Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3xg7CsKP2-0fLuzpgkT04Y8a-3M.roa
File:                     3xg7CsKP2-0fLuzpgkT04Y8a-3M.roa (raw, json)
Hash identifier:          aSCMjlfhkHwpXbd03pHjtnRNOVmzv+BP8vvKdf8a3nU=
Subject key identifier:   DF:18:3B:0A:C2:8F:DB:ED:1F:2E:EC:E9:82:44:F4:E1:8F:1A:FB:73
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE4CDE6515975336C071DF124BBC8
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3xg7CsKP2-0fLuzpgkT04Y8a-3M.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200615
IP address blocks:        5.1.70.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e4:cd:e6:51:59:75:33:6c:07:1d:f1:24:bb:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df183b0ac28fdbed1f2eece98244f4e18f1afb73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f7:20:00:fe:10:7f:f5:97:7a:f1:2a:75:a0:
                    71:1e:57:1f:0d:c5:8e:4c:0f:a1:32:a1:b4:cb:b7:
                    bd:6e:5e:15:40:96:64:a7:dd:d1:a7:1d:58:47:4c:
                    02:6c:2a:7d:e1:09:4b:f4:e2:c4:32:d9:ff:37:9c:
                    12:07:8b:26:9b:56:38:80:5a:15:46:45:c5:be:1c:
                    bd:34:45:41:af:a2:d0:cf:3d:24:fa:0d:34:b4:7a:
                    d0:b5:cd:63:49:95:a6:9d:55:92:7f:a1:04:49:51:
                    cc:ac:fa:4d:c0:0a:12:a6:fb:5b:ac:98:c3:46:1a:
                    b1:80:f3:36:dd:04:0c:44:9f:8b:a6:06:12:9e:28:
                    be:c9:b4:ec:0c:1a:f5:1c:ea:7e:2a:ee:52:70:7f:
                    4d:d3:12:b5:33:cd:6d:55:59:00:c1:d8:93:aa:ad:
                    b6:39:66:23:8f:96:38:9f:dc:1d:4c:2e:55:89:49:
                    4d:e5:2c:f0:f5:a9:77:5b:33:02:a0:42:39:78:23:
                    77:96:67:52:85:89:e4:b5:5b:2e:2b:06:2d:ed:06:
                    be:16:c6:91:a3:09:66:22:ff:18:0f:f5:6e:90:99:
                    d0:dc:94:e3:44:94:af:f4:22:d5:36:60:52:c7:b9:
                    68:b1:2a:42:73:81:a9:bd:00:ce:c2:d1:0b:cc:5f:
                    b0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:18:3B:0A:C2:8F:DB:ED:1F:2E:EC:E9:82:44:F4:E1:8F:1A:FB:73
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3xg7CsKP2-0fLuzpgkT04Y8a-3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:13:96:ae:20:82:b3:74:67:03:7c:3a:96:d7:f9:06:2e:2d:
         67:b2:ef:90:c7:24:f7:c7:27:4f:17:a9:94:28:fe:c2:54:a5:
         45:e7:f2:7a:96:b0:ff:f0:d8:9b:88:07:38:19:4c:26:ba:c9:
         22:a9:a4:f2:1f:a9:23:3d:79:2e:83:31:9a:81:9d:58:30:ff:
         0a:a2:f6:5a:51:6c:4a:db:05:16:37:f0:9f:26:7a:15:bd:d5:
         f6:8f:68:67:a1:1d:aa:b5:ed:46:17:01:b2:7d:7b:73:f9:e7:
         3b:e5:15:e3:f2:ed:eb:cf:bd:a6:68:9c:0d:07:96:9a:2f:1f:
         83:bb:8e:0b:ff:76:78:cc:ab:3f:00:d4:82:32:76:84:75:cf:
         6d:30:ea:fd:4d:7b:d6:de:39:b1:2f:6d:18:74:1e:cc:6d:df:
         6a:9e:e5:37:32:fd:93:3a:34:88:2d:de:63:1b:44:14:22:5b:
         1e:c2:f1:83:c5:a5:73:f7:e5:f1:08:59:80:15:c5:1c:5f:24:
         ef:f3:88:74:78:f2:f3:16:c9:ae:7d:3b:55:b4:c9:b7:71:ef:
         de:e4:82:57:a4:2c:c4:4c:3e:ce:cf:5c:86:76:30:a4:38:f0:
         42:02:dc:a5:08:58:4e:57:e4:41:5d:0c:9b:0d:c5:f9:f3:70:
         1d:c1:42:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuTN5lFZdTNsBx3xJLvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjE4M2IwYWMyOGZkYmVkMWYyZWVjZTk4MjQ0ZjRlMThmMWFmYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifcgAP4Qf/WXevEqdaBxHlcfDcWO
TA+hMqG0y7e9bl4VQJZkp93Rpx1YR0wCbCp94QlL9OLEMtn/N5wSB4smm1Y4gFoV
RkXFvhy9NEVBr6LQzz0k+g00tHrQtc1jSZWmnVWSf6EESVHMrPpNwAoSpvtbrJjD
RhqxgPM23QQMRJ+LpgYSnii+ybTsDBr1HOp+Ku5ScH9N0xK1M81tVVkAwdiTqq22
OWYjj5Y4n9wdTC5ViUlN5Szw9al3WzMCoEI5eCN3lmdShYnktVsuKwYt7Qa+FsaR
owlmIv8YD/VukJnQ3JTjRJSv9CLVNmBSx7losSpCc4GpvQDOwtELzF+wOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8YOwrCj9vtHy7s6YJE9OGPGvtzMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvM3hnN0NzS1AyLTBmTHV6cGdrVDA0WThhLTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFGMA0G
CSqGSIb3DQEBCwUAA4IBAQBXE5auIIKzdGcDfDqW1/kGLi1nsu+QxyT3xydPF6mU
KP7CVKVF5/J6lrD/8NibiAc4GUwmuskiqaTyH6kjPXkugzGagZ1YMP8KovZaUWxK
2wUWN/CfJnoVvdX2j2hnoR2qte1GFwGyfXtz+ec75RXj8u3rz72maJwNB5aaLx+D
u44L/3Z4zKs/ANSCMnaEdc9tMOr9TXvW3jmxL20YdB7Mbd9qnuU3Mv2TOjSILd5j
G0QUIlsewvGDxaVz9+XxCFmAFcUcXyTv84h0ePLzFsmufTtVtMm3ce/e5IJXpCzE
TD7Oz1yGdjCkOPBCAtylCFhOV+RBXQybDcX583AdwUKl
-----END CERTIFICATE-----