Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa
File:                     PY8D0xMyBueH8SBcufJ-POYw_Xo.roa (raw, json)
Hash identifier:          3TBsD43dbRFaEegzl5NiErMxEBlj/KSLyPfTOpqGQpo=
Subject key identifier:   3D:8F:03:D3:13:32:06:E7:87:F1:20:5C:B9:F2:7E:3C:E6:30:FD:7A
Certificate issuer:       /CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Certificate serial:       018EC2BC1FB1A219E4FF6A0C445D882712F9
Authority key identifier: 98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa
Signing time:             Tue 09 Apr 2024 12:01:32 +0000
ROA not before:           Tue 09 Apr 2024 12:01:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.251.0.0/16 maxlen: 24
                          217.69.96.0/20 maxlen: 24
                          2a00:5800::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:bc:1f:b1:a2:19:e4:ff:6a:0c:44:5d:88:27:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
        Validity
            Not Before: Apr  9 12:01:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d8f03d3133206e787f1205cb9f27e3ce630fd7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:16:46:e4:02:00:17:d7:80:0c:ed:24:d3:db:
                    72:5f:bc:d1:57:4b:4e:bc:57:ca:5f:ed:c9:43:78:
                    f7:db:f3:6f:68:de:cf:b5:c3:60:58:e7:8c:fe:dc:
                    6f:d6:77:46:7f:9f:a8:61:be:93:66:92:ab:26:05:
                    db:d5:e3:14:42:e6:09:3a:ff:1e:28:72:5e:dd:62:
                    23:34:6a:47:fa:99:96:8b:e8:68:00:25:78:70:30:
                    22:f7:12:d4:c7:35:9e:5b:d0:ab:4d:02:5a:2c:cf:
                    67:aa:53:37:89:06:e4:89:87:33:01:16:ec:8b:30:
                    99:33:b8:45:99:47:e2:95:37:a6:e9:77:7b:cb:5c:
                    15:53:c9:7d:d0:63:60:62:ad:c9:34:59:c7:17:e2:
                    26:ce:11:25:21:b8:df:17:d2:0f:4e:3b:de:1b:95:
                    3e:2f:5b:5a:e6:70:43:6d:fc:bc:39:aa:b1:24:c0:
                    1c:e1:27:61:33:75:3e:c5:a4:78:23:6d:fb:16:27:
                    04:a2:7a:e1:aa:02:d6:af:0f:27:96:18:11:fb:ac:
                    e6:f8:63:f8:35:d1:ce:af:81:f4:6f:fd:c0:23:16:
                    bc:0a:c1:5c:2f:7f:95:60:08:ed:31:f3:9f:05:5b:
                    1b:31:84:db:84:26:6b:5e:66:d1:f1:80:d3:6f:e4:
                    ee:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8F:03:D3:13:32:06:E7:87:F1:20:5C:B9:F2:7E:3C:E6:30:FD:7A
            X509v3 Authority Key Identifier:
                keyid:98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.251.0.0/16
                  217.69.96.0/20
                IPv6:
                  2a00:5800::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:3e:c5:89:19:ac:c6:9a:30:e2:c5:b6:1c:b8:2f:46:90:f9:
         5f:7f:7d:ce:00:73:d1:f5:7a:fa:4b:b0:98:00:e5:ce:09:f6:
         f3:47:73:b0:58:ca:a5:ab:f9:82:86:1c:5c:0f:34:1b:5a:9d:
         f1:7d:1f:17:ef:9e:78:07:1d:00:77:ca:8d:5d:8c:2b:01:93:
         e3:00:ea:29:0e:9f:c3:ce:2c:91:45:c2:2c:07:91:d6:e7:48:
         52:5f:b3:16:ab:ef:e8:ae:47:63:32:62:b3:cf:6a:86:4b:f3:
         73:ca:95:67:18:78:49:d7:6b:08:00:23:fc:54:92:52:aa:2c:
         37:34:13:84:96:d3:80:5b:0a:fc:cd:3c:1a:f1:88:8b:ba:c9:
         84:a5:d2:e8:8e:04:bf:cd:70:94:63:d3:bb:5c:12:f3:8c:74:
         28:67:80:c3:7a:14:6f:8d:5e:b0:4e:32:60:cd:0a:d3:8a:7b:
         98:9e:95:11:84:8c:f7:6b:59:8e:92:f0:11:bb:bb:13:5a:c7:
         60:7d:ca:aa:ff:95:34:dd:0f:cc:a3:c9:85:5d:dd:6c:ed:bd:
         d1:22:8a:b2:24:16:21:2b:ed:ed:06:ce:09:22:f9:3f:2d:df:
         e3:08:9c:89:ec:f3:0a:30:67:d9:62:04:f7:5a:d2:c0:3c:54:
         26:71:8b:ce
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY7CvB+xohnk/2oMRF2IJxL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTE4Njg3ZmRkNmZmODBmYjA5OGE5ZWVlZjA2ZGUzNzdm
ODVkNmUwHhcNMjQwNDA5MTIwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhmMDNkMzEzMzIwNmU3ODdmMTIwNWNiOWYyN2UzY2U2MzBmZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhZG5AIAF9eADO0k09tyX7zRV0tO
vFfKX+3JQ3j32/NvaN7PtcNgWOeM/txv1ndGf5+oYb6TZpKrJgXb1eMUQuYJOv8e
KHJe3WIjNGpH+pmWi+hoACV4cDAi9xLUxzWeW9CrTQJaLM9nqlM3iQbkiYczARbs
izCZM7hFmUfilTem6Xd7y1wVU8l90GNgYq3JNFnHF+ImzhElIbjfF9IPTjveG5U+
L1ta5nBDbfy8OaqxJMAc4SdhM3U+xaR4I237FicEonrhqgLWrw8nlhgR+6zm+GP4
NdHOr4H0b/3AIxa8CsFcL3+VYAjtMfOfBVsbMYTbhCZrXmbR8YDTb+Tu/QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFD2PA9MTMgbnh/EgXLnyfjzmMP16MB8GA1UdIwQY
MBaAFJgRhof91v+A+wmKnu7wbeN3+F1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYt
NjlhZjBhNmU5ODliLzEvUFk4RDB4TXlCdWVIOFNCY3VmSi1QT1l3X1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYtNjlhZjBhNmU5ODli
LzEvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAk/sDBATZ
RWAwDQQCAAIwBwMFACoAWAAwDQYJKoZIhvcNAQELBQADggEBADA+xYkZrMaaMOLF
thy4L0aQ+V9/fc4Ac9H1evpLsJgA5c4J9vNHc7BYyqWr+YKGHFwPNBtanfF9Hxfv
nngHHQB3yo1djCsBk+MA6ikOn8POLJFFwiwHkdbnSFJfsxar7+iuR2MyYrPPaoZL
83PKlWcYeEnXawgAI/xUklKqLDc0E4SW04BbCvzNPBrxiIu6yYSl0uiOBL/NcJRj
07tcEvOMdChngMN6FG+NXrBOMmDNCtOKe5ielRGEjPdrWY6S8BG7uxNax2B9yqr/
lTTdD8yjyYVd3WztvdEiirIkFiEr7e0Gzgki+T8t3+MInIns8wowZ9liBPda0sA8
VCZxi84=
-----END CERTIFICATE-----