Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/r3aVxLTMgy5v0rGi7hxs0w-zfp0.roa
File:                     r3aVxLTMgy5v0rGi7hxs0w-zfp0.roa (raw, json)
Hash identifier:          y+YCt9z7vCpmN8yKc8oNRHuqKD8RCeG37zDjfysOocE=
Subject key identifier:   AF:76:95:C4:B4:CC:83:2E:6F:D2:B1:A2:EE:1C:6C:D3:0F:B3:7E:9D
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC7933DDF2F6662E034D849C1E2038B28
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/r3aVxLTMgy5v0rGi7hxs0w-zfp0.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39486
IP address blocks:        171.22.248.0/22 maxlen: 24
                          194.116.248.0/22 maxlen: 24
                          193.42.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3d:df:2f:66:62:e0:34:d8:49:c1:e2:03:8b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af7695c4b4cc832e6fd2b1a2ee1c6cd30fb37e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:29:59:4a:73:b3:6a:2f:df:fa:fc:15:e8:e5:
                    f7:7f:fe:8e:ae:7a:be:96:93:90:43:48:e4:28:77:
                    3e:a1:cf:3c:c3:00:6e:74:6e:5b:3d:30:8c:24:e0:
                    b9:47:b9:62:7a:dc:d8:20:e4:0f:5e:3d:d8:49:66:
                    d7:4a:f9:6c:bc:c4:cf:b8:88:ff:81:f9:f4:ae:64:
                    19:51:ec:e8:7b:55:4a:cf:42:d1:89:67:d7:ac:e8:
                    9a:d2:b3:ce:96:b1:76:8c:fc:d9:ba:f1:ab:1a:3e:
                    c2:1c:4d:13:c8:c8:50:6f:ea:f3:f9:de:81:25:97:
                    a1:2a:32:ff:f3:5a:48:82:cc:8c:0f:1e:0a:99:b6:
                    8e:fd:53:93:20:6a:c7:22:db:76:4c:0b:4f:b2:f1:
                    16:9b:89:a5:9f:63:20:9e:35:8b:fa:18:4d:11:77:
                    d2:78:eb:59:b3:e9:f9:d1:3d:40:91:8b:65:b9:d7:
                    df:57:33:e8:1f:15:fa:ef:13:4d:1c:7b:60:a2:8a:
                    1b:6d:f7:4a:39:32:94:9d:33:7d:60:65:13:b9:ae:
                    c7:68:76:2c:8c:d0:6e:eb:fa:0e:4e:fe:eb:2e:3d:
                    6b:3a:9c:ee:2a:c7:27:12:5e:37:85:c9:9a:1d:1d:
                    3d:40:aa:db:fe:92:b6:b6:d0:98:56:cd:d1:c9:bf:
                    42:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:76:95:C4:B4:CC:83:2E:6F:D2:B1:A2:EE:1C:6C:D3:0F:B3:7E:9D
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/r3aVxLTMgy5v0rGi7hxs0w-zfp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.248.0/22
                  193.42.224.0/22
                  194.116.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:2a:63:3e:6b:40:49:00:46:7a:d0:03:20:7f:ff:cd:65:29:
         ca:52:d2:da:68:ca:4e:7b:10:28:00:15:99:a1:0e:40:69:d9:
         1a:1e:50:e7:5e:84:52:55:31:cf:dc:be:ac:f9:bd:83:c5:70:
         c8:54:d0:78:d3:ac:f5:dc:4e:73:8d:3a:fe:8c:32:64:9b:57:
         6c:c4:9e:9a:eb:bc:33:2e:f4:f3:05:80:c8:16:f9:2b:8d:c6:
         c6:67:17:91:64:25:0a:61:e8:31:e0:88:ae:7d:4e:b7:a0:91:
         98:d6:f7:ed:5f:04:ef:72:45:80:87:ae:5c:03:a9:0b:c4:4e:
         72:86:60:6a:78:98:42:e0:88:b2:b0:bb:07:f1:9a:3d:d1:44:
         16:2d:17:08:b5:c0:94:1f:a3:94:f1:e7:e5:51:b0:b3:dd:b3:
         74:bf:d5:44:3d:6e:5f:8c:21:e9:d5:86:29:2b:84:49:e6:c9:
         92:da:01:02:ea:14:e3:8d:14:f7:b4:21:85:21:ba:b4:22:ab:
         09:97:a1:82:31:5a:1f:93:34:b7:3d:32:00:bf:08:63:bd:a8:
         ae:ae:62:bf:fb:35:82:f7:12:c6:a4:b3:c1:d2:3f:d5:61:37:
         00:16:8b:4b:a5:2e:67:36:49:2f:ef:d4:44:11:8b:29:68:7e:
         78:29:71:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHkz3fL2Zi4DTYScHiA4soMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc2OTVjNGI0Y2M4MzJlNmZkMmIxYTJlZTFjNmNkMzBmYjM3ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ClZSnOzai/f+vwV6OX3f/6Ornq+
lpOQQ0jkKHc+oc88wwBudG5bPTCMJOC5R7lietzYIOQPXj3YSWbXSvlsvMTPuIj/
gfn0rmQZUezoe1VKz0LRiWfXrOia0rPOlrF2jPzZuvGrGj7CHE0TyMhQb+rz+d6B
JZehKjL/81pIgsyMDx4KmbaO/VOTIGrHItt2TAtPsvEWm4mln2MgnjWL+hhNEXfS
eOtZs+n50T1AkYtludffVzPoHxX67xNNHHtgooobbfdKOTKUnTN9YGUTua7HaHYs
jNBu6/oOTv7rLj1rOpzuKscnEl43hcmaHR09QKrb/pK2ttCYVs3Ryb9CwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK92lcS0zIMub9Kxou4cbNMPs36dMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvcjNhVnhMVE1neTV2MHJHaTdoeHMwdy16ZnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCqxb4AwQC
wSrgAwQCwnT4MA0GCSqGSIb3DQEBCwUAA4IBAQDAKmM+a0BJAEZ60AMgf//NZSnK
UtLaaMpOexAoABWZoQ5AadkaHlDnXoRSVTHP3L6s+b2DxXDIVNB406z13E5zjTr+
jDJkm1dsxJ6a67wzLvTzBYDIFvkrjcbGZxeRZCUKYegx4IiufU63oJGY1vftXwTv
ckWAh65cA6kLxE5yhmBqeJhC4IiysLsH8Zo90UQWLRcItcCUH6OU8eflUbCz3bN0
v9VEPW5fjCHp1YYpK4RJ5smS2gEC6hTjjRT3tCGFIbq0IqsJl6GCMVofkzS3PTIA
vwhjvaiurmK/+zWC9xLGpLPB0j/VYTcAFotLpS5nNkkv79REEYspaH54KXHJ
-----END CERTIFICATE-----