Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/3S5hQ1fuD2afYCpBMWYcYyI8Wvo.roa
File:                     3S5hQ1fuD2afYCpBMWYcYyI8Wvo.roa (raw, json)
Hash identifier:          2vlkCSeukztuXRyau4/ZAodm6+Sqpqxdk+ZI+MAn82w=
Subject key identifier:   DD:2E:61:43:57:EE:0F:66:9F:60:2A:41:31:66:1C:63:22:3C:5A:FA
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF81577B1B1F7E6F53AD4D82FE52A
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/3S5hQ1fuD2afYCpBMWYcYyI8Wvo.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204019
IP address blocks:        213.199.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f8:15:77:b1:b1:f7:e6:f5:3a:d4:d8:2f:e5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd2e614357ee0f669f602a4131661c63223c5afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d8:2a:ba:dc:58:ad:24:2e:5a:f1:3c:4e:90:
                    19:84:5d:7f:76:fb:b7:89:78:5d:ff:e8:7d:b3:aa:
                    48:20:3f:23:f2:be:c9:44:ba:42:ed:97:25:d8:ee:
                    14:80:3c:a0:e5:d7:5d:cb:a8:84:89:3c:a1:35:56:
                    0e:03:9d:14:48:95:59:92:0d:b3:52:01:5a:17:63:
                    27:a7:98:cc:ad:35:50:23:9c:a9:cd:c9:d0:93:10:
                    ea:e8:80:bc:39:25:35:b6:9b:68:68:d8:ad:52:f4:
                    e8:29:c9:47:bd:c6:71:18:cb:8c:e0:ff:39:6f:7f:
                    27:f4:9d:79:4a:49:c3:06:f9:a1:47:66:37:0d:24:
                    0f:57:28:f8:d2:05:bb:d1:5b:8b:bc:b0:a5:aa:38:
                    08:0e:97:81:71:71:7e:69:78:3c:bd:6a:57:1b:03:
                    f5:2d:67:bf:92:07:85:db:b9:93:66:04:ba:6c:51:
                    47:6e:08:dd:05:e8:16:8b:8c:0c:b2:70:8d:60:1b:
                    aa:9f:33:04:b9:ad:e6:cc:43:d9:30:f9:7d:17:2c:
                    9a:b6:7c:f9:7b:dd:8d:0b:60:10:c7:9a:df:b8:bc:
                    df:fe:d3:64:06:4a:4b:fc:8f:a2:20:d0:ab:af:e6:
                    fb:4c:7f:64:2c:fc:ac:01:4f:00:f1:1a:26:c1:98:
                    ed:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2E:61:43:57:EE:0F:66:9F:60:2A:41:31:66:1C:63:22:3C:5A:FA
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/3S5hQ1fuD2afYCpBMWYcYyI8Wvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:1e:3c:77:2c:c7:0a:30:eb:ea:45:b2:f6:de:d4:54:0f:5b:
         ff:97:47:66:0d:dd:0e:95:76:d8:8f:fc:b8:b1:9b:09:01:a9:
         f0:3c:7f:7b:1a:51:d6:55:43:7c:7f:96:5e:a0:93:03:84:d9:
         3b:2a:06:63:8e:a6:ad:05:07:da:31:13:2b:b2:2a:31:d6:7b:
         0e:6d:53:34:f1:6b:e5:ce:fd:25:cd:6a:eb:f5:78:1e:8d:9d:
         c0:09:13:fc:67:f8:eb:fa:dc:d5:6d:d9:38:fe:81:ee:32:ff:
         9d:a1:ce:e6:bc:b2:15:71:80:16:d5:ae:a2:ef:44:46:68:ce:
         4c:df:50:b4:9f:9f:1d:70:b0:00:5a:99:ba:93:39:b7:d1:47:
         d2:cc:f7:ae:75:5c:c2:10:24:21:49:fa:83:ba:ed:ec:f3:9c:
         93:10:9d:de:bf:01:89:63:90:d2:64:0c:4d:92:c1:e3:59:60:
         eb:53:fa:fb:be:d4:c0:84:fb:b4:7f:96:86:28:f8:87:2f:4c:
         11:8c:96:57:79:8f:e5:8d:44:62:86:ae:3b:07:9c:89:a2:f6:
         dc:a7:1f:e0:65:34:15:c1:af:89:cf:28:54:75:cb:11:67:67:
         c7:2b:4c:98:01:7b:dd:4b:3c:9e:70:b2:67:ec:b5:51:2f:09:
         f8:6f:1d:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPgVd7Gx9+b1OtTYL+UqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJlNjE0MzU3ZWUwZjY2OWY2MDJhNDEzMTY2MWM2MzIyM2M1YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNgqutxYrSQuWvE8TpAZhF1/dvu3
iXhd/+h9s6pIID8j8r7JRLpC7Zcl2O4UgDyg5dddy6iEiTyhNVYOA50USJVZkg2z
UgFaF2Mnp5jMrTVQI5ypzcnQkxDq6IC8OSU1tptoaNitUvToKclHvcZxGMuM4P85
b38n9J15SknDBvmhR2Y3DSQPVyj40gW70VuLvLClqjgIDpeBcXF+aXg8vWpXGwP1
LWe/kgeF27mTZgS6bFFHbgjdBegWi4wMsnCNYBuqnzMEua3mzEPZMPl9Fyyatnz5
e92NC2AQx5rfuLzf/tNkBkpL/I+iINCrr+b7TH9kLPysAU8A8RomwZjtOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0uYUNX7g9mn2AqQTFmHGMiPFr6MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvM1M1aFExZnVEMmFmWUNwQk1XWWNZeUk4V3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cfQMA0G
CSqGSIb3DQEBCwUAA4IBAQAwHjx3LMcKMOvqRbL23tRUD1v/l0dmDd0OlXbYj/y4
sZsJAanwPH97GlHWVUN8f5ZeoJMDhNk7KgZjjqatBQfaMRMrsiox1nsObVM08Wvl
zv0lzWrr9XgejZ3ACRP8Z/jr+tzVbdk4/oHuMv+doc7mvLIVcYAW1a6i70RGaM5M
31C0n58dcLAAWpm6kzm30UfSzPeudVzCECQhSfqDuu3s85yTEJ3evwGJY5DSZAxN
ksHjWWDrU/r7vtTAhPu0f5aGKPiHL0wRjJZXeY/ljURihq47B5yJovbcpx/gZTQV
wa+JzyhUdcsRZ2fHK0yYAXvdSzyecLJn7LVRLwn4bx2N
-----END CERTIFICATE-----