Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/N0EXMcuSENft-sYbn_i8FYcM6-M.roa
File:                     N0EXMcuSENft-sYbn_i8FYcM6-M.roa (raw, json)
Hash identifier:          4SA7nmV2INvXH/6frFLC+q9IoS8fAwAIvHL0EsnBKgE=
Subject key identifier:   37:41:17:31:CB:92:10:D7:ED:FA:C6:1B:9F:F8:BC:15:87:0C:EB:E3
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0192962AF9DCF5AD1B02C065E3E0D4CA107B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/N0EXMcuSENft-sYbn_i8FYcM6-M.roa
Signing time:             Wed 16 Oct 2024 16:30:51 +0000
ROA not before:           Wed 16 Oct 2024 16:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215096
IP address blocks:        193.233.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:2a:f9:dc:f5:ad:1b:02:c0:65:e3:e0:d4:ca:10:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Oct 16 16:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37411731cb9210d7edfac61b9ff8bc15870cebe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:2e:df:1a:08:83:8c:f9:d5:fd:eb:b0:f1:
                    6e:68:57:a8:57:04:3e:41:12:bb:0a:cd:46:01:0c:
                    76:f2:c1:aa:22:8a:77:30:21:a4:15:84:5c:18:ce:
                    64:5c:eb:fc:a7:41:ff:d9:9c:b2:e0:8a:a4:fb:09:
                    b6:26:cb:40:b2:5e:71:90:33:e2:ec:27:7a:11:11:
                    f8:61:65:d6:77:d2:3a:30:f1:5e:42:db:2c:a0:a6:
                    65:26:e3:62:18:ae:7d:9d:33:58:f5:3d:ea:a9:79:
                    fb:5f:86:7f:8f:cb:fa:1f:0d:25:28:d4:04:d8:31:
                    18:69:a6:1c:92:5d:57:9c:01:14:ba:a9:d0:00:36:
                    dc:a3:e4:d7:da:76:dd:61:57:88:f3:1f:25:24:e7:
                    2b:d8:51:1b:48:b8:db:93:a0:49:b3:3c:4a:e0:ba:
                    06:da:bf:ff:29:f8:f8:a5:0e:5a:e4:76:05:e8:0e:
                    6a:52:af:c0:58:c0:72:27:97:1a:90:82:8e:15:d2:
                    63:04:b4:3c:2a:24:2b:db:8c:23:66:af:c7:8c:01:
                    6c:a7:f5:f6:56:86:f8:30:7d:c5:80:c6:16:ca:c7:
                    9d:e1:23:8b:ab:5b:a0:40:33:57:fe:4b:d9:30:86:
                    09:db:78:3b:81:81:76:63:7c:2a:32:26:70:ba:84:
                    68:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:41:17:31:CB:92:10:D7:ED:FA:C6:1B:9F:F8:BC:15:87:0C:EB:E3
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/N0EXMcuSENft-sYbn_i8FYcM6-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:13:42:b7:be:d7:e4:27:ad:36:a3:0c:37:19:c1:47:60:b4:
         d8:2f:33:3e:5f:ab:ee:d5:7c:fa:62:93:4e:fc:f9:61:bf:06:
         af:44:bc:3e:56:4e:33:3e:8b:fe:86:14:4c:30:ad:a5:3d:62:
         b7:b2:df:83:71:8a:ee:d3:ac:48:10:65:56:9b:da:b2:59:32:
         7f:5a:7b:cd:2b:3b:66:21:ec:a8:46:68:06:b8:2b:6b:89:ce:
         8e:7a:b9:ab:ff:2f:47:2f:f4:dd:86:c4:0f:cb:25:5f:26:8b:
         c0:7a:e8:e1:be:06:3e:17:64:7a:bd:c0:52:e9:d0:bc:11:84:
         5c:89:2f:60:1b:63:c9:0d:d2:48:df:7b:98:0b:c1:ba:8b:11:
         14:d7:16:ba:e0:3b:45:94:32:b5:e8:29:7b:f5:73:fe:9d:06:
         58:b4:4d:0a:96:8f:e4:0c:79:b7:d4:e7:47:f9:08:2a:31:f0:
         b3:aa:0d:86:a4:b1:3c:a0:1f:e0:0b:89:79:ee:90:1b:a2:d4:
         ab:8f:36:0f:6c:d2:c9:e3:d4:98:b3:57:7a:6d:a2:df:04:91:
         5e:d7:2f:d3:fb:c0:af:1f:f6:f4:32:60:5d:4d:1e:e7:3b:e3:
         7e:f7:84:6e:f8:9a:64:d3:8a:2b:ab:e2:8d:2f:92:34:91:27:
         45:8a:f0:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKWKvnc9a0bAsBl4+DUyhB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQxMDE2MTYzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQxMTczMWNiOTIxMGQ3ZWRmYWM2MWI5ZmY4YmMxNTg3MGNlYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwucu3xoIg4z51f3rsPFuaFeoVwQ+
QRK7Cs1GAQx28sGqIop3MCGkFYRcGM5kXOv8p0H/2Zyy4Iqk+wm2JstAsl5xkDPi
7Cd6ERH4YWXWd9I6MPFeQtssoKZlJuNiGK59nTNY9T3qqXn7X4Z/j8v6Hw0lKNQE
2DEYaaYckl1XnAEUuqnQADbco+TX2nbdYVeI8x8lJOcr2FEbSLjbk6BJszxK4LoG
2r//Kfj4pQ5a5HYF6A5qUq/AWMByJ5cakIKOFdJjBLQ8KiQr24wjZq/HjAFsp/X2
Vob4MH3FgMYWysed4SOLq1ugQDNX/kvZMIYJ23g7gYF2Y3wqMiZwuoRoiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdBFzHLkhDX7frGG5/4vBWHDOvjMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvTjBFWE1jdVNFTmZ0LXNZYm5faThGWWNNNi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwentMA0G
CSqGSIb3DQEBCwUAA4IBAQCCE0K3vtfkJ602oww3GcFHYLTYLzM+X6vu1Xz6YpNO
/PlhvwavRLw+Vk4zPov+hhRMMK2lPWK3st+DcYru06xIEGVWm9qyWTJ/WnvNKztm
IeyoRmgGuCtric6Oermr/y9HL/TdhsQPyyVfJovAeujhvgY+F2R6vcBS6dC8EYRc
iS9gG2PJDdJI33uYC8G6ixEU1xa64DtFlDK16Cl79XP+nQZYtE0Klo/kDHm31OdH
+QgqMfCzqg2GpLE8oB/gC4l57pAbotSrjzYPbNLJ49SYs1d6baLfBJFe1y/T+8Cv
H/b0MmBdTR7nO+N+94Ru+Jpk04orq+KNL5I0kSdFivBM
-----END CERTIFICATE-----