Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/lgO0xdtMhVHKB_sVDaWIjrbh710.roa
File:                     lgO0xdtMhVHKB_sVDaWIjrbh710.roa (raw, json)
Hash identifier:          XpLWEEC+CE5zcVPK7uP2z1tqTdLLPJ86IfVTJ4oktms=
Subject key identifier:   96:03:B4:C5:DB:4C:85:51:CA:07:FB:15:0D:A5:88:8E:B6:E1:EF:5D
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B731E953C94008151A3B768D7F9F5B
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/lgO0xdtMhVHKB_sVDaWIjrbh710.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21304
IP address blocks:        194.3.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:31:e9:53:c9:40:08:15:1a:3b:76:8d:7f:9f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9603b4c5db4c8551ca07fb150da5888eb6e1ef5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:7c:8a:14:2b:a6:0e:a5:7b:18:f0:ea:fc:
                    b7:28:25:21:ff:87:1f:36:3e:62:4c:a6:ab:15:34:
                    ab:aa:2d:08:29:cb:24:41:80:37:8d:1e:f3:2a:02:
                    6b:a2:87:82:d0:53:fb:28:7f:67:f4:7a:08:5b:50:
                    45:b8:7f:41:9c:17:70:0b:48:02:c8:d9:94:d6:05:
                    fb:25:0f:8a:52:9b:a5:a7:e6:75:68:d0:7f:10:ce:
                    62:61:9a:16:db:fa:37:a8:ea:43:18:46:12:b1:71:
                    cd:76:ea:94:aa:95:83:d2:46:07:b6:94:5c:94:cd:
                    f8:a2:7c:ea:89:57:c4:a9:2f:90:42:5f:6d:d0:06:
                    2c:98:da:8d:17:01:f5:3a:81:45:21:3c:51:c5:bf:
                    0d:88:f8:ef:e1:4e:ba:3b:0c:44:d6:0d:1a:e5:18:
                    81:0c:40:5a:c4:f9:71:6f:df:75:5d:b1:49:25:5f:
                    5e:5b:f2:a6:c0:42:9e:55:23:cc:65:0f:75:3d:23:
                    68:07:b0:39:3e:45:5c:2a:77:52:93:71:12:f5:99:
                    01:80:3d:72:67:23:b8:d3:40:9e:bd:95:27:63:1d:
                    af:27:65:6a:d7:55:a2:6a:b7:38:5b:f7:30:dc:1c:
                    fb:f1:a8:23:85:b3:b3:a4:d1:88:d2:9a:7a:66:05:
                    7c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:03:B4:C5:DB:4C:85:51:CA:07:FB:15:0D:A5:88:8E:B6:E1:EF:5D
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/lgO0xdtMhVHKB_sVDaWIjrbh710.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.3.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ce:ae:38:b4:ca:36:a2:34:7a:e6:ce:61:fb:67:a1:91:27:
         f9:dc:52:29:f2:97:f4:2d:7e:78:8d:9a:87:d0:88:4d:b3:d3:
         a2:08:e3:50:0d:35:83:77:71:22:df:ea:48:4e:42:db:18:24:
         f6:74:27:1f:c8:3f:3a:d2:0c:79:3d:59:a8:f2:b5:0f:16:11:
         8e:ef:0d:2e:6a:5c:1c:b1:37:35:67:6a:a2:ef:74:55:4e:1d:
         e0:36:ac:da:48:7b:28:fa:6a:87:3c:da:52:ab:4e:52:34:d4:
         3c:d5:91:07:08:de:37:a6:2f:58:e3:3d:3d:84:6a:83:09:cb:
         b9:1e:2e:b4:a7:50:cf:ed:d9:75:ab:d1:34:b5:df:b7:23:42:
         2d:17:ec:ff:6e:a1:cf:3c:99:9f:33:f3:68:af:f9:d1:32:56:
         30:90:a6:a5:ce:15:68:d9:51:ec:14:53:bc:11:d0:79:8e:c0:
         ed:2f:ef:92:91:d8:55:8a:1d:b1:73:c1:ea:12:3b:e3:4f:72:
         a4:7b:9c:91:3f:52:16:6f:a7:3e:37:f7:de:5e:66:79:e8:4f:
         d3:50:da:ce:e7:7a:3b:82:cc:cd:cf:7b:80:e1:9f:7b:cf:6c:
         1b:dd:da:68:21:b9:0e:bf:4e:ac:d8:04:0f:55:ff:48:21:cd:
         28:f6:02:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzHpU8lACBUaO3aNf59bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAzYjRjNWRiNGM4NTUxY2EwN2ZiMTUwZGE1ODg4ZWI2ZTFlZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwR8ihQrpg6lexjw6vy3KCUh/4cf
Nj5iTKarFTSrqi0IKcskQYA3jR7zKgJrooeC0FP7KH9n9HoIW1BFuH9BnBdwC0gC
yNmU1gX7JQ+KUpulp+Z1aNB/EM5iYZoW2/o3qOpDGEYSsXHNduqUqpWD0kYHtpRc
lM34onzqiVfEqS+QQl9t0AYsmNqNFwH1OoFFITxRxb8NiPjv4U66OwxE1g0a5RiB
DEBaxPlxb991XbFJJV9eW/KmwEKeVSPMZQ91PSNoB7A5PkVcKndSk3ES9ZkBgD1y
ZyO400CevZUnYx2vJ2Vq11Wiarc4W/cw3Bz78agjhbOzpNGI0pp6ZgV8ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYDtMXbTIVRygf7FQ2liI624e9dMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvbGdPMHhkdE1oVkhLQl9zVkRhV0lqcmJoNzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgN3MA0G
CSqGSIb3DQEBCwUAA4IBAQCrzq44tMo2ojR65s5h+2ehkSf53FIp8pf0LX54jZqH
0IhNs9OiCONQDTWDd3Ei3+pITkLbGCT2dCcfyD860gx5PVmo8rUPFhGO7w0ualwc
sTc1Z2qi73RVTh3gNqzaSHso+mqHPNpSq05SNNQ81ZEHCN43pi9Y4z09hGqDCcu5
Hi60p1DP7dl1q9E0td+3I0ItF+z/bqHPPJmfM/Nor/nRMlYwkKalzhVo2VHsFFO8
EdB5jsDtL++SkdhVih2xc8HqEjvjT3Kke5yRP1IWb6c+N/feXmZ56E/TUNrO53o7
gszNz3uA4Z97z2wb3dpoIbkOv06s2AQPVf9IIc0o9gIu
-----END CERTIFICATE-----