Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/zT3M34r8utgE2wnHZtn6YU3VQIQ.roa
File:                     zT3M34r8utgE2wnHZtn6YU3VQIQ.roa (raw, json)
Hash identifier:          0P6fnFBlY9Rl3YE0nvGSlBD6fdHPQzSibJoe12y3xNE=
Subject key identifier:   CD:3D:CC:DF:8A:FC:BA:D8:04:DB:09:C7:66:D9:FA:61:4D:D5:40:84
Certificate issuer:       /CN=fbf43fe9fd3af2bcf4ba7a83f111e6559125f3fd
Certificate serial:       018CC9BC19063DBE67BFD40D6C25829392DD
Authority key identifier: FB:F4:3F:E9:FD:3A:F2:BC:F4:BA:7A:83:F1:11:E6:55:91:25:F3:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/zT3M34r8utgE2wnHZtn6YU3VQIQ.roa
Signing time:             Tue 02 Jan 2024 10:33:16 +0000
ROA not before:           Tue 02 Jan 2024 10:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44439
IP address blocks:        213.109.150.0/24 maxlen: 24
                          2a12:fdc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:19:06:3d:be:67:bf:d4:0d:6c:25:82:93:92:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf43fe9fd3af2bcf4ba7a83f111e6559125f3fd
        Validity
            Not Before: Jan  2 10:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd3dccdf8afcbad804db09c766d9fa614dd54084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:50:90:97:aa:36:db:33:ba:37:61:5d:6d:a7:
                    bc:d0:66:dc:76:0d:d8:b4:d4:32:27:14:f4:71:7f:
                    e5:5d:67:e3:b2:8f:37:60:eb:01:41:73:d0:7f:ea:
                    dc:34:38:48:11:83:91:fe:9d:97:ee:60:85:96:c2:
                    12:02:96:03:de:d7:1c:ff:8d:5b:68:77:49:16:09:
                    bc:e6:14:df:00:34:41:06:ca:a0:e7:1d:9c:ba:2a:
                    bd:f7:6c:d7:44:0e:b0:92:df:ce:ad:c5:47:b0:b5:
                    46:3d:7e:4a:6a:3e:9b:01:a4:e2:4c:fd:dd:d2:8a:
                    bf:ba:41:c2:94:6f:32:e0:db:fe:e9:df:e9:dc:08:
                    df:7e:5b:e9:63:18:bb:6c:ec:19:ce:7a:c6:d1:e8:
                    57:81:db:05:ad:71:54:c7:e8:ce:48:32:76:d8:e2:
                    74:7a:01:6c:fe:d2:83:d1:68:29:c1:12:41:b5:f4:
                    04:6c:dc:de:64:0a:5d:40:27:4e:33:f0:e4:91:a2:
                    71:9f:8a:2c:2a:c1:98:15:ae:a0:15:d3:f8:75:92:
                    07:78:c8:86:e7:17:01:25:59:e9:45:b8:3b:f2:ce:
                    de:d5:ff:ed:cb:69:b9:0c:da:a0:cd:11:c7:a8:eb:
                    fe:ac:aa:2a:0a:07:bb:c5:43:54:74:5b:e1:b1:80:
                    7f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3D:CC:DF:8A:FC:BA:D8:04:DB:09:C7:66:D9:FA:61:4D:D5:40:84
            X509v3 Authority Key Identifier:
                keyid:FB:F4:3F:E9:FD:3A:F2:BC:F4:BA:7A:83:F1:11:E6:55:91:25:F3:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/zT3M34r8utgE2wnHZtn6YU3VQIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.150.0/24
                IPv6:
                  2a12:fdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:45:90:2b:a7:15:d1:48:94:1d:c0:c0:70:d4:53:88:1b:f1:
         1a:b4:51:83:84:3d:00:ae:e1:0e:7d:98:8e:68:09:b1:28:eb:
         63:46:7b:77:25:32:a9:dc:ea:03:8a:25:1a:b0:fc:f1:ac:55:
         6d:5f:93:46:39:78:0f:da:f4:4c:cd:de:60:f4:4e:30:e0:70:
         1f:8e:e3:b0:a5:fd:a7:e0:c0:35:cd:7c:3a:90:16:67:12:9f:
         c9:0a:87:0d:f3:fb:d3:c0:4c:60:6e:79:8f:f4:f7:8d:f2:de:
         72:85:1c:dc:ff:c4:c1:d5:70:48:22:d9:b6:f8:29:db:b0:15:
         56:b3:a5:dc:83:02:ca:ec:e8:0a:18:e9:23:7b:82:5f:48:3a:
         cb:28:fa:25:3c:4c:21:5c:b6:2b:07:6d:54:7d:53:0f:eb:dc:
         6f:5b:16:b0:4e:7d:9b:f7:93:0a:96:e1:10:b0:bf:5b:ad:dc:
         c0:f2:d8:e5:0c:c0:38:d6:c8:ab:c8:b7:4b:9b:0b:f4:32:90:
         c3:fb:1f:e3:0f:56:2e:07:b0:ec:9c:b4:72:2e:89:2a:c8:b2:
         73:90:06:ec:16:34:c3:ec:d5:30:e8:6c:9b:d7:47:e6:6a:1f:
         d9:32:31:7f:9c:d0:45:ac:12:a9:87:ea:35:4e:c7:db:18:1c:
         33:31:0e:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvBkGPb5nv9QNbCWCk5LdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjQzZmU5ZmQzYWYyYmNmNGJhN2E4M2YxMTFlNjU1OTEy
NWYzZmQwHhcNMjQwMTAyMTAzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNkY2NkZjhhZmNiYWQ4MDRkYjA5Yzc2NmQ5ZmE2MTRkZDU0MDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllCQl6o22zO6N2Fdbae80Gbcdg3Y
tNQyJxT0cX/lXWfjso83YOsBQXPQf+rcNDhIEYOR/p2X7mCFlsISApYD3tcc/41b
aHdJFgm85hTfADRBBsqg5x2cuiq992zXRA6wkt/OrcVHsLVGPX5Kaj6bAaTiTP3d
0oq/ukHClG8y4Nv+6d/p3AjfflvpYxi7bOwZznrG0ehXgdsFrXFUx+jOSDJ22OJ0
egFs/tKD0WgpwRJBtfQEbNzeZApdQCdOM/DkkaJxn4osKsGYFa6gFdP4dZIHeMiG
5xcBJVnpRbg78s7e1f/ty2m5DNqgzRHHqOv+rKoqCge7xUNUdFvhsYB/DQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM09zN+K/LrYBNsJx2bZ+mFN1UCEMB8GA1UdIwQY
MBaAFPv0P+n9OvK89Lp6g/ER5lWRJfP9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fUV82ZjA2OHJ6MHVucUQ4UkhtVlpFbDhfMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvOGM5N2ZlLTNmOGMtNGRiNC1hYjkz
LTc1MmQ4MWNkZGE0MC8xL3pUM00zNHI4dXRnRTJ3bkhadG42WVUzVlFJUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzYvOGM5N2ZlLTNmOGMtNGRiNC1hYjkzLTc1MmQ4MWNkZGE0
MC8xLzEtX1FfNmYwNjhyejB1bnFEOFJIbVZaRWw4XzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADVbZYw
DQQCAAIwBwMFAyoS/cAwDQYJKoZIhvcNAQELBQADggEBAH9FkCunFdFIlB3AwHDU
U4gb8Rq0UYOEPQCu4Q59mI5oCbEo62NGe3clMqnc6gOKJRqw/PGsVW1fk0Y5eA/a
9EzN3mD0TjDgcB+O47Cl/afgwDXNfDqQFmcSn8kKhw3z+9PATGBueY/0943y3nKF
HNz/xMHVcEgi2bb4KduwFVazpdyDAsrs6AoY6SN7gl9IOsso+iU8TCFctisHbVR9
Uw/r3G9bFrBOfZv3kwqW4RCwv1ut3MDy2OUMwDjWyKvIt0ubC/QykMP7H+MPVi4H
sOyctHIuiSrIsnOQBuwWNMPs1TDobJvXR+ZqH9kyMX+c0EWsEqmH6jVOx9sYHDMx
DlQ=
-----END CERTIFICATE-----