Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/3VMpfutC4PtOfBVWHLjLyTErnck.roa
File:                     3VMpfutC4PtOfBVWHLjLyTErnck.roa (raw, json)
Hash identifier:          rZLqqqS1FuR3pZkvNaxR1XouHScBQi1P2Flp/l6VrDQ=
Subject key identifier:   DD:53:29:7E:EB:42:E0:FB:4E:7C:15:56:1C:B8:CB:C9:31:2B:9D:C9
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F9184227916A216576D55E5A1C641
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/3VMpfutC4PtOfBVWHLjLyTErnck.roa
Signing time:             Tue 02 Jan 2024 04:30:04 +0000
ROA not before:           Tue 02 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44698
IP address blocks:        84.237.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:91:84:22:79:16:a2:16:57:6d:55:e5:a1:c6:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd53297eeb42e0fb4e7c15561cb8cbc9312b9dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e3:07:8e:7d:8b:25:c1:95:64:72:05:74:d5:
                    bf:84:94:96:f4:90:51:a9:f7:54:dc:ed:36:38:11:
                    00:ef:78:22:61:66:1f:28:b9:6d:f8:8d:db:18:e0:
                    9e:0a:7e:d8:74:bd:2b:d4:5d:51:29:98:b2:6d:b0:
                    81:8d:be:f1:7b:eb:1f:c5:c5:6c:1f:9e:bc:09:60:
                    fd:c2:68:ef:af:13:f1:a0:1d:12:62:44:99:bd:7a:
                    6e:c1:24:c8:9f:4b:f2:2c:39:ed:92:db:04:9a:a7:
                    11:74:26:11:16:07:e4:93:af:a4:98:41:c8:a7:a8:
                    ba:bc:5c:fd:51:5d:c0:15:29:e4:aa:c2:3f:88:1a:
                    f3:03:7c:01:6b:8c:88:80:bb:c7:88:be:88:5d:bf:
                    91:aa:21:43:ce:9a:ea:d5:4b:2b:9b:af:cc:13:e2:
                    26:61:21:2f:1c:29:54:bc:16:12:fd:cb:5d:61:4f:
                    ad:b3:a8:86:26:07:3b:5d:0f:61:a7:36:e3:f9:72:
                    52:2c:64:ca:39:be:3d:a6:57:c6:92:90:ab:89:80:
                    85:20:b5:f9:f2:f0:e8:32:39:ee:0c:c1:6b:70:80:
                    96:3a:31:42:87:67:d8:70:03:f2:e4:07:f6:93:c3:
                    3f:91:21:32:db:d0:37:ac:ef:2a:ba:34:b5:c5:a8:
                    54:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:53:29:7E:EB:42:E0:FB:4E:7C:15:56:1C:B8:CB:C9:31:2B:9D:C9
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/3VMpfutC4PtOfBVWHLjLyTErnck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.237.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c1:5e:de:d1:e8:22:88:e3:65:63:13:55:c8:07:fc:77:12:
         9b:57:46:34:3b:ba:d8:de:c3:65:a5:04:c0:aa:f4:b0:d5:fe:
         01:80:9d:b3:99:d1:7a:d8:c2:dc:aa:66:bf:35:45:fc:5a:a6:
         3b:1c:c1:af:ed:97:63:e8:a8:36:22:c6:f3:7d:ca:d4:30:37:
         84:2a:71:d0:65:78:b0:2d:4a:b6:49:1c:ae:06:c0:fe:d9:31:
         68:fd:c1:18:c1:be:99:38:74:c5:3b:27:ed:ce:1c:b2:11:5c:
         b2:40:85:27:4d:c5:34:d2:46:25:a8:58:ec:d3:e9:bb:cb:fb:
         b3:36:0c:f4:bd:b0:3e:12:30:e1:e7:c2:9f:a5:03:f1:8e:26:
         5b:b1:b5:70:64:da:00:79:d1:61:b5:72:00:a2:c1:74:3d:d8:
         1f:ab:e6:53:36:aa:32:d5:88:aa:7c:c5:5c:3a:15:ab:7e:ed:
         ff:56:2c:99:32:f0:d4:5a:a2:3a:97:37:80:b6:e2:c0:67:83:
         f5:71:36:88:78:cc:71:37:5f:66:f5:79:94:40:20:c8:f3:5b:
         74:8b:78:57:a9:c0:07:9c:7c:cd:2e:0a:b5:bb:a5:d3:29:4d:
         5f:4a:73:74:a1:a7:44:34:ee:c8:c4:7f:f6:9d:3c:5b:a9:a4:
         bc:e0:45:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5GEInkWohZXbVXlocZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDUzMjk3ZWViNDJlMGZiNGU3YzE1NTYxY2I4Y2JjOTMxMmI5ZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uMHjn2LJcGVZHIFdNW/hJSW9JBR
qfdU3O02OBEA73giYWYfKLlt+I3bGOCeCn7YdL0r1F1RKZiybbCBjb7xe+sfxcVs
H568CWD9wmjvrxPxoB0SYkSZvXpuwSTIn0vyLDntktsEmqcRdCYRFgfkk6+kmEHI
p6i6vFz9UV3AFSnkqsI/iBrzA3wBa4yIgLvHiL6IXb+RqiFDzprq1Usrm6/ME+Im
YSEvHClUvBYS/ctdYU+ts6iGJgc7XQ9hpzbj+XJSLGTKOb49plfGkpCriYCFILX5
8vDoMjnuDMFrcICWOjFCh2fYcAPy5Af2k8M/kSEy29A3rO8qujS1xahU8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1TKX7rQuD7TnwVVhy4y8kxK53JMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvM1ZNcGZ1dEM0UHRPZkJWV0hMakx5VEVybmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVO3rMA0G
CSqGSIb3DQEBCwUAA4IBAQCCwV7e0egiiONlYxNVyAf8dxKbV0Y0O7rY3sNlpQTA
qvSw1f4BgJ2zmdF62MLcqma/NUX8WqY7HMGv7Zdj6Kg2IsbzfcrUMDeEKnHQZXiw
LUq2SRyuBsD+2TFo/cEYwb6ZOHTFOyftzhyyEVyyQIUnTcU00kYlqFjs0+m7y/uz
Ngz0vbA+EjDh58KfpQPxjiZbsbVwZNoAedFhtXIAosF0Pdgfq+ZTNqoy1YiqfMVc
OhWrfu3/ViyZMvDUWqI6lzeAtuLAZ4P1cTaIeMxxN19m9XmUQCDI81t0i3hXqcAH
nHzNLgq1u6XTKU1fSnN0oadENO7IxH/2nTxbqaS84EWF
-----END CERTIFICATE-----