Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/4zovC8n2GXIwEmF9d3OEKvykWiU.roa
File:                     4zovC8n2GXIwEmF9d3OEKvykWiU.roa (raw, json)
Hash identifier:          EmEiz2vZcIaajSq9TGJ5UhWdUSEy5H/KokDC4vffWjU=
Subject key identifier:   E3:3A:2F:0B:C9:F6:19:72:30:12:61:7D:77:73:84:2A:FC:A4:5A:25
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73197809DD2D5A2BC01BA6E11618A
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/4zovC8n2GXIwEmF9d3OEKvykWiU.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21272
IP address blocks:        217.167.147.0/24 maxlen: 24
                          194.2.35.0/24 maxlen: 24
                          81.252.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:31:97:80:9d:d2:d5:a2:bc:01:ba:6e:11:61:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e33a2f0bc9f619723012617d7773842afca45a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:28:c9:1f:22:88:e4:ec:df:6d:d4:42:51:81:
                    a8:23:50:c2:df:01:99:48:1b:20:99:53:cb:1e:54:
                    a7:d3:a5:ce:ab:d2:30:e6:f3:1f:9c:ab:5c:ba:2d:
                    ba:d1:64:c9:98:f4:97:6c:5c:ed:81:08:85:73:f4:
                    b3:9d:56:f9:a6:81:56:a0:91:d9:fa:6c:74:35:5d:
                    9f:7b:92:0d:16:51:ee:76:7c:62:f3:5e:0c:a7:bf:
                    c9:47:da:d5:92:c7:e4:c3:aa:64:30:b8:b3:19:5e:
                    57:92:95:f2:d9:17:af:aa:d6:1c:ad:9e:6d:6d:bc:
                    9c:c2:8d:53:f2:6b:e7:65:1d:7d:13:7a:e3:c1:bb:
                    b1:7b:33:b3:d3:56:1a:dd:f3:3c:a1:6a:9d:88:0a:
                    a8:49:1b:25:c7:da:c4:ae:6c:8d:1d:61:2e:53:9f:
                    b0:23:00:3f:4f:19:5d:a2:e6:37:32:4e:4c:84:c4:
                    2d:a2:ef:ee:d9:fe:40:d1:83:c4:e1:b6:ad:92:39:
                    85:9a:9d:87:72:b1:51:3c:50:8b:cd:17:de:47:1b:
                    b7:82:cf:94:ef:8a:25:38:63:90:9e:32:01:db:67:
                    38:a7:be:01:25:a0:52:88:f5:45:30:be:3f:6e:0d:
                    2c:8d:2e:d2:2e:b0:96:de:a6:56:cc:aa:1e:e7:3e:
                    52:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3A:2F:0B:C9:F6:19:72:30:12:61:7D:77:73:84:2A:FC:A4:5A:25
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/4zovC8n2GXIwEmF9d3OEKvykWiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.252.173.0/24
                  194.2.35.0/24
                  217.167.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:26:f7:67:f0:af:7e:0b:33:8c:56:9b:2b:23:b5:c3:8e:b8:
         fc:76:9c:98:a6:83:d7:80:aa:1c:e7:31:c8:cd:49:68:5a:b8:
         6f:71:e5:98:02:55:fc:01:39:cb:80:16:f2:07:03:d1:df:ee:
         f2:e5:26:45:04:78:fc:c3:f3:20:da:85:62:f9:23:df:b7:0b:
         c9:fd:79:48:23:b0:1b:de:1f:41:77:7b:90:a3:75:d0:5e:6c:
         e6:2b:fc:7e:78:14:26:55:8a:ef:99:52:f8:89:ef:40:f4:e1:
         51:0e:54:98:7f:d6:1f:fd:48:d3:35:34:93:d7:ce:06:1b:0e:
         d1:03:07:20:56:02:8b:2d:a5:04:53:57:2a:d1:f2:62:54:2d:
         e0:71:59:34:15:90:5c:75:8b:50:24:da:5a:1e:03:ee:32:13:
         c4:49:f4:4d:1d:79:97:c5:02:71:87:7e:74:03:0a:ce:a0:f2:
         e5:48:c0:da:fd:fb:54:c5:c4:bd:5f:82:91:fd:42:21:18:1c:
         88:aa:a0:b6:bd:ab:7c:58:b0:aa:07:c4:80:46:a7:62:b6:1f:
         8f:90:15:c9:a8:3b:82:a5:6a:fe:e0:24:0b:b7:3c:b3:63:e0:
         ac:4d:a2:3f:7c:41:04:64:e9:8e:df:ae:47:ad:5b:1d:d5:69:
         d9:21:29:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtzGXgJ3S1aK8AbpuEWGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNhMmYwYmM5ZjYxOTcyMzAxMjYxN2Q3NzczODQyYWZjYTQ1YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCjJHyKI5OzfbdRCUYGoI1DC3wGZ
SBsgmVPLHlSn06XOq9Iw5vMfnKtcui260WTJmPSXbFztgQiFc/SznVb5poFWoJHZ
+mx0NV2fe5INFlHudnxi814Mp7/JR9rVksfkw6pkMLizGV5XkpXy2RevqtYcrZ5t
bbycwo1T8mvnZR19E3rjwbuxezOz01Ya3fM8oWqdiAqoSRslx9rErmyNHWEuU5+w
IwA/TxldouY3Mk5MhMQtou/u2f5A0YPE4batkjmFmp2HcrFRPFCLzRfeRxu3gs+U
74olOGOQnjIB22c4p74BJaBSiPVFML4/bg0sjS7SLrCW3qZWzKoe5z5S4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOM6LwvJ9hlyMBJhfXdzhCr8pFolMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvNHpvdkM4bjJHWEl3RW1GOWQzT0VLdnlrV2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUfytAwQA
wgIjAwQA2aeTMA0GCSqGSIb3DQEBCwUAA4IBAQBOJvdn8K9+CzOMVpsrI7XDjrj8
dpyYpoPXgKoc5zHIzUloWrhvceWYAlX8ATnLgBbyBwPR3+7y5SZFBHj8w/Mg2oVi
+SPftwvJ/XlII7Ab3h9Bd3uQo3XQXmzmK/x+eBQmVYrvmVL4ie9A9OFRDlSYf9Yf
/UjTNTST184GGw7RAwcgVgKLLaUEU1cq0fJiVC3gcVk0FZBcdYtQJNpaHgPuMhPE
SfRNHXmXxQJxh350AwrOoPLlSMDa/ftUxcS9X4KR/UIhGByIqqC2vat8WLCqB8SA
Rqdith+PkBXJqDuCpWr+4CQLtzyzY+CsTaI/fEEEZOmO365HrVsd1WnZISnT
-----END CERTIFICATE-----