Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3BNCC6G8UKlPfD-EcgCOqjK8dfw.roa
File:                     3BNCC6G8UKlPfD-EcgCOqjK8dfw.roa (raw, json)
Hash identifier:          FnYucASH0faDas5zVmszZ9oYD2dtWt4x1IpKf5VnjYM=
Subject key identifier:   DC:13:42:0B:A1:BC:50:A9:4F:7C:3F:84:72:00:8E:AA:32:BC:75:FC
Certificate issuer:       /CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
Certificate serial:       018CC80156949BB441B58ACCDF04DAAFB6AF
Authority key identifier: 5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3BNCC6G8UKlPfD-EcgCOqjK8dfw.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3214
IP address blocks:        193.42.27.0/24 maxlen: 24
                          2a06:5040:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:94:9b:b4:41:b5:8a:cc:df:04:da:af:b6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc13420ba1bc50a94f7c3f8472008eaa32bc75fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:25:f8:95:a6:88:a3:20:68:9c:40:48:60:2a:
                    cb:39:93:70:fe:aa:9f:20:0c:0f:db:84:5e:ad:7f:
                    af:97:35:db:08:93:e4:96:7e:b6:60:ce:fb:20:c3:
                    bf:4c:ff:2d:94:6a:6b:70:c0:6e:66:f7:dd:bc:34:
                    f5:bc:52:8a:e3:f0:47:09:c7:7a:de:ff:e8:4e:fd:
                    3a:8f:7f:a7:87:24:f7:07:d5:56:35:cd:30:b2:c3:
                    36:c8:50:32:10:79:64:e5:83:7a:cd:f2:08:3d:fe:
                    fc:43:89:01:fe:1f:67:d1:44:de:9d:71:2d:0c:1f:
                    da:e3:f3:bf:38:9b:fb:5c:04:a2:1c:ea:7b:88:88:
                    a1:ff:d5:78:f2:10:15:03:a9:54:fc:15:fa:e0:3b:
                    8e:0f:93:3f:42:6c:f4:ba:4f:67:93:d9:8c:ef:05:
                    e6:49:9d:46:45:ab:7b:2e:d6:5e:ec:3d:cb:1a:a2:
                    de:24:e4:e7:9a:2b:1e:e2:32:4d:22:98:40:1f:8d:
                    59:c2:fe:b1:64:99:d1:74:1a:95:53:f1:83:30:94:
                    99:71:16:09:ae:36:27:36:a4:00:3f:45:8b:64:0d:
                    33:55:60:dc:2c:a1:07:a7:6d:23:72:bc:0b:89:b4:
                    a3:b9:79:68:b4:74:cb:5d:1d:b8:6d:4b:65:b5:42:
                    da:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:13:42:0B:A1:BC:50:A9:4F:7C:3F:84:72:00:8E:AA:32:BC:75:FC
            X509v3 Authority Key Identifier:
                keyid:5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3BNCC6G8UKlPfD-EcgCOqjK8dfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.27.0/24
                IPv6:
                  2a06:5040:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:8b:3b:75:3d:21:c6:05:0a:50:a9:41:76:90:e4:7e:45:e7:
         fd:e3:9f:68:5b:c1:c6:af:85:a1:ce:4b:f7:64:d0:78:d6:e1:
         b0:8f:0c:07:cf:ef:fc:11:8b:80:80:9b:cd:af:6b:49:5b:10:
         5f:27:92:27:9e:10:26:aa:a3:ce:95:3b:d7:a3:ec:3e:22:76:
         53:67:9e:e3:5a:c3:37:59:05:39:e1:3a:86:0b:83:11:36:19:
         0d:e7:3b:a3:0a:71:16:86:92:d6:cd:22:3c:1d:72:7a:55:b0:
         ad:02:74:eb:82:24:01:2b:9e:09:4c:d5:61:a5:bd:d9:a9:06:
         dc:89:c7:91:f6:94:dd:4a:2a:13:26:4a:9a:33:bb:f7:d4:d7:
         6f:a4:8e:61:8c:c6:5a:db:9f:7d:25:c0:09:77:33:7a:25:c9:
         48:24:18:3f:dc:c7:ad:89:68:61:19:80:6a:fd:ff:7f:a7:5b:
         ee:7d:86:d5:33:42:d1:5a:57:5d:a2:7d:b8:c5:48:3d:b4:ea:
         ca:8b:1b:86:a2:c7:4c:c6:74:5e:cc:3f:50:00:25:bd:c7:8a:
         e3:54:bf:86:77:1e:42:c8:40:ed:40:ca:c1:e9:50:38:01:fb:
         f3:64:b5:fb:27:77:7c:a8:8a:be:2e:50:90:87:c5:b0:7e:11:
         73:0e:90:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAVaUm7RBtYrM3wTar7avMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMmRkOWZlNjI4YjZiYzEwMTQxZGUwMjQxNzY2YTFiN2E2
MzE5M2YwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzEzNDIwYmExYmM1MGE5NGY3YzNmODQ3MjAwOGVhYTMyYmM3NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+CX4laaIoyBonEBIYCrLOZNw/qqf
IAwP24RerX+vlzXbCJPkln62YM77IMO/TP8tlGprcMBuZvfdvDT1vFKK4/BHCcd6
3v/oTv06j3+nhyT3B9VWNc0wssM2yFAyEHlk5YN6zfIIPf78Q4kB/h9n0UTenXEt
DB/a4/O/OJv7XASiHOp7iIih/9V48hAVA6lU/BX64DuOD5M/Qmz0uk9nk9mM7wXm
SZ1GRat7LtZe7D3LGqLeJOTnmise4jJNIphAH41Zwv6xZJnRdBqVU/GDMJSZcRYJ
rjYnNqQAP0WLZA0zVWDcLKEHp20jcrwLibSjuXlotHTLXR24bUtltULa7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNwTQguhvFCpT3w/hHIAjqoyvHX8MB8GA1UdIwQY
MBaAFFst2f5ii2vBAUHeAkF2aht6Yxk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEt
MGQ3YjU1MWY4MjhjLzEvM0JOQ0M2RzhVS2xQZkQtRWNnQ09xaks4ZGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEtMGQ3YjU1MWY4Mjhj
LzEvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSobMA8E
AgACMAkDBwAqBlBAAAYwDQYJKoZIhvcNAQELBQADggEBAK2LO3U9IcYFClCpQXaQ
5H5F5/3jn2hbwcavhaHOS/dk0HjW4bCPDAfP7/wRi4CAm82va0lbEF8nkieeECaq
o86VO9ej7D4idlNnnuNawzdZBTnhOoYLgxE2GQ3nO6MKcRaGktbNIjwdcnpVsK0C
dOuCJAErnglM1WGlvdmpBtyJx5H2lN1KKhMmSpozu/fU12+kjmGMxlrbn30lwAl3
M3olyUgkGD/cx62JaGEZgGr9/3+nW+59htUzQtFaV12ifbjFSD206sqLG4aix0zG
dF7MP1AAJb3HiuNUv4Z3HkLIQO1AysHpUDgB+/Nktfsnd3yoir4uUJCHxbB+EXMO
kGQ=
-----END CERTIFICATE-----