Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/3XHwmwXSsJUX4CfzKCIGEfXMV68.roa
File:                     3XHwmwXSsJUX4CfzKCIGEfXMV68.roa (raw, json)
Hash identifier:          L8hCBUplhds6UPIaVacTIz/9O6G6RCMK9tqnxchcjB8=
Subject key identifier:   DD:71:F0:9B:05:D2:B0:95:17:E0:27:F3:28:22:06:11:F5:CC:57:AF
Certificate issuer:       /CN=4e7545eee66daa39443ff9f88f522447f7863783
Certificate serial:       018CC8DF10CACBCC0C2BB11C5D45401DF47B
Authority key identifier: 4E:75:45:EE:E6:6D:AA:39:44:3F:F9:F8:8F:52:24:47:F7:86:37:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TnVF7uZtqjlEP_n4j1IkR_eGN4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/3XHwmwXSsJUX4CfzKCIGEfXMV68.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58059
IP address blocks:        193.3.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/TnVF7uZtqjlEP_n4j1IkR_eGN4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/TnVF7uZtqjlEP_n4j1IkR_eGN4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TnVF7uZtqjlEP_n4j1IkR_eGN4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:10:ca:cb:cc:0c:2b:b1:1c:5d:45:40:1d:f4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e7545eee66daa39443ff9f88f522447f7863783
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd71f09b05d2b09517e027f328220611f5cc57af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:30:03:a8:db:a8:2b:4c:d7:e8:d0:54:27:
                    fd:98:3e:af:dd:8b:a7:ae:ae:34:bb:4c:89:6a:39:
                    5f:cf:1a:22:26:ef:43:4a:21:c7:5a:74:d4:24:60:
                    92:00:91:d1:e9:25:42:4d:6d:ed:79:40:92:8e:24:
                    95:14:3c:f0:50:66:2a:dc:b6:9e:d4:6e:63:d6:75:
                    aa:9f:2c:dc:1d:4e:6e:9a:c9:1f:51:b1:0e:26:3a:
                    84:a5:29:59:ae:a9:15:df:33:55:34:de:0b:3d:2f:
                    26:06:08:91:fb:50:f4:37:58:fa:25:43:be:3c:2f:
                    10:d0:4f:01:10:4e:19:24:c2:f6:da:25:e5:03:6b:
                    66:3b:cc:4f:ef:31:da:9c:4f:92:05:77:bb:b1:e4:
                    10:d3:17:2b:c3:1f:aa:2d:08:28:e9:5d:4d:3d:bb:
                    bb:10:dd:33:0a:e4:75:72:0a:1a:c3:27:0c:96:48:
                    95:93:df:b7:3d:1b:c1:a2:25:6d:64:82:b2:78:2b:
                    5d:d7:79:1b:3a:a8:16:f5:20:87:91:98:81:34:f6:
                    a2:84:bf:ee:ac:6c:92:a5:7d:3f:13:54:2e:b6:d6:
                    2a:59:52:88:b7:f1:bc:45:da:0c:68:0c:63:11:a5:
                    a4:d2:1a:05:af:61:2e:3c:07:60:43:d3:bf:2d:da:
                    1b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:71:F0:9B:05:D2:B0:95:17:E0:27:F3:28:22:06:11:F5:CC:57:AF
            X509v3 Authority Key Identifier:
                keyid:4E:75:45:EE:E6:6D:AA:39:44:3F:F9:F8:8F:52:24:47:F7:86:37:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TnVF7uZtqjlEP_n4j1IkR_eGN4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/3XHwmwXSsJUX4CfzKCIGEfXMV68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/a53644-9da6-4d29-b9b6-e78cfa79eff1/1/TnVF7uZtqjlEP_n4j1IkR_eGN4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:26:96:c6:2b:8e:1d:75:74:24:5a:9a:6c:88:d0:94:46:8d:
         f2:11:25:eb:37:7f:50:e4:1f:e4:e2:a9:c3:50:33:4b:de:e8:
         bb:6c:68:e4:3a:ee:f3:4e:b8:b6:4f:dd:93:5a:e0:2c:37:6e:
         e6:30:23:af:0b:c0:7a:98:54:26:1a:10:ad:09:48:70:de:f5:
         6a:e1:32:b4:a4:f0:76:ee:61:c5:74:74:91:18:2b:58:dd:04:
         0d:9d:13:10:7f:c7:a2:0f:7b:bb:06:08:63:60:7e:e4:cb:cf:
         12:cc:58:07:84:ea:0e:b8:19:2a:c6:70:3d:62:12:8f:e5:93:
         3c:56:98:e5:30:83:5e:f0:d2:4d:e8:98:09:ee:87:da:41:a8:
         b8:26:b5:c8:b1:c7:f1:15:60:06:3a:bf:99:24:e4:d1:00:47:
         56:bb:07:94:c1:69:9b:21:2d:ef:52:0b:2b:bd:fb:48:7d:87:
         fc:4f:24:de:fa:7c:45:dd:d4:20:52:13:4c:68:67:54:d6:fb:
         b2:77:a9:87:91:33:9c:a7:d5:80:1a:00:6d:38:91:fb:e1:9c:
         e2:50:bd:f9:c8:17:e4:2f:7d:c7:fa:ae:0a:61:28:b8:dc:37:
         ba:18:c9:2c:bf:b7:df:30:95:d2:8b:d7:98:e5:9a:c1:b2:36:
         54:3a:3f:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xDKy8wMK7EcXUVAHfR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNzU0NWVlZTY2ZGFhMzk0NDNmZjlmODhmNTIyNDQ3Zjc4
NjM3ODMwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDcxZjA5YjA1ZDJiMDk1MTdlMDI3ZjMyODIyMDYxMWY1Y2M1N2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY4wA6jbqCtM1+jQVCf9mD6v3Yun
rq40u0yJajlfzxoiJu9DSiHHWnTUJGCSAJHR6SVCTW3teUCSjiSVFDzwUGYq3Lae
1G5j1nWqnyzcHU5umskfUbEOJjqEpSlZrqkV3zNVNN4LPS8mBgiR+1D0N1j6JUO+
PC8Q0E8BEE4ZJML22iXlA2tmO8xP7zHanE+SBXe7seQQ0xcrwx+qLQgo6V1NPbu7
EN0zCuR1cgoawycMlkiVk9+3PRvBoiVtZIKyeCtd13kbOqgW9SCHkZiBNPaihL/u
rGySpX0/E1QuttYqWVKIt/G8RdoMaAxjEaWk0hoFr2EuPAdgQ9O/LdobsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1x8JsF0rCVF+An8ygiBhH1zFevMB8GA1UdIwQY
MBaAFE51Re7mbao5RD/5+I9SJEf3hjeDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG5WRjd1WnRxamxFUF9uNGoxSWtSX2VHTjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9hNTM2NDQtOWRhNi00ZDI5LWI5YjYt
ZTc4Y2ZhNzllZmYxLzEvM1hId213WFNzSlVYNENmektDSUdFZlhNVjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9hNTM2NDQtOWRhNi00ZDI5LWI5YjYtZTc4Y2ZhNzllZmYx
LzEvVG5WRjd1WnRxamxFUF9uNGoxSWtSX2VHTjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMjMA0G
CSqGSIb3DQEBCwUAA4IBAQBbJpbGK44ddXQkWppsiNCURo3yESXrN39Q5B/k4qnD
UDNL3ui7bGjkOu7zTri2T92TWuAsN27mMCOvC8B6mFQmGhCtCUhw3vVq4TK0pPB2
7mHFdHSRGCtY3QQNnRMQf8eiD3u7BghjYH7ky88SzFgHhOoOuBkqxnA9YhKP5ZM8
VpjlMINe8NJN6JgJ7ofaQai4JrXIscfxFWAGOr+ZJOTRAEdWuweUwWmbIS3vUgsr
vftIfYf8TyTe+nxF3dQgUhNMaGdU1vuyd6mHkTOcp9WAGgBtOJH74ZziUL35yBfk
L33H+q4KYSi43De6GMksv7ffMJXSi9eY5ZrBsjZUOj9v
-----END CERTIFICATE-----