Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/qeskszLFf92erEy5IxfNDyxwzdw.roa
File:                     qeskszLFf92erEy5IxfNDyxwzdw.roa (raw, json)
Hash identifier:          xQX/g37jnrSJDbWtODn4//od1rW/zmfuLQ+EFKie/y4=
Subject key identifier:   A9:EB:24:B3:32:C5:7F:DD:9E:AC:4C:B9:23:17:CD:0F:2C:70:CD:DC
Certificate issuer:       /CN=04e32c43f969ba417ba36d0721b1d9d50624c40f
Certificate serial:       018ED2202A145DB45E604B7F2664D4EE2110
Authority key identifier: 04:E3:2C:43:F9:69:BA:41:7B:A3:6D:07:21:B1:D9:D5:06:24:C4:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BOMsQ_lpukF7o20HIbHZ1QYkxA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/qeskszLFf92erEy5IxfNDyxwzdw.roa
Signing time:             Fri 12 Apr 2024 11:45:06 +0000
ROA not before:           Fri 12 Apr 2024 11:45:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        193.36.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/BOMsQ_lpukF7o20HIbHZ1QYkxA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/BOMsQ_lpukF7o20HIbHZ1QYkxA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BOMsQ_lpukF7o20HIbHZ1QYkxA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:20:2a:14:5d:b4:5e:60:4b:7f:26:64:d4:ee:21:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04e32c43f969ba417ba36d0721b1d9d50624c40f
        Validity
            Not Before: Apr 12 11:45:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9eb24b332c57fdd9eac4cb92317cd0f2c70cddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:2d:93:79:d1:2e:f7:10:c0:48:cc:1a:07:
                    c0:83:f6:1c:d3:49:0f:c0:00:1b:a9:41:48:df:f6:
                    f9:40:bd:46:47:1a:e3:a3:9d:22:f4:4b:b0:a3:97:
                    49:8b:88:9a:ea:10:2c:8d:e1:8f:8d:8a:f8:3e:1b:
                    0d:0c:48:75:80:2a:2c:96:c0:dd:7d:26:36:f0:a8:
                    24:1f:c1:c3:c7:49:20:2a:1a:24:9b:57:97:2e:76:
                    15:cb:fa:40:a4:b1:cd:01:9c:66:86:15:1f:87:3e:
                    b9:8f:d3:55:71:e6:c8:99:fe:ae:be:ac:cc:1b:4f:
                    8d:30:6c:5a:78:c1:de:bf:76:49:ea:42:a5:23:05:
                    96:c2:8f:59:3b:1f:9b:ac:0b:09:87:92:f0:43:f1:
                    eb:96:41:f1:aa:ab:67:fb:4b:cc:54:11:27:32:7c:
                    6e:37:5d:0a:10:63:dd:ac:e4:2c:29:ed:90:e3:b1:
                    71:ce:32:9d:25:dd:ab:9e:c4:fc:f4:4d:df:a9:ed:
                    5c:77:02:d4:2c:a8:1d:c2:b4:f5:44:60:24:6c:51:
                    30:6b:f9:a7:5f:d7:60:f7:42:5c:46:0f:c3:4f:9b:
                    80:44:bc:9e:2b:05:13:db:1d:bd:12:73:c8:0e:2c:
                    e6:68:a4:c2:7c:4b:d9:e6:70:a8:17:00:c5:6c:ba:
                    5c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:EB:24:B3:32:C5:7F:DD:9E:AC:4C:B9:23:17:CD:0F:2C:70:CD:DC
            X509v3 Authority Key Identifier:
                keyid:04:E3:2C:43:F9:69:BA:41:7B:A3:6D:07:21:B1:D9:D5:06:24:C4:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BOMsQ_lpukF7o20HIbHZ1QYkxA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/qeskszLFf92erEy5IxfNDyxwzdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/316f15-bcb5-422c-92a0-826a48eefd96/1/BOMsQ_lpukF7o20HIbHZ1QYkxA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:bb:b3:39:e7:4f:4f:e3:0a:5e:7f:54:9c:43:7f:67:e0:f2:
         f2:fb:0a:bb:41:f2:9b:92:91:0a:56:21:02:48:48:a8:67:b2:
         d6:db:52:72:69:bc:11:d1:fb:ad:d5:15:22:07:a3:f9:bc:57:
         98:0d:41:72:92:c2:aa:4b:9d:a9:e3:be:90:96:31:03:90:bb:
         79:44:7d:ac:77:1f:11:9e:97:66:19:f7:92:7b:a8:d4:bf:79:
         04:30:35:b3:42:cd:60:a8:47:9d:ed:1a:ac:09:e8:76:c8:9b:
         84:ee:5c:10:83:ad:cd:57:82:d5:6c:04:0b:8d:c2:d6:c0:3f:
         2a:b9:5c:c7:24:80:bc:bc:23:f4:29:10:40:48:47:62:29:26:
         8f:66:c7:9a:8b:9e:c4:85:26:3c:4c:40:4b:21:63:30:c1:5d:
         ad:2e:43:61:ec:f8:49:51:4f:86:3d:10:4b:40:62:48:64:c4:
         32:5e:74:7e:ac:df:6f:44:2a:d4:0c:2b:70:f7:f0:74:b1:95:
         92:4e:71:a0:7b:4a:b7:3f:50:d8:1a:8e:bc:83:29:c8:cd:a9:
         a3:ed:69:2e:ca:77:9c:a2:b7:cc:83:34:3e:82:94:32:10:50:
         42:4a:3b:49:4e:5b:ab:aa:7a:f5:d9:d8:50:84:c8:64:bf:2d:
         7a:cc:9a:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7SICoUXbReYEt/JmTU7iEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZTMyYzQzZjk2OWJhNDE3YmEzNmQwNzIxYjFkOWQ1MDYy
NGM0MGYwHhcNMjQwNDEyMTE0NTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWViMjRiMzMyYzU3ZmRkOWVhYzRjYjkyMzE3Y2QwZjJjNzBjZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqygtk3nRLvcQwEjMGgfAg/Yc00kP
wAAbqUFI3/b5QL1GRxrjo50i9Euwo5dJi4ia6hAsjeGPjYr4PhsNDEh1gCoslsDd
fSY28KgkH8HDx0kgKhokm1eXLnYVy/pApLHNAZxmhhUfhz65j9NVcebImf6uvqzM
G0+NMGxaeMHev3ZJ6kKlIwWWwo9ZOx+brAsJh5LwQ/HrlkHxqqtn+0vMVBEnMnxu
N10KEGPdrOQsKe2Q47FxzjKdJd2rnsT89E3fqe1cdwLULKgdwrT1RGAkbFEwa/mn
X9dg90JcRg/DT5uARLyeKwUT2x29EnPIDizmaKTCfEvZ5nCoFwDFbLpcXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnrJLMyxX/dnqxMuSMXzQ8scM3cMB8GA1UdIwQY
MBaAFATjLEP5abpBe6NtByGx2dUGJMQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk9Nc1FfbHB1a0Y3bzIwSEliSFoxUVlreEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zMTZmMTUtYmNiNS00MjJjLTkyYTAt
ODI2YTQ4ZWVmZDk2LzEvcWVza3N6TEZmOTJlckV5NUl4Zk5EeXh3emR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zMTZmMTUtYmNiNS00MjJjLTkyYTAtODI2YTQ4ZWVmZDk2
LzEvQk9Nc1FfbHB1a0Y3bzIwSEliSFoxUVlreEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSTiMA0G
CSqGSIb3DQEBCwUAA4IBAQAeu7M5509P4wpef1ScQ39n4PLy+wq7QfKbkpEKViEC
SEioZ7LW21JyabwR0fut1RUiB6P5vFeYDUFyksKqS52p476QljEDkLt5RH2sdx8R
npdmGfeSe6jUv3kEMDWzQs1gqEed7RqsCeh2yJuE7lwQg63NV4LVbAQLjcLWwD8q
uVzHJIC8vCP0KRBASEdiKSaPZseai57EhSY8TEBLIWMwwV2tLkNh7PhJUU+GPRBL
QGJIZMQyXnR+rN9vRCrUDCtw9/B0sZWSTnGge0q3P1DYGo68gynIzamj7Wkuynec
orfMgzQ+gpQyEFBCSjtJTlurqnr12dhQhMhkvy16zJpd
-----END CERTIFICATE-----