Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3KeG4QHhTNAaauQLps50Pdc0v7M.roa
File:                     3KeG4QHhTNAaauQLps50Pdc0v7M.roa (raw, json)
Hash identifier:          xK90K5DdS8Sz+XdhO/yzm1A/5KrWS1xZTvri0rFHLmM=
Subject key identifier:   DC:A7:86:E1:01:E1:4C:D0:1A:6A:E4:0B:A6:CE:74:3D:D7:34:BF:B3
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01916F9DDF5E7B3EAA47D8BBD4E6883E5559
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3KeG4QHhTNAaauQLps50Pdc0v7M.roa
Signing time:             Tue 20 Aug 2024 11:48:22 +0000
ROA not before:           Tue 20 Aug 2024 11:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44043
IP address blocks:        194.102.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:9d:df:5e:7b:3e:aa:47:d8:bb:d4:e6:88:3e:55:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Aug 20 11:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dca786e101e14cd01a6ae40ba6ce743dd734bfb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d0:83:21:c3:72:25:91:3d:90:97:75:99:d8:
                    b6:87:f6:ab:fd:37:c2:97:4a:ab:33:fd:96:00:b9:
                    a4:f8:02:52:df:df:c8:9d:f1:f7:95:04:9e:c9:aa:
                    55:31:94:b5:4c:96:a5:2a:8c:04:f2:b6:07:0b:bd:
                    75:2d:60:73:fa:ab:f3:8a:32:70:c1:84:7e:5a:34:
                    5b:f8:c4:30:52:e9:47:a0:3e:cd:42:08:2e:bd:94:
                    34:5a:b4:d6:54:4d:81:ab:05:c0:f6:6e:77:8a:d8:
                    15:ad:80:02:35:5b:1e:16:f3:ef:40:dc:a5:d9:86:
                    fc:c1:bd:b5:72:f0:b5:c0:d1:81:59:87:b0:30:1d:
                    fd:4e:fb:10:65:0f:c7:bf:40:35:9d:a6:c9:2a:e4:
                    5c:72:dd:a1:38:23:65:d9:7c:c7:f5:4f:13:14:50:
                    ec:e3:20:8b:8e:b1:83:82:59:f7:50:bb:6a:51:77:
                    d3:0e:36:32:ab:90:30:30:29:da:f3:bf:7b:87:c5:
                    17:26:3b:80:f7:b4:85:00:ee:bb:49:37:bb:17:63:
                    e5:63:d3:74:71:60:6d:aa:11:8a:34:65:45:09:bd:
                    43:d1:51:6c:c5:ad:32:db:67:bb:ad:56:f4:7e:fb:
                    a8:a4:c9:3d:a9:a8:80:55:d2:65:ce:46:30:44:0a:
                    2a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A7:86:E1:01:E1:4C:D0:1A:6A:E4:0B:A6:CE:74:3D:D7:34:BF:B3
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3KeG4QHhTNAaauQLps50Pdc0v7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1c:89:6d:27:e4:eb:05:68:19:aa:72:62:66:dd:8d:da:8b:
         90:ae:87:52:43:8a:9c:58:c9:a9:42:9b:2c:e7:dc:d6:e5:45:
         37:f7:ac:c1:71:78:a1:c2:66:44:18:c1:28:f5:81:66:0c:e3:
         25:4c:c4:d3:8e:dd:c3:f6:95:09:37:e2:2f:38:02:58:1c:7a:
         61:53:e3:1d:28:d7:e3:20:68:ff:7e:76:f0:87:63:d1:2b:30:
         4d:df:2d:42:ea:b2:42:21:49:f7:7e:56:84:6c:96:b0:8d:be:
         27:b0:35:c6:9e:03:3c:8c:f0:45:fd:9c:08:08:92:c8:64:7f:
         39:2c:2c:82:b3:ef:03:77:56:4d:bc:c8:28:52:86:2e:bf:b5:
         1f:f8:9f:3f:05:ff:46:3c:47:72:2a:eb:e7:97:e0:76:94:f4:
         b6:d8:81:d0:fd:6a:0f:77:71:a3:87:90:e2:7f:98:42:57:05:
         d2:a1:60:9a:0b:70:1f:bc:1e:0f:2b:99:be:b5:1a:12:52:7c:
         dc:9e:2e:27:3a:a0:9f:85:0b:17:96:51:7d:44:f6:31:62:39:
         0d:e5:69:67:c6:7d:3c:0b:2c:9f:94:ca:ca:30:29:30:f0:a0:
         df:cb:6f:84:a5:76:b4:ae:67:e2:81:b2:de:9f:c6:7a:ef:c7:
         6b:09:88:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFvnd9eez6qR9i71OaIPlVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwODIwMTE0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E3ODZlMTAxZTE0Y2QwMWE2YWU0MGJhNmNlNzQzZGQ3MzRiZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtCDIcNyJZE9kJd1mdi2h/ar/TfC
l0qrM/2WALmk+AJS39/InfH3lQSeyapVMZS1TJalKowE8rYHC711LWBz+qvzijJw
wYR+WjRb+MQwUulHoD7NQgguvZQ0WrTWVE2BqwXA9m53itgVrYACNVseFvPvQNyl
2Yb8wb21cvC1wNGBWYewMB39TvsQZQ/Hv0A1nabJKuRcct2hOCNl2XzH9U8TFFDs
4yCLjrGDgln3ULtqUXfTDjYyq5AwMCna8797h8UXJjuA97SFAO67STe7F2PlY9N0
cWBtqhGKNGVFCb1D0VFsxa0y22e7rVb0fvuopMk9qaiAVdJlzkYwRAoqrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNynhuEB4UzQGmrkC6bOdD3XNL+zMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvM0tlRzRRSGhUTkFhYXVRTHBzNTBQZGMwdjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmbaMA0G
CSqGSIb3DQEBCwUAA4IBAQApHIltJ+TrBWgZqnJiZt2N2ouQrodSQ4qcWMmpQpss
59zW5UU396zBcXihwmZEGMEo9YFmDOMlTMTTjt3D9pUJN+IvOAJYHHphU+MdKNfj
IGj/fnbwh2PRKzBN3y1C6rJCIUn3flaEbJawjb4nsDXGngM8jPBF/ZwICJLIZH85
LCyCs+8Dd1ZNvMgoUoYuv7Uf+J8/Bf9GPEdyKuvnl+B2lPS22IHQ/WoPd3Gjh5Di
f5hCVwXSoWCaC3AfvB4PK5m+tRoSUnzcni4nOqCfhQsXllF9RPYxYjkN5Wlnxn08
CyyflMrKMCkw8KDfy2+EpXa0rmfigbLen8Z678drCYgy
-----END CERTIFICATE-----