Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/Fd-9HAFY74RiL1M3bJJl7JC4AjI.roa
File:                     Fd-9HAFY74RiL1M3bJJl7JC4AjI.roa (raw, json)
Hash identifier:          mUWb5epWrcrq9xVlmMq8fgch2kutj9t5piaB7ww+3RA=
Subject key identifier:   15:DF:BD:1C:01:58:EF:84:62:2F:53:37:6C:92:65:EC:90:B8:02:32
Certificate issuer:       /CN=3b544ca0e2be18e9fd74e281324a30b0ea2d1d52
Certificate serial:       0190A148B25C4443793B2978344EE9D138DD
Authority key identifier: 3B:54:4C:A0:E2:BE:18:E9:FD:74:E2:81:32:4A:30:B0:EA:2D:1D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/Fd-9HAFY74RiL1M3bJJl7JC4AjI.roa
Signing time:             Thu 11 Jul 2024 10:13:34 +0000
ROA not before:           Thu 11 Jul 2024 10:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        192.124.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:48:b2:5c:44:43:79:3b:29:78:34:4e:e9:d1:38:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b544ca0e2be18e9fd74e281324a30b0ea2d1d52
        Validity
            Not Before: Jul 11 10:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15dfbd1c0158ef84622f53376c9265ec90b80232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:07:14:38:e3:10:01:98:c7:83:59:ab:55:0d:
                    bd:be:52:60:14:8d:2d:3f:33:de:b3:0d:f2:58:23:
                    eb:84:01:ea:d2:28:9f:44:c8:30:c4:0e:35:a5:45:
                    22:0c:73:25:74:3a:fb:af:df:cd:ce:07:c9:28:6d:
                    a8:27:95:18:4b:6a:33:e4:3c:7a:b1:bc:fa:6e:60:
                    11:1c:93:f5:81:77:fe:7b:ab:d0:8b:02:f8:ce:c2:
                    f9:98:b7:93:75:2d:32:b9:42:26:04:3a:f3:54:7a:
                    73:a4:a8:99:45:15:7a:0c:08:a2:f9:d6:5e:29:5e:
                    ab:8f:a0:a2:3d:46:6c:fd:45:9f:d8:ea:ac:3f:ac:
                    3c:b0:ac:14:f3:98:2f:cf:8f:46:2d:25:c6:5a:69:
                    d5:e7:e4:a8:11:dd:b5:35:7d:04:5b:b3:0f:d0:42:
                    9d:56:f6:06:8d:43:ed:8b:c0:06:e3:71:58:13:74:
                    2a:fd:4f:52:bb:af:57:34:e7:d9:24:a1:b9:be:e8:
                    1e:46:fe:7b:d2:15:b6:47:aa:b1:d2:6b:96:67:1a:
                    25:3f:e9:3c:8a:26:9f:3f:3d:4d:6b:a9:31:1b:93:
                    90:4b:3b:64:1e:71:91:4d:12:42:50:aa:ab:58:6e:
                    5a:8a:11:48:45:0a:37:d5:bf:98:f8:bf:7f:f0:6d:
                    90:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:DF:BD:1C:01:58:EF:84:62:2F:53:37:6C:92:65:EC:90:B8:02:32
            X509v3 Authority Key Identifier:
                keyid:3B:54:4C:A0:E2:BE:18:E9:FD:74:E2:81:32:4A:30:B0:EA:2D:1D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1RMoOK-GOn9dOKBMkowsOotHVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/Fd-9HAFY74RiL1M3bJJl7JC4AjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3030bb-42c2-4e3c-859a-876a9d7629f6/1/O1RMoOK-GOn9dOKBMkowsOotHVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:41:cc:dd:32:0e:fd:2b:e4:fb:2c:ad:f9:32:ae:72:8e:ae:
         6a:22:22:cd:d3:36:b6:0e:b3:84:ec:b7:bc:82:fe:02:a5:0c:
         95:3e:71:e6:8c:42:46:29:22:7a:32:7d:5f:99:d1:20:a1:98:
         c3:02:be:6a:b5:a5:dc:65:6c:78:48:28:7e:b2:2d:2e:f9:1f:
         e3:3f:e2:03:e4:85:5d:a4:c7:a6:07:bd:d1:a8:a9:1f:41:a4:
         b5:1a:c5:e8:79:87:f4:c4:0a:c0:8e:70:83:1f:bc:3e:af:50:
         e0:e2:31:cb:16:00:ab:e5:b4:62:87:89:0e:4e:da:e1:90:1b:
         01:99:a7:b2:0a:b6:74:1d:c2:f1:ed:84:41:6b:bd:f5:79:79:
         e7:67:99:69:64:27:da:7b:92:30:67:a9:3d:9a:e4:a9:da:f2:
         5e:e3:05:f9:da:ac:1b:40:84:82:01:af:00:b4:6a:74:4a:9a:
         ca:e0:7b:7e:6e:72:af:3c:c0:54:ed:a7:91:25:b0:f8:fe:63:
         c6:3f:a2:03:30:9a:4b:5e:49:e3:d3:31:32:61:4a:4f:ca:89:
         43:2a:fa:03:a9:30:4f:70:ac:c6:aa:1c:93:cb:00:57:97:e7:
         a7:99:2f:3d:3a:66:77:5b:3c:bd:d2:dc:51:38:b1:58:44:e1:
         9b:99:f8:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZChSLJcREN5Oyl4NE7p0TjdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNTQ0Y2EwZTJiZTE4ZTlmZDc0ZTI4MTMyNGEzMGIwZWEy
ZDFkNTIwHhcNMjQwNzExMTAxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWRmYmQxYzAxNThlZjg0NjIyZjUzMzc2YzkyNjVlYzkwYjgwMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwcUOOMQAZjHg1mrVQ29vlJgFI0t
PzPesw3yWCPrhAHq0iifRMgwxA41pUUiDHMldDr7r9/NzgfJKG2oJ5UYS2oz5Dx6
sbz6bmARHJP1gXf+e6vQiwL4zsL5mLeTdS0yuUImBDrzVHpzpKiZRRV6DAii+dZe
KV6rj6CiPUZs/UWf2OqsP6w8sKwU85gvz49GLSXGWmnV5+SoEd21NX0EW7MP0EKd
VvYGjUPti8AG43FYE3Qq/U9Su69XNOfZJKG5vugeRv570hW2R6qx0muWZxolP+k8
iiafPz1Na6kxG5OQSztkHnGRTRJCUKqrWG5aihFIRQo31b+Y+L9/8G2QXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXfvRwBWO+EYi9TN2ySZeyQuAIyMB8GA1UdIwQY
MBaAFDtUTKDivhjp/XTigTJKMLDqLR1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFSTW9PSy1HT245ZE9LQk1rb3dzT290SFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8zMDMwYmItNDJjMi00ZTNjLTg1OWEt
ODc2YTlkNzYyOWY2LzEvRmQtOUhBRlk3NFJpTDFNM2JKSmw3SkM0QWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8zMDMwYmItNDJjMi00ZTNjLTg1OWEtODc2YTlkNzYyOWY2
LzEvTzFSTW9PSy1HT245ZE9LQk1rb3dzT290SFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHxwMA0G
CSqGSIb3DQEBCwUAA4IBAQATQczdMg79K+T7LK35Mq5yjq5qIiLN0za2DrOE7Le8
gv4CpQyVPnHmjEJGKSJ6Mn1fmdEgoZjDAr5qtaXcZWx4SCh+si0u+R/jP+ID5IVd
pMemB73RqKkfQaS1GsXoeYf0xArAjnCDH7w+r1Dg4jHLFgCr5bRih4kOTtrhkBsB
maeyCrZ0HcLx7YRBa731eXnnZ5lpZCfae5IwZ6k9muSp2vJe4wX52qwbQISCAa8A
tGp0SprK4Ht+bnKvPMBU7aeRJbD4/mPGP6IDMJpLXknj0zEyYUpPyolDKvoDqTBP
cKzGqhyTywBXl+enmS89OmZ3Wzy90txROLFYROGbmfgQ
-----END CERTIFICATE-----