Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/3n_56JWKOXWgz_XWpbx8MTM7LU0.roa
File:                     3n_56JWKOXWgz_XWpbx8MTM7LU0.roa (raw, json)
Hash identifier:          n21owNVWm3o04gq4+sKgwmwvhdEqlqnex9MiZ6ygEbY=
Subject key identifier:   DE:7F:F9:E8:95:8A:39:75:A0:CF:F5:D6:A5:BC:7C:31:33:3B:2D:4D
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348B096F83B0E4E4C869C4A6F33E499
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/3n_56JWKOXWgz_XWpbx8MTM7LU0.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205447
IP address blocks:        94.240.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b0:96:f8:3b:0e:4e:4c:86:9c:4a:6f:33:e4:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de7ff9e8958a3975a0cff5d6a5bc7c31333b2d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f2:da:bf:85:7d:4b:84:20:fd:8e:8c:5d:9c:
                    04:95:da:80:3b:d7:b1:22:02:84:8b:15:22:5b:38:
                    3f:0e:2c:85:10:2b:ac:e7:48:5f:90:c9:80:29:8f:
                    30:e3:2d:07:10:d8:e7:67:21:12:8c:4f:42:31:f1:
                    33:c4:2b:ee:42:cc:d9:7e:cc:b7:99:b2:5d:26:23:
                    68:e7:42:92:52:1f:11:19:63:b8:d6:15:cf:d6:ab:
                    f9:bd:e0:26:2f:1c:48:da:f9:eb:86:6c:a6:60:c7:
                    94:20:d7:f9:7f:5a:7c:74:34:6b:ee:35:10:05:6a:
                    6c:0e:2c:d2:70:4d:78:6f:53:c2:7a:8e:1c:8a:ec:
                    79:3b:03:7f:56:ae:6b:ca:d2:34:81:9f:55:a2:f1:
                    11:ed:fc:fd:53:2b:08:0e:ed:c0:45:3c:70:cf:bb:
                    e1:b1:7b:36:a8:35:20:b3:13:8d:b6:66:12:49:7c:
                    b9:35:d4:21:c2:ac:bd:58:25:94:9a:c0:29:90:03:
                    29:66:e3:43:11:18:4d:03:ba:41:2e:11:4c:ed:1a:
                    30:fb:1c:94:e4:f3:d6:3e:96:7b:53:2b:7a:eb:b4:
                    0a:f4:1a:8f:1e:bc:f7:91:72:57:87:05:2d:16:d6:
                    70:5e:4b:70:67:86:b9:c1:e5:7e:d2:59:6e:1a:8b:
                    7d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7F:F9:E8:95:8A:39:75:A0:CF:F5:D6:A5:BC:7C:31:33:3B:2D:4D
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/3n_56JWKOXWgz_XWpbx8MTM7LU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b8:77:bd:df:ad:27:db:82:02:59:35:7a:63:0a:92:1a:96:
         52:56:73:dc:19:cf:c7:e1:fb:e2:e4:dc:2c:0f:bd:cd:58:91:
         de:5e:be:7d:b4:02:0c:6a:b5:59:47:36:2f:ea:de:01:e0:27:
         87:da:7a:dd:a3:5c:fe:73:5e:66:4c:8a:05:6b:77:3e:4a:91:
         e6:44:4d:c9:3b:ab:17:39:62:32:e3:94:3a:20:b0:10:9e:0f:
         48:00:c7:d4:e9:dd:82:38:74:1e:3a:05:4f:c8:74:c9:09:f5:
         d1:6e:62:7c:e5:89:3b:ce:34:fd:4b:d0:42:49:0c:d3:3e:1f:
         77:85:c7:16:1c:a3:21:cb:b7:02:ca:5d:60:41:df:a0:9a:ea:
         4f:5b:c7:fa:5c:3f:90:df:f9:79:b5:e8:23:4e:7d:12:a5:fb:
         ff:1c:4d:eb:34:a7:80:cb:16:a7:32:36:cc:43:f4:32:8c:8b:
         50:d2:26:68:81:ff:7d:43:78:5d:cd:9b:f2:fd:30:e4:1d:c5:
         f4:2b:a4:ad:96:72:b8:05:d6:b8:18:0b:71:77:d7:b8:b0:28:
         84:a6:be:20:b5:d2:ea:9d:3d:75:35:eb:f9:0d:46:83:cc:0d:
         8f:b5:92:1f:c2:f1:c7:3c:87:b5:f9:8d:bb:f0:2b:7e:89:b5:
         a7:52:3b:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLCW+DsOTkyGnEpvM+SZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdmZjllODk1OGEzOTc1YTBjZmY1ZDZhNWJjN2MzMTMzM2IyZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPLav4V9S4Qg/Y6MXZwEldqAO9ex
IgKEixUiWzg/DiyFECus50hfkMmAKY8w4y0HENjnZyESjE9CMfEzxCvuQszZfsy3
mbJdJiNo50KSUh8RGWO41hXP1qv5veAmLxxI2vnrhmymYMeUINf5f1p8dDRr7jUQ
BWpsDizScE14b1PCeo4ciux5OwN/Vq5rytI0gZ9VovER7fz9UysIDu3ARTxwz7vh
sXs2qDUgsxONtmYSSXy5NdQhwqy9WCWUmsApkAMpZuNDERhNA7pBLhFM7Row+xyU
5PPWPpZ7Uyt667QK9BqPHrz3kXJXhwUtFtZwXktwZ4a5weV+0lluGot93QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5/+eiVijl1oM/11qW8fDEzOy1NMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvM25fNTZKV0tPWFdnel9YV3BieDhNVE03TFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAbMA0G
CSqGSIb3DQEBCwUAA4IBAQB8uHe9360n24ICWTV6YwqSGpZSVnPcGc/H4fvi5Nws
D73NWJHeXr59tAIMarVZRzYv6t4B4CeH2nrdo1z+c15mTIoFa3c+SpHmRE3JO6sX
OWIy45Q6ILAQng9IAMfU6d2COHQeOgVPyHTJCfXRbmJ85Yk7zjT9S9BCSQzTPh93
hccWHKMhy7cCyl1gQd+gmupPW8f6XD+Q3/l5tegjTn0Spfv/HE3rNKeAyxanMjbM
Q/QyjItQ0iZogf99Q3hdzZvy/TDkHcX0K6StlnK4Bda4GAtxd9e4sCiEpr4gtdLq
nT11Nev5DUaDzA2PtZIfwvHHPIe1+Y278Ct+ibWnUjtq
-----END CERTIFICATE-----