Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pOzyiy-qLVhCEZkHhXkAFb4911g.roa
File:                     pOzyiy-qLVhCEZkHhXkAFb4911g.roa (raw, json)
Hash identifier:          D4yhAbCns2mRILewrIgAi+47HJp6RYXF9dFVEbpnAXI=
Subject key identifier:   A4:EC:F2:8B:2F:AA:2D:58:42:11:99:07:85:79:00:15:BE:3D:D7:58
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495DBAD5BAAE032A45963AB2E9FDE2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pOzyiy-qLVhCEZkHhXkAFb4911g.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206483
IP address blocks:        217.144.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5d:ba:d5:ba:ae:03:2a:45:96:3a:b2:e9:fd:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4ecf28b2faa2d584211990785790015be3dd758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:24:93:39:e3:18:42:4e:c5:36:d2:64:0a:24:
                    9a:3f:b8:fe:1e:26:48:77:f8:4d:ec:e6:f7:07:ac:
                    d6:b2:23:bf:76:ce:eb:f5:5b:b4:60:5f:d6:95:16:
                    7b:f9:be:3d:ba:21:ca:d6:7d:f0:c4:a6:87:51:4d:
                    96:08:b7:35:5e:8d:2b:cf:bb:a8:6b:83:9e:53:89:
                    51:9a:95:33:cc:c9:a0:65:9f:32:17:cd:4c:84:56:
                    af:5d:4b:55:eb:ea:32:a8:39:28:22:f0:26:16:20:
                    f9:17:d5:68:83:c3:c8:f7:95:05:bf:29:2f:2a:4c:
                    72:ec:47:34:e6:08:1d:6d:05:6c:8c:5b:4f:6d:01:
                    73:e0:e8:a0:ca:27:0d:ce:78:09:3a:f1:50:80:3f:
                    e1:0a:f3:b2:64:58:6c:5b:88:45:ee:9c:b5:0f:01:
                    b2:1c:a9:33:60:84:b7:72:bf:21:31:8e:51:6d:de:
                    18:5a:b5:59:c8:51:9b:e6:00:90:3c:f9:5c:47:e1:
                    26:7b:b0:9b:c7:ec:ec:16:9d:ae:30:25:b8:e7:ed:
                    d8:ca:7e:07:29:af:dd:3a:4c:a2:06:5b:60:44:ba:
                    9a:ff:15:04:ba:44:61:f5:05:d3:a1:2b:aa:a8:63:
                    91:b1:e7:2d:ae:aa:25:e5:45:3b:27:e3:94:9e:35:
                    ec:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EC:F2:8B:2F:AA:2D:58:42:11:99:07:85:79:00:15:BE:3D:D7:58
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pOzyiy-qLVhCEZkHhXkAFb4911g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e0:27:a3:7b:c1:09:a3:87:6e:fd:5b:91:f7:67:77:d9:fd:
         8d:1b:f1:91:8f:a4:4b:ce:c5:56:9d:32:77:81:48:e1:24:6b:
         17:de:22:99:73:66:e3:d8:4a:87:d4:02:4d:89:65:bf:5c:0e:
         24:78:0b:e5:e3:01:d9:d3:33:3b:f9:93:f7:dc:fe:ec:4e:b0:
         27:ea:ad:cb:f7:e2:62:ab:45:11:d1:00:b2:f0:18:6e:23:8e:
         1d:46:82:ee:22:d6:74:2b:a6:9c:61:32:f9:39:c2:49:2f:57:
         4e:7e:f6:ac:b3:a1:df:e4:11:19:e6:85:97:a5:02:b5:8c:89:
         ec:35:7d:63:8b:1e:fe:7c:5f:56:cb:17:c1:e0:73:14:dd:e5:
         ff:50:01:bf:13:ab:be:45:a7:df:a2:41:02:43:2c:1b:48:92:
         00:35:87:f2:35:f9:ef:a7:9e:69:03:7c:aa:7a:9c:1b:7c:4b:
         84:87:3f:fd:71:70:7c:3e:ef:ce:22:09:09:6b:49:93:1f:36:
         c3:8e:c2:c7:fb:82:bd:5b:e3:65:c6:bd:a8:98:e1:02:1c:dc:
         3f:72:81:09:f0:45:b7:20:9f:d8:fa:b3:75:cb:07:e4:24:aa:
         08:3b:92:a0:f1:2c:47:55:65:ed:cc:bf:a6:cc:47:38:7c:ce:
         36:9c:da:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSV261bquAypFljqy6f3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVjZjI4YjJmYWEyZDU4NDIxMTk5MDc4NTc5MDAxNWJlM2RkNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlySTOeMYQk7FNtJkCiSaP7j+HiZI
d/hN7Ob3B6zWsiO/ds7r9Vu0YF/WlRZ7+b49uiHK1n3wxKaHUU2WCLc1Xo0rz7uo
a4OeU4lRmpUzzMmgZZ8yF81MhFavXUtV6+oyqDkoIvAmFiD5F9Vog8PI95UFvykv
Kkxy7Ec05ggdbQVsjFtPbQFz4OigyicNzngJOvFQgD/hCvOyZFhsW4hF7py1DwGy
HKkzYIS3cr8hMY5Rbd4YWrVZyFGb5gCQPPlcR+Eme7Cbx+zsFp2uMCW45+3Yyn4H
Ka/dOkyiBltgRLqa/xUEukRh9QXToSuqqGORsectrqol5UU7J+OUnjXsjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTs8osvqi1YQhGZB4V5ABW+PddYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcE96eWl5LXFMVmhDRVprSGhYa0FGYjQ5MTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZCRMA0G
CSqGSIb3DQEBCwUAA4IBAQBg4Ceje8EJo4du/VuR92d32f2NG/GRj6RLzsVWnTJ3
gUjhJGsX3iKZc2bj2EqH1AJNiWW/XA4keAvl4wHZ0zM7+ZP33P7sTrAn6q3L9+Ji
q0UR0QCy8BhuI44dRoLuItZ0K6acYTL5OcJJL1dOfvass6Hf5BEZ5oWXpQK1jIns
NX1jix7+fF9WyxfB4HMU3eX/UAG/E6u+RaffokECQywbSJIANYfyNfnvp55pA3yq
epwbfEuEhz/9cXB8Pu/OIgkJa0mTHzbDjsLH+4K9W+Nlxr2omOECHNw/coEJ8EW3
IJ/Y+rN1ywfkJKoIO5Kg8SxHVWXtzL+mzEc4fM42nNpY
-----END CERTIFICATE-----