Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/3dNsb_A71LC1EA5BJVSoZHKzhoc.roa
File:                     3dNsb_A71LC1EA5BJVSoZHKzhoc.roa (raw, json)
Hash identifier:          +EOyIhS5Mha86yxLeLAWT9kRTfTgPtNdgUvf7rh818M=
Subject key identifier:   DD:D3:6C:6F:F0:3B:D4:B0:B5:10:0E:41:25:54:A8:64:72:B3:86:87
Certificate issuer:       /CN=5a87fcc85cb499419a1b1ec2f3209c2a435fb92d
Certificate serial:       01919FB9B7A68DC57A99C153227B6386FA88
Authority key identifier: 5A:87:FC:C8:5C:B4:99:41:9A:1B:1E:C2:F3:20:9C:2A:43:5F:B9:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wof8yFy0mUGaGx7C8yCcKkNfuS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/3dNsb_A71LC1EA5BJVSoZHKzhoc.roa
Signing time:             Thu 29 Aug 2024 20:00:34 +0000
ROA not before:           Thu 29 Aug 2024 20:00:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31477
IP address blocks:        91.198.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/Wof8yFy0mUGaGx7C8yCcKkNfuS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/Wof8yFy0mUGaGx7C8yCcKkNfuS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wof8yFy0mUGaGx7C8yCcKkNfuS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9f:b9:b7:a6:8d:c5:7a:99:c1:53:22:7b:63:86:fa:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a87fcc85cb499419a1b1ec2f3209c2a435fb92d
        Validity
            Not Before: Aug 29 20:00:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd36c6ff03bd4b0b5100e412554a86472b38687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:52:6c:e3:cb:52:d3:00:13:3d:1d:d3:c4:63:
                    d9:98:12:88:5d:61:01:68:ca:71:b4:d1:c3:72:f9:
                    b5:c6:7b:17:f0:c3:bb:ce:67:88:88:14:6d:ce:9d:
                    1a:1c:07:1d:07:c6:2d:5f:6d:f2:44:75:ef:f1:b8:
                    a3:2e:91:8f:88:c3:12:7b:80:61:83:3b:74:52:44:
                    0c:9a:84:d1:0a:94:59:af:31:45:89:aa:1a:55:62:
                    9c:36:21:2d:2c:8c:8d:95:58:9e:84:69:34:2b:cf:
                    a9:9a:b4:c1:08:51:43:74:d4:78:0d:60:cd:17:20:
                    15:66:25:40:44:08:ae:0c:6c:a9:44:ce:fb:15:02:
                    6b:72:a6:c9:d7:6d:ce:cb:20:78:89:5e:40:6a:80:
                    a4:51:6d:0b:85:7a:5f:e7:c2:50:ad:f3:70:d7:b6:
                    3c:5c:55:6b:ca:61:14:26:82:9b:d9:e6:86:0b:3b:
                    2d:ba:13:e4:9e:5f:8f:19:a3:48:c5:cc:7c:a9:12:
                    2f:bf:56:94:e3:9f:9a:1f:1f:58:50:61:86:cb:38:
                    d8:d8:56:db:53:30:ed:c9:e9:ce:48:8a:b1:15:8c:
                    81:28:48:85:03:d5:b7:6a:3c:33:69:fc:49:50:b2:
                    6d:48:6f:aa:2a:b6:36:22:52:7e:a7:6f:44:69:0c:
                    db:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D3:6C:6F:F0:3B:D4:B0:B5:10:0E:41:25:54:A8:64:72:B3:86:87
            X509v3 Authority Key Identifier:
                keyid:5A:87:FC:C8:5C:B4:99:41:9A:1B:1E:C2:F3:20:9C:2A:43:5F:B9:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wof8yFy0mUGaGx7C8yCcKkNfuS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/3dNsb_A71LC1EA5BJVSoZHKzhoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/685f2d-bde4-49fd-a143-994bb628bba5/1/Wof8yFy0mUGaGx7C8yCcKkNfuS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:35:38:c9:a8:49:1f:96:ac:1d:2e:e4:5d:0d:97:d2:50:0b:
         57:90:a0:9e:8f:79:6f:c7:f0:21:65:c5:74:99:d8:e7:6b:48:
         9e:60:a6:68:58:d6:e7:4c:9e:c1:0c:41:d7:15:18:12:a3:10:
         63:82:b2:65:a2:6f:b7:be:20:d7:23:b9:56:15:c5:7c:79:a7:
         c6:fb:8e:9b:0f:6d:a0:b0:bf:67:a4:f9:fc:dc:e2:fb:a6:b0:
         82:08:fa:b7:2e:61:20:0f:3d:ee:80:d9:68:f3:ec:83:f1:a4:
         c9:b3:5d:f0:60:6f:59:db:e6:e4:d9:2b:31:32:bb:5a:54:8f:
         86:6c:45:ac:dd:ae:8d:0d:7b:96:db:02:d6:4e:ef:e8:cc:24:
         98:f7:7e:a5:18:ac:2f:1a:77:f3:14:5a:eb:c8:3c:8a:95:ff:
         7f:39:c5:5a:75:27:13:3e:d2:38:fc:a0:cc:6c:37:81:d2:fe:
         f0:bb:5a:90:00:4f:f8:c5:eb:6b:35:e9:18:6e:c2:93:94:c5:
         2d:d8:64:22:bb:01:ad:b7:98:10:82:43:d3:54:20:06:16:45:
         d9:ca:8a:84:ec:8a:9d:d9:40:37:60:51:b2:b8:74:fd:d3:c0:
         28:58:23:db:81:c1:2d:69:0a:3e:51:4a:f1:fb:8b:e9:a9:c0:
         1d:cc:4e:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGfubemjcV6mcFTIntjhvqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhODdmY2M4NWNiNDk5NDE5YTFiMWVjMmYzMjA5YzJhNDM1
ZmI5MmQwHhcNMjQwODI5MjAwMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQzNmM2ZmYwM2JkNGIwYjUxMDBlNDEyNTU0YTg2NDcyYjM4Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolJs48tS0wATPR3TxGPZmBKIXWEB
aMpxtNHDcvm1xnsX8MO7zmeIiBRtzp0aHAcdB8YtX23yRHXv8bijLpGPiMMSe4Bh
gzt0UkQMmoTRCpRZrzFFiaoaVWKcNiEtLIyNlViehGk0K8+pmrTBCFFDdNR4DWDN
FyAVZiVARAiuDGypRM77FQJrcqbJ123OyyB4iV5AaoCkUW0LhXpf58JQrfNw17Y8
XFVrymEUJoKb2eaGCzstuhPknl+PGaNIxcx8qRIvv1aU45+aHx9YUGGGyzjY2Fbb
UzDtyenOSIqxFYyBKEiFA9W3ajwzafxJULJtSG+qKrY2IlJ+p29EaQzbOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3TbG/wO9SwtRAOQSVUqGRys4aHMB8GA1UdIwQY
MBaAFFqH/MhctJlBmhsewvMgnCpDX7ktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV29mOHlGeTBtVUdhR3g3Qzh5Q2NLa05mdVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi82ODVmMmQtYmRlNC00OWZkLWExNDMt
OTk0YmI2MjhiYmE1LzEvM2ROc2JfQTcxTEMxRUE1QkpWU29aSEt6aG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi82ODVmMmQtYmRlNC00OWZkLWExNDMtOTk0YmI2MjhiYmE1
LzEvV29mOHlGeTBtVUdhR3g3Qzh5Q2NLa05mdVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ayMA0G
CSqGSIb3DQEBCwUAA4IBAQBvNTjJqEkflqwdLuRdDZfSUAtXkKCej3lvx/AhZcV0
mdjna0ieYKZoWNbnTJ7BDEHXFRgSoxBjgrJlom+3viDXI7lWFcV8eafG+46bD22g
sL9npPn83OL7prCCCPq3LmEgDz3ugNlo8+yD8aTJs13wYG9Z2+bk2SsxMrtaVI+G
bEWs3a6NDXuW2wLWTu/ozCSY936lGKwvGnfzFFrryDyKlf9/OcVadScTPtI4/KDM
bDeB0v7wu1qQAE/4xetrNekYbsKTlMUt2GQiuwGtt5gQgkPTVCAGFkXZyoqE7Iqd
2UA3YFGyuHT908AoWCPbgcEtaQo+UUrx+4vpqcAdzE6U
-----END CERTIFICATE-----