Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/Z3nQUP1RdTNDwcgrxqdBVBgVY4g.roa
File:                     Z3nQUP1RdTNDwcgrxqdBVBgVY4g.roa (raw, json)
Hash identifier:          UYWvz/5i9vVIaIVjE2598gHucIA6EcctclESTYL80no=
Subject key identifier:   67:79:D0:50:FD:51:75:33:43:C1:C8:2B:C6:A7:41:54:18:15:63:88
Certificate issuer:       /CN=dd85dc6b6143a17feb49820ea520048958f48adc
Certificate serial:       018CC26D08F76555C858C11C7CB8B67D96F0
Authority key identifier: DD:85:DC:6B:61:43:A1:7F:EB:49:82:0E:A5:20:04:89:58:F4:8A:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3YXca2FDoX_rSYIOpSAEiVj0itw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/Z3nQUP1RdTNDwcgrxqdBVBgVY4g.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211928
IP address blocks:        83.242.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/3YXca2FDoX_rSYIOpSAEiVj0itw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/3YXca2FDoX_rSYIOpSAEiVj0itw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3YXca2FDoX_rSYIOpSAEiVj0itw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:08:f7:65:55:c8:58:c1:1c:7c:b8:b6:7d:96:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd85dc6b6143a17feb49820ea520048958f48adc
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6779d050fd51753343c1c82bc6a7415418156388
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:44:a5:0d:48:f7:b1:32:8e:21:c9:1e:12:f7:
                    24:e1:cb:fe:0c:0f:03:00:9e:3b:6a:ee:0b:a3:a1:
                    7b:43:85:8f:2b:2f:07:b3:1a:70:fb:25:28:f4:61:
                    88:e3:df:8a:83:e9:4c:23:70:a4:24:8a:fd:93:79:
                    2c:4b:19:e3:56:23:66:b8:9c:3a:99:1d:62:74:7b:
                    92:e2:44:2b:b8:2a:26:5d:91:92:a4:56:7f:3c:c5:
                    45:61:5f:97:06:f7:80:6c:8c:08:5b:db:bf:2e:e3:
                    db:e4:98:ef:e4:a6:a2:b7:9e:94:24:d4:d5:17:2d:
                    97:10:35:65:d1:65:e3:3b:83:02:c9:07:16:ca:81:
                    14:95:99:52:c0:b1:b9:d9:bd:10:1a:02:39:cb:c4:
                    64:84:9d:20:be:b2:b6:f3:3f:f8:1b:7e:9f:41:54:
                    9a:b5:ed:19:9d:db:f2:15:a6:71:ca:cd:46:c2:02:
                    d7:38:97:25:47:8d:d0:b8:1c:a4:da:ef:4c:9e:90:
                    d3:f0:cc:b7:d4:03:9b:d3:96:2b:8a:bd:a9:93:5c:
                    d6:7f:ed:1f:c2:77:d2:00:49:7c:33:91:cb:7a:d2:
                    eb:3b:69:4f:88:69:3c:56:ea:22:10:98:1a:6a:65:
                    29:56:ed:e9:82:1e:db:d3:e9:29:43:7d:f0:a9:5d:
                    4b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:79:D0:50:FD:51:75:33:43:C1:C8:2B:C6:A7:41:54:18:15:63:88
            X509v3 Authority Key Identifier:
                keyid:DD:85:DC:6B:61:43:A1:7F:EB:49:82:0E:A5:20:04:89:58:F4:8A:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3YXca2FDoX_rSYIOpSAEiVj0itw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/Z3nQUP1RdTNDwcgrxqdBVBgVY4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2a1d35-6e31-40e6-94b4-4ac856a8182d/1/3YXca2FDoX_rSYIOpSAEiVj0itw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.242.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c3:af:de:04:c5:19:31:06:16:80:df:58:b1:59:dc:11:51:
         ff:d3:d9:23:9c:94:6a:06:b1:b1:1d:0f:66:2b:72:6c:93:56:
         bb:2b:94:a0:72:d2:d0:d6:14:01:66:20:f7:aa:ed:58:94:55:
         f9:8c:e4:f5:07:0c:c4:0c:54:ef:eb:3c:0d:4e:28:a9:8f:98:
         cd:98:c2:f9:f8:d9:bd:17:04:d5:ad:89:50:8f:46:b4:9c:76:
         5b:d5:b8:ef:c2:00:bb:57:5c:c2:91:b7:e5:16:3e:3e:b6:e8:
         1d:b4:07:d7:25:82:d2:2a:b3:72:20:a6:7c:da:ce:9d:04:f7:
         38:57:eb:0b:1c:69:3d:ff:5d:1b:c7:60:9b:7c:eb:04:e2:05:
         05:7e:da:76:ea:60:ac:28:90:6d:18:9f:bd:b5:df:34:27:3e:
         b5:2a:44:ce:03:58:73:8f:11:53:13:e2:f3:fd:53:86:e2:d8:
         2d:8f:b1:c4:6c:2e:b9:1a:55:44:14:e8:10:40:3d:a7:e3:6f:
         1f:53:72:e3:0e:bc:3f:53:7d:a4:1a:4c:63:dd:db:8c:5d:5e:
         0c:d1:45:14:e2:33:9d:82:6a:c4:8a:98:c8:78:86:33:13:1f:
         f6:2b:ed:ef:e1:d9:02:8f:27:23:6e:e0:2c:e6:db:84:29:15:
         95:b7:d8:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQj3ZVXIWMEcfLi2fZbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkODVkYzZiNjE0M2ExN2ZlYjQ5ODIwZWE1MjAwNDg5NThm
NDhhZGMwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc5ZDA1MGZkNTE3NTMzNDNjMWM4MmJjNmE3NDE1NDE4MTU2Mzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkSlDUj3sTKOIckeEvck4cv+DA8D
AJ47au4Lo6F7Q4WPKy8Hsxpw+yUo9GGI49+Kg+lMI3CkJIr9k3ksSxnjViNmuJw6
mR1idHuS4kQruComXZGSpFZ/PMVFYV+XBveAbIwIW9u/LuPb5Jjv5Kait56UJNTV
Fy2XEDVl0WXjO4MCyQcWyoEUlZlSwLG52b0QGgI5y8RkhJ0gvrK28z/4G36fQVSa
te0ZndvyFaZxys1GwgLXOJclR43QuByk2u9MnpDT8My31AOb05Yrir2pk1zWf+0f
wnfSAEl8M5HLetLrO2lPiGk8VuoiEJgaamUpVu3pgh7b0+kpQ33wqV1LnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd50FD9UXUzQ8HIK8anQVQYFWOIMB8GA1UdIwQY
MBaAFN2F3GthQ6F/60mCDqUgBIlY9IrcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lYY2EyRkRvWF9yU1lJT3BTQUVpVmowaXR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8yYTFkMzUtNmUzMS00MGU2LTk0YjQt
NGFjODU2YTgxODJkLzEvWjNuUVVQMVJkVE5Ed2NncnhxZEJWQmdWWTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8yYTFkMzUtNmUzMS00MGU2LTk0YjQtNGFjODU2YTgxODJk
LzEvM1lYY2EyRkRvWF9yU1lJT3BTQUVpVmowaXR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/JrMA0G
CSqGSIb3DQEBCwUAA4IBAQCKw6/eBMUZMQYWgN9YsVncEVH/09kjnJRqBrGxHQ9m
K3Jsk1a7K5SgctLQ1hQBZiD3qu1YlFX5jOT1BwzEDFTv6zwNTiipj5jNmML5+Nm9
FwTVrYlQj0a0nHZb1bjvwgC7V1zCkbflFj4+tugdtAfXJYLSKrNyIKZ82s6dBPc4
V+sLHGk9/10bx2CbfOsE4gUFftp26mCsKJBtGJ+9td80Jz61KkTOA1hzjxFTE+Lz
/VOG4tgtj7HEbC65GlVEFOgQQD2n428fU3LjDrw/U32kGkxj3duMXV4M0UUU4jOd
gmrEipjIeIYzEx/2K+3v4dkCjycjbuAs5tuEKRWVt9is
-----END CERTIFICATE-----