Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/3Ok-Y1zah-D61fJLGHRwTudQUOY.roa
File:                     3Ok-Y1zah-D61fJLGHRwTudQUOY.roa (raw, json)
Hash identifier:          4ag+TqB8tP40r0HU2NsX+PZTCRX5FjIZUEkNF8ug+88=
Subject key identifier:   DC:E9:3E:63:5C:DA:87:E0:FA:D5:F2:4B:18:74:70:4E:E7:50:50:E6
Certificate issuer:       /CN=ec1d7290bfd1be123fbe0b075fd50dcf646c4f76
Certificate serial:       018CC2DAF249FBAEF5B1EE2E5A859CD5B06F
Authority key identifier: EC:1D:72:90:BF:D1:BE:12:3F:BE:0B:07:5F:D5:0D:CF:64:6C:4F:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/3Ok-Y1zah-D61fJLGHRwTudQUOY.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44934
IP address blocks:        91.203.56.0/22 maxlen: 24
                          2001:67c:6f0::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f2:49:fb:ae:f5:b1:ee:2e:5a:85:9c:d5:b0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec1d7290bfd1be123fbe0b075fd50dcf646c4f76
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce93e635cda87e0fad5f24b1874704ee75050e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8f:78:55:42:30:0b:34:d5:36:85:36:7b:7e:
                    fa:47:53:3c:d9:2e:c3:e9:4e:e3:dc:4d:27:ba:84:
                    09:33:53:52:26:c6:b9:35:b6:e2:0c:75:c9:95:30:
                    92:73:27:92:aa:35:7e:58:2f:79:6d:7f:22:4c:f9:
                    72:4b:d5:83:d3:f1:92:ef:ff:dd:70:52:8e:4f:b3:
                    62:c7:11:3c:f9:f6:4b:33:d3:2d:4b:82:93:f9:c3:
                    eb:93:00:ab:3c:bc:98:1f:03:ba:68:47:d3:05:7f:
                    c2:01:b8:d7:46:5c:64:ca:9e:5a:79:14:6d:ec:43:
                    5e:0e:cc:71:33:0e:fc:bf:70:48:18:7b:6b:9a:33:
                    42:7a:c1:19:08:66:2f:72:39:33:de:fe:9f:87:d0:
                    36:70:dd:c4:4a:1b:bc:f5:43:b0:40:44:16:82:dc:
                    80:37:90:85:94:9d:7e:77:85:0e:db:54:e8:74:7f:
                    f2:40:d6:8d:50:8e:eb:0c:da:13:67:b5:fd:7d:39:
                    cc:27:4e:fd:72:7d:12:98:83:d4:b7:79:4f:ab:1b:
                    fd:7a:16:4c:1f:dc:af:ad:9c:a9:05:49:cb:fd:ec:
                    67:68:7c:af:4f:08:d9:d0:ee:5c:2b:50:6c:7c:03:
                    c9:e6:c4:94:9c:4c:95:e0:b8:d3:31:28:94:a5:2d:
                    12:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E9:3E:63:5C:DA:87:E0:FA:D5:F2:4B:18:74:70:4E:E7:50:50:E6
            X509v3 Authority Key Identifier:
                keyid:EC:1D:72:90:BF:D1:BE:12:3F:BE:0B:07:5F:D5:0D:CF:64:6C:4F:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/3Ok-Y1zah-D61fJLGHRwTudQUOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.56.0/22
                IPv6:
                  2001:67c:6f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:f5:c2:fd:59:18:b7:4e:d7:a7:25:ee:44:4e:93:01:a0:f8:
         1c:ce:41:4f:1b:dc:1b:39:8b:29:61:81:41:c1:93:6d:6f:16:
         00:e6:c9:d0:6e:1e:58:6b:87:b3:e6:2a:2e:a7:a8:12:c5:15:
         07:55:ee:90:00:73:e3:04:98:06:b7:b9:96:d6:82:e6:49:18:
         61:74:75:3a:70:3b:7a:bd:fb:f0:9c:ba:ea:53:8f:fb:ec:9f:
         01:58:1c:9c:6a:e1:15:a8:2e:2d:a8:1e:bc:44:5a:96:ec:9d:
         d5:9c:5e:ef:dc:08:87:f5:d3:bf:e5:f5:eb:47:e5:12:e1:4d:
         d2:15:d8:5f:c6:3b:ed:2e:1b:48:5e:39:22:43:07:a7:d1:09:
         c5:13:8b:f9:2f:ed:ba:d6:7f:e7:5b:23:1f:70:15:1a:a4:8c:
         63:14:d5:48:b7:a6:ae:20:e1:3c:b9:76:e9:e8:42:a7:5d:63:
         57:ca:ae:70:0d:39:32:a0:c3:9b:44:8c:56:7e:b9:73:e7:8b:
         9f:4a:c7:e2:95:6b:1c:dc:f4:ac:fd:2d:82:b5:df:26:0f:03:
         82:9b:df:f8:6f:5c:ca:06:10:ce:64:07:8d:2b:56:cd:7c:b2:
         0e:5c:7d:35:40:28:d2:f2:1e:1b:8f:3c:01:5a:72:57:a7:04:
         34:2f:2f:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2vJJ+671se4uWoWc1bBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMWQ3MjkwYmZkMWJlMTIzZmJlMGIwNzVmZDUwZGNmNjQ2
YzRmNzYwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U5M2U2MzVjZGE4N2UwZmFkNWYyNGIxODc0NzA0ZWU3NTA1MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtI94VUIwCzTVNoU2e376R1M82S7D
6U7j3E0nuoQJM1NSJsa5NbbiDHXJlTCScyeSqjV+WC95bX8iTPlyS9WD0/GS7//d
cFKOT7NixxE8+fZLM9MtS4KT+cPrkwCrPLyYHwO6aEfTBX/CAbjXRlxkyp5aeRRt
7ENeDsxxMw78v3BIGHtrmjNCesEZCGYvcjkz3v6fh9A2cN3EShu89UOwQEQWgtyA
N5CFlJ1+d4UO21TodH/yQNaNUI7rDNoTZ7X9fTnMJ079cn0SmIPUt3lPqxv9ehZM
H9yvrZypBUnL/exnaHyvTwjZ0O5cK1BsfAPJ5sSUnEyV4LjTMSiUpS0SbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNzpPmNc2ofg+tXySxh0cE7nUFDmMB8GA1UdIwQY
MBaAFOwdcpC/0b4SP74LB1/VDc9kbE92MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0IxeWtMX1J2aElfdmdzSFg5VU56MlJzVDNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iNTI1ZWItY2VhNC00N2ZkLThmN2Qt
NjhlOTQ5MDgyZjliLzEvM09rLVkxemFoLUQ2MWZKTEdIUndUdWRRVU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iNTI1ZWItY2VhNC00N2ZkLThmN2QtNjhlOTQ5MDgyZjli
LzEvN0IxeWtMX1J2aElfdmdzSFg5VU56MlJzVDNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW8s4MA8E
AgACMAkDBwAgAQZ8BvAwDQYJKoZIhvcNAQELBQADggEBAFb1wv1ZGLdO16cl7kRO
kwGg+BzOQU8b3Bs5iylhgUHBk21vFgDmydBuHlhrh7PmKi6nqBLFFQdV7pAAc+ME
mAa3uZbWguZJGGF0dTpwO3q9+/CcuupTj/vsnwFYHJxq4RWoLi2oHrxEWpbsndWc
Xu/cCIf107/l9etH5RLhTdIV2F/GO+0uG0heOSJDB6fRCcUTi/kv7brWf+dbIx9w
FRqkjGMU1Ui3pq4g4Ty5dunoQqddY1fKrnANOTKgw5tEjFZ+uXPni59Kx+KVaxzc
9Kz9LYK13yYPA4Kb3/hvXMoGEM5kB40rVs18sg5cfTVAKNLyHhuPPAFaclenBDQv
L6o=
-----END CERTIFICATE-----