Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/5ZT52kMEobxvFXTOTdjCARdRTO0.roa
File:                     5ZT52kMEobxvFXTOTdjCARdRTO0.roa (raw, json)
Hash identifier:          v2f91r5oh4mewNkKndE8X6hCX9DgfxChejVuGssqXfw=
Subject key identifier:   E5:94:F9:DA:43:04:A1:BC:6F:15:74:CE:4D:D8:C2:01:17:51:4C:ED
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       018CCA2B0D7CDF6D48716FB513B39619F947
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/5ZT52kMEobxvFXTOTdjCARdRTO0.roa
Signing time:             Tue 02 Jan 2024 12:34:28 +0000
ROA not before:           Tue 02 Jan 2024 12:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209943
IP address blocks:        213.83.7.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0d:7c:df:6d:48:71:6f:b5:13:b3:96:19:f9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  2 12:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e594f9da4304a1bc6f1574ce4dd8c20117514ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:aa:52:73:32:60:b1:f5:4f:29:dd:1a:81:81:
                    68:d8:5a:ed:86:19:90:41:15:d6:4d:7f:b2:36:3a:
                    37:8d:dd:bc:71:49:cc:d6:39:84:96:6b:06:70:35:
                    a2:a3:86:65:2a:5a:43:95:78:f0:1f:8c:35:22:6c:
                    2a:94:5d:50:59:da:1c:e5:d7:45:af:f4:f9:27:fc:
                    f4:26:a5:b9:30:20:e5:a4:0b:8d:50:fa:45:2c:a3:
                    84:98:50:ad:81:90:8c:e1:d7:59:59:70:75:c4:04:
                    08:b9:97:b1:8f:50:c9:d8:1e:ae:e9:e2:3b:22:df:
                    29:f2:7e:7d:a5:6c:c6:99:5a:d5:81:ee:41:6c:f3:
                    c7:e9:29:77:59:17:7d:57:24:0a:4a:67:98:aa:b3:
                    2d:8f:46:36:fc:79:7d:0d:d1:aa:1e:af:71:ed:40:
                    bb:ea:e4:63:50:dd:b6:35:45:c7:d2:84:3a:62:a6:
                    b2:79:57:13:07:0b:3f:fe:92:71:9b:e1:30:58:fd:
                    15:26:bd:11:8c:91:90:ff:6e:fd:b1:ec:c3:74:8a:
                    a1:65:30:dd:c3:8b:0e:de:b0:96:8f:b8:df:0b:65:
                    f9:58:09:b1:4d:36:cc:2c:12:39:b3:fa:cc:bf:60:
                    77:a7:00:21:9e:26:d9:94:e6:5e:2c:7a:bc:98:9b:
                    30:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:94:F9:DA:43:04:A1:BC:6F:15:74:CE:4D:D8:C2:01:17:51:4C:ED
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/5ZT52kMEobxvFXTOTdjCARdRTO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.83.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:a5:b9:1d:c6:7b:1e:fc:2b:29:c5:da:61:c3:4c:bf:79:1d:
         46:42:4f:33:a5:41:8b:e4:6c:99:b9:ce:b3:95:34:23:07:dd:
         bb:64:eb:f6:a0:8d:62:53:b3:38:06:ef:cf:32:cb:69:83:ef:
         27:87:33:b8:c7:4f:88:02:e7:cd:3f:b9:93:85:e3:e6:01:6a:
         4f:9c:fd:7b:fd:15:d7:05:ff:1b:35:5b:05:2c:39:53:c2:c7:
         12:5d:bf:13:69:ce:75:5a:84:01:02:89:db:14:f7:76:5d:de:
         c6:d6:66:d6:72:32:7d:bb:2d:b3:eb:4e:55:85:47:0c:5c:8f:
         cb:30:2e:b2:4c:ba:cb:97:65:84:74:51:ff:16:c7:df:31:50:
         07:d3:d6:12:a9:41:b6:6c:cb:87:dc:4f:5d:51:33:21:a2:58:
         65:64:ec:a2:14:40:26:9c:dd:7f:a8:1f:9c:ad:aa:8a:0d:59:
         bd:94:14:8b:59:c8:89:0c:77:90:13:13:eb:62:8b:13:ed:3e:
         75:40:a0:56:24:12:a3:47:c5:d9:cc:40:cb:55:d1:c0:20:ad:
         7f:a6:d1:5f:58:58:7d:67:d9:f2:01:17:d1:4b:fd:05:0e:c6:
         51:6f:3a:bb:6e:f4:f2:d8:c8:cb:09:6c:30:72:41:6b:73:0b:
         09:ea:a6:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKw18321IcW+1E7OWGflHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjQwMTAyMTIzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTk0ZjlkYTQzMDRhMWJjNmYxNTc0Y2U0ZGQ4YzIwMTE3NTE0Y2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKpSczJgsfVPKd0agYFo2FrthhmQ
QRXWTX+yNjo3jd28cUnM1jmElmsGcDWio4ZlKlpDlXjwH4w1ImwqlF1QWdoc5ddF
r/T5J/z0JqW5MCDlpAuNUPpFLKOEmFCtgZCM4ddZWXB1xAQIuZexj1DJ2B6u6eI7
It8p8n59pWzGmVrVge5BbPPH6Sl3WRd9VyQKSmeYqrMtj0Y2/Hl9DdGqHq9x7UC7
6uRjUN22NUXH0oQ6YqayeVcTBws//pJxm+EwWP0VJr0RjJGQ/279sezDdIqhZTDd
w4sO3rCWj7jfC2X5WAmxTTbMLBI5s/rMv2B3pwAhnibZlOZeLHq8mJswvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWU+dpDBKG8bxV0zk3YwgEXUUztMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvNVpUNTJrTUVvYnh2RlhUT1RkakNBUmRSVE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VMHMA0G
CSqGSIb3DQEBCwUAA4IBAQDEpbkdxnse/Cspxdphw0y/eR1GQk8zpUGL5GyZuc6z
lTQjB927ZOv2oI1iU7M4Bu/PMstpg+8nhzO4x0+IAufNP7mThePmAWpPnP17/RXX
Bf8bNVsFLDlTwscSXb8Tac51WoQBAonbFPd2Xd7G1mbWcjJ9uy2z605VhUcMXI/L
MC6yTLrLl2WEdFH/FsffMVAH09YSqUG2bMuH3E9dUTMholhlZOyiFEAmnN1/qB+c
raqKDVm9lBSLWciJDHeQExPrYosT7T51QKBWJBKjR8XZzEDLVdHAIK1/ptFfWFh9
Z9nyARfRS/0FDsZRbzq7bvTy2MjLCWwwckFrcwsJ6qZl
-----END CERTIFICATE-----