Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/3HAm0z5Rge3U92pJiCO8431HckU.roa
File:                     3HAm0z5Rge3U92pJiCO8431HckU.roa (raw, json)
Hash identifier:          iG/6IM5Z4G+iCTLT1liRHst76DvHktMmrb9ujOwCs7g=
Subject key identifier:   DC:70:26:D3:3E:51:81:ED:D4:F7:6A:49:88:23:BC:E3:7D:47:72:45
Certificate issuer:       /CN=d397dc0caa997d504b5a3f0eaf7b18ea730ce8a3
Certificate serial:       01933173DC49B602A00E409B817257B2AB83
Authority key identifier: D3:97:DC:0C:AA:99:7D:50:4B:5A:3F:0E:AF:7B:18:EA:73:0C:E8:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/05fcDKqZfVBLWj8Or3sY6nMM6KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/3HAm0z5Rge3U92pJiCO8431HckU.roa
Signing time:             Fri 15 Nov 2024 20:11:36 +0000
ROA not before:           Fri 15 Nov 2024 20:11:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41953
IP address blocks:        91.206.123.0/24 maxlen: 24
                          2a14:3700::/30 maxlen: 30
                          2a14:3704::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/05fcDKqZfVBLWj8Or3sY6nMM6KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/05fcDKqZfVBLWj8Or3sY6nMM6KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/05fcDKqZfVBLWj8Or3sY6nMM6KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:31:73:dc:49:b6:02:a0:0e:40:9b:81:72:57:b2:ab:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d397dc0caa997d504b5a3f0eaf7b18ea730ce8a3
        Validity
            Not Before: Nov 15 20:11:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc7026d33e5181edd4f76a498823bce37d477245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b1:3f:af:ad:95:14:1b:6f:3d:4b:e0:61:a0:
                    46:23:d9:ff:c6:e6:41:1a:d9:7e:14:52:a1:27:df:
                    71:9d:86:9e:18:e6:35:6c:57:76:46:11:26:46:56:
                    f8:21:f1:fa:d7:01:44:4a:e8:00:cf:68:a2:1a:80:
                    fe:2e:ce:79:c5:11:a3:b9:f0:c5:1b:3d:3e:5d:ce:
                    46:ac:aa:5e:dc:9a:db:84:08:f2:71:08:8a:bb:9d:
                    c2:98:34:19:23:e2:a7:83:26:ad:f5:d7:84:9d:4b:
                    bd:b6:90:94:c0:6a:bd:08:00:2b:38:05:d4:23:b7:
                    a9:ce:50:40:cd:6e:0d:e7:02:52:75:c8:74:5e:c2:
                    ac:ce:0e:af:78:05:51:36:c1:4f:dc:38:bb:d9:a0:
                    f5:e8:17:63:be:21:3d:02:a5:81:c5:1a:73:64:ad:
                    92:20:19:03:37:09:e8:e4:ef:84:13:94:54:99:11:
                    ab:c9:ff:2f:14:49:e5:1a:7f:dd:85:10:58:40:38:
                    37:ed:35:ea:2a:9a:1d:79:9f:11:98:73:25:c0:89:
                    cb:74:b5:69:01:7c:a1:d7:cf:18:6b:fa:83:51:92:
                    0c:03:ec:68:77:2b:e0:64:5f:08:94:21:53:5b:e3:
                    fb:25:ad:1d:23:25:11:bf:65:61:ce:6f:9d:50:00:
                    95:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:70:26:D3:3E:51:81:ED:D4:F7:6A:49:88:23:BC:E3:7D:47:72:45
            X509v3 Authority Key Identifier:
                keyid:D3:97:DC:0C:AA:99:7D:50:4B:5A:3F:0E:AF:7B:18:EA:73:0C:E8:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/05fcDKqZfVBLWj8Or3sY6nMM6KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/3HAm0z5Rge3U92pJiCO8431HckU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0d43e3-3e44-4a82-89b4-8ba438e76b53/1/05fcDKqZfVBLWj8Or3sY6nMM6KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.123.0/24
                IPv6:
                  2a14:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:a5:81:88:e7:bb:0e:ce:1b:f3:a1:e7:48:0f:f3:28:b6:58:
         46:58:41:af:2b:b0:ec:66:2f:ab:52:85:a8:6f:22:d0:b8:21:
         54:bc:f9:9d:ca:44:45:cd:d9:36:13:65:b1:b4:40:6d:3d:fb:
         c0:66:27:92:be:f2:0a:e5:df:13:07:cb:62:4f:8e:ed:f9:d8:
         57:0a:c8:d3:fa:75:aa:a5:ca:c0:75:31:18:85:50:2b:2c:02:
         b8:74:7c:7b:30:04:70:b3:81:af:3d:ea:a5:9f:c6:8f:0f:d9:
         42:85:27:c1:2c:4a:d2:a0:60:7f:a8:44:b3:36:b8:05:12:43:
         af:ac:77:97:8b:9f:8d:e7:2e:47:ae:ff:c0:6f:2a:71:df:79:
         d2:f5:b6:a3:36:c7:dc:2d:05:66:9d:4f:00:0d:08:15:6a:2d:
         69:f7:cb:67:ad:d7:9c:20:ab:c4:5a:9f:13:08:d3:3d:f9:20:
         1c:e9:a4:a5:e4:b6:1f:7b:e3:14:74:87:3a:2e:09:65:5a:f7:
         95:4f:8c:53:69:73:c3:f5:44:0c:96:8a:c7:27:01:e8:6e:9b:
         fc:98:39:d7:1c:50:62:48:6e:3c:d0:8f:50:3b:ca:bc:dc:a0:
         b0:f7:97:c2:49:29:ba:2f:83:e1:44:33:10:d6:5d:8e:77:4c:
         3a:51:21:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMxc9xJtgKgDkCbgXJXsquDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOTdkYzBjYWE5OTdkNTA0YjVhM2YwZWFmN2IxOGVhNzMw
Y2U4YTMwHhcNMjQxMTE1MjAxMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzcwMjZkMzNlNTE4MWVkZDRmNzZhNDk4ODIzYmNlMzdkNDc3MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7E/r62VFBtvPUvgYaBGI9n/xuZB
Gtl+FFKhJ99xnYaeGOY1bFd2RhEmRlb4IfH61wFESugAz2iiGoD+Ls55xRGjufDF
Gz0+Xc5GrKpe3JrbhAjycQiKu53CmDQZI+Kngyat9deEnUu9tpCUwGq9CAArOAXU
I7epzlBAzW4N5wJSdch0XsKszg6veAVRNsFP3Di72aD16BdjviE9AqWBxRpzZK2S
IBkDNwno5O+EE5RUmRGryf8vFEnlGn/dhRBYQDg37TXqKpodeZ8RmHMlwInLdLVp
AXyh188Ya/qDUZIMA+xodyvgZF8IlCFTW+P7Ja0dIyURv2Vhzm+dUACVKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNxwJtM+UYHt1PdqSYgjvON9R3JFMB8GA1UdIwQY
MBaAFNOX3AyqmX1QS1o/Dq97GOpzDOijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDVmY0RLcVpmVkJMV2o4T3Izc1k2bk1NNktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wZDQzZTMtM2U0NC00YTgyLTg5YjQt
OGJhNDM4ZTc2YjUzLzEvM0hBbTB6NVJnZTNVOTJwSmlDTzg0MzFIY2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wZDQzZTMtM2U0NC00YTgyLTg5YjQtOGJhNDM4ZTc2YjUz
LzEvMDVmY0RLcVpmVkJMV2o4T3Izc1k2bk1NNktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW857MA0E
AgACMAcDBQMqFDcAMA0GCSqGSIb3DQEBCwUAA4IBAQBdpYGI57sOzhvzoedID/Mo
tlhGWEGvK7DsZi+rUoWobyLQuCFUvPmdykRFzdk2E2WxtEBtPfvAZieSvvIK5d8T
B8tiT47t+dhXCsjT+nWqpcrAdTEYhVArLAK4dHx7MARws4GvPeqln8aPD9lChSfB
LErSoGB/qESzNrgFEkOvrHeXi5+N5y5Hrv/Abypx33nS9bajNsfcLQVmnU8ADQgV
ai1p98tnrdecIKvEWp8TCNM9+SAc6aSl5LYfe+MUdIc6LgllWveVT4xTaXPD9UQM
lorHJwHobpv8mDnXHFBiSG480I9QO8q83KCw95fCSSm6L4PhRDMQ1l2Od0w6USEr
-----END CERTIFICATE-----