Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ptnz3-8dag4MraNPLVA_eYYqwbc.roa
File:                     Ptnz3-8dag4MraNPLVA_eYYqwbc.roa (raw, json)
Hash identifier:          Oai4bLtILOmIR0Gj5T4gPDuVImjPhRLmyesVlYx7gLc=
Subject key identifier:   3E:D9:F3:DF:EF:1D:6A:0E:0C:AD:A3:4F:2D:50:3F:79:86:2A:C1:B7
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       018CC56DF3DEEB863E985503D59F71FB733C
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ptnz3-8dag4MraNPLVA_eYYqwbc.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        213.145.90.0/23 maxlen: 24
                          213.145.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f3:de:eb:86:3e:98:55:03:d5:9f:71:fb:73:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ed9f3dfef1d6a0e0cada34f2d503f79862ac1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7f:64:2b:46:d2:8f:b9:77:fe:88:a7:ba:01:
                    0d:5c:3b:9d:60:24:db:03:f0:87:58:65:93:56:0b:
                    e6:64:3b:54:b3:2e:4c:e5:cd:5b:f2:e8:f3:b1:25:
                    94:c1:f0:52:2a:8e:b3:71:b9:1b:f7:14:22:8c:a9:
                    cb:11:07:c6:f4:47:ea:03:12:8b:c6:5e:57:3a:d2:
                    49:14:97:b4:74:ef:e0:45:82:3d:b6:91:6d:20:bf:
                    80:d0:80:3b:2f:e3:92:11:1f:c9:c6:21:95:03:84:
                    d4:03:01:6e:ea:78:87:1f:87:e4:6e:8f:47:bb:3a:
                    66:ad:21:57:fb:1b:3d:d6:78:24:a7:d9:8c:0e:2c:
                    6c:ab:78:6e:37:d4:dd:b7:52:c9:6a:11:dc:0d:36:
                    11:24:a9:8e:b9:cc:6f:7e:4a:8b:59:1b:bb:28:87:
                    0e:5d:7c:aa:de:e0:fa:09:ff:b2:0c:f6:e5:e2:b2:
                    ed:be:b4:50:be:0e:a7:4e:8b:73:2c:9a:e7:3c:5e:
                    f8:dc:93:79:03:d8:ae:dd:36:a6:40:68:b8:4e:e3:
                    9e:29:64:5e:db:e2:f4:15:f4:50:9b:05:81:ec:07:
                    da:d7:be:c1:7f:ab:24:dd:97:ca:06:6b:bc:84:64:
                    06:c4:0b:d8:fc:77:83:ef:13:82:18:47:64:d8:5e:
                    03:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D9:F3:DF:EF:1D:6A:0E:0C:AD:A3:4F:2D:50:3F:79:86:2A:C1:B7
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ptnz3-8dag4MraNPLVA_eYYqwbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.90.0-213.145.93.255

    Signature Algorithm: sha256WithRSAEncryption
         88:3b:9e:ed:0b:20:af:d3:00:3a:6d:c7:68:95:a2:ed:c4:64:
         51:51:e5:e2:41:55:3a:29:01:29:02:f9:b5:dd:06:6a:52:9a:
         35:75:bd:ac:9d:23:3a:87:d2:69:e2:34:24:f2:96:f8:76:bd:
         ff:f9:d5:14:54:e6:9e:70:3c:16:ee:cf:fa:f4:ec:ef:1d:7c:
         72:24:56:ba:44:59:d7:59:c7:cc:f1:87:f6:48:67:8e:22:2b:
         48:bb:36:62:60:93:93:a7:36:5e:a8:cb:35:87:dc:96:fe:4e:
         c7:55:c9:0a:63:d6:22:50:9c:10:29:a2:b8:fa:6b:b7:26:7e:
         da:ed:59:bf:89:cb:6a:91:72:f3:85:2a:ad:84:c7:b1:9e:b4:
         7d:cc:8a:45:e1:b5:88:82:c9:bf:93:50:83:c7:32:08:73:96:
         27:70:4f:f0:d3:a6:1e:5d:bf:7e:3e:79:50:da:24:38:19:9a:
         f2:f7:28:39:de:38:d9:65:fd:d8:64:18:3d:a7:2c:aa:cf:07:
         61:6b:af:56:ec:9e:44:8d:05:e9:c8:18:21:26:82:24:08:63:
         e5:e8:c7:62:f4:19:e7:44:ab:7a:cf:7c:7e:e4:7a:e7:41:9d:
         e4:ce:88:d9:d1:1e:e9:96:41:cd:8d:88:d9:59:21:47:56:7b:
         c5:99:bd:01
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbfPe64Y+mFUD1Z9x+3M8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ5ZjNkZmVmMWQ2YTBlMGNhZGEzNGYyZDUwM2Y3OTg2MmFjMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn9kK0bSj7l3/oinugENXDudYCTb
A/CHWGWTVgvmZDtUsy5M5c1b8ujzsSWUwfBSKo6zcbkb9xQijKnLEQfG9EfqAxKL
xl5XOtJJFJe0dO/gRYI9tpFtIL+A0IA7L+OSER/JxiGVA4TUAwFu6niHH4fkbo9H
uzpmrSFX+xs91ngkp9mMDixsq3huN9Tdt1LJahHcDTYRJKmOucxvfkqLWRu7KIcO
XXyq3uD6Cf+yDPbl4rLtvrRQvg6nTotzLJrnPF743JN5A9iu3TamQGi4TuOeKWRe
2+L0FfRQmwWB7Afa177Bf6sk3ZfKBmu8hGQGxAvY/HeD7xOCGEdk2F4DEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD7Z89/vHWoODK2jTy1QP3mGKsG3MB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvUHRuejMtOGRhZzRNcmFOUExWQV9lWVlxd2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHVkVoD
BAHVkVwwDQYJKoZIhvcNAQELBQADggEBAIg7nu0LIK/TADptx2iVou3EZFFR5eJB
VTopASkC+bXdBmpSmjV1vaydIzqH0mniNCTylvh2vf/51RRU5p5wPBbuz/r07O8d
fHIkVrpEWddZx8zxh/ZIZ44iK0i7NmJgk5OnNl6oyzWH3Jb+TsdVyQpj1iJQnBAp
orj6a7cmftrtWb+Jy2qRcvOFKq2Ex7GetH3MikXhtYiCyb+TUIPHMghzlidwT/DT
ph5dv34+eVDaJDgZmvL3KDneONll/dhkGD2nLKrPB2Frr1bsnkSNBenIGCEmgiQI
Y+Xox2L0GedEq3rPfH7keudBneTOiNnRHumWQc2NiNlZIUdWe8WZvQE=
-----END CERTIFICATE-----