Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3AF3l0_OAiICtnnmuYpihsbA-0E.roa
File:                     3AF3l0_OAiICtnnmuYpihsbA-0E.roa (raw, json)
Hash identifier:          G7irVQR/vTfbb5UhxAhqF53HWRypwNBf9rjkbfse17w=
Subject key identifier:   DC:01:77:97:4F:CE:02:22:02:B6:79:E6:B9:8A:62:86:C6:C0:FB:41
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       019277EF6A3FA19A312CDA51F163390C55B0
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3AF3l0_OAiICtnnmuYpihsbA-0E.roa
Signing time:             Thu 10 Oct 2024 19:37:11 +0000
ROA not before:           Thu 10 Oct 2024 19:37:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        193.160.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:ef:6a:3f:a1:9a:31:2c:da:51:f1:63:39:0c:55:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Oct 10 19:37:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc0177974fce022202b679e6b98a6286c6c0fb41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:43:20:73:05:8b:dd:39:04:32:fb:d5:8b:ad:
                    08:e6:c7:4a:1a:33:2d:97:fb:25:7d:27:2d:92:6b:
                    ab:fe:2b:87:b9:f7:96:01:e8:2e:d6:3a:49:b2:bf:
                    74:a7:22:12:b4:d0:38:b0:27:f6:0f:0b:e6:1e:fa:
                    f5:7a:2c:3a:88:03:df:eb:05:93:45:bf:35:11:f9:
                    59:e0:24:55:70:b8:c1:89:7f:f3:01:d0:99:77:ef:
                    6b:13:6c:5a:c0:01:0b:9a:68:4b:5b:42:e6:4d:87:
                    75:b9:83:bf:ae:89:87:1b:fb:45:18:d0:c2:52:31:
                    a5:1b:25:3b:fc:8f:d7:f5:5a:ff:a0:9f:ec:f4:b0:
                    86:a9:be:a8:47:4c:7a:7b:61:d7:0e:e7:48:1a:72:
                    34:a0:7c:a7:ec:88:8b:16:56:b0:56:0a:5a:02:b8:
                    d5:6f:7b:fd:72:91:a0:fc:87:ab:3f:eb:24:21:4f:
                    9b:1b:a3:3c:b5:ce:14:0a:8d:22:96:f8:94:d0:2d:
                    75:ee:72:48:13:6d:75:d5:4c:9f:93:dc:48:0e:02:
                    6c:de:8e:ab:36:03:5e:40:87:bf:b0:d0:35:15:98:
                    b2:b3:e2:85:43:77:da:c0:c3:a3:98:30:78:be:66:
                    08:50:7f:b5:01:00:8f:73:9d:6e:11:41:3a:08:a4:
                    9d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:01:77:97:4F:CE:02:22:02:B6:79:E6:B9:8A:62:86:C6:C0:FB:41
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3AF3l0_OAiICtnnmuYpihsbA-0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:1d:6c:12:dc:64:b0:5d:2e:ef:d7:64:6d:3b:d9:eb:7d:8f:
         ae:87:d5:43:be:07:59:a0:33:81:9b:5c:74:4f:da:7d:e9:bd:
         8e:da:f2:ce:29:c4:a7:91:ed:0c:d9:c7:ca:4e:f6:b4:aa:49:
         01:69:6f:ac:0b:12:fd:4d:7e:95:ef:be:bd:d5:96:94:19:b6:
         ff:9e:15:a1:6d:81:0d:fa:93:37:c8:0e:29:ef:ae:6e:bc:ab:
         5b:ff:5c:47:9c:9f:cd:d2:e1:f5:7f:0e:6e:97:59:95:16:c0:
         ec:0d:e3:06:d7:46:04:4d:c5:48:16:09:0a:ce:ba:22:5e:0c:
         72:a9:ac:80:8e:f1:c3:3d:29:80:ba:89:24:79:a9:77:8d:dc:
         28:56:03:ac:0f:a3:ad:e5:4d:90:d5:2d:c2:16:4f:5a:0a:0a:
         65:8b:73:ad:ea:68:56:05:e8:f5:a3:97:80:e4:6f:d5:47:39:
         ab:07:7d:33:60:6b:75:3f:c5:ab:37:40:1d:12:cf:43:23:77:
         a8:15:e3:80:e1:24:a1:9d:3b:ea:7a:e4:2a:2e:40:b4:b1:c8:
         e6:a4:bb:a2:51:04:64:d9:c9:85:4a:40:cf:be:52:8a:dd:e0:
         06:d1:54:16:9b:ce:7b:06:b4:97:de:57:62:f6:5a:7f:3a:87:
         18:f6:ea:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ372o/oZoxLNpR8WM5DFWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQxMDEwMTkzNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzAxNzc5NzRmY2UwMjIyMDJiNjc5ZTZiOThhNjI4NmM2YzBmYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kMgcwWL3TkEMvvVi60I5sdKGjMt
l/slfSctkmur/iuHufeWAegu1jpJsr90pyIStNA4sCf2DwvmHvr1eiw6iAPf6wWT
Rb81EflZ4CRVcLjBiX/zAdCZd+9rE2xawAELmmhLW0LmTYd1uYO/romHG/tFGNDC
UjGlGyU7/I/X9Vr/oJ/s9LCGqb6oR0x6e2HXDudIGnI0oHyn7IiLFlawVgpaArjV
b3v9cpGg/IerP+skIU+bG6M8tc4UCo0ilviU0C117nJIE2111Uyfk9xIDgJs3o6r
NgNeQIe/sNA1FZiys+KFQ3fawMOjmDB4vmYIUH+1AQCPc51uEUE6CKSdSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwBd5dPzgIiArZ55rmKYobGwPtBMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvM0FGM2wwX09BaUlDdG5ubXVZcGloc2JBLTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAVMA0G
CSqGSIb3DQEBCwUAA4IBAQCrHWwS3GSwXS7v12RtO9nrfY+uh9VDvgdZoDOBm1x0
T9p96b2O2vLOKcSnke0M2cfKTva0qkkBaW+sCxL9TX6V77691ZaUGbb/nhWhbYEN
+pM3yA4p765uvKtb/1xHnJ/N0uH1fw5ul1mVFsDsDeMG10YETcVIFgkKzroiXgxy
qayAjvHDPSmAuokkeal3jdwoVgOsD6Ot5U2Q1S3CFk9aCgpli3Ot6mhWBej1o5eA
5G/VRzmrB30zYGt1P8WrN0AdEs9DI3eoFeOA4SShnTvqeuQqLkC0scjmpLuiUQRk
2cmFSkDPvlKK3eAG0VQWm857BrSX3ldi9lp/OocY9uo1
-----END CERTIFICATE-----