Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/aiE702Zd5GaCNb8bLtQv8NUT4Ms.roa
File:                     aiE702Zd5GaCNb8bLtQv8NUT4Ms.roa (raw, json)
Hash identifier:          BiVX83mW634ATk+GWHwue9YyQ7AXW+g+HkVsNX8b5I4=
Subject key identifier:   6A:21:3B:D3:66:5D:E4:66:82:35:BF:1B:2E:D4:2F:F0:D5:13:E0:CB
Certificate issuer:       /CN=d65003e24cecfbf8e8c15ff637dd15db4d7fae92
Certificate serial:       018CC9BCA8E6E745090C72E8F8308898FF68
Authority key identifier: D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/aiE702Zd5GaCNb8bLtQv8NUT4Ms.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.36.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a8:e6:e7:45:09:0c:72:e8:f8:30:88:98:ff:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d65003e24cecfbf8e8c15ff637dd15db4d7fae92
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a213bd3665de4668235bf1b2ed42ff0d513e0cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ce:16:7d:d8:4b:14:b6:99:17:f1:a1:a5:85:
                    26:5b:32:42:13:b8:fc:c9:8a:16:b3:40:dc:2d:ba:
                    d0:23:fe:ab:29:63:38:46:fb:dd:89:b6:bc:6e:c9:
                    be:96:ff:d3:ae:df:dd:93:2f:0e:91:ab:be:9b:0c:
                    31:06:93:1d:ea:9e:1c:1d:81:b1:0e:89:90:18:d6:
                    90:bb:7f:17:29:33:aa:4e:c7:4d:43:d1:8a:16:3b:
                    a4:39:de:a4:e7:92:4a:9f:ef:73:b6:c3:63:f2:50:
                    77:f1:06:14:2f:b6:4e:8b:f0:f6:f9:d3:a7:31:c5:
                    8f:1d:d5:6f:4f:6f:bd:77:9f:e0:40:5d:b6:e8:34:
                    4a:4a:85:66:4a:50:7e:47:98:01:21:eb:c2:0d:21:
                    bf:4f:5b:45:45:51:5a:a8:84:a4:00:27:54:df:3e:
                    e8:a1:56:6c:90:68:36:62:41:24:df:68:14:0d:65:
                    b0:83:05:12:28:19:bb:2b:bd:c5:c8:3f:d6:c0:ab:
                    af:ab:73:b4:42:75:6c:b3:54:18:d7:bc:b4:65:78:
                    ad:c3:a5:13:f7:27:75:ed:40:36:c7:5f:3b:3b:b0:
                    a6:78:40:4a:48:00:fd:26:27:54:f9:db:d6:c3:de:
                    99:50:b8:9e:e5:8f:bd:16:8b:af:47:fc:50:83:7c:
                    39:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:21:3B:D3:66:5D:E4:66:82:35:BF:1B:2E:D4:2F:F0:D5:13:E0:CB
            X509v3 Authority Key Identifier:
                keyid:D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/aiE702Zd5GaCNb8bLtQv8NUT4Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:af:66:24:e4:07:ab:42:b7:7e:c8:81:e4:e8:0c:ed:58:4b:
         a2:9b:23:1f:70:bb:dc:8a:40:f6:3f:cc:ed:71:b8:43:f9:2c:
         6d:94:d0:f7:80:1f:1c:28:eb:bc:56:e3:c6:dd:e8:92:a2:b7:
         2f:3b:bb:af:2c:34:4c:e9:36:59:d2:28:31:7a:cb:90:86:ed:
         1c:1b:62:02:94:5b:e0:54:d4:e8:dc:30:a0:8f:47:17:9a:b3:
         e4:a2:66:fd:15:8f:41:a5:c4:cc:2a:67:a8:d0:02:5b:5c:7d:
         26:8c:a7:f4:cf:51:4d:38:f4:e5:12:bc:5c:60:4f:0c:09:03:
         d0:de:57:fb:11:29:5b:96:c5:46:c1:87:a0:e3:b7:82:4a:7c:
         b1:fd:53:d2:84:91:0d:7f:8e:6f:a8:5e:71:2d:99:14:37:a4:
         c6:3f:aa:86:15:9e:51:7d:2c:38:64:f4:d9:2f:3a:e6:76:2b:
         06:37:30:c0:e4:b5:4e:37:ba:e9:bf:e0:88:8a:38:85:9b:02:
         01:fb:8c:82:9e:fd:84:c8:79:a0:8a:12:26:ff:6d:29:8e:12:
         03:7d:be:0d:e1:d5:38:06:c5:3d:98:d2:1e:8c:cc:6a:b5:50:
         6b:b6:15:f5:1e:c1:3f:4b:cb:e6:f6:46:83:35:52:31:55:86:
         6e:18:40:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKjm50UJDHLo+DCImP9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NTAwM2UyNGNlY2ZiZjhlOGMxNWZmNjM3ZGQxNWRiNGQ3
ZmFlOTIwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTIxM2JkMzY2NWRlNDY2ODIzNWJmMWIyZWQ0MmZmMGQ1MTNlMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks4WfdhLFLaZF/GhpYUmWzJCE7j8
yYoWs0DcLbrQI/6rKWM4Rvvdiba8bsm+lv/Trt/dky8Okau+mwwxBpMd6p4cHYGx
DomQGNaQu38XKTOqTsdNQ9GKFjukOd6k55JKn+9ztsNj8lB38QYUL7ZOi/D2+dOn
McWPHdVvT2+9d5/gQF226DRKSoVmSlB+R5gBIevCDSG/T1tFRVFaqISkACdU3z7o
oVZskGg2YkEk32gUDWWwgwUSKBm7K73FyD/WwKuvq3O0QnVss1QY17y0ZXitw6UT
9yd17UA2x187O7CmeEBKSAD9JidU+dvWw96ZULie5Y+9FouvR/xQg3w5zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGohO9NmXeRmgjW/Gy7UL/DVE+DLMB8GA1UdIwQY
MBaAFNZQA+JM7Pv46MFf9jfdFdtNf66SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWxBRDRrenMtX2pvd1ZfMk45MFYyMDFfcnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC81NDkxMGItOWExMy00YWNlLWFiZjIt
YTIzNTFmNGU4OTE1LzEvYWlFNzAyWmQ1R2FDTmI4Ykx0UXY4TlVUNE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC81NDkxMGItOWExMy00YWNlLWFiZjItYTIzNTFmNGU4OTE1
LzEvMWxBRDRrenMtX2pvd1ZfMk45MFYyMDFfcnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSTyMA0G
CSqGSIb3DQEBCwUAA4IBAQAor2Yk5AerQrd+yIHk6AztWEuimyMfcLvcikD2P8zt
cbhD+SxtlND3gB8cKOu8VuPG3eiSorcvO7uvLDRM6TZZ0igxesuQhu0cG2IClFvg
VNTo3DCgj0cXmrPkomb9FY9BpcTMKmeo0AJbXH0mjKf0z1FNOPTlErxcYE8MCQPQ
3lf7ESlblsVGwYeg47eCSnyx/VPShJENf45vqF5xLZkUN6TGP6qGFZ5RfSw4ZPTZ
LzrmdisGNzDA5LVON7rpv+CIijiFmwIB+4yCnv2EyHmgihIm/20pjhIDfb4N4dU4
BsU9mNIejMxqtVBrthX1HsE/S8vm9kaDNVIxVYZuGEBG
-----END CERTIFICATE-----