Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3Pk7i14gcK7lVI2qTqK6taP2LsA.roa
File:                     3Pk7i14gcK7lVI2qTqK6taP2LsA.roa (raw, json)
Hash identifier:          1UjOxr3uAKbvetYg6vJ/No/G85q/LiUVXqn9bu9VzzU=
Subject key identifier:   DC:F9:3B:8B:5E:20:70:AE:E5:54:8D:AA:4E:A2:BA:B5:A3:F6:2E:C0
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE99C369F0A6D1FAFA9D91B5701E6
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3Pk7i14gcK7lVI2qTqK6taP2LsA.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47395
IP address blocks:        109.188.0.0/17 maxlen: 17
                          94.25.128.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e9:9c:36:9f:0a:6d:1f:af:a9:d9:1b:57:01:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcf93b8b5e2070aee5548daa4ea2bab5a3f62ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:80:23:a8:e9:16:3c:25:88:a7:a7:5c:1f:94:
                    0a:59:32:2d:d1:cb:63:63:a2:cc:cd:9e:e5:6d:b5:
                    a1:5f:b3:4d:5d:5c:0c:a6:42:68:c2:94:e1:08:d0:
                    ce:4b:90:9a:32:41:18:e3:16:42:c7:05:24:a0:54:
                    f3:aa:e9:a9:ff:c5:ba:2b:1e:a6:a2:b8:cd:22:4c:
                    19:38:0d:8e:b2:84:37:6b:5e:31:4e:ad:96:cd:c2:
                    8e:db:52:2f:7e:b7:d9:01:33:70:df:1f:bd:39:37:
                    05:7f:b2:53:1f:73:a6:6a:2e:9c:82:3a:aa:12:ad:
                    2a:9a:d0:d1:86:45:28:ac:40:cd:00:a3:c1:52:a0:
                    cb:d0:37:99:88:99:a0:e9:96:e1:9f:bc:4b:48:d5:
                    b9:ee:c8:8f:76:39:9a:94:57:e6:92:9f:dc:c1:c1:
                    b5:3e:db:dd:c6:67:bb:8c:ee:12:5c:c7:a9:61:28:
                    4a:f3:0e:0d:2c:42:81:8d:20:36:62:47:fb:6b:37:
                    60:74:83:bc:b1:d4:b2:99:da:0f:b9:aa:23:62:46:
                    fc:c9:f7:fa:1a:d5:43:06:ac:bd:6c:9b:03:ac:c7:
                    a6:69:cd:7d:d1:32:ec:6f:ab:ac:f7:d7:04:ec:29:
                    67:fa:ca:d1:ce:ae:4a:3a:b9:ae:b5:2c:98:12:5f:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F9:3B:8B:5E:20:70:AE:E5:54:8D:AA:4E:A2:BA:B5:A3:F6:2E:C0
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3Pk7i14gcK7lVI2qTqK6taP2LsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.25.128.0/18
                  109.188.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         33:6c:19:d5:2a:b2:99:71:e7:a7:34:76:00:82:99:29:73:32:
         1c:ba:60:76:0f:9c:2e:10:8b:3b:b3:d2:f1:a8:42:74:e9:88:
         a0:65:c1:fd:a1:36:40:b0:1a:e3:1a:1d:15:e4:60:f4:ab:c5:
         7e:a9:82:bc:72:30:b9:5c:67:9d:25:30:c4:e6:56:1b:1b:2e:
         4f:14:8e:d3:b1:21:a7:8a:6c:b3:2f:c8:15:e0:99:36:61:2d:
         2b:04:f3:6f:85:74:25:ff:cb:a1:e9:72:3d:48:51:d0:4d:87:
         06:7e:8c:24:8c:23:44:f9:26:95:76:cb:b9:03:07:f4:65:8d:
         02:1d:ee:e3:38:c7:15:82:22:37:24:21:76:c6:48:29:72:4f:
         d2:7d:20:46:47:31:dd:45:a8:99:12:bc:eb:5c:05:6b:5a:52:
         5f:61:14:c0:7e:a5:ed:aa:5a:ac:13:7f:14:41:f9:14:79:ba:
         50:30:9d:1b:85:52:bf:d8:c7:04:01:29:c2:a8:33:62:cb:64:
         13:68:fa:09:29:8a:be:7e:ce:d5:3d:66:71:01:bd:e4:05:62:
         45:d8:0d:87:da:8c:3d:7f:53:43:41:e4:07:52:e0:4e:28:fd:
         82:97:d9:aa:c1:81:32:45:43:43:58:0e:94:98:f1:af:02:8a:
         80:01:61:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbemcNp8KbR+vqdkbVwHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y5M2I4YjVlMjA3MGFlZTU1NDhkYWE0ZWEyYmFiNWEzZjYyZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4AjqOkWPCWIp6dcH5QKWTIt0ctj
Y6LMzZ7lbbWhX7NNXVwMpkJowpThCNDOS5CaMkEY4xZCxwUkoFTzqump/8W6Kx6m
orjNIkwZOA2OsoQ3a14xTq2WzcKO21IvfrfZATNw3x+9OTcFf7JTH3Omai6cgjqq
Eq0qmtDRhkUorEDNAKPBUqDL0DeZiJmg6Zbhn7xLSNW57siPdjmalFfmkp/cwcG1
Ptvdxme7jO4SXMepYShK8w4NLEKBjSA2Ykf7azdgdIO8sdSymdoPuaojYkb8yff6
GtVDBqy9bJsDrMemac190TLsb6us99cE7Cln+srRzq5KOrmutSyYEl+yRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNz5O4teIHCu5VSNqk6iurWj9i7AMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvM1BrN2kxNGdjSzdsVkkycVRxSzZ0YVAyTHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGXhmAAwQH
bbwAMA0GCSqGSIb3DQEBCwUAA4IBAQAzbBnVKrKZceenNHYAgpkpczIcumB2D5wu
EIs7s9LxqEJ06YigZcH9oTZAsBrjGh0V5GD0q8V+qYK8cjC5XGedJTDE5lYbGy5P
FI7TsSGnimyzL8gV4Jk2YS0rBPNvhXQl/8uh6XI9SFHQTYcGfowkjCNE+SaVdsu5
Awf0ZY0CHe7jOMcVgiI3JCF2xkgpck/SfSBGRzHdRaiZErzrXAVrWlJfYRTAfqXt
qlqsE38UQfkUebpQMJ0bhVK/2McEASnCqDNiy2QTaPoJKYq+fs7VPWZxAb3kBWJF
2A2H2ow9f1NDQeQHUuBOKP2Cl9mqwYEyRUNDWA6UmPGvAoqAAWGB
-----END CERTIFICATE-----