Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/pi3vE3MyCfqb6uVGiDMp7PSYJPY.roa
File:                     pi3vE3MyCfqb6uVGiDMp7PSYJPY.roa (raw, json)
Hash identifier:          0KI2wL3A+htgMzQzuIJF8bKBGzc5BsW3Cr9jWVj29kA=
Subject key identifier:   A6:2D:EF:13:73:32:09:FA:9B:EA:E5:46:88:33:29:EC:F4:98:24:F6
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       018CC56E34E467E939AEA3C769E5C910BC70
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/pi3vE3MyCfqb6uVGiDMp7PSYJPY.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        85.237.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 03:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:34:e4:67:e9:39:ae:a3:c7:69:e5:c9:10:bc:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a62def13733209fa9beae546883329ecf49824f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:68:f3:ba:04:dc:4f:3c:53:06:53:99:b2:82:
                    a7:a2:12:60:ab:a9:84:14:b3:92:68:66:f4:0f:61:
                    d1:0e:04:57:58:5a:f0:01:0b:76:f3:1a:b4:37:11:
                    57:1e:de:22:dd:d8:f1:70:fa:67:4c:93:c7:38:25:
                    f0:88:59:ec:4d:38:7e:86:61:f1:91:a2:ff:60:06:
                    5b:3a:1c:db:2d:ac:ee:25:c7:b6:34:93:f9:3f:7e:
                    27:04:6d:d8:a1:45:3c:ce:a0:cb:0a:d7:fe:48:c2:
                    bc:4e:0f:b9:c3:8f:70:e9:90:d7:81:56:ef:f2:f9:
                    8e:71:d4:34:6a:bc:6b:c8:be:89:68:8f:3c:e9:7f:
                    ce:20:b3:47:f7:c1:de:d8:cd:de:57:2b:7a:cb:aa:
                    59:af:3b:2e:87:7b:0b:19:a0:81:d3:0e:90:bf:8e:
                    04:7e:da:f5:c3:f3:56:1b:25:a8:e1:fd:84:ad:3b:
                    80:5b:df:57:0f:04:28:5d:33:f8:61:35:05:2e:c6:
                    4c:ad:2b:bd:56:cb:97:b9:dc:80:e0:2b:70:86:be:
                    b5:ea:a4:eb:80:92:3b:7c:d7:c8:0e:8b:de:f8:66:
                    ef:7e:cc:12:4f:74:55:84:94:8a:c6:a0:01:19:a6:
                    f7:97:37:6f:d1:1f:12:8f:5f:c6:e7:a1:8a:57:3c:
                    e1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2D:EF:13:73:32:09:FA:9B:EA:E5:46:88:33:29:EC:F4:98:24:F6
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/pi3vE3MyCfqb6uVGiDMp7PSYJPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:bb:99:36:7b:10:0b:6a:7e:e2:1d:e0:99:30:86:a3:7c:ab:
         61:3f:5f:7a:9f:4d:02:de:7a:f2:d4:5d:b1:bd:18:60:af:33:
         f4:fe:c1:35:3f:46:27:48:ef:98:5c:eb:02:5f:28:68:27:ab:
         20:92:50:03:5c:09:2d:88:84:30:2f:ab:94:8f:fd:fb:b2:29:
         76:ba:8b:f5:46:ba:a5:eb:5d:5f:72:2b:d5:99:fb:51:a7:1a:
         e6:d1:91:1b:5f:06:6f:c8:dc:36:69:ae:d8:cf:4b:b4:c7:83:
         fe:35:d0:0a:60:f0:01:d5:61:2a:e1:4d:5d:03:35:94:36:07:
         3b:aa:f3:b4:de:e6:35:a0:8e:a6:4c:50:ac:88:bb:72:65:72:
         2e:c0:6e:f2:f8:f8:5b:e4:43:b2:15:b9:04:06:04:57:0e:46:
         8e:1c:95:bb:c2:90:ca:14:93:9e:d8:9c:95:0d:ec:e3:b4:7c:
         28:fa:26:25:dd:6f:0f:f4:9c:2b:d0:b2:a8:80:b4:0d:ec:4b:
         e0:25:76:7b:8b:78:46:19:79:ad:7c:ad:a1:36:7c:46:00:1a:
         de:ca:fd:67:e9:b4:de:17:59:14:b1:36:5e:f8:76:88:5c:7d:
         3f:77:42:91:18:38:7e:a3:af:bc:f6:9c:7b:2d:5a:3c:cc:0a:
         d0:53:36:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjTkZ+k5rqPHaeXJELxwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJkZWYxMzczMzIwOWZhOWJlYWU1NDY4ODMzMjllY2Y0OTgyNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2jzugTcTzxTBlOZsoKnohJgq6mE
FLOSaGb0D2HRDgRXWFrwAQt28xq0NxFXHt4i3djxcPpnTJPHOCXwiFnsTTh+hmHx
kaL/YAZbOhzbLazuJce2NJP5P34nBG3YoUU8zqDLCtf+SMK8Tg+5w49w6ZDXgVbv
8vmOcdQ0arxryL6JaI886X/OILNH98He2M3eVyt6y6pZrzsuh3sLGaCB0w6Qv44E
ftr1w/NWGyWo4f2ErTuAW99XDwQoXTP4YTUFLsZMrSu9VsuXudyA4Ctwhr616qTr
gJI7fNfIDove+GbvfswST3RVhJSKxqABGab3lzdv0R8Sj1/G56GKVzzhHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYt7xNzMgn6m+rlRogzKez0mCT2MB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvcGkzdkUzTXlDZnFiNnVWR2lETXA3UFNZSlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1MMA0G
CSqGSIb3DQEBCwUAA4IBAQCXu5k2exALan7iHeCZMIajfKthP196n00C3nry1F2x
vRhgrzP0/sE1P0YnSO+YXOsCXyhoJ6sgklADXAktiIQwL6uUj/37sil2uov1Rrql
611fcivVmftRpxrm0ZEbXwZvyNw2aa7Yz0u0x4P+NdAKYPAB1WEq4U1dAzWUNgc7
qvO03uY1oI6mTFCsiLtyZXIuwG7y+Phb5EOyFbkEBgRXDkaOHJW7wpDKFJOe2JyV
DezjtHwo+iYl3W8P9Jwr0LKogLQN7EvgJXZ7i3hGGXmtfK2hNnxGABreyv1n6bTe
F1kUsTZe+HaIXH0/d0KRGDh+o6+89px7LVo8zArQUzZW
-----END CERTIFICATE-----