Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/3wwNRj6Iw2VyBth42BlXrOyNILk.roa
File:                     3wwNRj6Iw2VyBth42BlXrOyNILk.roa (raw, json)
Hash identifier:          EXEvVFxnYg5FSBSMurKNkaJdHwxpBkvk2CY1VYM6iys=
Subject key identifier:   DF:0C:0D:46:3E:88:C3:65:72:06:D8:78:D8:19:57:AC:EC:8D:20:B9
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       018CC3B744BA24D561E1F0FB68F03DBE80D1
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/3wwNRj6Iw2VyBth42BlXrOyNILk.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28906
IP address blocks:        81.4.232.0/21 maxlen: 32
                          81.4.248.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:44:ba:24:d5:61:e1:f0:fb:68:f0:3d:be:80:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df0c0d463e88c3657206d878d81957acec8d20b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d5:dd:fc:94:39:be:fe:75:a6:ed:bb:27:08:
                    12:c6:84:cf:40:06:4a:48:fa:3c:21:19:38:88:6e:
                    e3:c3:93:1b:4d:6c:d8:d1:1e:50:13:e1:ff:52:e8:
                    7a:3d:71:af:48:2c:fe:7c:67:ae:c1:1d:3d:17:35:
                    21:8c:93:48:3e:4c:1a:96:7d:ef:2a:88:5b:04:dd:
                    93:02:ae:f2:99:f2:ce:8a:90:42:73:49:ed:8f:67:
                    c7:8d:69:98:b4:fd:1d:cd:7e:03:59:01:19:fd:ee:
                    1f:0d:28:20:00:32:36:92:3e:73:78:6e:be:e9:ad:
                    81:d8:5e:7b:af:20:99:f2:2b:3d:a8:35:36:4f:43:
                    db:27:47:52:9f:d1:3c:de:43:46:cc:cc:cb:40:96:
                    35:d9:2f:0b:05:e2:90:7c:2f:39:33:ef:2f:13:bf:
                    cc:48:ec:ec:aa:ef:97:33:a7:26:02:7a:76:17:f8:
                    45:35:d3:93:3a:99:c7:a3:a2:57:a8:d7:a1:cc:aa:
                    95:fa:d8:48:a9:8b:b6:b0:14:c5:6d:e7:39:c6:1d:
                    b2:64:fe:60:65:28:39:e1:8b:b4:e4:c5:32:e7:29:
                    b0:02:b5:5c:0c:c0:25:a4:72:42:af:3e:f6:a9:97:
                    6f:ac:a0:8c:79:6b:df:bb:94:8d:79:81:0a:da:e4:
                    34:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:0C:0D:46:3E:88:C3:65:72:06:D8:78:D8:19:57:AC:EC:8D:20:B9
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/3wwNRj6Iw2VyBth42BlXrOyNILk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.232.0/21
                  81.4.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         51:58:9b:d9:9b:97:35:97:2c:ae:6a:49:d8:63:25:82:1e:e1:
         61:2a:40:1a:b9:c7:38:2d:14:18:0c:37:e9:67:4a:49:cd:11:
         f6:ac:94:f6:e7:e4:50:40:93:6f:da:11:1c:6c:6f:a5:74:b6:
         b6:bd:34:37:41:97:f6:e3:cf:24:2c:23:44:51:26:bd:b3:c2:
         be:89:fa:23:b1:6d:3e:b4:d7:de:41:95:59:df:c8:fc:99:af:
         11:d1:53:b3:09:60:e4:10:99:35:ca:e4:d0:a9:98:d4:45:9c:
         a4:63:ac:39:c4:96:03:54:15:1a:74:e8:1c:f9:be:16:f5:b2:
         1d:bd:8e:aa:28:50:50:de:72:81:3f:ab:40:e2:77:b5:a7:fa:
         4d:28:5d:01:21:50:5f:3d:36:ce:24:37:4a:58:be:e3:4f:76:
         34:c5:5e:15:b4:f7:6f:88:6b:0a:ac:f3:3c:de:c0:52:89:a7:
         a8:80:23:97:f2:8e:eb:b5:98:8e:93:f4:00:f8:89:5a:9e:f8:
         57:57:7c:0b:71:f4:08:a5:d3:fc:03:b7:67:27:84:26:0a:e9:
         05:e0:5d:17:d5:71:6e:9f:c8:13:45:08:be:83:eb:29:7f:1e:
         aa:64:36:f7:aa:f0:b5:8d:2d:94:77:92:66:c9:bd:f1:24:f6:
         f6:41:7f:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDt0S6JNVh4fD7aPA9voDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjBjMGQ0NjNlODhjMzY1NzIwNmQ4NzhkODE5NTdhY2VjOGQyMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltXd/JQ5vv51pu27JwgSxoTPQAZK
SPo8IRk4iG7jw5MbTWzY0R5QE+H/Uuh6PXGvSCz+fGeuwR09FzUhjJNIPkwaln3v
KohbBN2TAq7ymfLOipBCc0ntj2fHjWmYtP0dzX4DWQEZ/e4fDSggADI2kj5zeG6+
6a2B2F57ryCZ8is9qDU2T0PbJ0dSn9E83kNGzMzLQJY12S8LBeKQfC85M+8vE7/M
SOzsqu+XM6cmAnp2F/hFNdOTOpnHo6JXqNehzKqV+thIqYu2sBTFbec5xh2yZP5g
ZSg54Yu05MUy5ymwArVcDMAlpHJCrz72qZdvrKCMeWvfu5SNeYEK2uQ0YwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN8MDUY+iMNlcgbYeNgZV6zsjSC5MB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvM3d3TlJqNkl3MlZ5QnRoNDJCbFhyT3lOSUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUQToAwQD
UQT4MA0GCSqGSIb3DQEBCwUAA4IBAQBRWJvZm5c1lyyuaknYYyWCHuFhKkAaucc4
LRQYDDfpZ0pJzRH2rJT25+RQQJNv2hEcbG+ldLa2vTQ3QZf2488kLCNEUSa9s8K+
ifojsW0+tNfeQZVZ38j8ma8R0VOzCWDkEJk1yuTQqZjURZykY6w5xJYDVBUadOgc
+b4W9bIdvY6qKFBQ3nKBP6tA4ne1p/pNKF0BIVBfPTbOJDdKWL7jT3Y0xV4VtPdv
iGsKrPM83sBSiaeogCOX8o7rtZiOk/QA+IlanvhXV3wLcfQIpdP8A7dnJ4QmCukF
4F0X1XFun8gTRQi+g+spfx6qZDb3qvC1jS2Ud5Jmyb3xJPb2QX9L
-----END CERTIFICATE-----