Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/3si2DKoUoi-Bh864dEwo_lZaHBM.roa
File:                     3si2DKoUoi-Bh864dEwo_lZaHBM.roa (raw, json)
Hash identifier:          1u0qr0kFB3MhCiEY7GchZHSDCZR9xF/xdft2e9c+pqc=
Subject key identifier:   DE:C8:B6:0C:AA:14:A2:2F:81:87:CE:B8:74:4C:28:FE:56:5A:1C:13
Certificate issuer:       /CN=79a1cf1aa8fbc4e33378673ebd05364880e2a91f
Certificate serial:       018CC793441964A307CA128488DFBFD75BDB
Authority key identifier: 79:A1:CF:1A:A8:FB:C4:E3:33:78:67:3E:BD:05:36:48:80:E2:A9:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaHPGqj7xOMzeGc-vQU2SIDiqR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/3si2DKoUoi-Bh864dEwo_lZaHBM.roa
Signing time:             Tue 02 Jan 2024 00:29:26 +0000
ROA not before:           Tue 02 Jan 2024 00:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.87.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/eaHPGqj7xOMzeGc-vQU2SIDiqR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/eaHPGqj7xOMzeGc-vQU2SIDiqR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaHPGqj7xOMzeGc-vQU2SIDiqR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:44:19:64:a3:07:ca:12:84:88:df:bf:d7:5b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a1cf1aa8fbc4e33378673ebd05364880e2a91f
        Validity
            Not Before: Jan  2 00:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dec8b60caa14a22f8187ceb8744c28fe565a1c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:19:6b:7c:dc:f4:a5:0a:6a:a0:04:68:c6:18:
                    03:6e:2d:d4:e4:62:a7:53:62:38:fe:83:36:a2:a4:
                    35:a8:0e:c2:d2:ba:d1:93:1a:a3:c1:bf:50:26:d0:
                    7e:ef:83:13:d0:b3:76:1a:e7:9c:92:2c:4b:11:58:
                    49:7b:b1:fc:3d:08:30:de:58:28:b0:f9:09:f4:69:
                    77:0d:9d:7d:2e:77:eb:52:5e:ad:7f:31:00:29:6e:
                    32:0c:4f:dd:34:a8:51:a9:e7:f9:8a:16:07:4b:74:
                    90:c7:c7:08:7f:c9:20:23:bc:35:21:ed:c3:e2:f8:
                    cb:9f:d2:16:88:0e:02:fc:88:d7:69:11:8f:e6:95:
                    b4:d7:13:af:9b:90:c6:65:47:49:d8:75:69:f4:02:
                    87:55:91:a5:e0:e9:ff:e5:ce:33:ba:6e:e6:68:3b:
                    66:0e:d5:b3:51:92:e7:af:0a:fe:3f:21:6a:0e:7b:
                    57:d2:8c:3f:d3:b2:9b:a6:0d:0f:4a:35:37:9b:33:
                    6a:7c:c2:ce:5a:e5:19:be:f9:47:4a:30:64:3b:cf:
                    b1:28:33:1e:27:d4:7e:22:e3:77:5b:05:1c:0d:a2:
                    6d:6b:38:75:dc:6d:5e:da:d6:30:d9:eb:83:09:63:
                    c5:56:01:47:b3:44:3a:e4:ec:86:49:01:64:74:8e:
                    00:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C8:B6:0C:AA:14:A2:2F:81:87:CE:B8:74:4C:28:FE:56:5A:1C:13
            X509v3 Authority Key Identifier:
                keyid:79:A1:CF:1A:A8:FB:C4:E3:33:78:67:3E:BD:05:36:48:80:E2:A9:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaHPGqj7xOMzeGc-vQU2SIDiqR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/3si2DKoUoi-Bh864dEwo_lZaHBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/df5bad-ac59-413e-9ad0-5995ae8acb9f/1/eaHPGqj7xOMzeGc-vQU2SIDiqR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.87.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:c6:c5:5d:4b:d7:d8:ea:6b:f3:59:92:49:04:97:9d:04:39:
         76:ae:93:6d:64:dc:bd:56:18:95:e9:8a:24:11:5d:94:a6:c2:
         7f:3a:4a:00:6b:9f:4a:b5:48:ec:3b:63:83:c5:12:e6:aa:12:
         40:61:0f:eb:3b:d6:3f:3c:46:e7:27:ee:f5:ee:b3:74:e5:71:
         64:6d:d3:19:04:d5:dc:bf:dc:5d:3d:c0:19:c6:cb:92:3b:cd:
         f6:e7:ed:91:b5:9c:3b:7e:eb:eb:27:46:d6:a4:9f:12:7e:64:
         c2:57:1f:3f:9d:fc:9c:a8:b3:67:49:61:da:3f:26:c0:12:11:
         b7:3f:7f:00:9a:16:4f:dd:6a:99:84:b5:c3:0f:4b:c3:06:62:
         f2:a3:5b:d9:95:91:34:63:9f:d0:63:39:a3:c1:cd:d9:31:5e:
         34:d2:eb:f0:d3:4c:e4:2b:ba:1d:8c:77:bf:3f:dd:e2:64:43:
         80:22:ab:b6:7f:66:60:35:37:b1:41:6a:cb:08:3d:5b:0a:3e:
         ca:9a:3e:c5:d2:a5:4c:dc:38:37:13:78:0e:4b:68:72:b1:b0:
         86:93:29:d2:1f:50:6a:39:20:65:8a:c9:c1:02:27:51:4a:95:
         73:2a:b0:fd:91:e7:85:63:72:d4:1e:12:b8:f8:df:4d:30:95:
         39:8c:13:3c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHk0QZZKMHyhKEiN+/11vbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTFjZjFhYThmYmM0ZTMzMzc4NjczZWJkMDUzNjQ4ODBl
MmE5MWYwHhcNMjQwMTAyMDAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWM4YjYwY2FhMTRhMjJmODE4N2NlYjg3NDRjMjhmZTU2NWExYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBlrfNz0pQpqoARoxhgDbi3U5GKn
U2I4/oM2oqQ1qA7C0rrRkxqjwb9QJtB+74MT0LN2GueckixLEVhJe7H8PQgw3lgo
sPkJ9Gl3DZ19LnfrUl6tfzEAKW4yDE/dNKhRqef5ihYHS3SQx8cIf8kgI7w1Ie3D
4vjLn9IWiA4C/IjXaRGP5pW01xOvm5DGZUdJ2HVp9AKHVZGl4On/5c4zum7maDtm
DtWzUZLnrwr+PyFqDntX0ow/07Kbpg0PSjU3mzNqfMLOWuUZvvlHSjBkO8+xKDMe
J9R+IuN3WwUcDaJtazh13G1e2tYw2euDCWPFVgFHs0Q65OyGSQFkdI4ALwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFN7ItgyqFKIvgYfOuHRMKP5WWhwTMB8GA1UdIwQY
MBaAFHmhzxqo+8TjM3hnPr0FNkiA4qkfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFIUEdxajd4T016ZUdjLXZRVTJTSURpcVI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9kZjViYWQtYWM1OS00MTNlLTlhZDAt
NTk5NWFlOGFjYjlmLzEvM3NpMkRLb1VvaS1CaDg2NGRFd29fbFphSEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9kZjViYWQtYWM1OS00MTNlLTlhZDAtNTk5NWFlOGFjYjlm
LzEvZWFIUEdxajd4T016ZUdjLXZRVTJTSURpcVI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjVcwDQYJ
KoZIhvcNAQELBQADggEBAE/GxV1L19jqa/NZkkkEl50EOXauk21k3L1WGJXpiiQR
XZSmwn86SgBrn0q1SOw7Y4PFEuaqEkBhD+s71j88Rucn7vXus3TlcWRt0xkE1dy/
3F09wBnGy5I7zfbn7ZG1nDt+6+snRtaknxJ+ZMJXHz+d/Jyos2dJYdo/JsASEbc/
fwCaFk/dapmEtcMPS8MGYvKjW9mVkTRjn9BjOaPBzdkxXjTS6/DTTOQruh2Md78/
3eJkQ4Aiq7Z/ZmA1N7FBassIPVsKPsqaPsXSpUzcODcTeA5LaHKxsIaTKdIfUGo5
IGWKycECJ1FKlXMqsP2R54VjctQeErj4300wlTmMEzw=
-----END CERTIFICATE-----