Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/axTIK1Cd6xNvIGQcZlJRMER2QFo.roa
File:                     axTIK1Cd6xNvIGQcZlJRMER2QFo.roa (raw, json)
Hash identifier:          qVieod/xg66m+9lc+me65CfGEYNPFENdxnCjhg2A7bM=
Subject key identifier:   6B:14:C8:2B:50:9D:EB:13:6F:20:64:1C:66:52:51:30:44:76:40:5A
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018D6904C395E3A94C14069F402B42BB6D87
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/axTIK1Cd6xNvIGQcZlJRMER2QFo.roa
Signing time:             Fri 02 Feb 2024 08:52:16 +0000
ROA not before:           Fri 02 Feb 2024 08:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        193.108.59.0/24 maxlen: 24
                          193.108.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:04:c3:95:e3:a9:4c:14:06:9f:40:2b:42:bb:6d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Feb  2 08:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b14c82b509deb136f20641c665251304476405a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b8:7a:4c:43:25:fd:05:77:8a:27:33:63:b1:
                    0a:d5:c2:1a:4c:d1:38:9c:fe:97:65:c0:10:60:fa:
                    49:2c:81:39:eb:69:0a:03:32:7f:4d:ad:c7:ca:f0:
                    2e:e4:49:ab:59:1c:59:0d:d3:ef:09:8c:f1:e7:3e:
                    03:4e:e0:df:df:60:d4:66:a5:46:ef:2a:97:97:c4:
                    be:e5:3d:31:19:3c:ba:25:42:17:38:45:07:06:0e:
                    14:4e:78:3a:f1:a1:8b:3c:9c:66:9e:0c:45:23:4a:
                    47:7b:61:f8:46:44:54:e3:ec:b2:68:03:7c:db:07:
                    80:02:78:2a:ee:9e:79:4b:a5:0d:5b:ba:57:83:18:
                    02:51:8a:1d:4b:ee:9d:11:bf:99:fc:19:56:8e:07:
                    68:6a:5a:d8:1a:d0:56:30:f0:6c:cc:6f:5d:f6:92:
                    23:94:cb:64:4d:9b:01:32:58:66:20:4f:59:92:32:
                    1c:23:9c:67:38:a9:36:6f:71:ea:27:79:79:ac:2b:
                    d4:4f:c4:7f:3c:4f:2e:59:65:2f:27:c3:6b:77:67:
                    bf:34:7b:fd:99:07:da:52:5d:ac:13:43:1b:13:00:
                    38:ac:ce:4e:2c:51:dd:91:9f:53:e0:90:be:33:26:
                    e4:7e:d3:73:11:b7:54:fd:07:17:08:e8:01:53:b4:
                    b1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:14:C8:2B:50:9D:EB:13:6F:20:64:1C:66:52:51:30:44:76:40:5A
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/axTIK1Cd6xNvIGQcZlJRMER2QFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.59.0/24
                  193.108.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:8f:19:c5:32:b4:e1:3c:8e:40:eb:04:ba:9f:86:27:f1:21:
         4a:fd:af:f7:ef:98:e5:f9:eb:07:cb:b0:f8:5f:37:5c:19:a5:
         74:52:94:b1:01:5d:fd:12:7f:8e:2a:ce:97:dd:36:0f:13:56:
         e4:dc:6b:02:6f:0a:37:20:1d:ad:d8:6b:0b:69:dd:d6:6f:a2:
         91:68:e2:9b:11:e2:c1:e8:a4:71:08:6f:0a:48:d5:64:3d:8a:
         fa:d5:73:e9:19:2b:28:5e:2f:e6:17:ba:4f:f7:69:d2:4d:c1:
         88:33:66:69:da:49:8f:bf:d1:31:12:a2:71:bf:f5:95:d8:7b:
         14:e9:8a:12:f9:0d:ca:9b:42:b9:02:82:bd:ef:a3:ba:3d:e7:
         43:8b:42:83:4b:0d:17:0c:22:19:d3:43:69:69:06:d0:cc:37:
         01:7f:30:3d:1e:4e:de:dd:6b:fc:8c:ae:c5:c5:0a:c6:d1:98:
         3c:bc:32:e8:5a:b1:87:01:09:22:39:1d:92:be:9d:7a:18:3a:
         5b:c3:13:d3:3d:4a:eb:2a:e7:e4:2e:f8:18:f2:d0:6c:4a:bd:
         e7:c0:49:c9:04:37:a9:bd:35:29:44:c4:7f:3e:db:e2:74:2e:
         df:75:69:de:1c:55:f2:68:8c:07:c3:c0:d7:44:42:6b:57:63:
         ee:2f:33:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1pBMOV46lMFAafQCtCu22HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMjAyMDg1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjE0YzgyYjUwOWRlYjEzNmYyMDY0MWM2NjUyNTEzMDQ0NzY0MDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLh6TEMl/QV3iiczY7EK1cIaTNE4
nP6XZcAQYPpJLIE562kKAzJ/Ta3HyvAu5EmrWRxZDdPvCYzx5z4DTuDf32DUZqVG
7yqXl8S+5T0xGTy6JUIXOEUHBg4UTng68aGLPJxmngxFI0pHe2H4RkRU4+yyaAN8
2weAAngq7p55S6UNW7pXgxgCUYodS+6dEb+Z/BlWjgdoalrYGtBWMPBszG9d9pIj
lMtkTZsBMlhmIE9ZkjIcI5xnOKk2b3HqJ3l5rCvUT8R/PE8uWWUvJ8Nrd2e/NHv9
mQfaUl2sE0MbEwA4rM5OLFHdkZ9T4JC+MybkftNzEbdU/QcXCOgBU7SxTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGsUyCtQnesTbyBkHGZSUTBEdkBaMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvYXhUSUsxQ2Q2eE52SUdRY1psSlJNRVIyUUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWw7AwQA
wWxpMA0GCSqGSIb3DQEBCwUAA4IBAQCCjxnFMrThPI5A6wS6n4Yn8SFK/a/375jl
+esHy7D4XzdcGaV0UpSxAV39En+OKs6X3TYPE1bk3GsCbwo3IB2t2GsLad3Wb6KR
aOKbEeLB6KRxCG8KSNVkPYr61XPpGSsoXi/mF7pP92nSTcGIM2Zp2kmPv9ExEqJx
v/WV2HsU6YoS+Q3Km0K5AoK976O6PedDi0KDSw0XDCIZ00NpaQbQzDcBfzA9Hk7e
3Wv8jK7FxQrG0Zg8vDLoWrGHAQkiOR2Svp16GDpbwxPTPUrrKufkLvgY8tBsSr3n
wEnJBDepvTUpRMR/PtvidC7fdWneHFXyaIwHw8DXREJrV2PuLzOm
-----END CERTIFICATE-----