Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/I3P-1JDt-ma40qgbCfRMi1GO9Tg.roa
File:                     I3P-1JDt-ma40qgbCfRMi1GO9Tg.roa (raw, json)
Hash identifier:          /jSSWOSASybJeOp0KI7FVJCVhNtjnFG7CWxxqpOJfkM=
Subject key identifier:   23:73:FE:D4:90:ED:FA:66:B8:D2:A8:1B:09:F4:4C:8B:51:8E:F5:38
Certificate issuer:       /CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
Certificate serial:       018CC26D41174C76E45BDD9285EC7C356587
Authority key identifier: 36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/I3P-1JDt-ma40qgbCfRMi1GO9Tg.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48882
IP address blocks:        91.224.113.0/24 maxlen: 24
                          2001:678:2b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:17:4c:76:e4:5b:dd:92:85:ec:7c:35:65:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2373fed490edfa66b8d2a81b09f44c8b518ef538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d4:01:65:65:b0:dc:84:45:d5:de:52:8a:9d:
                    65:9a:b9:e3:2d:85:03:90:20:47:3a:18:0c:31:79:
                    f5:fc:66:97:c5:c8:52:bc:da:e2:51:4e:73:64:bc:
                    be:63:ae:6d:a8:f4:43:cd:c4:50:18:b6:08:4c:16:
                    64:37:4b:f4:bf:30:c1:be:45:33:15:63:ad:f7:42:
                    8e:4a:3f:c0:2c:0e:40:d5:a9:b1:c4:b3:ce:5d:6d:
                    49:d6:06:da:1e:a2:0e:13:5f:28:0f:3c:17:b4:32:
                    4d:8b:56:f6:9e:24:c4:14:0f:19:30:07:46:45:16:
                    db:fe:a1:01:9c:69:6a:9d:07:5f:d7:9e:5a:77:7f:
                    f5:a8:7d:fc:2d:0a:a2:04:46:ff:f5:59:f9:3a:58:
                    4b:bf:7f:7e:a2:24:12:d3:32:7c:9d:52:5b:a7:ed:
                    c5:8f:d4:9f:e9:55:2c:59:83:3b:b3:78:d7:a3:83:
                    8b:46:df:ae:f6:07:cf:a4:49:39:ad:a7:f3:4d:7e:
                    e2:36:ee:fc:af:07:b2:86:5d:8a:19:6e:fd:4c:09:
                    13:85:69:37:d8:70:53:bb:d3:0e:69:67:5b:83:9d:
                    fa:8b:06:86:59:b4:26:c6:30:2a:b8:fb:ee:76:c0:
                    7e:51:cd:0b:df:2e:5c:93:38:e0:e5:3d:31:ab:fb:
                    6e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:73:FE:D4:90:ED:FA:66:B8:D2:A8:1B:09:F4:4C:8B:51:8E:F5:38
            X509v3 Authority Key Identifier:
                keyid:36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/I3P-1JDt-ma40qgbCfRMi1GO9Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.113.0/24
                IPv6:
                  2001:678:2b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:a4:3d:a3:ba:8b:86:34:3c:5a:46:ff:1e:85:f4:1d:b3:e2:
         6c:90:0c:1d:83:7a:ea:0d:14:96:00:bb:fc:8a:e0:e5:dd:1b:
         78:99:dd:ec:6e:cb:96:5c:dd:35:24:1f:ae:a1:d2:05:1b:57:
         1a:b7:12:0f:6b:56:52:ae:35:be:0e:ac:31:77:e2:41:d7:2c:
         9f:74:9e:fc:8a:6b:92:2c:2d:ac:75:18:cf:a4:45:9c:25:e4:
         e7:aa:1d:0a:83:a5:eb:61:9b:e4:56:90:2c:6f:5c:b9:d4:95:
         3a:2b:a1:06:f5:7c:48:5c:b3:50:4e:a6:f3:53:ca:97:58:7c:
         2c:92:af:8a:fb:fe:33:73:b8:e6:d2:0f:e8:7e:73:8f:db:b7:
         24:8a:04:57:96:88:00:96:8d:b1:d6:7d:f0:43:4f:33:29:2b:
         ed:e5:8c:69:98:61:e3:7c:fd:fd:95:88:71:2e:5b:3f:1b:eb:
         04:21:ff:08:dc:f2:fc:2e:36:47:fb:3a:4d:66:4b:f9:96:ee:
         80:d7:02:db:6d:b1:f3:99:9d:a7:2c:56:ee:15:c2:d3:62:cc:
         47:aa:0b:d6:3e:0d:08:fe:93:a7:dd:fe:80:89:bc:a0:32:0b:
         3f:63:d5:6a:ed:c6:6a:4d:a4:ec:2d:98:61:9b:76:db:ce:69:
         7e:34:23:21
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbUEXTHbkW92Shex8NWWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NDYxNDJjZTMyOTBhYjY3ODZkM2QzMGYyNmI1ZTQxZmQ2
ODRkZGUwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzczZmVkNDkwZWRmYTY2YjhkMmE4MWIwOWY0NGM4YjUxOGVmNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydQBZWWw3IRF1d5Sip1lmrnjLYUD
kCBHOhgMMXn1/GaXxchSvNriUU5zZLy+Y65tqPRDzcRQGLYITBZkN0v0vzDBvkUz
FWOt90KOSj/ALA5A1amxxLPOXW1J1gbaHqIOE18oDzwXtDJNi1b2niTEFA8ZMAdG
RRbb/qEBnGlqnQdf155ad3/1qH38LQqiBEb/9Vn5OlhLv39+oiQS0zJ8nVJbp+3F
j9Sf6VUsWYM7s3jXo4OLRt+u9gfPpEk5rafzTX7iNu78rweyhl2KGW79TAkThWk3
2HBTu9MOaWdbg536iwaGWbQmxjAquPvudsB+Uc0L3y5ckzjg5T0xq/tuNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCNz/tSQ7fpmuNKoGwn0TItRjvU4MB8GA1UdIwQY
MBaAFDZGFCzjKQq2eG09MPJrXkH9aE3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTct
ZDMwODU0MmExZDg2LzEvSTNQLTFKRHQtbWE0MHFnYkNmUk1pMUdPOVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTctZDMwODU0MmExZDg2
LzEvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+BxMA8E
AgACMAkDBwAgAQZ4ArQwDQYJKoZIhvcNAQELBQADggEBAIOkPaO6i4Y0PFpG/x6F
9B2z4myQDB2DeuoNFJYAu/yK4OXdG3iZ3exuy5Zc3TUkH66h0gUbVxq3Eg9rVlKu
Nb4OrDF34kHXLJ90nvyKa5IsLax1GM+kRZwl5OeqHQqDpethm+RWkCxvXLnUlTor
oQb1fEhcs1BOpvNTypdYfCySr4r7/jNzuObSD+h+c4/btySKBFeWiACWjbHWffBD
TzMpK+3ljGmYYeN8/f2ViHEuWz8b6wQh/wjc8vwuNkf7Ok1mS/mW7oDXAtttsfOZ
nacsVu4VwtNizEeqC9Y+DQj+k6fd/oCJvKAyCz9j1WrtxmpNpOwtmGGbdtvOaX40
IyE=
-----END CERTIFICATE-----