Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/3yyynoGAGuOAaCqT6wiNbs8WI7o.roa
File:                     3yyynoGAGuOAaCqT6wiNbs8WI7o.roa (raw, json)
Hash identifier:          LU1Pac/g1FmSn9CcD/f7JwaFnmHjhRn6hP2mYtfdzWo=
Subject key identifier:   DF:2C:B2:9E:81:80:1A:E3:80:68:2A:93:EB:08:8D:6E:CF:16:23:BA
Certificate issuer:       /CN=8b054485ee62c6f1939613cba20669eef4504f79
Certificate serial:       018CC56EEFB0D56AB67EA4FA40CC386B9B5B
Authority key identifier: 8B:05:44:85:EE:62:C6:F1:93:96:13:CB:A2:06:69:EE:F4:50:4F:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/3yyynoGAGuOAaCqT6wiNbs8WI7o.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201735
IP address blocks:        141.170.210.0/23 maxlen: 24
                          141.170.212.0/23 maxlen: 24
                          141.170.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ef:b0:d5:6a:b6:7e:a4:fa:40:cc:38:6b:9b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b054485ee62c6f1939613cba20669eef4504f79
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df2cb29e81801ae380682a93eb088d6ecf1623ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a8:eb:eb:33:dd:8a:be:b9:6b:c5:05:b3:59:
                    f9:72:30:1a:01:e6:8a:c8:5e:fe:da:57:c3:01:2d:
                    fb:4f:6e:f0:3f:e3:ee:99:c5:26:fb:92:c6:4d:8f:
                    fa:a9:86:94:16:86:f7:9a:84:d4:e9:4e:70:f5:fb:
                    d4:52:55:27:ee:c4:a3:8e:ff:5f:8d:ac:1f:f3:a7:
                    8a:00:34:c1:01:27:86:a4:44:c4:db:3c:55:dc:61:
                    be:d5:33:c7:71:0f:81:d8:f7:21:de:74:56:9a:8a:
                    99:ce:20:72:fc:fb:9d:13:53:63:f1:72:0c:cf:6e:
                    09:57:5a:78:85:97:c0:fc:2b:91:f9:df:33:c1:9a:
                    11:8b:22:9a:14:4b:38:80:9d:c3:78:4d:b0:be:81:
                    b5:55:59:46:85:31:fe:aa:ab:4b:bd:28:4b:98:2c:
                    67:9f:4c:c5:5c:6f:3c:33:9f:61:31:2b:ca:f4:89:
                    0e:5e:31:e2:3d:ca:44:d9:cb:0e:3e:96:38:96:4e:
                    06:1d:9d:bd:5a:ea:64:c5:cf:a3:23:4e:55:7d:ab:
                    d5:0c:ca:77:51:40:74:c1:3d:22:16:a6:77:6d:fb:
                    86:43:cc:79:f8:65:8c:ec:52:89:c2:1e:31:de:1a:
                    bf:cc:39:15:de:70:84:e8:ed:a0:a2:a3:f7:a3:6e:
                    5c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2C:B2:9E:81:80:1A:E3:80:68:2A:93:EB:08:8D:6E:CF:16:23:BA
            X509v3 Authority Key Identifier:
                keyid:8B:05:44:85:EE:62:C6:F1:93:96:13:CB:A2:06:69:EE:F4:50:4F:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/3yyynoGAGuOAaCqT6wiNbs8WI7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.170.210.0-141.170.213.255
                  141.170.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:00:a4:fa:7c:94:42:3b:17:9a:a6:a4:93:cf:cf:77:04:6e:
         03:05:f9:8d:ae:7e:f0:7b:96:1d:02:2c:d4:08:80:e0:f1:1d:
         85:5c:77:b2:e7:cf:f4:0c:b8:e7:4a:14:6c:92:48:b6:48:74:
         87:5f:59:da:84:c0:bf:75:ea:ac:71:0f:d4:96:89:95:e7:6b:
         9d:6e:86:c2:b4:22:bc:b5:b5:47:62:8e:bf:fa:5b:4b:26:a7:
         8e:04:83:fa:41:7c:53:0e:41:55:48:e9:2e:01:87:24:83:36:
         a5:12:cc:fa:bf:b7:9a:f7:68:c5:6c:34:65:9b:e6:32:d5:28:
         23:ed:b2:0c:f1:0a:c5:b0:fe:9b:06:29:30:1d:79:52:8e:d5:
         15:64:fd:f7:31:d1:7c:95:6a:0d:d3:4f:2d:1b:c6:7f:5a:60:
         98:35:de:37:c7:e5:68:0e:0d:52:26:67:68:95:fd:f7:bb:dc:
         a9:44:af:a1:e8:4e:43:61:46:f0:89:de:90:a8:d1:36:ca:20:
         81:4b:f4:ae:3b:68:4a:f1:63:41:e8:19:c9:fc:f3:d0:12:0b:
         76:b1:20:ac:95:48:df:bd:87:09:17:49:04:0d:66:fc:00:dc:
         12:b6:96:ac:98:59:4d:e4:27:a2:a2:ec:e4:09:9e:7a:0e:a3:
         86:61:d3:40
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbu+w1Wq2fqT6QMw4a5tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMDU0NDg1ZWU2MmM2ZjE5Mzk2MTNjYmEyMDY2OWVlZjQ1
MDRmNzkwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJjYjI5ZTgxODAxYWUzODA2ODJhOTNlYjA4OGQ2ZWNmMTYyM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6jr6zPdir65a8UFs1n5cjAaAeaK
yF7+2lfDAS37T27wP+PumcUm+5LGTY/6qYaUFob3moTU6U5w9fvUUlUn7sSjjv9f
jawf86eKADTBASeGpETE2zxV3GG+1TPHcQ+B2Pch3nRWmoqZziBy/PudE1Nj8XIM
z24JV1p4hZfA/CuR+d8zwZoRiyKaFEs4gJ3DeE2wvoG1VVlGhTH+qqtLvShLmCxn
n0zFXG88M59hMSvK9IkOXjHiPcpE2csOPpY4lk4GHZ29Wupkxc+jI05VfavVDMp3
UUB0wT0iFqZ3bfuGQ8x5+GWM7FKJwh4x3hq/zDkV3nCE6O2goqP3o25cPQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN8ssp6BgBrjgGgqk+sIjW7PFiO6MB8GA1UdIwQY
MBaAFIsFRIXuYsbxk5YTy6IGae70UE95MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXdWRWhlNWl4dkdUbGhQTG9nWnA3dlJRVDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83NzljMDktZjQ5YS00YjM4LWE3Nzgt
NmJjMzkwOTk1Y2FiLzEvM3l5eW5vR0FHdU9BYUNxVDZ3aU5iczhXSTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83NzljMDktZjQ5YS00YjM4LWE3NzgtNmJjMzkwOTk1Y2Fi
LzEvaXdWRWhlNWl4dkdUbGhQTG9nWnA3dlJRVDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAGNqtID
BAGNqtQDBACNqtcwDQYJKoZIhvcNAQELBQADggEBAEgApPp8lEI7F5qmpJPPz3cE
bgMF+Y2ufvB7lh0CLNQIgODxHYVcd7Lnz/QMuOdKFGySSLZIdIdfWdqEwL916qxx
D9SWiZXna51uhsK0Iry1tUdijr/6W0smp44Eg/pBfFMOQVVI6S4BhySDNqUSzPq/
t5r3aMVsNGWb5jLVKCPtsgzxCsWw/psGKTAdeVKO1RVk/fcx0XyVag3TTy0bxn9a
YJg13jfH5WgODVImZ2iV/fe73KlEr6HoTkNhRvCJ3pCo0TbKIIFL9K47aErxY0Ho
Gcn889ASC3axIKyVSN+9hwkXSQQNZvwA3BK2lqyYWU3kJ6Ki7OQJnnoOo4Zh00A=
-----END CERTIFICATE-----