Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/gnTXOsrpJeGjkjjVUUi_Op-cgmE.roa
File:                     gnTXOsrpJeGjkjjVUUi_Op-cgmE.roa (raw, json)
Hash identifier:          t8M+t6YSWXWo8hM5Qv0UY5RmvAuxVjTuVB12Io3CWH0=
Subject key identifier:   82:74:D7:3A:CA:E9:25:E1:A3:92:38:D5:51:48:BF:3A:9F:9C:82:61
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       018F3D110558190929E9359F205B2D34349E
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/gnTXOsrpJeGjkjjVUUi_Op-cgmE.roa
Signing time:             Fri 03 May 2024 06:07:56 +0000
ROA not before:           Fri 03 May 2024 06:07:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57358
IP address blocks:        82.98.73.0/24 maxlen: 32
                          2a02:2e0:3ec::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:11:05:58:19:09:29:e9:35:9f:20:5b:2d:34:34:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: May  3 06:07:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8274d73acae925e1a39238d55148bf3a9f9c8261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:37:ed:e3:47:84:3c:d4:05:d7:a3:89:71:d1:
                    e6:20:67:d1:15:71:27:76:45:e1:58:db:69:38:6c:
                    b7:70:70:10:1d:9a:9a:72:70:dd:d1:17:cc:c1:63:
                    39:ba:5d:74:8b:44:74:a7:1e:58:2b:8f:56:bb:d6:
                    6f:ea:b3:ee:48:f3:0b:8c:21:db:c0:3b:d4:86:de:
                    3c:ac:f3:5d:81:0d:f0:c1:d3:4f:85:ed:64:a6:fa:
                    76:b2:15:2d:50:86:61:85:51:8d:bc:cb:fc:4d:90:
                    89:a0:4e:26:d8:76:b3:c6:3f:d2:cd:e4:bc:fa:f7:
                    ea:f3:9e:37:26:0a:c4:1c:eb:70:9b:24:be:f4:ab:
                    1f:38:ae:bb:c4:f4:33:bd:42:db:be:ae:a1:ef:b9:
                    10:7a:24:da:29:7c:8a:f4:88:f4:59:7f:d5:72:76:
                    83:36:95:c6:e6:b8:9b:6f:27:40:cf:82:1d:49:47:
                    b4:8f:fd:f2:16:5a:b7:98:ea:eb:19:9b:96:0c:2f:
                    dc:72:a4:4e:a8:f6:fe:bd:49:12:1b:b6:88:b5:60:
                    3d:6d:f6:96:2e:4e:e7:fc:0c:71:81:d4:2d:a4:7e:
                    12:c0:0a:5a:d0:77:0d:79:42:60:4c:fc:a3:0b:24:
                    59:cd:3b:94:27:dd:e4:52:c8:7f:3c:89:17:e5:be:
                    40:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:74:D7:3A:CA:E9:25:E1:A3:92:38:D5:51:48:BF:3A:9F:9C:82:61
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/gnTXOsrpJeGjkjjVUUi_Op-cgmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.98.73.0/24
                IPv6:
                  2a02:2e0:3ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:98:9e:3d:e6:2d:db:c3:57:9c:4a:63:18:dd:48:53:61:30:
         22:ab:25:80:14:90:bf:cc:02:75:99:bb:52:65:ad:78:bb:f9:
         d0:a0:f1:d1:d9:19:d7:1f:cd:dc:90:1b:05:02:53:57:5a:3f:
         8b:7e:47:4a:6b:af:90:16:94:4b:75:1b:ee:80:30:7b:4a:29:
         a8:a4:e3:a5:1f:28:85:e8:45:67:70:75:fd:c5:40:f6:a6:93:
         56:03:9b:82:cd:db:97:a3:f0:99:a8:8b:c2:55:cf:f1:6d:ca:
         f2:bc:eb:b0:e8:d0:91:b3:b2:41:26:c1:78:8f:2b:35:1a:78:
         b9:11:e8:6a:b5:bb:47:34:20:83:99:2e:1d:62:04:29:f7:60:
         f1:b9:46:e3:a3:86:b6:4a:6e:1f:f2:83:af:1f:c5:97:cc:65:
         76:00:f2:bb:cb:56:47:a5:71:9d:58:31:07:3d:53:67:fb:80:
         50:66:00:9f:b2:ee:d9:cf:80:6d:45:54:9e:99:4d:ad:62:89:
         ea:5b:68:9f:6a:e0:ff:ec:8a:f0:49:44:f3:f3:1b:dd:0c:65:
         26:85:4f:93:ff:30:22:71:96:9b:6f:cc:d2:59:18:1f:8f:81:
         8f:a3:3f:ae:c8:ef:0b:e6:5f:b7:3f:d3:ad:9d:5e:c8:57:eb:
         7e:59:7f:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY89EQVYGQkp6TWfIFstNDSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjQwNTAzMDYwNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc0ZDczYWNhZTkyNWUxYTM5MjM4ZDU1MTQ4YmYzYTlmOWM4MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jft40eEPNQF16OJcdHmIGfRFXEn
dkXhWNtpOGy3cHAQHZqacnDd0RfMwWM5ul10i0R0px5YK49Wu9Zv6rPuSPMLjCHb
wDvUht48rPNdgQ3wwdNPhe1kpvp2shUtUIZhhVGNvMv8TZCJoE4m2Hazxj/SzeS8
+vfq8543JgrEHOtwmyS+9KsfOK67xPQzvULbvq6h77kQeiTaKXyK9Ij0WX/VcnaD
NpXG5ribbydAz4IdSUe0j/3yFlq3mOrrGZuWDC/ccqROqPb+vUkSG7aItWA9bfaW
Lk7n/AxxgdQtpH4SwApa0HcNeUJgTPyjCyRZzTuUJ93kUsh/PIkX5b5AzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIJ01zrK6SXho5I41VFIvzqfnIJhMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvZ25UWE9zcnBKZUdqa2pqVlVVaV9PcC1jZ21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUmJJMA8E
AgACMAkDBwAqAgLgA+wwDQYJKoZIhvcNAQELBQADggEBACyYnj3mLdvDV5xKYxjd
SFNhMCKrJYAUkL/MAnWZu1JlrXi7+dCg8dHZGdcfzdyQGwUCU1daP4t+R0prr5AW
lEt1G+6AMHtKKaik46UfKIXoRWdwdf3FQPamk1YDm4LN25ej8Jmoi8JVz/FtyvK8
67Do0JGzskEmwXiPKzUaeLkR6Gq1u0c0IIOZLh1iBCn3YPG5RuOjhrZKbh/yg68f
xZfMZXYA8rvLVkelcZ1YMQc9U2f7gFBmAJ+y7tnPgG1FVJ6ZTa1iiepbaJ9q4P/s
ivBJRPPzG90MZSaFT5P/MCJxlptvzNJZGB+PgY+jP67I7wvmX7c/062dXshX635Z
f2c=
-----END CERTIFICATE-----