Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/3SqeyhbLlyrdxkywMNau9EszbLc.roa
File:                     3SqeyhbLlyrdxkywMNau9EszbLc.roa (raw, json)
Hash identifier:          q4tLbTqFnx7GPymLqFNKHbXx1nw5Ij5o1QAKQC0yLvQ=
Subject key identifier:   DD:2A:9E:CA:16:CB:97:2A:DD:C6:4C:B0:30:D6:AE:F4:4B:33:6C:B7
Certificate issuer:       /CN=7626359949cecf2418c5a2db21acab85dd9193d8
Certificate serial:       018CC86EFEB17272CC971EB683DB08D8CF38
Authority key identifier: 76:26:35:99:49:CE:CF:24:18:C5:A2:DB:21:AC:AB:85:DD:91:93:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/3SqeyhbLlyrdxkywMNau9EszbLc.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        193.43.16.0/24 maxlen: 24
                          193.43.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fe:b1:72:72:cc:97:1e:b6:83:db:08:d8:cf:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7626359949cecf2418c5a2db21acab85dd9193d8
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd2a9eca16cb972addc64cb030d6aef44b336cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d3:9e:58:fa:41:20:40:b2:e6:88:8e:82:7b:
                    8f:da:b0:c8:d5:c1:c7:80:3d:39:89:75:54:fc:61:
                    f0:96:1a:26:1e:44:ba:77:04:0e:86:3b:6f:a9:f4:
                    47:1f:ae:9f:fb:bf:dc:7d:a2:47:76:ff:b5:a3:14:
                    e5:4c:e2:f0:86:f7:8d:04:4a:36:4f:0e:ea:44:db:
                    49:67:9c:80:28:69:ef:76:36:f0:89:2e:31:8c:ec:
                    c8:ab:19:6b:aa:f2:88:fa:04:d5:08:6e:1a:d6:66:
                    e2:2e:40:fd:aa:95:73:b0:97:f7:42:a1:a5:74:43:
                    79:c7:a6:33:42:60:7b:57:97:8e:d0:38:fa:a9:60:
                    23:14:46:32:8a:df:fe:29:37:2f:ee:bb:1d:1f:dc:
                    53:f2:e5:e6:13:ec:6b:f0:70:b2:76:67:fc:68:ee:
                    ec:be:5e:40:79:81:a4:70:01:ca:93:0c:4e:7a:d7:
                    9b:79:73:c3:a6:71:c0:56:a7:75:3d:68:5a:17:2e:
                    4b:2b:67:d1:2f:f1:bf:be:7c:ae:d8:b4:f2:75:ad:
                    c4:07:31:e0:80:65:45:ca:e0:28:f0:14:a3:71:38:
                    41:53:88:96:a5:e7:25:17:97:c0:3c:c9:9c:4b:97:
                    82:32:c0:0f:d3:2a:2a:4a:d0:ca:81:87:75:e7:7c:
                    1d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2A:9E:CA:16:CB:97:2A:DD:C6:4C:B0:30:D6:AE:F4:4B:33:6C:B7
            X509v3 Authority Key Identifier:
                keyid:76:26:35:99:49:CE:CF:24:18:C5:A2:DB:21:AC:AB:85:DD:91:93:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/3SqeyhbLlyrdxkywMNau9EszbLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:45:e4:a7:88:c4:00:ee:8c:3a:b8:fc:fb:d1:23:56:74:e0:
         78:71:ec:49:35:5a:2e:76:50:21:81:54:6c:e8:fe:05:d5:cd:
         7e:08:42:5c:d7:fc:8d:1c:8e:fd:c1:9e:f3:99:56:55:44:54:
         68:94:2e:89:78:2c:5c:bf:68:89:f1:02:79:f4:27:04:cd:05:
         62:c9:ab:3a:97:d7:92:89:e1:a3:4d:52:7d:95:96:49:db:8c:
         24:74:25:16:7e:1a:b8:19:0b:59:5b:fb:f3:40:1b:2e:4c:26:
         3f:c5:d8:23:6d:a8:d1:34:d5:6b:fa:ee:b0:b7:a7:c5:17:69:
         9b:7c:4b:85:10:39:9b:1a:d5:92:b5:06:52:fd:db:0f:b3:df:
         63:d6:22:6f:e3:ab:06:45:69:ae:06:28:86:3a:a0:16:ff:09:
         0f:fc:00:89:90:3c:e6:9a:2c:dd:cd:f2:c8:b9:3e:9c:22:2c:
         26:8d:fc:f3:21:4f:d3:84:1d:f8:c9:89:8f:4d:a8:06:c9:40:
         9a:b1:af:99:15:66:43:12:e1:69:c7:41:15:ec:9e:09:9d:df:
         06:3a:35:be:b5:8b:e2:db:5a:a3:ff:11:75:22:70:ed:4f:57:
         6b:31:6b:8c:6d:87:ea:5f:31:2b:09:f0:f9:69:57:8a:74:a2:
         21:e3:61:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv6xcnLMlx62g9sI2M84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MjYzNTk5NDljZWNmMjQxOGM1YTJkYjIxYWNhYjg1ZGQ5
MTkzZDgwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJhOWVjYTE2Y2I5NzJhZGRjNjRjYjAzMGQ2YWVmNDRiMzM2Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitOeWPpBIECy5oiOgnuP2rDI1cHH
gD05iXVU/GHwlhomHkS6dwQOhjtvqfRHH66f+7/cfaJHdv+1oxTlTOLwhveNBEo2
Tw7qRNtJZ5yAKGnvdjbwiS4xjOzIqxlrqvKI+gTVCG4a1mbiLkD9qpVzsJf3QqGl
dEN5x6YzQmB7V5eO0Dj6qWAjFEYyit/+KTcv7rsdH9xT8uXmE+xr8HCydmf8aO7s
vl5AeYGkcAHKkwxOetebeXPDpnHAVqd1PWhaFy5LK2fRL/G/vnyu2LTyda3EBzHg
gGVFyuAo8BSjcThBU4iWpeclF5fAPMmcS5eCMsAP0yoqStDKgYd153wdVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0qnsoWy5cq3cZMsDDWrvRLM2y3MB8GA1UdIwQY
MBaAFHYmNZlJzs8kGMWi2yGsq4XdkZPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGlZMW1Vbk96eVFZeGFMYklheXJoZDJSazlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jM2MxM2UtOGY2MS00ZGZlLTk1MmMt
YzgwNDA4M2U3ZDQ5LzEvM1NxZXloYkxseXJkeGt5d01OYXU5RXN6YkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jM2MxM2UtOGY2MS00ZGZlLTk1MmMtYzgwNDA4M2U3ZDQ5
LzEvZGlZMW1Vbk96eVFZeGFMYklheXJoZDJSazlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSsQMA0G
CSqGSIb3DQEBCwUAA4IBAQBBReSniMQA7ow6uPz70SNWdOB4cexJNVoudlAhgVRs
6P4F1c1+CEJc1/yNHI79wZ7zmVZVRFRolC6JeCxcv2iJ8QJ59CcEzQViyas6l9eS
ieGjTVJ9lZZJ24wkdCUWfhq4GQtZW/vzQBsuTCY/xdgjbajRNNVr+u6wt6fFF2mb
fEuFEDmbGtWStQZS/dsPs99j1iJv46sGRWmuBiiGOqAW/wkP/ACJkDzmmizdzfLI
uT6cIiwmjfzzIU/ThB34yYmPTagGyUCasa+ZFWZDEuFpx0EV7J4Jnd8GOjW+tYvi
21qj/xF1InDtT1drMWuMbYfqXzErCfD5aVeKdKIh42Hj
-----END CERTIFICATE-----