Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/PKIB0NDZswSqU-d6MbwA9JZfGMk.roa
File:                     PKIB0NDZswSqU-d6MbwA9JZfGMk.roa (raw, json)
Hash identifier:          OewUcdT2Rw4jRK7U2p1ljpQHoVklDy1bcntiR+wXIOw=
Subject key identifier:   3C:A2:01:D0:D0:D9:B3:04:AA:53:E7:7A:31:BC:00:F4:96:5F:18:C9
Certificate issuer:       /CN=a082dd5b86f958d5be73fdbe3f0ccf6dff02f721
Certificate serial:       019420D6276DE653685DCDBD64649B10DF28
Authority key identifier: A0:82:DD:5B:86:F9:58:D5:BE:73:FD:BE:3F:0C:CF:6D:FF:02:F7:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oILdW4b5WNW-c_2-PwzPbf8C9yE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/PKIB0NDZswSqU-d6MbwA9JZfGMk.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50423
IP address blocks:        193.105.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/oILdW4b5WNW-c_2-PwzPbf8C9yE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/oILdW4b5WNW-c_2-PwzPbf8C9yE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oILdW4b5WNW-c_2-PwzPbf8C9yE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:27:6d:e6:53:68:5d:cd:bd:64:64:9b:10:df:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a082dd5b86f958d5be73fdbe3f0ccf6dff02f721
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ca201d0d0d9b304aa53e77a31bc00f4965f18c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:fb:81:8c:54:70:3c:6e:3d:65:4d:4a:91:
                    7f:47:e1:87:2b:4f:0a:ee:16:89:c0:5e:b7:51:65:
                    49:7d:3a:18:cf:c1:6d:9f:f4:cb:db:ed:5f:fe:e6:
                    a2:96:f9:49:05:93:7f:44:06:e9:d4:db:4a:a7:a5:
                    63:45:ea:0e:c9:2b:6d:a9:c0:66:ad:0a:e0:58:53:
                    2a:4a:d3:7d:1d:31:93:b6:84:e5:e6:88:b6:f3:b6:
                    d2:5c:40:98:68:ac:17:88:9f:68:e7:80:db:57:57:
                    f8:c9:39:e1:97:3f:3e:d9:7b:94:10:c5:0e:44:37:
                    e5:7d:74:12:ec:89:91:94:a2:26:79:e8:a6:2c:5b:
                    62:b3:69:09:a6:ff:bc:a1:dd:cc:07:15:9d:4a:84:
                    01:1d:15:fc:0c:9b:e3:2c:0d:f4:2b:91:dc:2a:79:
                    86:2b:52:04:83:8c:3d:b9:05:39:f8:17:77:3f:b9:
                    a4:f7:5e:61:e5:83:d6:c9:f9:f5:61:f5:09:b8:69:
                    80:7a:92:28:9e:16:45:eb:2b:69:08:09:b9:12:02:
                    ca:7a:60:e4:48:3e:96:2f:44:97:6e:d3:8e:a0:4d:
                    31:cc:b7:80:d4:78:25:c8:93:d0:9a:5f:23:90:0c:
                    e0:2f:ff:53:d2:e1:1c:b8:1e:da:21:4c:90:8f:b7:
                    cf:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A2:01:D0:D0:D9:B3:04:AA:53:E7:7A:31:BC:00:F4:96:5F:18:C9
            X509v3 Authority Key Identifier:
                keyid:A0:82:DD:5B:86:F9:58:D5:BE:73:FD:BE:3F:0C:CF:6D:FF:02:F7:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oILdW4b5WNW-c_2-PwzPbf8C9yE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/PKIB0NDZswSqU-d6MbwA9JZfGMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7279d6-f952-4e35-9796-f303de4a2d5e/1/oILdW4b5WNW-c_2-PwzPbf8C9yE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4a:67:58:40:f8:76:cb:02:28:c0:fc:e8:0e:86:5d:ab:67:
         f2:94:bd:c5:24:83:2d:27:71:a1:90:51:77:a8:e1:37:b1:6a:
         70:16:8a:82:54:c2:c9:93:9f:21:5b:d1:19:3f:3f:3f:ce:c1:
         96:7b:83:96:77:02:57:b2:4f:5a:97:14:2a:a2:4e:c4:d2:be:
         91:ae:36:67:b8:ec:8c:b7:c4:b3:c8:b9:b3:44:ab:60:8a:2f:
         b6:fa:8c:28:71:bf:f1:8f:3c:e3:29:d3:8d:8d:33:93:5d:46:
         18:47:96:a1:2b:b2:3e:71:97:76:ed:ba:e0:d1:a4:0a:c8:a7:
         2f:e5:50:f6:1f:d3:d2:9f:76:53:54:3b:13:60:ab:70:08:1e:
         2f:2f:8f:fd:5d:e2:1f:c5:d8:d5:90:59:d0:f6:d1:a3:8b:48:
         fc:e6:9e:b2:d3:9f:87:04:a2:54:45:0b:66:50:05:8d:30:7f:
         ae:93:da:cf:08:49:a7:32:69:ae:59:4b:24:8b:fa:c0:c8:b8:
         db:eb:81:9d:05:97:9f:b4:50:b8:2a:9a:f4:b7:1d:11:03:ab:
         6a:f1:6f:df:dd:7a:26:d5:d3:55:b2:09:fa:ef:b4:36:23:e7:
         28:cc:7f:0c:fe:b1:c7:3f:e9:b1:55:76:a6:e7:71:bd:0d:a8:
         34:b9:c7:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1idt5lNoXc29ZGSbEN8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODJkZDViODZmOTU4ZDViZTczZmRiZTNmMGNjZjZkZmYw
MmY3MjEwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2EyMDFkMGQwZDliMzA0YWE1M2U3N2EzMWJjMDBmNDk2NWYxOGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQz7gYxUcDxuPWVNSpF/R+GHK08K
7haJwF63UWVJfToYz8Ftn/TL2+1f/uailvlJBZN/RAbp1NtKp6VjReoOySttqcBm
rQrgWFMqStN9HTGTtoTl5oi287bSXECYaKwXiJ9o54DbV1f4yTnhlz8+2XuUEMUO
RDflfXQS7ImRlKImeeimLFtis2kJpv+8od3MBxWdSoQBHRX8DJvjLA30K5HcKnmG
K1IEg4w9uQU5+Bd3P7mk915h5YPWyfn1YfUJuGmAepIonhZF6ytpCAm5EgLKemDk
SD6WL0SXbtOOoE0xzLeA1HglyJPQml8jkAzgL/9T0uEcuB7aIUyQj7fPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyiAdDQ2bMEqlPnejG8APSWXxjJMB8GA1UdIwQY
MBaAFKCC3VuG+VjVvnP9vj8Mz23/AvchMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lMZFc0YjVXTlctY18yLVB3elBiZjhDOXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83Mjc5ZDYtZjk1Mi00ZTM1LTk3OTYt
ZjMwM2RlNGEyZDVlLzEvUEtJQjBORFpzd1NxVS1kNk1id0E5SlpmR01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83Mjc5ZDYtZjk1Mi00ZTM1LTk3OTYtZjMwM2RlNGEyZDVl
LzEvb0lMZFc0YjVXTlctY18yLVB3elBiZjhDOXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkUMA0G
CSqGSIb3DQEBCwUAA4IBAQBxSmdYQPh2ywIowPzoDoZdq2fylL3FJIMtJ3GhkFF3
qOE3sWpwFoqCVMLJk58hW9EZPz8/zsGWe4OWdwJXsk9alxQqok7E0r6RrjZnuOyM
t8SzyLmzRKtgii+2+owocb/xjzzjKdONjTOTXUYYR5ahK7I+cZd27brg0aQKyKcv
5VD2H9PSn3ZTVDsTYKtwCB4vL4/9XeIfxdjVkFnQ9tGji0j85p6y05+HBKJURQtm
UAWNMH+uk9rPCEmnMmmuWUski/rAyLjb64GdBZeftFC4Kpr0tx0RA6tq8W/f3Xom
1dNVsgn677Q2I+cozH8M/rHHP+mxVXam53G9Dag0ucdT
-----END CERTIFICATE-----