Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/3k940UfmFPMO5Z2vQk5SjVV3VL4.roa
File:                     3k940UfmFPMO5Z2vQk5SjVV3VL4.roa (raw, json)
Hash identifier:          S+vvFpghZia/BNTgUecKS/MJBiM4UG1kbzrCe/+5YcA=
Subject key identifier:   DE:4F:78:D1:47:E6:14:F3:0E:E5:9D:AF:42:4E:52:8D:55:77:54:BE
Certificate issuer:       /CN=9a70b051e5cdf962dbc26b352488d0831bdf9a3c
Certificate serial:       018CC6B898E09DF6B6493B120E2516CDE880
Authority key identifier: 9A:70:B0:51:E5:CD:F9:62:DB:C2:6B:35:24:88:D0:83:1B:DF:9A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/3k940UfmFPMO5Z2vQk5SjVV3VL4.roa
Signing time:             Mon 01 Jan 2024 20:30:35 +0000
ROA not before:           Mon 01 Jan 2024 20:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39756
IP address blocks:        194.126.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:98:e0:9d:f6:b6:49:3b:12:0e:25:16:cd:e8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a70b051e5cdf962dbc26b352488d0831bdf9a3c
        Validity
            Not Before: Jan  1 20:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de4f78d147e614f30ee59daf424e528d557754be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e2:c9:e5:f8:22:18:30:b4:a6:68:1c:e3:5c:
                    9e:99:07:38:b7:5d:f9:7e:54:c5:e7:d8:f6:8b:4c:
                    07:88:60:d2:08:83:25:90:39:0c:ee:20:ab:28:da:
                    f5:75:8b:df:fa:09:90:a2:bd:58:6b:d9:10:1b:30:
                    38:36:b3:f0:a8:d0:b4:a2:b8:17:66:37:9c:1e:84:
                    1c:97:f9:a0:1d:5a:09:6e:b0:99:41:8c:22:26:0b:
                    4c:93:06:23:01:10:07:40:14:78:76:75:68:de:3f:
                    07:ef:28:bd:b5:be:18:46:53:a8:04:1c:61:7e:f1:
                    b7:06:3b:52:a1:d8:69:30:df:b9:a2:97:c8:9e:e9:
                    98:e2:10:ca:17:95:e2:2f:d3:f7:e9:fd:7f:c6:be:
                    6c:a8:1e:d7:2b:9b:66:15:25:e0:b9:87:36:1e:77:
                    66:19:a6:dc:f9:1a:c5:4f:09:f2:be:39:da:b7:ee:
                    4f:ca:c9:a8:f6:15:7b:19:65:f5:3d:d8:92:dc:58:
                    4c:d3:2e:40:fe:4f:ba:46:df:d5:51:37:7a:17:a7:
                    77:98:09:47:a9:05:d2:d0:a2:ea:dd:62:2a:8f:dc:
                    2e:47:21:2f:06:5d:93:2e:c3:35:82:a3:4c:e0:c6:
                    48:cf:b8:51:91:91:e6:81:0e:eb:b8:be:86:5c:a3:
                    79:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4F:78:D1:47:E6:14:F3:0E:E5:9D:AF:42:4E:52:8D:55:77:54:BE
            X509v3 Authority Key Identifier:
                keyid:9A:70:B0:51:E5:CD:F9:62:DB:C2:6B:35:24:88:D0:83:1B:DF:9A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/3k940UfmFPMO5Z2vQk5SjVV3VL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:d3:db:18:d6:2a:ee:83:0f:cd:ff:fd:95:ce:67:bd:f3:de:
         98:7a:77:0b:68:d8:d5:53:ae:dd:3d:cf:bb:31:92:b0:7f:48:
         ad:42:5d:82:a9:4b:dd:58:ac:1f:59:50:83:d6:b4:06:5a:a1:
         ec:72:45:c1:38:10:ba:fb:8d:7f:43:dd:fe:18:ef:a0:c3:0c:
         01:06:e4:ff:49:30:6e:1a:bd:81:49:59:65:98:49:b3:5e:5c:
         29:bd:08:7d:37:dd:fb:80:fe:b3:69:5f:9d:c3:48:05:2b:ec:
         80:16:23:1e:4b:22:1a:a6:ea:84:a9:5d:3e:1c:19:d3:2a:f7:
         9e:f5:52:67:f9:a0:cb:10:fe:54:33:72:f8:a3:d6:a0:fb:62:
         a5:89:8d:68:77:be:77:79:f5:cd:5a:84:1b:ec:94:d6:1d:9d:
         f3:f9:9c:18:63:1b:36:b7:73:94:09:3f:e8:79:c1:97:4f:6d:
         2b:a6:7a:f3:c7:42:e0:14:18:8c:85:8a:90:66:e2:1c:73:1a:
         12:4b:cc:e9:43:6e:70:e5:94:9e:dd:37:d1:56:6b:97:bb:8b:
         e9:29:69:bb:1e:f0:08:08:f9:1a:e9:70:68:a0:60:68:b4:39:
         10:21:71:76:01:c4:ae:45:a7:92:72:93:8e:06:d4:d7:17:75:
         bd:c3:e1:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJjgnfa2STsSDiUWzeiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzBiMDUxZTVjZGY5NjJkYmMyNmIzNTI0ODhkMDgzMWJk
ZjlhM2MwHhcNMjQwMTAxMjAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRmNzhkMTQ3ZTYxNGYzMGVlNTlkYWY0MjRlNTI4ZDU1Nzc1NGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweLJ5fgiGDC0pmgc41yemQc4t135
flTF59j2i0wHiGDSCIMlkDkM7iCrKNr1dYvf+gmQor1Ya9kQGzA4NrPwqNC0orgX
ZjecHoQcl/mgHVoJbrCZQYwiJgtMkwYjARAHQBR4dnVo3j8H7yi9tb4YRlOoBBxh
fvG3BjtSodhpMN+5opfInumY4hDKF5XiL9P36f1/xr5sqB7XK5tmFSXguYc2Hndm
Gabc+RrFTwnyvjnat+5Pysmo9hV7GWX1PdiS3FhM0y5A/k+6Rt/VUTd6F6d3mAlH
qQXS0KLq3WIqj9wuRyEvBl2TLsM1gqNM4MZIz7hRkZHmgQ7ruL6GXKN5VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5PeNFH5hTzDuWdr0JOUo1Vd1S+MB8GA1UdIwQY
MBaAFJpwsFHlzfli28JrNSSI0IMb35o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5Dd1VlWE4tV0xid21zMUpJalFneHZmbWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mOTY5MWQtYWZiMi00MWYyLThkMjIt
ZmE0NmI0ZjlhMjBjLzEvM2s5NDBVZm1GUE1PNVoydlFrNVNqVlYzVkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mOTY5MWQtYWZiMi00MWYyLThkMjItZmE0NmI0ZjlhMjBj
LzEvbW5Dd1VlWE4tV0xid21zMUpJalFneHZmbWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn79MA0G
CSqGSIb3DQEBCwUAA4IBAQBM09sY1irugw/N//2Vzme9896YencLaNjVU67dPc+7
MZKwf0itQl2CqUvdWKwfWVCD1rQGWqHsckXBOBC6+41/Q93+GO+gwwwBBuT/STBu
Gr2BSVllmEmzXlwpvQh9N937gP6zaV+dw0gFK+yAFiMeSyIapuqEqV0+HBnTKvee
9VJn+aDLEP5UM3L4o9ag+2KliY1od753efXNWoQb7JTWHZ3z+ZwYYxs2t3OUCT/o
ecGXT20rpnrzx0LgFBiMhYqQZuIccxoSS8zpQ25w5ZSe3TfRVmuXu4vpKWm7HvAI
CPka6XBooGBotDkQIXF2AcSuRaeScpOOBtTXF3W9w+Fy
-----END CERTIFICATE-----