Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/x2gGT4_MdOkwyLrxgiIWt-V46nM.roa
File:                     x2gGT4_MdOkwyLrxgiIWt-V46nM.roa (raw, json)
Hash identifier:          MsEo8AeyP8py9RJ1B18OCopZrTb7h0H9jO+y9iqTk8o=
Subject key identifier:   C7:68:06:4F:8F:CC:74:E9:30:C8:BA:F1:82:22:16:B7:E5:78:EA:73
Certificate issuer:       /CN=e0b54e33422ad3dd6ca93a18edd82e0b68c85a5c
Certificate serial:       01925134FC0020477B4A893B4AA16C2ADA4E
Authority key identifier: E0:B5:4E:33:42:2A:D3:DD:6C:A9:3A:18:ED:D8:2E:0B:68:C8:5A:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4LVOM0Iq091sqToY7dguC2jIWlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/x2gGT4_MdOkwyLrxgiIWt-V46nM.roa
Signing time:             Thu 03 Oct 2024 07:07:59 +0000
ROA not before:           Thu 03 Oct 2024 07:07:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21060
IP address blocks:        193.105.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/4LVOM0Iq091sqToY7dguC2jIWlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/4LVOM0Iq091sqToY7dguC2jIWlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4LVOM0Iq091sqToY7dguC2jIWlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:34:fc:00:20:47:7b:4a:89:3b:4a:a1:6c:2a:da:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0b54e33422ad3dd6ca93a18edd82e0b68c85a5c
        Validity
            Not Before: Oct  3 07:07:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c768064f8fcc74e930c8baf1822216b7e578ea73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5b:13:23:65:3f:6a:32:35:50:10:e1:21:00:
                    6a:c0:0a:37:d2:75:48:a7:1f:eb:0e:db:d6:e9:c4:
                    55:75:f4:ee:4a:0b:35:31:c7:eb:d6:9c:85:eb:45:
                    ee:69:e4:46:85:64:23:6f:59:56:23:c0:8d:a0:3c:
                    6f:f5:87:ea:95:5c:78:4b:58:ce:f7:54:65:ee:56:
                    13:49:25:e0:65:28:7a:cb:7f:21:cf:4a:48:52:b1:
                    df:4d:34:e7:8b:91:19:92:7a:06:8a:fe:34:f0:e5:
                    ee:83:62:73:9a:14:cc:b9:d9:4e:d9:34:51:e8:33:
                    e9:f0:b5:83:1c:ab:e9:55:d3:e8:65:6f:34:84:6f:
                    83:a5:b6:d5:ad:25:b6:39:cb:51:15:0f:c5:2e:20:
                    ee:e2:23:86:b9:4a:5b:b4:ac:88:de:f4:aa:8c:e2:
                    0f:d6:f5:72:57:a4:5a:c1:ea:14:63:06:8b:ab:3c:
                    93:ad:21:87:2d:fd:a6:34:66:41:4f:ff:66:b6:e4:
                    4d:1a:16:04:a1:0f:81:a4:f5:20:32:d8:a5:30:e3:
                    04:0e:9f:78:9b:87:53:3e:c0:fc:21:8c:ac:7d:0a:
                    4d:c2:22:79:e5:29:24:f8:d8:a3:3b:c5:ef:3e:60:
                    09:0b:6d:9d:77:4a:24:5d:02:58:69:19:6d:c9:42:
                    05:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:68:06:4F:8F:CC:74:E9:30:C8:BA:F1:82:22:16:B7:E5:78:EA:73
            X509v3 Authority Key Identifier:
                keyid:E0:B5:4E:33:42:2A:D3:DD:6C:A9:3A:18:ED:D8:2E:0B:68:C8:5A:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4LVOM0Iq091sqToY7dguC2jIWlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/x2gGT4_MdOkwyLrxgiIWt-V46nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/496bba-a6a3-4dd3-8f86-3cbb5e877791/1/4LVOM0Iq091sqToY7dguC2jIWlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:4c:35:1b:9c:21:d6:b0:0b:65:73:4d:e1:92:09:30:41:72:
         c6:68:38:89:c6:52:fe:71:ab:89:15:37:f6:54:7b:98:1c:35:
         eb:38:53:36:19:aa:37:89:c8:07:a1:ce:54:c8:c6:0a:d1:19:
         68:0e:90:0d:e7:c1:06:5b:44:4c:46:24:e8:01:86:30:db:a1:
         09:a9:cf:ff:24:a3:7f:5b:9a:dd:20:79:8e:31:1b:f6:b9:a4:
         84:12:a7:cf:24:be:63:b8:37:b9:43:e5:bf:75:83:ad:b1:5d:
         46:a4:65:d5:89:13:a3:36:fd:90:5f:f9:e9:33:7d:5f:ee:02:
         45:b8:d3:c8:fc:7c:3e:ef:5c:b6:64:ca:89:b1:c1:9d:7d:07:
         02:24:81:0d:56:c6:e1:b2:44:11:79:3f:d6:a2:ed:7f:77:cb:
         ab:b9:9c:f3:30:e3:8b:62:5c:46:79:89:28:d9:0e:06:32:60:
         9c:4c:be:04:4d:21:22:6d:d9:64:89:d6:46:28:71:1d:c9:c3:
         52:9e:ea:a8:4a:ca:4d:76:63:46:d6:ba:4f:f1:45:de:25:3c:
         a2:59:92:f6:23:00:7c:e6:ce:bf:6f:7c:37:06:f4:d4:5e:30:
         f0:ab:af:91:5d:59:15:ac:4d:6b:17:0f:04:32:9a:07:97:f4:
         8b:09:a2:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRNPwAIEd7Sok7SqFsKtpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYjU0ZTMzNDIyYWQzZGQ2Y2E5M2ExOGVkZDgyZTBiNjhj
ODVhNWMwHhcNMjQxMDAzMDcwNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzY4MDY0ZjhmY2M3NGU5MzBjOGJhZjE4MjIyMTZiN2U1NzhlYTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1sTI2U/ajI1UBDhIQBqwAo30nVI
px/rDtvW6cRVdfTuSgs1Mcfr1pyF60XuaeRGhWQjb1lWI8CNoDxv9YfqlVx4S1jO
91Rl7lYTSSXgZSh6y38hz0pIUrHfTTTni5EZknoGiv408OXug2JzmhTMudlO2TRR
6DPp8LWDHKvpVdPoZW80hG+DpbbVrSW2OctRFQ/FLiDu4iOGuUpbtKyI3vSqjOIP
1vVyV6RaweoUYwaLqzyTrSGHLf2mNGZBT/9mtuRNGhYEoQ+BpPUgMtilMOMEDp94
m4dTPsD8IYysfQpNwiJ55Skk+NijO8XvPmAJC22dd0okXQJYaRltyUIFCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdoBk+PzHTpMMi68YIiFrfleOpzMB8GA1UdIwQY
MBaAFOC1TjNCKtPdbKk6GO3YLgtoyFpcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNExWT00wSXEwOTFzcVRvWTdkZ3VDMmpJV2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80OTZiYmEtYTZhMy00ZGQzLThmODYt
M2NiYjVlODc3NzkxLzEveDJnR1Q0X01kT2t3eUxyeGdpSVd0LVY0Nm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80OTZiYmEtYTZhMy00ZGQzLThmODYtM2NiYjVlODc3Nzkx
LzEvNExWT00wSXEwOTFzcVRvWTdkZ3VDMmpJV2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWksMA0G
CSqGSIb3DQEBCwUAA4IBAQBMTDUbnCHWsAtlc03hkgkwQXLGaDiJxlL+cauJFTf2
VHuYHDXrOFM2Gao3icgHoc5UyMYK0RloDpAN58EGW0RMRiToAYYw26EJqc//JKN/
W5rdIHmOMRv2uaSEEqfPJL5juDe5Q+W/dYOtsV1GpGXViROjNv2QX/npM31f7gJF
uNPI/Hw+71y2ZMqJscGdfQcCJIENVsbhskQReT/Wou1/d8uruZzzMOOLYlxGeYko
2Q4GMmCcTL4ETSEibdlkidZGKHEdycNSnuqoSspNdmNG1rpP8UXeJTyiWZL2IwB8
5s6/b3w3BvTUXjDwq6+RXVkVrE1rFw8EMpoHl/SLCaIX
-----END CERTIFICATE-----