Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/3LOfZkYlebTZe7OVa0XjaAXOyO8.roa
File:                     3LOfZkYlebTZe7OVa0XjaAXOyO8.roa (raw, json)
Hash identifier:          bCbq7SlR6v6nZ/rZ3QoujlY+V1PPwJsykKaeM+Sh6Ek=
Subject key identifier:   DC:B3:9F:66:46:25:79:B4:D9:7B:B3:95:6B:45:E3:68:05:CE:C8:EF
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0190E9AC58C00AD4FE507E8A399894B8364B
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/3LOfZkYlebTZe7OVa0XjaAXOyO8.roa
Signing time:             Thu 25 Jul 2024 11:35:04 +0000
ROA not before:           Thu 25 Jul 2024 11:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        198.55.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:ac:58:c0:0a:d4:fe:50:7e:8a:39:98:94:b8:36:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 25 11:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb39f66462579b4d97bb3956b45e36805cec8ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a5:28:ec:d8:12:4d:61:2f:8f:98:25:5a:d3:
                    30:ff:b2:42:5d:e3:54:a0:24:01:a8:1d:37:11:a5:
                    b5:68:8e:ad:44:f8:d0:00:73:10:ea:17:8e:17:6f:
                    1c:ba:78:97:f3:8d:ff:7c:0c:31:b1:3f:d6:2c:fc:
                    b2:f2:dc:b1:5a:28:88:35:f0:fa:44:ed:65:5a:20:
                    96:52:ef:3b:36:4c:56:95:1d:7f:49:1d:c4:5a:3f:
                    02:2b:c7:4c:c6:37:a7:b5:5f:5b:9b:10:ae:b6:99:
                    a6:97:9e:e1:9e:71:90:72:80:28:03:02:9e:ec:8b:
                    90:9c:60:9a:ea:28:13:47:24:97:2a:f6:14:ee:87:
                    18:b8:63:d9:d7:26:7e:76:17:c5:5a:ec:4e:43:77:
                    49:b2:9f:5c:29:81:7c:f2:2b:6d:88:4e:76:5f:e9:
                    fd:11:13:f0:69:ea:96:26:e6:70:98:dc:c7:49:90:
                    e1:c4:f9:ad:74:15:df:1b:3f:dc:79:92:6f:f6:47:
                    b4:a4:35:a1:58:ad:4c:f7:01:a8:71:ef:41:bc:7f:
                    cc:86:18:bf:b8:f5:ae:9e:88:7f:82:92:1f:03:84:
                    02:3f:c9:c3:4d:d3:a3:03:9e:d9:45:ef:fa:0f:b7:
                    2d:02:46:e8:71:41:61:b9:81:ca:9a:b4:37:a9:3b:
                    2b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B3:9F:66:46:25:79:B4:D9:7B:B3:95:6B:45:E3:68:05:CE:C8:EF
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/3LOfZkYlebTZe7OVa0XjaAXOyO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.55.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:71:ee:57:27:77:8e:54:09:46:67:18:57:48:0a:f4:df:ca:
         a5:0d:a0:e7:46:6e:2d:29:fb:2c:d5:70:25:cb:5d:7a:dc:6c:
         3f:bb:06:3a:6a:da:84:cf:39:3e:47:f4:16:b2:08:be:46:69:
         a4:62:d3:ee:49:cc:07:6d:34:9c:86:97:7e:36:0e:e5:9e:36:
         ab:a1:83:12:ce:24:c5:d5:25:fa:74:e6:17:b1:1b:d6:21:b4:
         2a:66:99:86:d6:e0:f5:4b:7f:6a:5e:44:88:23:05:7a:8b:1d:
         2a:a4:06:75:66:e0:3f:d7:a9:ff:fc:d9:69:62:19:53:b0:a5:
         a8:02:62:c3:be:c7:cc:08:33:ef:93:3c:d6:a4:2a:82:83:6c:
         e0:c6:fd:be:b5:48:66:89:49:c1:b8:5a:50:a1:3c:d7:2c:71:
         fb:57:d8:a2:96:f9:d6:9a:9f:39:59:ea:be:96:f8:18:4c:7b:
         21:a9:8e:b7:2e:58:ac:29:e8:98:bf:3b:70:ed:7e:9b:62:b2:
         e3:32:b8:48:5c:5f:bc:4a:7c:f7:f4:9f:aa:13:3c:b9:ca:e7:
         f1:1f:2e:6c:4b:69:34:11:22:d5:03:1a:49:98:63:9e:76:ce:
         4c:8b:06:da:7a:fa:d4:7f:57:d3:e8:6a:70:10:23:e8:62:66:
         3a:2a:b2:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDprFjACtT+UH6KOZiUuDZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwNzI1MTEzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IzOWY2NjQ2MjU3OWI0ZDk3YmIzOTU2YjQ1ZTM2ODA1Y2VjOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaUo7NgSTWEvj5glWtMw/7JCXeNU
oCQBqB03EaW1aI6tRPjQAHMQ6heOF28cuniX843/fAwxsT/WLPyy8tyxWiiINfD6
RO1lWiCWUu87NkxWlR1/SR3EWj8CK8dMxjentV9bmxCutpmml57hnnGQcoAoAwKe
7IuQnGCa6igTRySXKvYU7ocYuGPZ1yZ+dhfFWuxOQ3dJsp9cKYF88ittiE52X+n9
ERPwaeqWJuZwmNzHSZDhxPmtdBXfGz/ceZJv9ke0pDWhWK1M9wGoce9BvH/Mhhi/
uPWunoh/gpIfA4QCP8nDTdOjA57ZRe/6D7ctAkbocUFhuYHKmrQ3qTsrMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyzn2ZGJXm02XuzlWtF42gFzsjvMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvM0xPZlprWWxlYlRaZTdPVmEwWGphQVhPeU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxjceMA0G
CSqGSIb3DQEBCwUAA4IBAQC+ce5XJ3eOVAlGZxhXSAr038qlDaDnRm4tKfss1XAl
y1163Gw/uwY6atqEzzk+R/QWsgi+RmmkYtPuScwHbTSchpd+Ng7lnjaroYMSziTF
1SX6dOYXsRvWIbQqZpmG1uD1S39qXkSIIwV6ix0qpAZ1ZuA/16n//NlpYhlTsKWo
AmLDvsfMCDPvkzzWpCqCg2zgxv2+tUhmiUnBuFpQoTzXLHH7V9iilvnWmp85Weq+
lvgYTHshqY63LlisKeiYvztw7X6bYrLjMrhIXF+8Snz39J+qEzy5yufxHy5sS2k0
ESLVAxpJmGOeds5MiwbaevrUf1fT6GpwECPoYmY6KrL/
-----END CERTIFICATE-----