cc:a1:c9:ee:5e:4d:0e:c4:c6:42:88:27:ae:80:23:
         ca:0b:af:27:c5:bc:ad:30:ab:b5:db:a7:1c:b3:7f:1f:99:98:
         27:82:4c:d1:4d:fc:d3:21:73:b5:7a:88:e3:80:af:7e:8f:9b:
         60:f6:49:fb:b3:fb:26:87:03:52:d6:3b:4c:b9:e1:18:b9:a1:
         e2:2b:96:44:c8:80:ab:c8:3e:d7:dc:37:89:c3:fc:90:7d:72:
         3b:cf:01:0f:59:4c:13:d5:1a:ef:0c:ac:f5:31:ea:f9:c3:02:
         32:42:0c:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMXau2RJ1hbez1/BfyzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMmQ1NzQwOTJiYTkzOWEyZmZmNzFhYTFmOGU4ZWQ5NjE1
MzBiMzAwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY0YWY1MTQzMWE1NmZjYzBmOThjYWI0ODdkYmRmNWY1NWZjMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PzhpQo3DDXgXK30A/MHx7eiHHeC
KBdHmqPOMnVRvKcLhbg0RvQPqqXZqOlcNlhRuOqjpcik2XoIUPbEtVfwTfBCDLJ8
987TqF7GQwS72QxeTXjljFTrxMIQ6tnhSz6ZgYifdjxTrjr+60U0DuZRw/4ea/xP
XL5NJmXBtwDtaPf40EkRl3O7kxYLsXA4MW8koLJvcygsMTnPsMYFCXsnTbjh9CQ3
6EBsEFeONYT0xE08LiItgxSLjs2qzLe9acOOu9YYL3gUomD0RgcbGXHcWiOyI3VG
lhCWyGpYeWrJOZHAV96rKVB7CWRU6ucb12sgV0LxsNF6rfey+Dt6vtouVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1kr1FDGlb8wPmMq0h9vfX1X8C7MB8GA1UdIwQY
MBaAFG0tV0CSupOaL/9xqh+OjtlhUwswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlMxWFFKSzZrNW92XzNHcUg0Nk8yV0ZUQ3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS81OTdjYzMtMzYxMS00NjI4LWJkN2Mt
ZGJhZDFmNGE0MTIzLzEvM1dTdlVVTWFWdnpBLVl5clNIMjk5ZlZmd0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS81OTdjYzMtMzYxMS00NjI4LWJkN2MtZGJhZDFmNGE0MTIz
LzEvYlMxWFFKSzZrNW92XzNHcUg0Nk8yV0ZUQ3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqncMA0G
CSqGSIb3DQEBCwUAA4IBAQA9wEBbyFWVl23S/ZJl93Fmnlsl14VBkF+hmZb8opNQ
r4YDDWDmwkdEzkVLzrI+YdGmIke+MWZS6T4X5TmoCXgAw7k3Xm3XucNs05S5MTvM
HCa7BdUfy2dpOSAE1opEsltVgx4TA9GuzyXfHGUI6DeIGtJl2bIy3moGzgmvTMel
sInlB8LDxyXstdfQ4lvwIiEs3AzMocnuXk0OxMZCiCeugCPKC68nxbytMKu126cc
s38fmZgngkzRTfzTIXO1eojjgK9+j5tg9kn7s/smhwNS1jtMueEYuaHiK5ZEyICr
yD7X3DeJw/yQfXI7zwEPWUwT1RrvDKz1Mer5wwIyQgye
-----END CERTIFICATE-----