Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/fNLM3sd5o4-EbU3MFJj3K9ywApY.roa
File:                     fNLM3sd5o4-EbU3MFJj3K9ywApY.roa (raw, json)
Hash identifier:          12pz5I7Sh3dIOkQ5sO1pgeWgLJVFHD/W8C4PXV5qT1E=
Subject key identifier:   7C:D2:CC:DE:C7:79:A3:8F:84:6D:4D:CC:14:98:F7:2B:DC:B0:02:96
Certificate issuer:       /CN=46eb11af9355da9a2b5df73ecdd7fd0967a4b58c
Certificate serial:       01903092074A2246A8D455F49647483236A9
Authority key identifier: 46:EB:11:AF:93:55:DA:9A:2B:5D:F7:3E:CD:D7:FD:09:67:A4:B5:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/fNLM3sd5o4-EbU3MFJj3K9ywApY.roa
Signing time:             Wed 19 Jun 2024 12:56:34 +0000
ROA not before:           Wed 19 Jun 2024 12:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200678
IP address blocks:        193.104.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:92:07:4a:22:46:a8:d4:55:f4:96:47:48:32:36:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46eb11af9355da9a2b5df73ecdd7fd0967a4b58c
        Validity
            Not Before: Jun 19 12:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cd2ccdec779a38f846d4dcc1498f72bdcb00296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:05:82:6b:6b:bb:28:e4:e5:dd:5d:5b:af:03:
                    ea:16:db:dd:61:6b:15:96:d4:0a:52:2a:46:01:5f:
                    e3:f2:ee:16:d9:57:59:d1:8b:d5:01:b9:86:10:78:
                    a8:99:6a:33:34:ba:ff:12:e4:35:bc:b1:ac:bd:57:
                    bb:9b:eb:ac:ca:8e:73:c5:d5:98:96:6f:2f:ce:58:
                    f9:0b:67:59:3b:93:de:d1:d5:38:a3:22:db:9d:07:
                    5e:b0:95:13:5b:6f:2d:f0:72:77:6e:52:16:7e:8b:
                    6c:19:98:ff:37:d7:74:cb:08:89:19:e8:c1:7c:4b:
                    6e:ec:6a:90:89:40:5b:bc:2f:54:e7:92:a0:51:88:
                    63:f0:c5:4c:4b:1c:2b:e3:bd:ba:3c:f0:a0:82:49:
                    63:ed:9d:a2:b1:4c:4f:1e:81:91:6d:d8:b8:a0:e3:
                    3c:f6:04:2d:1f:65:4b:dd:58:3e:df:48:b2:52:a3:
                    10:89:00:02:ad:ee:db:dc:2c:68:58:94:c7:5e:fe:
                    63:80:b6:9c:f7:f3:fa:04:64:ab:f4:9c:4e:d8:75:
                    da:8d:93:ec:b1:a4:80:7a:97:7e:41:57:cf:2a:f2:
                    b3:29:42:cc:10:6a:e8:db:65:06:e5:ed:b3:4f:ec:
                    f5:85:1f:3e:30:70:11:55:38:62:5f:f7:f8:be:8a:
                    1d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D2:CC:DE:C7:79:A3:8F:84:6D:4D:CC:14:98:F7:2B:DC:B0:02:96
            X509v3 Authority Key Identifier:
                keyid:46:EB:11:AF:93:55:DA:9A:2B:5D:F7:3E:CD:D7:FD:09:67:A4:B5:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/fNLM3sd5o4-EbU3MFJj3K9ywApY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e8:dd:cd:db:b3:76:f3:5f:44:ea:b9:3b:32:cd:bc:36:95:
         fa:20:9c:84:ef:f9:69:9b:31:38:44:07:b2:b2:08:5b:77:df:
         0d:e2:59:c5:e4:51:04:fd:80:aa:07:2b:12:a8:e7:c9:1e:09:
         ac:c2:30:af:cc:09:da:a3:62:67:fa:79:83:32:2a:96:4c:cf:
         ff:2a:e0:cb:ba:88:6a:f0:7a:55:1d:61:3f:40:3d:1e:50:3c:
         3d:cb:b0:14:37:8d:df:54:71:13:d3:57:49:50:30:b4:67:84:
         f5:2b:c8:9c:3a:97:3d:13:09:7a:4e:2b:cd:da:c2:aa:95:19:
         f4:63:05:75:7b:11:34:0c:fe:76:f6:1a:1a:73:cd:58:c1:4c:
         65:cd:c5:0e:f9:d6:ce:53:b6:95:55:82:90:21:18:42:dc:7b:
         bb:9f:b7:0d:d1:35:e4:09:b8:7d:97:44:6e:84:d4:50:cf:3d:
         31:50:38:a0:17:8c:43:45:b6:e4:a4:d3:62:02:7e:fc:92:14:
         93:cf:ed:0b:84:f7:d0:45:dd:4d:d7:48:7f:23:35:d7:38:45:
         8c:c9:e9:66:8f:63:5b:02:42:56:79:80:fb:66:b6:22:d6:84:
         5e:a0:20:0f:d4:11:66:6b:4e:51:c8:88:8a:81:57:8f:2b:a2:
         d5:2d:98:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAwkgdKIkao1FX0lkdIMjapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWIxMWFmOTM1NWRhOWEyYjVkZjczZWNkZDdmZDA5Njdh
NGI1OGMwHhcNMjQwNjE5MTI1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2QyY2NkZWM3NzlhMzhmODQ2ZDRkY2MxNDk4ZjcyYmRjYjAwMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAWCa2u7KOTl3V1brwPqFtvdYWsV
ltQKUipGAV/j8u4W2VdZ0YvVAbmGEHiomWozNLr/EuQ1vLGsvVe7m+usyo5zxdWY
lm8vzlj5C2dZO5Pe0dU4oyLbnQdesJUTW28t8HJ3blIWfotsGZj/N9d0ywiJGejB
fEtu7GqQiUBbvC9U55KgUYhj8MVMSxwr4726PPCggklj7Z2isUxPHoGRbdi4oOM8
9gQtH2VL3Vg+30iyUqMQiQACre7b3CxoWJTHXv5jgLac9/P6BGSr9JxO2HXajZPs
saSAepd+QVfPKvKzKULMEGro22UG5e2zT+z1hR8+MHARVThiX/f4voodGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzSzN7HeaOPhG1NzBSY9yvcsAKWMB8GA1UdIwQY
MBaAFEbrEa+TVdqaK133Ps3X/QlnpLWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnVzUnI1TlYycG9yWGZjLXpkZjlDV2VrdFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xYTQzZjAtYzAyNy00ZmRjLTg1MTUt
NDVmNDk2ZjJmZTc1LzEvZk5MTTNzZDVvNC1FYlUzTUZKajNLOXl3QXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xYTQzZjAtYzAyNy00ZmRjLTg1MTUtNDVmNDk2ZjJmZTc1
LzEvUnVzUnI1TlYycG9yWGZjLXpkZjlDV2VrdFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWisMA0G
CSqGSIb3DQEBCwUAA4IBAQAk6N3N27N2819E6rk7Ms28NpX6IJyE7/lpmzE4RAey
sghbd98N4lnF5FEE/YCqBysSqOfJHgmswjCvzAnao2Jn+nmDMiqWTM//KuDLuohq
8HpVHWE/QD0eUDw9y7AUN43fVHET01dJUDC0Z4T1K8icOpc9Ewl6TivN2sKqlRn0
YwV1exE0DP529hoac81YwUxlzcUO+dbOU7aVVYKQIRhC3Hu7n7cN0TXkCbh9l0Ru
hNRQzz0xUDigF4xDRbbkpNNiAn78khSTz+0LhPfQRd1N10h/IzXXOEWMyelmj2Nb
AkJWeYD7ZrYi1oReoCAP1BFma05RyIiKgVePK6LVLZjL
-----END CERTIFICATE-----