Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/0Mh82WWQdd5jntuV-prK-MJrkgw.roa
File:                     0Mh82WWQdd5jntuV-prK-MJrkgw.roa (raw, json)
Hash identifier:          0jW3wr1UsjwKlyjf0dqKl6vHi1yd0FcwpZYCZVei4uA=
Subject key identifier:   D0:C8:7C:D9:65:90:75:DE:63:9E:DB:95:FA:9A:CA:F8:C2:6B:92:0C
Certificate issuer:       /CN=3f81a8e8c75b58f7d1efd4c3e6522d27863f9ccf
Certificate serial:       018CC348E13567554C8DEA7FB6D9498F17A1
Authority key identifier: 3F:81:A8:E8:C7:5B:58:F7:D1:EF:D4:C3:E6:52:2D:27:86:3F:9C:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P4Go6MdbWPfR79TD5lItJ4Y_nM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/0Mh82WWQdd5jntuV-prK-MJrkgw.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6867
IP address blocks:        147.52.0.0/16 maxlen: 16
                          192.103.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/P4Go6MdbWPfR79TD5lItJ4Y_nM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/P4Go6MdbWPfR79TD5lItJ4Y_nM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P4Go6MdbWPfR79TD5lItJ4Y_nM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e1:35:67:55:4c:8d:ea:7f:b6:d9:49:8f:17:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f81a8e8c75b58f7d1efd4c3e6522d27863f9ccf
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0c87cd9659075de639edb95fa9acaf8c26b920c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:10:eb:b3:b0:1e:a9:1f:07:81:1b:80:d1:c8:
                    15:ec:ca:c8:6d:89:ca:22:41:ce:ef:21:cc:a6:85:
                    fe:be:11:20:cb:8a:c9:9c:b6:9b:0f:60:2f:1d:20:
                    2d:bb:60:42:7d:0b:9a:67:8d:fd:fd:d6:01:34:d3:
                    02:41:4d:fc:d9:f7:7a:bc:f2:a9:b3:06:c2:de:33:
                    e8:79:31:8c:9e:9c:59:fe:5b:39:84:ed:18:49:8d:
                    c5:8d:ad:14:ff:9b:b7:c8:aa:f0:14:fb:39:2a:9a:
                    a7:e8:eb:e3:1d:21:7a:a7:ee:74:9d:a3:f0:fa:cf:
                    58:ec:9f:a3:b3:f9:8c:b6:6e:6c:6a:1f:49:81:13:
                    fd:43:e1:3f:d4:8c:9b:a9:ba:73:9e:6c:c5:b2:3a:
                    4f:ae:59:af:a1:30:2c:e4:29:a3:db:bb:23:bc:14:
                    cc:53:cb:6a:a8:4c:b1:76:0c:74:b0:b7:91:fe:9d:
                    c3:6a:19:3d:b1:66:c4:91:2c:f9:a8:4f:88:84:0a:
                    16:2c:e1:b7:0e:e9:4b:9a:6a:76:71:03:3c:ef:74:
                    18:59:3a:ac:ab:02:45:25:47:7a:c1:23:ec:12:67:
                    e1:99:46:f3:c3:b8:c0:16:d4:0d:05:74:0c:6c:61:
                    25:e3:cb:ab:d7:01:c0:a6:05:2f:04:93:36:dc:9c:
                    2c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C8:7C:D9:65:90:75:DE:63:9E:DB:95:FA:9A:CA:F8:C2:6B:92:0C
            X509v3 Authority Key Identifier:
                keyid:3F:81:A8:E8:C7:5B:58:F7:D1:EF:D4:C3:E6:52:2D:27:86:3F:9C:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P4Go6MdbWPfR79TD5lItJ4Y_nM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/0Mh82WWQdd5jntuV-prK-MJrkgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/eb7f7e-a880-497b-b54c-b708c40a667f/1/P4Go6MdbWPfR79TD5lItJ4Y_nM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.52.0.0/16
                  192.103.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ac:f3:87:b9:9b:e2:02:0b:85:1c:9d:51:c6:6a:51:02:10:
         0b:6e:de:e5:99:de:ac:e5:a4:3e:83:26:25:c7:c4:06:e4:e1:
         e6:dc:3c:50:59:36:46:93:c3:c8:0b:ae:3b:f5:3e:c0:91:1d:
         00:ef:e6:1e:5c:dd:c5:1b:0a:a4:1a:59:42:e9:57:86:fd:da:
         eb:09:fd:dd:5d:63:bc:73:2f:e3:8f:bb:85:dd:eb:4f:27:05:
         cc:d4:cc:b2:6a:54:86:68:77:d7:e7:66:02:b0:ea:96:87:97:
         02:6a:1f:2a:15:25:e4:4e:70:ea:01:eb:ad:69:06:2f:8e:4a:
         dd:80:e4:65:11:c6:15:6d:c3:b7:a6:96:e9:e2:4d:f9:2d:34:
         e6:75:d5:4e:82:03:06:56:ba:79:ff:bf:b5:ac:5c:c7:45:0f:
         a3:0d:2e:3a:cb:b9:f3:82:2f:8e:21:a3:ab:0a:4e:99:66:37:
         1d:d3:1a:d0:6a:2d:33:b2:4c:74:27:2e:a3:d9:23:89:aa:8e:
         7f:98:d3:9d:92:68:e1:25:6a:60:a6:20:82:8e:87:e1:7c:d5:
         87:af:f7:4d:fc:48:c8:0d:3a:ab:97:3b:ba:36:5b:25:68:62:
         37:88:da:57:3f:54:2c:06:50:cf:c8:b1:05:0b:e5:c3:c0:1c:
         88:1c:6e:a6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzDSOE1Z1VMjep/ttlJjxehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmODFhOGU4Yzc1YjU4ZjdkMWVmZDRjM2U2NTIyZDI3ODYz
ZjljY2YwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM4N2NkOTY1OTA3NWRlNjM5ZWRiOTVmYTlhY2FmOGMyNmI5MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBDrs7AeqR8HgRuA0cgV7MrIbYnK
IkHO7yHMpoX+vhEgy4rJnLabD2AvHSAtu2BCfQuaZ439/dYBNNMCQU382fd6vPKp
swbC3jPoeTGMnpxZ/ls5hO0YSY3Fja0U/5u3yKrwFPs5Kpqn6OvjHSF6p+50naPw
+s9Y7J+js/mMtm5sah9JgRP9Q+E/1IybqbpznmzFsjpPrlmvoTAs5Cmj27sjvBTM
U8tqqEyxdgx0sLeR/p3Dahk9sWbEkSz5qE+IhAoWLOG3DulLmmp2cQM873QYWTqs
qwJFJUd6wSPsEmfhmUbzw7jAFtQNBXQMbGEl48ur1wHApgUvBJM23JwsywIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFNDIfNllkHXeY57blfqayvjCa5IMMB8GA1UdIwQY
MBaAFD+BqOjHW1j30e/Uw+ZSLSeGP5zPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDRHbzZNZGJXUGZSNzlURDVsSXRKNFlfbk04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9lYjdmN2UtYTg4MC00OTdiLWI1NGMt
YjcwOGM0MGE2NjdmLzEvME1oODJXV1FkZDVqbnR1Vi1wckstTUpya2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9lYjdmN2UtYTg4MC00OTdiLWI1NGMtYjcwOGM0MGE2Njdm
LzEvUDRHbzZNZGJXUGZSNzlURDVsSXRKNFlfbk04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAkzQDBADA
ZxQwDQYJKoZIhvcNAQELBQADggEBADis84e5m+ICC4UcnVHGalECEAtu3uWZ3qzl
pD6DJiXHxAbk4ebcPFBZNkaTw8gLrjv1PsCRHQDv5h5c3cUbCqQaWULpV4b92usJ
/d1dY7xzL+OPu4Xd608nBczUzLJqVIZod9fnZgKw6paHlwJqHyoVJeROcOoB661p
Bi+OSt2A5GURxhVtw7emluniTfktNOZ11U6CAwZWunn/v7WsXMdFD6MNLjrLufOC
L44ho6sKTplmNx3TGtBqLTOyTHQnLqPZI4mqjn+Y052SaOElamCmIIKOh+F81Yev
9038SMgNOquXO7o2WyVoYjeI2lc/VCwGUM/IsQUL5cPAHIgcbqY=
-----END CERTIFICATE-----