Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/3pe-RkybjiCWFEgtKFWjs3805Ec.roa
File:                     3pe-RkybjiCWFEgtKFWjs3805Ec.roa (raw, json)
Hash identifier:          36+Wn703wB/LhYbReYuyKifghJum+sHdoL945HKaNTU=
Subject key identifier:   DE:97:BE:46:4C:9B:8E:20:96:14:48:2D:28:55:A3:B3:7F:34:E4:47
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       0191BC009E13AD5F98A52B0D82C298D0A6FA
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/3pe-RkybjiCWFEgtKFWjs3805Ec.roa
Signing time:             Wed 04 Sep 2024 07:47:22 +0000
ROA not before:           Wed 04 Sep 2024 07:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206119
IP address blocks:        82.206.72.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:00:9e:13:ad:5f:98:a5:2b:0d:82:c2:98:d0:a6:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Sep  4 07:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de97be464c9b8e209614482d2855a3b37f34e447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4b:35:f8:8f:05:02:2c:7c:74:14:b2:8e:93:
                    8f:ca:a8:eb:05:02:71:60:67:84:5f:05:df:6b:88:
                    b1:f5:6e:0c:3c:0c:35:f7:b6:82:8d:48:ad:3f:e4:
                    9c:43:ce:17:51:f1:04:72:1d:0e:a7:4c:5d:6e:64:
                    f3:c1:31:f6:96:bc:1b:fd:01:d8:04:30:d7:9d:45:
                    d4:20:ed:5a:6e:ad:03:ae:11:40:6f:da:a8:b2:77:
                    7f:28:99:2f:54:2d:be:57:8b:bb:c1:3b:86:41:60:
                    57:d5:a3:0f:62:73:55:1f:56:0b:b3:21:c2:47:f5:
                    5f:45:43:0b:a1:b8:1e:dc:c2:64:81:67:ef:c3:3e:
                    57:9b:66:b7:ec:e8:25:d2:72:b2:c5:94:f9:eb:71:
                    a5:4a:8a:06:01:a8:c0:8e:c9:24:bd:29:ca:03:27:
                    32:89:54:f4:60:65:01:de:d2:32:95:54:1e:fa:0e:
                    3e:40:f7:4e:9c:b0:98:b8:55:c4:3b:21:61:1c:b5:
                    5d:37:1b:f9:e4:1e:9a:d3:43:01:a5:57:54:20:c0:
                    04:d1:30:07:14:f5:d2:3d:20:37:03:66:51:de:9a:
                    db:b5:e3:ef:f7:1a:25:bc:3b:3c:7a:3e:07:18:26:
                    48:3a:dc:d7:1f:75:5c:fe:f4:1e:3a:8d:4d:22:af:
                    44:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:97:BE:46:4C:9B:8E:20:96:14:48:2D:28:55:A3:B3:7F:34:E4:47
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/3pe-RkybjiCWFEgtKFWjs3805Ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:11:e6:33:7d:99:45:de:d0:b2:42:5a:10:e2:9e:d9:3a:1f:
         dc:e5:3d:77:ac:87:06:1d:2c:e0:62:91:88:2e:b8:0f:e7:46:
         88:82:20:e9:a8:ab:b2:0a:f4:47:63:90:14:99:17:cf:61:d3:
         74:20:59:72:1c:82:31:1e:ee:3b:57:93:e9:02:10:58:4c:51:
         09:2d:2a:b7:10:0c:05:a3:55:f3:71:d7:ec:a7:f6:ce:33:37:
         aa:25:81:9d:c9:6c:e8:0e:8a:4e:07:da:ed:b9:a8:be:99:15:
         92:19:19:f5:cd:c5:ad:40:4f:42:6c:1d:a3:1a:b1:cf:6c:fa:
         d6:e5:46:a1:9a:d3:57:f9:ea:cb:28:bf:77:8c:00:86:1a:97:
         fe:38:42:1c:e6:29:4d:dd:9f:f5:6d:15:41:73:6a:29:53:e1:
         16:a7:17:6b:22:51:cd:a1:ab:96:ef:5d:f9:24:2a:15:08:4e:
         a9:9b:cd:3e:7e:b1:ba:e6:0b:87:4f:19:13:b8:4b:66:07:4f:
         e3:dd:66:0e:e7:42:2a:f7:cf:8e:5d:50:18:65:14:05:1f:9b:
         79:f6:a5:06:cd:10:83:84:98:74:2c:70:f3:81:90:04:02:ff:
         29:c1:54:b2:51:32:54:bb:e0:f3:e5:75:4e:5f:7b:ee:82:e6:
         c2:cb:e9:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG8AJ4TrV+YpSsNgsKY0Kb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwOTA0MDc0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk3YmU0NjRjOWI4ZTIwOTYxNDQ4MmQyODU1YTNiMzdmMzRlNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0s1+I8FAix8dBSyjpOPyqjrBQJx
YGeEXwXfa4ix9W4MPAw197aCjUitP+ScQ84XUfEEch0Op0xdbmTzwTH2lrwb/QHY
BDDXnUXUIO1abq0DrhFAb9qosnd/KJkvVC2+V4u7wTuGQWBX1aMPYnNVH1YLsyHC
R/VfRUMLobge3MJkgWfvwz5Xm2a37Ogl0nKyxZT563GlSooGAajAjskkvSnKAycy
iVT0YGUB3tIylVQe+g4+QPdOnLCYuFXEOyFhHLVdNxv55B6a00MBpVdUIMAE0TAH
FPXSPSA3A2ZR3prbtePv9xolvDs8ej4HGCZIOtzXH3Vc/vQeOo1NIq9ETwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6XvkZMm44glhRILShVo7N/NORHMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvM3BlLVJreWJqaUNXRkVndEtGV2pzMzgwNUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUs5IMA0G
CSqGSIb3DQEBCwUAA4IBAQACEeYzfZlF3tCyQloQ4p7ZOh/c5T13rIcGHSzgYpGI
LrgP50aIgiDpqKuyCvRHY5AUmRfPYdN0IFlyHIIxHu47V5PpAhBYTFEJLSq3EAwF
o1Xzcdfsp/bOMzeqJYGdyWzoDopOB9rtuai+mRWSGRn1zcWtQE9CbB2jGrHPbPrW
5UahmtNX+erLKL93jACGGpf+OEIc5ilN3Z/1bRVBc2opU+EWpxdrIlHNoauW7135
JCoVCE6pm80+frG65guHTxkTuEtmB0/j3WYO50Iq98+OXVAYZRQFH5t59qUGzRCD
hJh0LHDzgZAEAv8pwVSyUTJUu+Dz5XVOX3vugubCy+ne
-----END CERTIFICATE-----