Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/pMc7Ql1zgTKnJoi0Q3G88YacrxI.roa
File:                     pMc7Ql1zgTKnJoi0Q3G88YacrxI.roa (raw, json)
Hash identifier:          BlqRpgboFx58Pp09H3YGOuvvzS+Nmegp7axf1GyMm2Y=
Subject key identifier:   A4:C7:3B:42:5D:73:81:32:A7:26:88:B4:43:71:BC:F1:86:9C:AF:12
Certificate issuer:       /CN=3bca34a3034177d084338d33b089b7e03cca3a8a
Certificate serial:       018CC6B840CA5A9DE12E19AEF22ED440C51E
Authority key identifier: 3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/pMc7Ql1zgTKnJoi0Q3G88YacrxI.roa
Signing time:             Mon 01 Jan 2024 20:30:13 +0000
ROA not before:           Mon 01 Jan 2024 20:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29624
IP address blocks:        82.212.192.0/19 maxlen: 19
                          2a00:cb0::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:40:ca:5a:9d:e1:2e:19:ae:f2:2e:d4:40:c5:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bca34a3034177d084338d33b089b7e03cca3a8a
        Validity
            Not Before: Jan  1 20:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4c73b425d738132a72688b44371bcf1869caf12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b4:de:d7:0b:50:22:cf:60:50:8b:ef:78:bc:
                    3c:a5:01:5f:fa:ed:79:07:db:6e:f4:36:da:cf:0d:
                    68:b9:06:be:ed:c7:83:6a:c3:5b:3b:8e:f8:5b:ad:
                    43:28:fd:4e:e6:f9:db:9f:84:37:57:bd:62:bc:75:
                    2f:03:fd:d5:c2:04:82:6f:a1:4e:76:4a:8d:79:c8:
                    07:40:31:b9:eb:b8:fa:b5:37:6c:42:c7:6e:72:a2:
                    be:79:90:e9:ea:64:35:ba:6f:01:d2:d4:4e:80:db:
                    c7:b3:5d:85:29:21:93:16:71:4b:9a:7d:81:de:72:
                    4a:a7:cd:bb:6b:07:75:20:c0:e4:64:3d:df:5d:eb:
                    81:19:78:3c:d9:d3:ef:62:b5:fd:b5:5f:fd:f0:33:
                    ce:ff:ed:70:1e:b2:63:1f:a4:84:ad:8e:de:23:2b:
                    c7:ca:7b:48:0f:f8:9f:4b:4a:db:1d:21:12:8e:8a:
                    93:e2:1f:ea:a0:27:59:f5:e9:0c:db:b3:43:45:68:
                    f0:2f:e6:6d:e0:47:43:43:65:24:6c:59:d4:ce:6d:
                    35:f4:5a:6d:81:cd:0c:a6:a5:3f:8d:64:8b:48:01:
                    35:d3:6b:24:11:db:45:22:58:c3:7b:1b:77:fd:a4:
                    fc:bb:0f:a1:3d:8a:c5:e2:d4:e0:fd:03:04:da:a0:
                    1e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C7:3B:42:5D:73:81:32:A7:26:88:B4:43:71:BC:F1:86:9C:AF:12
            X509v3 Authority Key Identifier:
                keyid:3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/pMc7Ql1zgTKnJoi0Q3G88YacrxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.212.192.0/19
                IPv6:
                  2a00:cb0::/34

    Signature Algorithm: sha256WithRSAEncryption
         94:f8:ce:d6:02:ce:30:92:26:0d:c3:1d:af:02:96:12:30:23:
         e9:19:f6:8b:ba:78:4a:90:7e:ac:a9:e4:d3:5d:f7:70:f3:00:
         99:a7:18:52:b2:18:6b:f0:a2:97:23:02:f2:5f:8c:8b:1d:28:
         ad:f2:a7:07:3b:e9:bb:a4:94:82:d6:da:04:e6:8b:b5:39:29:
         67:76:fc:7f:e1:10:05:6c:1d:ea:e8:ea:1a:c4:fc:89:e6:2e:
         63:bf:d1:47:f9:00:9e:55:81:6a:93:73:bd:83:e9:44:34:4e:
         17:cf:c3:21:b7:7f:06:d4:1e:3e:8c:79:4c:70:81:ae:f6:36:
         c3:95:5d:d6:ba:f5:b8:2b:b0:c9:62:42:b2:b6:2c:4c:18:fc:
         ce:aa:5c:a7:0b:15:f8:ba:54:8d:b0:04:4d:58:06:3c:94:4f:
         7d:d3:89:c5:bc:d6:11:a8:de:5d:44:7e:91:c5:49:88:a6:74:
         a4:f3:3f:71:4b:16:8a:23:4b:86:35:da:8f:02:70:83:65:7d:
         f0:bb:76:c5:98:42:6d:f6:4c:ec:87:d0:ca:7a:c3:e8:c6:20:
         cb:b9:25:6e:1b:f1:d0:f9:1a:08:2f:c2:24:9d:d9:3c:50:48:
         30:28:84:91:b9:b6:f7:4c:2e:ea:75:a7:93:58:2a:d0:de:2a:
         c5:1d:0c:91
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGuEDKWp3hLhmu8i7UQMUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2EzNGEzMDM0MTc3ZDA4NDMzOGQzM2IwODliN2UwM2Nj
YTNhOGEwHhcNMjQwMTAxMjAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM3M2I0MjVkNzM4MTMyYTcyNjg4YjQ0MzcxYmNmMTg2OWNhZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbTe1wtQIs9gUIvveLw8pQFf+u15
B9tu9Dbazw1ouQa+7ceDasNbO474W61DKP1O5vnbn4Q3V71ivHUvA/3VwgSCb6FO
dkqNecgHQDG567j6tTdsQsducqK+eZDp6mQ1um8B0tROgNvHs12FKSGTFnFLmn2B
3nJKp827awd1IMDkZD3fXeuBGXg82dPvYrX9tV/98DPO/+1wHrJjH6SErY7eIyvH
yntID/ifS0rbHSESjoqT4h/qoCdZ9ekM27NDRWjwL+Zt4EdDQ2UkbFnUzm019Fpt
gc0MpqU/jWSLSAE102skEdtFIljDext3/aT8uw+hPYrF4tTg/QME2qAeqwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKTHO0Jdc4EypyaItENxvPGGnK8SMB8GA1UdIwQY
MBaAFDvKNKMDQXfQhDONM7CJt+A8yjqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDIt
ODk3NTNmMmI0N2RjLzEvcE1jN1FsMXpnVEtuSm9pMFEzRzg4WWFjcnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDItODk3NTNmMmI0N2Rj
LzEvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQFUtTAMA4E
AgACMAgDBgYqAAywADANBgkqhkiG9w0BAQsFAAOCAQEAlPjO1gLOMJImDcMdrwKW
EjAj6Rn2i7p4SpB+rKnk0133cPMAmacYUrIYa/CilyMC8l+Mix0orfKnBzvpu6SU
gtbaBOaLtTkpZ3b8f+EQBWwd6ujqGsT8ieYuY7/RR/kAnlWBapNzvYPpRDROF8/D
Ibd/BtQePox5THCBrvY2w5Vd1rr1uCuwyWJCsrYsTBj8zqpcpwsV+LpUjbAETVgG
PJRPfdOJxbzWEajeXUR+kcVJiKZ0pPM/cUsWiiNLhjXajwJwg2V98Lt2xZhCbfZM
7IfQynrD6MYgy7klbhvx0PkaCC/CJJ3ZPFBIMCiEkbm290wu6nWnk1gq0N4qxR0M
kQ==
-----END CERTIFICATE-----