Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/3KS3o6RQQz830hAQopyQ0wsLL_U.roa
File:                     3KS3o6RQQz830hAQopyQ0wsLL_U.roa (raw, json)
Hash identifier:          sAFXlzUy9bgVI+F/GzcHxk+joXkwgK6T0pzDh2/RPcU=
Subject key identifier:   DC:A4:B7:A3:A4:50:43:3F:37:D2:10:10:A2:9C:90:D3:0B:0B:2F:F5
Certificate issuer:       /CN=1e11f8a6b283b52604d932a25893b86404121e8b
Certificate serial:       018CCA2BC1D78DA23DA44D523A8467DDAB05
Authority key identifier: 1E:11:F8:A6:B2:83:B5:26:04:D9:32:A2:58:93:B8:64:04:12:1E:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhH4prKDtSYE2TKiWJO4ZAQSHos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/3KS3o6RQQz830hAQopyQ0wsLL_U.roa
Signing time:             Tue 02 Jan 2024 12:35:14 +0000
ROA not before:           Tue 02 Jan 2024 12:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43966
IP address blocks:        91.227.44.0/22 maxlen: 22
                          193.111.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/HhH4prKDtSYE2TKiWJO4ZAQSHos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/HhH4prKDtSYE2TKiWJO4ZAQSHos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhH4prKDtSYE2TKiWJO4ZAQSHos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c1:d7:8d:a2:3d:a4:4d:52:3a:84:67:dd:ab:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e11f8a6b283b52604d932a25893b86404121e8b
        Validity
            Not Before: Jan  2 12:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dca4b7a3a450433f37d21010a29c90d30b0b2ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ec:f8:b1:50:02:c1:ad:d9:69:bb:f3:8e:6b:
                    0d:99:f4:60:0e:b0:b1:72:de:6f:3c:c1:3e:d7:d8:
                    20:5d:d0:ff:48:cc:69:46:cb:10:c0:de:da:70:0c:
                    f1:65:64:7e:9e:c4:07:0f:40:bf:c3:c6:4d:c0:c7:
                    f8:e7:5d:a2:b1:df:ae:cd:00:f9:11:bf:74:a6:df:
                    16:c3:25:0c:cd:69:ef:2b:0b:33:b0:b3:92:6f:f6:
                    91:eb:67:e7:4c:aa:7a:05:5a:93:17:8c:b9:d8:45:
                    49:11:5c:b3:ab:e6:ab:27:9a:9c:a5:5b:ae:17:9c:
                    10:44:b1:d2:27:06:4e:ed:03:43:11:0c:39:9e:af:
                    2a:dc:c5:1b:a0:3c:56:65:6a:2f:e3:e3:43:09:01:
                    4d:dc:97:2f:23:d4:e6:8b:0d:3f:4f:50:68:ab:17:
                    11:34:c3:75:9f:66:4a:fa:ab:bf:45:e3:26:da:d7:
                    f2:ea:5d:68:5b:7a:85:7a:b3:0d:36:ba:82:12:4c:
                    2b:f7:0a:ac:3a:47:a0:e8:4e:5a:0a:36:48:18:8e:
                    e6:a9:41:07:9b:81:15:30:54:54:49:8b:62:7e:2e:
                    63:0f:15:54:db:5d:be:1d:7e:52:6b:0b:9b:56:f5:
                    26:05:f6:3d:9f:2b:cc:43:19:73:e8:eb:95:aa:05:
                    c3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A4:B7:A3:A4:50:43:3F:37:D2:10:10:A2:9C:90:D3:0B:0B:2F:F5
            X509v3 Authority Key Identifier:
                keyid:1E:11:F8:A6:B2:83:B5:26:04:D9:32:A2:58:93:B8:64:04:12:1E:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhH4prKDtSYE2TKiWJO4ZAQSHos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/3KS3o6RQQz830hAQopyQ0wsLL_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c9eb55-e593-4cd7-8714-1a593194c798/1/HhH4prKDtSYE2TKiWJO4ZAQSHos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.44.0/22
                  193.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:7b:b3:95:a5:30:63:c7:7d:b4:d6:e3:4d:6b:43:eb:f1:98:
         4e:cf:4f:05:ac:0f:98:7f:62:dc:2a:16:af:79:dd:1f:6c:69:
         c0:00:0a:15:d5:03:d1:74:d9:22:c7:a3:d4:76:c1:8d:3b:81:
         28:02:c6:ba:6a:5a:0b:84:02:ea:0b:4b:d3:55:2f:ba:f9:af:
         6a:d6:3b:5e:ff:b0:e3:cb:11:50:df:5c:0c:a0:95:66:37:ac:
         72:71:79:56:3e:7a:0b:d6:a6:4a:86:ab:37:1d:b4:03:d7:f7:
         86:80:3f:4b:f8:6b:2c:f9:99:60:c2:0e:0a:d1:a4:da:57:96:
         cb:e5:1e:ba:f7:c2:6b:dd:ae:75:36:4e:99:f6:03:55:2f:5e:
         5e:1e:85:c2:88:99:d2:25:94:fd:ff:7f:47:6b:c6:f9:6e:67:
         21:ec:d2:7e:2e:5f:53:a7:76:87:ec:2c:8f:9e:79:cf:2c:85:
         32:ef:47:74:9e:80:c9:73:d3:4b:89:df:e6:8b:ab:9a:ae:30:
         22:3c:2a:a1:7e:66:35:83:1c:14:08:92:75:b1:b7:19:b1:ca:
         1e:cc:aa:94:f4:35:4d:e4:05:61:7c:2c:70:00:bd:55:30:01:
         ba:ae:63:b2:a9:f6:45:40:31:ca:e5:e9:eb:e8:3b:75:7e:6f:
         09:19:b2:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK8HXjaI9pE1SOoRn3asFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTFmOGE2YjI4M2I1MjYwNGQ5MzJhMjU4OTNiODY0MDQx
MjFlOGIwHhcNMjQwMTAyMTIzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E0YjdhM2E0NTA0MzNmMzdkMjEwMTBhMjljOTBkMzBiMGIyZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+z4sVACwa3ZabvzjmsNmfRgDrCx
ct5vPME+19ggXdD/SMxpRssQwN7acAzxZWR+nsQHD0C/w8ZNwMf4512isd+uzQD5
Eb90pt8WwyUMzWnvKwszsLOSb/aR62fnTKp6BVqTF4y52EVJEVyzq+arJ5qcpVuu
F5wQRLHSJwZO7QNDEQw5nq8q3MUboDxWZWov4+NDCQFN3JcvI9Tmiw0/T1BoqxcR
NMN1n2ZK+qu/ReMm2tfy6l1oW3qFerMNNrqCEkwr9wqsOkeg6E5aCjZIGI7mqUEH
m4EVMFRUSYtifi5jDxVU212+HX5SawubVvUmBfY9nyvMQxlz6OuVqgXDMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNykt6OkUEM/N9IQEKKckNMLCy/1MB8GA1UdIwQY
MBaAFB4R+Kayg7UmBNkyoliTuGQEEh6LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhINHByS0R0U1lFMlRLaVdKTzRaQVFTSG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jOWViNTUtZTU5My00Y2Q3LTg3MTQt
MWE1OTMxOTRjNzk4LzEvM0tTM282UlFRejgzMGhBUW9weVEwd3NMTF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jOWViNTUtZTU5My00Y2Q3LTg3MTQtMWE1OTMxOTRjNzk4
LzEvSGhINHByS0R0U1lFMlRLaVdKTzRaQVFTSG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+MsAwQC
wW/8MA0GCSqGSIb3DQEBCwUAA4IBAQBre7OVpTBjx3201uNNa0Pr8ZhOz08FrA+Y
f2LcKhaved0fbGnAAAoV1QPRdNkix6PUdsGNO4EoAsa6aloLhALqC0vTVS+6+a9q
1jte/7DjyxFQ31wMoJVmN6xycXlWPnoL1qZKhqs3HbQD1/eGgD9L+Gss+Zlgwg4K
0aTaV5bL5R6698Jr3a51Nk6Z9gNVL15eHoXCiJnSJZT9/39Ha8b5bmch7NJ+Ll9T
p3aH7CyPnnnPLIUy70d0noDJc9NLid/mi6uarjAiPCqhfmY1gxwUCJJ1sbcZscoe
zKqU9DVN5AVhfCxwAL1VMAG6rmOyqfZFQDHK5enr6Dt1fm8JGbJh
-----END CERTIFICATE-----