Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P4Pv3IcgmL5dy7waF5TwjEBy1mw.roa
File:                     P4Pv3IcgmL5dy7waF5TwjEBy1mw.roa (raw, json)
Hash identifier:          V8Bj8npddrI/fzjM0e0GVVE6rr7lgZWXDrG7WRgdJ0g=
Subject key identifier:   3F:83:EF:DC:87:20:98:BE:5D:CB:BC:1A:17:94:F0:8C:40:72:D6:6C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E768BEC3FBDE3760C655D50A4A9E8E908
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P4Pv3IcgmL5dy7waF5TwjEBy1mw.roa
Signing time:             Mon 25 Mar 2024 16:57:45 +0000
ROA not before:           Mon 25 Mar 2024 16:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215638
IP address blocks:        213.218.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:8b:ec:3f:bd:e3:76:0c:65:5d:50:a4:a9:e8:e9:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 16:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f83efdc872098be5dcbbc1a1794f08c4072d66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9c:87:49:e2:70:f2:2b:c7:39:d8:68:58:6c:
                    5e:fd:57:b3:e2:65:b0:a2:a1:84:34:c1:ef:ec:05:
                    db:e1:8a:d0:ad:18:24:b3:05:ea:e2:f5:12:1c:5a:
                    1a:7c:3f:c0:68:f7:f5:3e:91:fd:2f:e7:28:fe:cc:
                    f8:0c:3d:b4:6b:57:19:ca:94:75:69:b0:aa:ba:ed:
                    b2:6e:79:f1:87:66:88:c3:48:4e:bf:b7:2d:54:d8:
                    15:0e:52:2a:82:06:cf:94:30:ae:20:06:5e:8a:95:
                    6d:af:50:90:4f:fc:ad:69:60:51:1c:be:0a:94:17:
                    39:47:35:ef:45:3a:2b:f1:7f:41:0a:e6:07:64:bc:
                    27:06:bb:86:4a:e7:5d:ab:cf:19:c2:c1:fa:19:06:
                    e7:99:43:dc:8d:56:03:6c:6d:97:46:e0:25:11:c9:
                    e0:30:51:bb:ba:9d:51:db:34:1c:df:19:80:e5:78:
                    2e:f5:57:75:d4:1d:ea:24:47:c6:cb:c4:1a:b5:bc:
                    1b:1c:f5:dc:2c:b1:65:65:ed:84:75:f4:b5:b3:dd:
                    28:fb:49:5c:fd:bf:c0:25:39:ff:c9:99:80:86:a4:
                    18:bb:84:c7:cd:40:32:a2:e4:8b:69:9c:da:8b:ad:
                    8a:d8:5c:ca:81:b6:82:b4:c5:b7:83:f1:2c:5d:b3:
                    5d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:EF:DC:87:20:98:BE:5D:CB:BC:1A:17:94:F0:8C:40:72:D6:6C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P4Pv3IcgmL5dy7waF5TwjEBy1mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:b7:d7:4a:3b:4c:c5:16:c7:2a:24:03:bd:03:02:71:cb:14:
         58:e1:2c:de:62:1e:61:f6:29:c8:af:51:9a:68:ee:d1:66:e0:
         61:ae:b3:25:4e:89:f4:36:d4:89:7c:44:7f:cf:f7:6d:8a:67:
         af:8d:26:91:75:04:c0:c1:67:35:9c:fb:bd:e2:48:22:e0:fc:
         56:59:cb:0f:43:9e:69:c5:62:45:9e:84:7c:e3:61:36:84:46:
         66:07:50:fb:33:37:8d:f4:41:dd:c5:88:16:7b:b4:e4:10:80:
         15:1f:e5:3e:27:b0:e6:71:1b:e7:14:95:7f:0d:02:76:e2:ef:
         34:47:d0:0a:5d:81:7c:cb:b9:dd:29:18:0a:bd:53:64:96:72:
         e3:9c:53:15:45:03:b2:f4:e9:4d:d4:09:0b:cd:91:f6:82:c0:
         47:9e:da:55:ba:64:77:ed:86:7f:93:77:47:97:a7:d5:1e:27:
         6f:eb:b1:eb:a3:7b:0f:37:32:6b:06:45:b6:70:22:0b:9c:be:
         02:77:d6:25:0e:27:9b:9f:b3:e5:f4:d0:e9:a9:ad:13:4f:eb:
         f2:e7:34:80:5b:fb:5b:4c:99:c0:39:85:cb:f8:4d:b4:e8:0d:
         65:8e:26:db:93:f0:c3:69:0e:dd:4b:bd:1a:fb:80:da:81:4e:
         12:2f:0e:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52i+w/veN2DGVdUKSp6OkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTY1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzZWZkYzg3MjA5OGJlNWRjYmJjMWExNzk0ZjA4YzQwNzJkNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5yHSeJw8ivHOdhoWGxe/Vez4mWw
oqGENMHv7AXb4YrQrRgkswXq4vUSHFoafD/AaPf1PpH9L+co/sz4DD20a1cZypR1
abCquu2ybnnxh2aIw0hOv7ctVNgVDlIqggbPlDCuIAZeipVtr1CQT/ytaWBRHL4K
lBc5RzXvRTor8X9BCuYHZLwnBruGSuddq88ZwsH6GQbnmUPcjVYDbG2XRuAlEcng
MFG7up1R2zQc3xmA5Xgu9Vd11B3qJEfGy8QatbwbHPXcLLFlZe2EdfS1s90o+0lc
/b/AJTn/yZmAhqQYu4THzUAyouSLaZzai62K2FzKgbaCtMW3g/EsXbNdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+D79yHIJi+Xcu8GheU8IxActZsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUDRQdjNJY2dtTDVkeTd3YUY1VHdqRUJ5MW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1dr8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRt9dKO0zFFscqJAO9AwJxyxRY4SzeYh5h9inIr1Ga
aO7RZuBhrrMlTon0NtSJfER/z/dtimevjSaRdQTAwWc1nPu94kgi4PxWWcsPQ55p
xWJFnoR842E2hEZmB1D7MzeN9EHdxYgWe7TkEIAVH+U+J7DmcRvnFJV/DQJ24u80
R9AKXYF8y7ndKRgKvVNklnLjnFMVRQOy9OlN1AkLzZH2gsBHntpVumR37YZ/k3dH
l6fVHidv67Hro3sPNzJrBkW2cCILnL4Cd9YlDiebn7Pl9NDpqa0TT+vy5zSAW/tb
TJnAOYXL+E206A1ljibbk/DDaQ7dS70a+4DagU4SLw41
-----END CERTIFICATE-----