Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/UTCT1imBH0gPbFRwj2Z1eGZutKY.roa
File:                     UTCT1imBH0gPbFRwj2Z1eGZutKY.roa (raw, json)
Hash identifier:          3bURSAZ6gq5mDl5sCOImW53ftqofBGoZ55b3mikt/3s=
Subject key identifier:   51:30:93:D6:29:81:1F:48:0F:6C:54:70:8F:66:75:78:66:6E:B4:A6
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       018CC49395C9D842E5E4801D505E30F2ED7A
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/UTCT1imBH0gPbFRwj2Z1eGZutKY.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        212.4.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:c9:d8:42:e5:e4:80:1d:50:5e:30:f2:ed:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=513093d629811f480f6c54708f667578666eb4a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3a:c6:b1:30:56:c7:9b:3f:ca:0c:1b:2f:37:
                    64:74:b2:ca:58:33:ed:e1:9e:31:c9:1d:73:e7:10:
                    ed:14:c1:6d:80:4d:7c:7e:1b:dd:dc:65:dd:1c:82:
                    0e:99:0d:36:f7:e2:ce:7a:cc:31:ba:14:e4:73:e2:
                    42:62:69:4f:ae:27:3e:99:ef:3b:ef:d3:81:c8:8c:
                    92:01:8c:bf:88:3b:35:ff:22:ec:e2:de:10:9b:93:
                    23:9f:ed:11:1b:fb:14:af:a8:77:dd:ff:b1:17:91:
                    9a:a5:7b:bf:a0:24:18:8d:49:98:86:1c:86:81:dd:
                    d2:39:87:9a:2c:86:8a:82:fe:7a:d5:fc:f2:f9:05:
                    e3:f3:e5:32:10:02:b1:f5:ce:69:6b:24:bf:ff:68:
                    ba:30:a4:cc:d8:b7:20:a1:0d:97:8a:de:ee:f5:ae:
                    af:bb:56:1f:81:41:26:84:2d:b1:b2:84:db:fb:0e:
                    cb:79:4f:b5:c3:ed:0f:a8:19:6d:bf:34:90:07:89:
                    dc:08:66:68:a9:3f:94:ce:19:e6:6d:c6:46:12:a6:
                    98:4e:65:cf:c2:71:c6:12:2b:42:9a:26:d9:84:17:
                    72:47:0b:03:60:e5:ff:48:ff:2d:19:f0:75:e3:a6:
                    f0:76:90:20:ec:49:ea:ab:04:90:8b:48:35:47:52:
                    82:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:30:93:D6:29:81:1F:48:0F:6C:54:70:8F:66:75:78:66:6E:B4:A6
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/UTCT1imBH0gPbFRwj2Z1eGZutKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:86:b9:bf:50:b3:78:dc:51:15:89:4e:7d:f8:c0:00:07:43:
         e1:f3:b2:7c:63:93:79:12:7b:bf:e5:f6:52:e7:cd:c9:15:7e:
         91:30:c1:48:23:63:67:4b:15:6b:6f:ea:be:55:5c:24:6a:a3:
         73:68:1d:cd:15:53:e3:5e:c4:53:28:e3:2b:e5:ec:7d:78:cc:
         53:00:b8:5f:c3:8d:97:6b:41:b6:3e:62:2b:e1:0e:a3:ad:f7:
         e6:05:4b:81:0d:63:53:ef:40:53:2f:20:03:cf:fc:7c:fd:15:
         19:75:29:0c:1f:fe:c7:4f:cb:6c:1f:06:33:a0:7b:83:84:e4:
         41:d0:65:39:98:ff:4b:d5:df:f2:6a:89:3c:df:5e:1e:7e:6b:
         ba:54:eb:c4:81:95:d7:8b:5c:c2:d1:78:73:18:b1:63:11:ff:
         59:83:ca:79:06:f3:d3:91:c7:f7:f2:5b:d4:1a:47:1e:00:0a:
         50:06:21:d7:ed:48:fb:29:1f:fa:1a:2d:2e:49:5e:5d:b9:1a:
         fc:86:3d:af:b3:39:6c:e6:d6:47:97:7d:82:2b:6c:d1:3c:33:
         2f:33:39:fb:5e:e7:b4:f0:81:78:a1:79:bb:52:78:27:19:49:
         06:45:94:34:3f:18:da:0e:20:3a:31:ed:3b:39:d2:cc:e7:d7:
         1a:31:ae:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5XJ2ELl5IAdUF4w8u16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTMwOTNkNjI5ODExZjQ4MGY2YzU0NzA4ZjY2NzU3ODY2NmViNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jrGsTBWx5s/ygwbLzdkdLLKWDPt
4Z4xyR1z5xDtFMFtgE18fhvd3GXdHIIOmQ029+LOeswxuhTkc+JCYmlPric+me87
79OByIySAYy/iDs1/yLs4t4Qm5Mjn+0RG/sUr6h33f+xF5GapXu/oCQYjUmYhhyG
gd3SOYeaLIaKgv561fzy+QXj8+UyEAKx9c5payS//2i6MKTM2LcgoQ2Xit7u9a6v
u1YfgUEmhC2xsoTb+w7LeU+1w+0PqBltvzSQB4ncCGZoqT+UzhnmbcZGEqaYTmXP
wnHGEitCmibZhBdyRwsDYOX/SP8tGfB146bwdpAg7EnqqwSQi0g1R1KC7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEwk9YpgR9ID2xUcI9mdXhmbrSmMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvVVRDVDFpbUJIMGdQYkZSd2oyWjFlR1p1dEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ATwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+hrm/ULN43FEViU59+MAAB0Ph87J8Y5N5Enu/5fZS
583JFX6RMMFII2NnSxVrb+q+VVwkaqNzaB3NFVPjXsRTKOMr5ex9eMxTALhfw42X
a0G2PmIr4Q6jrffmBUuBDWNT70BTLyADz/x8/RUZdSkMH/7HT8tsHwYzoHuDhORB
0GU5mP9L1d/yaok8314efmu6VOvEgZXXi1zC0XhzGLFjEf9Zg8p5BvPTkcf38lvU
GkceAApQBiHX7Uj7KR/6Gi0uSV5duRr8hj2vszls5tZHl32CK2zRPDMvMzn7Xue0
8IF4oXm7UngnGUkGRZQ0PxjaDiA6Me07OdLM59caMa6u
-----END CERTIFICATE-----