Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/g3CX5JYd9UROTdhpJAvfjLWBqMo.roa
File:                     g3CX5JYd9UROTdhpJAvfjLWBqMo.roa (raw, json)
Hash identifier:          Tj1I1wWcISXtvbxDXVp9BkofmzaAFDM9ftD7TCiB4YA=
Subject key identifier:   83:70:97:E4:96:1D:F5:44:4E:4D:D8:69:24:0B:DF:8C:B5:81:A8:CA
Certificate issuer:       /CN=87dc1a9bffa2cf15a7d8099c8a3c317ce07db5ea
Certificate serial:       018CC94D93FB967375EA2E9BCA27091CD529
Authority key identifier: 87:DC:1A:9B:FF:A2:CF:15:A7:D8:09:9C:8A:3C:31:7C:E0:7D:B5:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/g3CX5JYd9UROTdhpJAvfjLWBqMo.roa
Signing time:             Tue 02 Jan 2024 08:32:33 +0000
ROA not before:           Tue 02 Jan 2024 08:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211611
IP address blocks:        217.197.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:93:fb:96:73:75:ea:2e:9b:ca:27:09:1c:d5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87dc1a9bffa2cf15a7d8099c8a3c317ce07db5ea
        Validity
            Not Before: Jan  2 08:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=837097e4961df5444e4dd869240bdf8cb581a8ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:b5:6a:62:3c:0a:10:5e:07:90:6d:9a:1c:
                    d2:3a:67:dc:ae:f8:48:8f:cf:f8:9e:2f:59:d1:f1:
                    39:c2:54:1b:82:d3:bf:9e:2c:da:55:22:cf:9e:17:
                    7a:12:40:52:40:46:f8:53:d2:cd:11:66:58:ae:0e:
                    d0:f6:6e:95:ed:28:02:23:0f:fb:ff:5c:9a:a3:81:
                    13:47:17:7d:38:2d:fb:59:59:81:0f:f0:ca:ce:c3:
                    51:9a:56:9f:7e:c5:05:dc:96:e6:cf:0b:91:84:2d:
                    62:77:7e:29:f6:42:4e:47:96:64:18:09:fc:f3:fe:
                    78:2e:ab:85:08:f4:78:c6:de:14:d7:85:b0:13:cd:
                    b4:bb:73:dd:3a:64:d5:15:8b:b2:92:2f:fa:46:39:
                    14:2f:d2:a2:bb:e2:b8:2c:42:30:82:b0:2e:5c:df:
                    64:07:85:ec:2b:f3:4a:63:4b:e0:ac:aa:e9:85:1d:
                    0c:ca:f7:eb:66:8e:ca:f3:3b:a0:ef:9c:08:48:e5:
                    59:5e:bc:00:1e:ad:9b:15:39:0c:9f:ba:97:58:f6:
                    97:64:4e:0d:20:25:96:37:4f:69:c2:9f:d3:69:37:
                    2c:86:c4:88:a2:f5:9e:66:4d:43:35:43:ef:f2:41:
                    e9:6f:27:e3:89:ce:4b:dd:ff:9d:4c:fb:af:67:78:
                    c6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:70:97:E4:96:1D:F5:44:4E:4D:D8:69:24:0B:DF:8C:B5:81:A8:CA
            X509v3 Authority Key Identifier:
                keyid:87:DC:1A:9B:FF:A2:CF:15:A7:D8:09:9C:8A:3C:31:7C:E0:7D:B5:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/g3CX5JYd9UROTdhpJAvfjLWBqMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:0b:b5:a2:ba:4f:6f:1f:d5:9c:4b:1c:b0:60:5d:63:09:d4:
         f4:d3:5e:1d:3a:e9:42:d2:0f:1c:7e:65:27:30:a1:ff:1f:80:
         5f:3b:cd:43:ab:be:4d:7b:64:61:f4:65:dd:eb:5f:12:c5:13:
         3a:d0:9e:43:e8:6e:d4:9a:e3:b0:60:09:f1:4b:3b:c2:8f:50:
         a2:d2:b3:b4:cb:28:6e:56:3e:1b:90:a4:16:ca:f4:08:d9:2b:
         26:ba:2e:fa:14:3e:27:3b:2c:e1:d7:a3:1c:b3:cd:9e:76:ff:
         e1:2f:20:5e:79:b4:2a:89:2b:61:39:85:de:0f:2b:2d:1e:93:
         a2:84:08:7a:74:c4:2a:61:db:b1:b6:d8:ab:15:7a:6b:01:f8:
         a7:19:cb:79:58:4f:90:3d:63:40:74:e5:89:c4:c2:c9:23:82:
         2a:45:fa:06:77:a4:1b:fc:39:d1:e8:e1:d1:dd:86:10:0d:02:
         87:fa:e6:80:e2:b1:b8:21:15:e4:f8:49:29:2e:64:d8:7a:d4:
         3d:ae:b7:a7:fe:40:bc:5e:78:25:53:86:55:ba:76:c7:72:c5:
         aa:dd:9d:bb:00:25:10:9c:c2:c3:c8:23:8d:fb:bc:7f:f0:42:
         68:a4:cd:2a:99:ca:a0:13:db:93:20:a2:78:cc:b6:54:a3:6f:
         4b:29:47:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZP7lnN16i6byicJHNUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGMxYTliZmZhMmNmMTVhN2Q4MDk5YzhhM2MzMTdjZTA3
ZGI1ZWEwHhcNMjQwMTAyMDgzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzcwOTdlNDk2MWRmNTQ0NGU0ZGQ4NjkyNDBiZGY4Y2I1ODFhOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbC1amI8ChBeB5BtmhzSOmfcrvhI
j8/4ni9Z0fE5wlQbgtO/nizaVSLPnhd6EkBSQEb4U9LNEWZYrg7Q9m6V7SgCIw/7
/1yao4ETRxd9OC37WVmBD/DKzsNRmlaffsUF3JbmzwuRhC1id34p9kJOR5ZkGAn8
8/54LquFCPR4xt4U14WwE820u3PdOmTVFYuyki/6RjkUL9Kiu+K4LEIwgrAuXN9k
B4XsK/NKY0vgrKrphR0MyvfrZo7K8zug75wISOVZXrwAHq2bFTkMn7qXWPaXZE4N
ICWWN09pwp/TaTcshsSIovWeZk1DNUPv8kHpbyfjic5L3f+dTPuvZ3jGbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINwl+SWHfVETk3YaSQL34y1gajKMB8GA1UdIwQY
MBaAFIfcGpv/os8Vp9gJnIo8MXzgfbXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDl3YW1fLWl6eFduMkFtY2lqd3hmT0I5dGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zZDA1ZTktMzA5ZC00YWZlLTgxMWMt
NDlhZDk2ODRiMjE3LzEvZzNDWDVKWWQ5VVJPVGRocEpBdmZqTFdCcU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zZDA1ZTktMzA5ZC00YWZlLTgxMWMtNDlhZDk2ODRiMjE3
LzEvaDl3YW1fLWl6eFduMkFtY2lqd3hmT0I5dGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cViMA0G
CSqGSIb3DQEBCwUAA4IBAQB4C7Wiuk9vH9WcSxywYF1jCdT0014dOulC0g8cfmUn
MKH/H4BfO81Dq75Ne2Rh9GXd618SxRM60J5D6G7UmuOwYAnxSzvCj1Ci0rO0yyhu
Vj4bkKQWyvQI2Ssmui76FD4nOyzh16Mcs82edv/hLyBeebQqiSthOYXeDystHpOi
hAh6dMQqYduxttirFXprAfinGct5WE+QPWNAdOWJxMLJI4IqRfoGd6Qb/DnR6OHR
3YYQDQKH+uaA4rG4IRXk+EkpLmTYetQ9rren/kC8XnglU4ZVunbHcsWq3Z27ACUQ
nMLDyCON+7x/8EJopM0qmcqgE9uTIKJ4zLZUo29LKUe4
-----END CERTIFICATE-----