Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OR3tyz5DThZfIiVGJnYo51Xf4lY.roa
File:                     OR3tyz5DThZfIiVGJnYo51Xf4lY.roa (raw, json)
Hash identifier:          zxMkiqh/74aejygE1ROkOCldVq8hvhm9AUYZUpC+y9M=
Subject key identifier:   39:1D:ED:CB:3E:43:4E:16:5F:22:25:46:26:76:28:E7:55:DF:E2:56
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D62D3F893D518E2BD7A0AE09426D2596E
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OR3tyz5DThZfIiVGJnYo51Xf4lY.roa
Signing time:             Thu 01 Feb 2024 04:01:15 +0000
ROA not before:           Thu 01 Feb 2024 04:01:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        83.147.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:62:d3:f8:93:d5:18:e2:bd:7a:0a:e0:94:26:d2:59:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb  1 04:01:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391dedcb3e434e165f222546267628e755dfe256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9e:cc:6f:e2:e1:35:e2:19:62:e3:f6:03:72:
                    3c:78:46:25:2a:7f:8d:1f:60:f9:4a:ba:a8:75:88:
                    d7:63:cc:65:41:11:65:7a:b5:f0:95:86:34:20:00:
                    d1:dd:9e:12:82:d6:f2:b8:ec:0c:06:8a:78:a5:10:
                    51:fc:a1:bb:fb:26:25:f4:12:00:b4:67:2d:1d:c0:
                    0f:cc:6e:5d:84:03:1e:43:86:74:f3:6e:18:ff:e6:
                    32:b2:38:50:a2:e3:6b:dd:a6:da:f8:3a:a0:c1:5a:
                    59:06:13:19:ad:20:98:d5:ff:c1:3c:8e:f1:b7:54:
                    6a:4d:cf:24:56:72:ee:42:fc:ec:db:88:f8:5f:67:
                    2d:af:04:6a:83:52:01:a0:98:18:dc:4f:27:18:e9:
                    b5:72:b6:9e:0b:c6:54:08:e0:59:f6:5e:d9:94:05:
                    cd:58:0c:29:8c:c1:a3:e1:c8:ac:c1:ab:63:c5:f3:
                    2e:5c:db:a6:ed:f7:3d:c0:b8:44:0a:91:00:a6:78:
                    30:6a:4a:4d:5b:ff:3d:8d:e5:a3:53:a6:b8:c2:7e:
                    57:34:98:9a:3a:e0:ed:61:1c:4b:3d:fa:ee:4a:b6:
                    c6:df:6a:a2:1d:32:d0:43:18:18:43:6f:5a:8e:8f:
                    f7:0f:9e:2e:bc:35:76:74:c6:2c:13:ce:7a:4f:8b:
                    9e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1D:ED:CB:3E:43:4E:16:5F:22:25:46:26:76:28:E7:55:DF:E2:56
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OR3tyz5DThZfIiVGJnYo51Xf4lY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:0a:da:de:02:a1:39:e2:a8:9d:29:d8:07:80:ee:de:8f:7a:
         e8:4f:49:49:bf:c9:44:2a:78:7c:05:6c:99:c3:99:17:e3:f7:
         21:fb:f3:4f:e6:4f:72:0f:d4:00:7e:e0:eb:42:82:e5:f7:99:
         d8:7a:34:53:70:a1:e6:63:e2:78:67:af:a6:de:c5:b2:fa:cd:
         4a:63:5b:dc:59:bf:ce:cb:83:d4:c5:a4:52:1e:8e:94:aa:a0:
         85:96:fd:59:89:89:25:fb:69:1d:ad:ff:71:c6:41:0e:95:70:
         3c:05:e5:91:c2:75:f6:68:d3:9a:09:59:ef:84:7b:ab:44:00:
         d5:da:c4:30:09:e8:88:45:6b:36:90:22:be:26:71:ea:75:aa:
         66:ba:00:ad:39:45:bd:c9:49:d7:59:fd:19:ba:14:7c:e1:f9:
         50:9d:ca:1f:7f:04:17:6f:b3:36:a3:fc:e6:3c:08:02:49:b9:
         77:b3:3e:46:d9:75:bb:29:a9:ff:89:1b:88:0e:02:17:ce:21:
         6c:da:9c:ba:52:01:7c:3c:e5:5b:14:06:65:6c:be:39:7f:61:
         1b:3d:97:02:c0:87:ee:4e:a7:06:6c:6d:f0:20:e1:f6:ea:47:
         4f:1e:bb:41:39:d7:ba:16:e3:01:c6:75:4e:1b:59:30:d4:65:
         f9:c6:e9:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1i0/iT1RjivXoK4JQm0lluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjAxMDQwMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFkZWRjYjNlNDM0ZTE2NWYyMjI1NDYyNjc2MjhlNzU1ZGZlMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ7Mb+LhNeIZYuP2A3I8eEYlKn+N
H2D5SrqodYjXY8xlQRFlerXwlYY0IADR3Z4SgtbyuOwMBop4pRBR/KG7+yYl9BIA
tGctHcAPzG5dhAMeQ4Z0824Y/+YysjhQouNr3aba+DqgwVpZBhMZrSCY1f/BPI7x
t1RqTc8kVnLuQvzs24j4X2ctrwRqg1IBoJgY3E8nGOm1craeC8ZUCOBZ9l7ZlAXN
WAwpjMGj4ciswatjxfMuXNum7fc9wLhECpEApngwakpNW/89jeWjU6a4wn5XNJia
OuDtYRxLPfruSrbG32qiHTLQQxgYQ29ajo/3D54uvDV2dMYsE856T4uevQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkd7cs+Q04WXyIlRiZ2KOdV3+JWMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvT1IzdHl6NURUaFpmSWlWR0puWW81MVhmNGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5P4MA0G
CSqGSIb3DQEBCwUAA4IBAQAKCtreAqE54qidKdgHgO7ej3roT0lJv8lEKnh8BWyZ
w5kX4/ch+/NP5k9yD9QAfuDrQoLl95nYejRTcKHmY+J4Z6+m3sWy+s1KY1vcWb/O
y4PUxaRSHo6UqqCFlv1ZiYkl+2kdrf9xxkEOlXA8BeWRwnX2aNOaCVnvhHurRADV
2sQwCeiIRWs2kCK+JnHqdapmugCtOUW9yUnXWf0ZuhR84flQncoffwQXb7M2o/zm
PAgCSbl3sz5G2XW7Kan/iRuIDgIXziFs2py6UgF8POVbFAZlbL45f2EbPZcCwIfu
TqcGbG3wIOH26kdPHrtBOde6FuMBxnVOG1kw1GX5xul+
-----END CERTIFICATE-----