Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa
File:                     k-3g_9R3mXsl4nTorpM2ZFWCp14.roa (raw, json)
Hash identifier:          OwH5/8aYrQTgtvDBhBVdmQmdKgzwBqHHhm8+WZuLMhY=
Subject key identifier:   93:ED:E0:FF:D4:77:99:7B:25:E2:74:E8:AE:93:36:64:55:82:A7:5E
Certificate issuer:       /CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Certificate serial:       018CC870A57D55156A7D908CF368AFC468C6
Authority key identifier: DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa
Signing time:             Tue 02 Jan 2024 04:31:14 +0000
ROA not before:           Tue 02 Jan 2024 04:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28788
IP address blocks:        62.133.192.0/18 maxlen: 18
                          193.16.234.0/24 maxlen: 24
                          2001:4128::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:04:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a5:7d:55:15:6a:7d:90:8c:f3:68:af:c4:68:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
        Validity
            Not Before: Jan  2 04:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93ede0ffd477997b25e274e8ae9336645582a75e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:34:39:96:61:70:41:08:dd:02:60:1b:6d:2d:
                    1c:c7:22:71:e4:1c:30:e7:b4:b0:a6:07:4b:7a:65:
                    84:bd:20:58:9a:28:eb:f4:b8:b6:0f:96:59:c2:55:
                    92:36:ea:c3:a8:aa:55:ff:4f:73:8d:58:7e:3f:65:
                    f2:04:6a:73:a0:f6:3d:31:62:92:57:67:aa:92:ca:
                    ec:1e:aa:84:80:a5:58:2d:1f:ff:f6:ac:a7:0e:43:
                    ae:36:7d:eb:8f:91:ce:c1:57:ad:36:5d:e4:45:dd:
                    55:4d:52:7a:d8:80:a0:0e:8f:bd:f7:5e:71:29:67:
                    23:cf:ed:47:41:f3:32:a0:b0:da:3a:3d:c7:43:9c:
                    10:12:ad:f3:87:3e:0d:ff:20:52:36:30:b9:ee:4a:
                    41:ab:d7:7d:32:71:9b:a0:da:ef:78:29:a1:5b:5d:
                    5e:1d:10:40:7f:1a:d8:b4:f4:6e:4c:13:7c:55:fc:
                    9f:11:72:1f:ff:da:14:e2:1b:59:36:6e:19:08:08:
                    1e:fe:99:6f:1a:7f:a5:dd:b7:4e:c6:4b:d4:9b:ba:
                    9f:c4:2a:5d:eb:9b:10:81:f6:e5:73:2f:df:d2:5f:
                    be:9c:7d:cc:20:c1:15:dd:b4:87:90:24:61:61:f1:
                    e0:27:7f:57:7f:e2:6a:c7:f4:d7:e5:2a:3c:eb:6f:
                    6c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:ED:E0:FF:D4:77:99:7B:25:E2:74:E8:AE:93:36:64:55:82:A7:5E
            X509v3 Authority Key Identifier:
                keyid:DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.133.192.0/18
                  193.16.234.0/24
                IPv6:
                  2001:4128::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:aa:9d:ea:9a:01:29:93:06:5c:86:c4:92:0b:c8:96:83:20:
         c0:03:74:5d:55:28:77:67:77:a7:b2:0c:be:b4:58:ad:eb:f3:
         52:12:e1:7f:4c:8e:ce:b9:6e:41:a1:e3:be:5b:f3:e3:07:c9:
         bf:a7:85:f9:d5:b8:8c:8d:5a:1a:c6:16:02:04:67:a8:63:5b:
         db:25:31:bf:bd:eb:2d:b5:21:e1:66:eb:d9:7c:91:83:7a:91:
         59:63:41:59:26:5e:0b:b1:a2:aa:f8:80:55:79:1b:de:d0:ca:
         61:85:73:96:4e:9c:9c:62:25:ba:5d:65:51:2f:0a:9c:e3:65:
         65:d9:97:11:23:4e:15:d4:79:21:97:05:41:7a:7b:1e:e7:b0:
         1e:5d:e7:1d:27:9d:99:d6:8b:a3:49:96:eb:e1:3c:72:a4:87:
         24:9b:ca:a9:a4:d0:de:ab:ed:3c:07:ae:55:65:c8:f1:00:1c:
         05:45:15:c0:f1:f5:08:ae:a9:e9:a0:80:0c:6a:4f:7e:5f:bd:
         ed:c7:27:ad:de:ce:43:e4:16:95:f8:75:14:cd:22:bd:36:40:
         5b:0e:fd:b2:68:12:92:e6:37:f3:68:b9:d4:6d:2b:d9:cd:fe:
         7e:5e:55:16:11:e1:e4:b3:f2:0a:52:4c:a7:3e:22:ac:97:50:
         44:99:4e:31
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIcKV9VRVqfZCM82ivxGjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2MyYmJhZjNlMGQ0MzQyYTAxNGY4YjcwZjg3M2NlZTlh
OGNhYzUwHhcNMjQwMTAyMDQzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2VkZTBmZmQ0Nzc5OTdiMjVlMjc0ZThhZTkzMzY2NDU1ODJhNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDQ5lmFwQQjdAmAbbS0cxyJx5Bww
57SwpgdLemWEvSBYmijr9Li2D5ZZwlWSNurDqKpV/09zjVh+P2XyBGpzoPY9MWKS
V2eqksrsHqqEgKVYLR//9qynDkOuNn3rj5HOwVetNl3kRd1VTVJ62ICgDo+9915x
KWcjz+1HQfMyoLDaOj3HQ5wQEq3zhz4N/yBSNjC57kpBq9d9MnGboNrveCmhW11e
HRBAfxrYtPRuTBN8VfyfEXIf/9oU4htZNm4ZCAge/plvGn+l3bdOxkvUm7qfxCpd
65sQgfblcy/f0l++nH3MIMEV3bSHkCRhYfHgJ39Xf+Jqx/TX5So8629sXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJPt4P/Ud5l7JeJ06K6TNmRVgqdeMB8GA1UdIwQY
MBaAFNvMK7rz4NQ0KgFPi3D4c87pqMrFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4Yzkt
ZjRkNWU4NGFjMWRkLzEvay0zZ185UjNtWHNsNG5Ub3JwTTJaRldDcDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4YzktZjRkNWU4NGFjMWRk
LzEvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGPoXAAwQA
wRDqMA0EAgACMAcDBQAgAUEoMA0GCSqGSIb3DQEBCwUAA4IBAQAtqp3qmgEpkwZc
hsSSC8iWgyDAA3RdVSh3Z3ensgy+tFit6/NSEuF/TI7OuW5BoeO+W/PjB8m/p4X5
1biMjVoaxhYCBGeoY1vbJTG/vesttSHhZuvZfJGDepFZY0FZJl4LsaKq+IBVeRve
0MphhXOWTpycYiW6XWVRLwqc42Vl2ZcRI04V1HkhlwVBense57AeXecdJ52Z1ouj
SZbr4TxypIckm8qppNDeq+08B65VZcjxABwFRRXA8fUIrqnpoIAMak9+X73txyet
3s5D5BaV+HUUzSK9NkBbDv2yaBKS5jfzaLnUbSvZzf5+XlUWEeHks/IKUkynPiKs
l1BEmU4x
-----END CERTIFICATE-----