Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/808eb-9aLu41roSMSaHO8r-sCJ0.roa
File:                     808eb-9aLu41roSMSaHO8r-sCJ0.roa (raw, json)
Hash identifier:          rCM5eGiyr6wuq7y0i6XZdzgH6YJOrFxOSIfhu9ZqAu0=
Subject key identifier:   F3:4F:1E:6F:EF:5A:2E:EE:35:AE:84:8C:49:A1:CE:F2:BF:AC:08:9D
Certificate issuer:       /CN=7626359949cecf2418c5a2db21acab85dd9193d8
Certificate serial:       0194221F90B17EDDF8628449465B036C6709
Authority key identifier: 76:26:35:99:49:CE:CF:24:18:C5:A2:DB:21:AC:AB:85:DD:91:93:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/808eb-9aLu41roSMSaHO8r-sCJ0.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12874
IP address blocks:        193.43.16.0/24 maxlen: 24
                          193.43.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:90:b1:7e:dd:f8:62:84:49:46:5b:03:6c:67:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7626359949cecf2418c5a2db21acab85dd9193d8
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f34f1e6fef5a2eee35ae848c49a1cef2bfac089d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d5:e1:74:e6:5d:c3:4f:1e:5d:7a:5a:12:b3:
                    5e:c3:1f:21:72:61:f4:18:69:45:e5:f0:89:7c:ae:
                    31:72:20:d5:3e:43:32:85:b5:e4:29:d0:f7:7a:ec:
                    5a:6f:a3:ea:18:8c:ff:7e:5f:48:1f:14:5d:fb:01:
                    5f:99:ae:c2:0f:ab:c3:df:e7:19:09:c9:0a:3c:0f:
                    87:26:11:67:1f:1f:06:f7:23:e8:b8:df:ae:6f:b4:
                    49:71:d1:a1:3a:20:7d:a0:59:7d:a6:a1:af:b6:8e:
                    0d:10:f5:d4:69:3d:ba:ad:2e:8e:bf:7e:23:43:2d:
                    8a:f9:6b:a9:2c:aa:df:ad:8b:07:1b:e8:cc:a8:a4:
                    bc:e9:a4:be:5d:ec:24:c5:50:1c:1e:6f:ca:14:65:
                    e4:70:9e:50:07:b9:f8:e4:23:0a:ab:5a:2a:95:91:
                    08:ca:24:fd:34:68:73:89:e0:75:a2:21:0f:41:22:
                    2c:60:1b:54:94:14:ba:8b:db:7d:17:16:2d:c7:fc:
                    76:f6:9f:de:f4:b9:a8:ba:be:00:a4:9f:4c:d6:fb:
                    db:77:13:59:b8:30:74:1e:d6:b8:f1:99:86:af:97:
                    bd:6f:e3:f2:44:ea:c2:3a:f1:25:68:a4:c2:57:ed:
                    a5:20:76:b1:f7:83:14:4c:3b:51:0b:67:a6:38:2c:
                    a5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:4F:1E:6F:EF:5A:2E:EE:35:AE:84:8C:49:A1:CE:F2:BF:AC:08:9D
            X509v3 Authority Key Identifier:
                keyid:76:26:35:99:49:CE:CF:24:18:C5:A2:DB:21:AC:AB:85:DD:91:93:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/diY1mUnOzyQYxaLbIayrhd2Rk9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/808eb-9aLu41roSMSaHO8r-sCJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c3c13e-8f61-4dfe-952c-c804083e7d49/1/diY1mUnOzyQYxaLbIayrhd2Rk9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:a9:8b:49:b9:51:44:23:a9:ca:5a:46:b6:9b:2d:91:14:6d:
         cf:8c:8d:fb:a1:49:f7:93:62:10:48:d2:a7:dd:59:77:29:47:
         46:f7:96:b9:90:73:bd:88:c1:99:48:32:b0:99:40:68:1d:94:
         d1:43:dd:d7:8f:f6:99:c1:6c:77:ef:00:10:61:95:2b:6a:7f:
         83:72:50:82:b5:61:43:c1:fb:46:9d:71:4e:fe:75:8e:59:b0:
         94:9f:b6:a6:5d:86:90:6c:97:41:91:ec:47:13:53:dc:08:6f:
         9d:d9:8b:68:28:1c:87:36:7e:4f:fc:58:47:f1:64:33:68:9f:
         8f:64:e5:31:53:1e:d7:f3:2a:0b:06:6f:df:fa:27:a1:4d:81:
         2d:52:d0:26:7f:f0:ba:01:ec:30:6f:ea:8f:19:4c:2d:5a:6c:
         eb:bd:e0:cb:69:68:8f:0c:12:31:a6:28:a2:5e:66:b4:8a:85:
         e7:76:8d:ae:d0:9d:6c:2a:8b:67:38:9a:9a:8e:ac:21:85:ca:
         5b:fd:07:ad:35:1c:81:b3:73:c2:e1:f7:ee:ce:37:ba:16:06:
         b0:ba:ab:db:2b:0f:de:71:4a:aa:75:18:36:76:36:b2:97:02:
         77:eb:65:65:b1:64:5f:f7:eb:d2:2e:f5:46:31:70:02:27:d0:
         10:7b:2c:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5Cxft34YoRJRlsDbGcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MjYzNTk5NDljZWNmMjQxOGM1YTJkYjIxYWNhYjg1ZGQ5
MTkzZDgwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzRmMWU2ZmVmNWEyZWVlMzVhZTg0OGM0OWExY2VmMmJmYWMwODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9XhdOZdw08eXXpaErNewx8hcmH0
GGlF5fCJfK4xciDVPkMyhbXkKdD3euxab6PqGIz/fl9IHxRd+wFfma7CD6vD3+cZ
CckKPA+HJhFnHx8G9yPouN+ub7RJcdGhOiB9oFl9pqGvto4NEPXUaT26rS6Ov34j
Qy2K+WupLKrfrYsHG+jMqKS86aS+XewkxVAcHm/KFGXkcJ5QB7n45CMKq1oqlZEI
yiT9NGhzieB1oiEPQSIsYBtUlBS6i9t9FxYtx/x29p/e9Lmour4ApJ9M1vvbdxNZ
uDB0Hta48ZmGr5e9b+PyROrCOvElaKTCV+2lIHax94MUTDtRC2emOCyl/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNPHm/vWi7uNa6EjEmhzvK/rAidMB8GA1UdIwQY
MBaAFHYmNZlJzs8kGMWi2yGsq4XdkZPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGlZMW1Vbk96eVFZeGFMYklheXJoZDJSazlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jM2MxM2UtOGY2MS00ZGZlLTk1MmMt
YzgwNDA4M2U3ZDQ5LzEvODA4ZWItOWFMdTQxcm9TTVNhSE84ci1zQ0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jM2MxM2UtOGY2MS00ZGZlLTk1MmMtYzgwNDA4M2U3ZDQ5
LzEvZGlZMW1Vbk96eVFZeGFMYklheXJoZDJSazlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSsQMA0G
CSqGSIb3DQEBCwUAA4IBAQCIqYtJuVFEI6nKWka2my2RFG3PjI37oUn3k2IQSNKn
3Vl3KUdG95a5kHO9iMGZSDKwmUBoHZTRQ93Xj/aZwWx37wAQYZUran+DclCCtWFD
wftGnXFO/nWOWbCUn7amXYaQbJdBkexHE1PcCG+d2YtoKByHNn5P/FhH8WQzaJ+P
ZOUxUx7X8yoLBm/f+iehTYEtUtAmf/C6Aewwb+qPGUwtWmzrveDLaWiPDBIxpiii
Xma0ioXndo2u0J1sKotnOJqajqwhhcpb/QetNRyBs3PC4ffuzje6FgawuqvbKw/e
cUqqdRg2djaylwJ362VlsWRf9+vSLvVGMXACJ9AQeyxh
-----END CERTIFICATE-----