Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/T3jV-fHwzJxr4zBZDEQQlxz8CFc.roa
File:                     T3jV-fHwzJxr4zBZDEQQlxz8CFc.roa (raw, json)
Hash identifier:          yMhfTcCc+ydFDI6jb7Y+kbVjEHZSACpqdekf1/pHw3E=
Subject key identifier:   4F:78:D5:F9:F1:F0:CC:9C:6B:E3:30:59:0C:44:10:97:1C:FC:08:57
Certificate issuer:       /CN=8402924861cbc088c655a872535a903108a07bf1
Certificate serial:       018CC94E47B858099459D38B4469EC1B9E09
Authority key identifier: 84:02:92:48:61:CB:C0:88:C6:55:A8:72:53:5A:90:31:08:A0:7B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAKSSGHLwIjGVahyU1qQMQige_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/T3jV-fHwzJxr4zBZDEQQlxz8CFc.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        217.65.131.0/24 maxlen: 24
                          185.233.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/hAKSSGHLwIjGVahyU1qQMQige_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/hAKSSGHLwIjGVahyU1qQMQige_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAKSSGHLwIjGVahyU1qQMQige_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:47:b8:58:09:94:59:d3:8b:44:69:ec:1b:9e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8402924861cbc088c655a872535a903108a07bf1
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f78d5f9f1f0cc9c6be330590c4410971cfc0857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:54:ac:0d:f3:f1:02:f4:7d:98:1f:2c:41:04:
                    06:df:13:13:92:20:df:32:06:ed:11:26:a8:1c:b2:
                    33:38:0b:3b:2e:5d:35:20:11:13:ca:e7:50:0d:ae:
                    15:51:7f:f7:be:dd:47:e6:c9:e7:ef:71:e4:9f:37:
                    36:0f:b0:d1:09:c8:a7:9a:7d:a4:ac:51:8c:a3:9a:
                    d3:92:10:5f:61:08:e7:f6:5e:5f:de:02:c7:76:7a:
                    a3:56:45:c5:42:95:ca:cf:5e:bb:0f:11:ef:5f:76:
                    b9:bb:bd:b0:7f:c8:de:a6:fc:d5:93:e8:dd:1c:06:
                    57:3b:30:f8:ac:05:30:08:5c:17:7e:70:37:67:2c:
                    44:72:52:8f:3e:67:33:6b:05:06:95:18:60:1f:a2:
                    c0:60:63:f7:21:83:ce:5b:bd:c1:a3:5e:fd:89:9e:
                    35:09:ec:20:12:ba:d8:30:59:d9:e3:95:f1:0e:4f:
                    c1:00:4b:f7:b4:1a:5b:db:d4:c1:27:6d:48:20:3f:
                    1b:42:e8:cf:b5:65:7f:62:8a:67:87:07:5b:88:5c:
                    1f:bf:01:47:fa:33:c5:0b:2e:b1:1c:eb:92:1a:7e:
                    9e:7f:25:54:bb:41:53:85:39:44:b3:35:e4:b5:1c:
                    2c:98:07:be:7e:98:56:d2:e3:2a:7b:8b:3c:89:da:
                    bc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:78:D5:F9:F1:F0:CC:9C:6B:E3:30:59:0C:44:10:97:1C:FC:08:57
            X509v3 Authority Key Identifier:
                keyid:84:02:92:48:61:CB:C0:88:C6:55:A8:72:53:5A:90:31:08:A0:7B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAKSSGHLwIjGVahyU1qQMQige_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/T3jV-fHwzJxr4zBZDEQQlxz8CFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0924fa-54fb-4254-b64e-0ac9b3bae6f5/1/hAKSSGHLwIjGVahyU1qQMQige_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.66.0/24
                  217.65.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:d6:a7:0c:db:bb:aa:66:6a:62:a5:65:55:15:c3:c8:a3:f8:
         cf:cb:1b:12:48:58:76:63:1f:9a:5b:ce:55:be:e2:f1:6c:38:
         2a:3c:1a:9e:39:c2:fd:21:33:2b:0d:3c:67:d9:fe:c6:d0:28:
         ac:17:73:79:2f:90:2a:99:c2:6d:ac:3b:a7:bf:80:30:28:53:
         3c:d6:84:b3:27:78:4f:04:9f:70:ce:98:d6:94:34:bb:de:79:
         a0:9b:fc:27:f9:68:e2:92:da:0f:39:18:fb:f5:16:86:37:b8:
         19:74:32:02:81:85:a0:6c:93:05:65:0b:b7:69:03:1a:69:83:
         1e:5c:89:3a:63:7e:90:fd:48:73:0d:6d:90:25:09:61:48:b5:
         94:e3:2a:8d:97:03:57:71:f6:85:d8:fd:ab:f9:1f:d0:a4:56:
         37:96:33:21:3d:2e:ae:76:a0:52:c6:a3:c3:5e:62:22:3f:65:
         52:49:a3:91:1b:f6:1d:e6:85:fc:58:1f:86:3d:32:37:62:08:
         05:45:ee:89:fb:d6:7a:39:a2:5d:32:df:2f:1f:2e:cf:f9:74:
         13:96:e8:0e:d9:bf:b7:1e:69:cf:1f:e4:a6:f6:83:f5:26:cb:
         2f:5e:d6:77:be:de:ba:25:be:45:b3:28:aa:af:f8:63:10:55:
         78:8e:b3:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTke4WAmUWdOLRGnsG54JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDI5MjQ4NjFjYmMwODhjNjU1YTg3MjUzNWE5MDMxMDhh
MDdiZjEwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjc4ZDVmOWYxZjBjYzljNmJlMzMwNTkwYzQ0MTA5NzFjZmMwODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVSsDfPxAvR9mB8sQQQG3xMTkiDf
MgbtESaoHLIzOAs7Ll01IBETyudQDa4VUX/3vt1H5snn73Hknzc2D7DRCcinmn2k
rFGMo5rTkhBfYQjn9l5f3gLHdnqjVkXFQpXKz167DxHvX3a5u72wf8jepvzVk+jd
HAZXOzD4rAUwCFwXfnA3ZyxEclKPPmczawUGlRhgH6LAYGP3IYPOW73Bo179iZ41
CewgErrYMFnZ45XxDk/BAEv3tBpb29TBJ21IID8bQujPtWV/YopnhwdbiFwfvwFH
+jPFCy6xHOuSGn6efyVUu0FThTlEszXktRwsmAe+fphW0uMqe4s8idq8SQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE941fnx8Myca+MwWQxEEJcc/AhXMB8GA1UdIwQY
MBaAFIQCkkhhy8CIxlWoclNakDEIoHvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFLU1NHSEx3SWpHVmFoeVUxcVFNUWlnZV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wOTI0ZmEtNTRmYi00MjU0LWI2NGUt
MGFjOWIzYmFlNmY1LzEvVDNqVi1mSHd6SnhyNHpCWkRFUVFseHo4Q0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wOTI0ZmEtNTRmYi00MjU0LWI2NGUtMGFjOWIzYmFlNmY1
LzEvaEFLU1NHSEx3SWpHVmFoeVUxcVFNUWlnZV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuelCAwQA
2UGDMA0GCSqGSIb3DQEBCwUAA4IBAQAt1qcM27uqZmpipWVVFcPIo/jPyxsSSFh2
Yx+aW85VvuLxbDgqPBqeOcL9ITMrDTxn2f7G0CisF3N5L5AqmcJtrDunv4AwKFM8
1oSzJ3hPBJ9wzpjWlDS73nmgm/wn+WjiktoPORj79RaGN7gZdDICgYWgbJMFZQu3
aQMaaYMeXIk6Y36Q/UhzDW2QJQlhSLWU4yqNlwNXcfaF2P2r+R/QpFY3ljMhPS6u
dqBSxqPDXmIiP2VSSaORG/Yd5oX8WB+GPTI3YggFRe6J+9Z6OaJdMt8vHy7P+XQT
lugO2b+3HmnPH+Sm9oP1JssvXtZ3vt66Jb5Fsyiqr/hjEFV4jrPw
-----END CERTIFICATE-----