Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/y2i45MHDghr-0KZ96cKTmO1jJhM.roa
File:                     y2i45MHDghr-0KZ96cKTmO1jJhM.roa (raw, json)
Hash identifier:          4cEioUnvjWHNirIzQk2bscsgSBLe1zWup9D4v1CyPJw=
Subject key identifier:   CB:68:B8:E4:C1:C3:82:1A:FE:D0:A6:7D:E9:C2:93:98:ED:63:26:13
Certificate issuer:       /CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
Certificate serial:       018DF077054262D8EFB7620ECAD760AFA3DB
Authority key identifier: C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/y2i45MHDghr-0KZ96cKTmO1jJhM.roa
Signing time:             Wed 28 Feb 2024 16:05:48 +0000
ROA not before:           Wed 28 Feb 2024 16:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14315
IP address blocks:        193.29.14.0/24 maxlen: 24
                          2a0c:9f00:a000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:77:05:42:62:d8:ef:b7:62:0e:ca:d7:60:af:a3:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
        Validity
            Not Before: Feb 28 16:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb68b8e4c1c3821afed0a67de9c29398ed632613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:56:18:1c:e7:5d:10:97:2a:48:95:e8:72:25:
                    1c:8e:51:4c:e2:5b:1f:52:d5:d3:bf:c9:1f:79:25:
                    ed:c8:d8:ff:8e:82:d6:ea:87:57:d6:94:4d:05:8e:
                    95:8b:e1:35:69:2e:b9:a3:44:d9:36:fd:57:6c:88:
                    94:c3:2d:20:9a:a5:99:01:e2:0e:fb:60:27:ba:9c:
                    6b:00:4e:a8:51:23:b6:0c:39:be:66:33:29:9b:d8:
                    e0:fe:a5:6d:e5:26:8b:57:3f:75:41:95:ea:95:bf:
                    26:c4:a4:5a:da:46:b3:e7:26:8c:ac:48:bf:b4:eb:
                    ca:15:09:6e:dc:e7:5b:5f:1d:32:5d:e3:4d:8b:68:
                    c2:51:30:31:a7:87:b6:f5:57:56:5b:11:47:44:ec:
                    41:a6:b7:5b:54:8d:17:cf:76:52:bc:65:3b:cc:29:
                    13:93:8f:07:2b:67:df:6b:93:c7:da:26:d0:21:77:
                    d1:f8:0c:0c:29:89:28:57:46:22:bc:b8:59:a2:f2:
                    31:53:73:61:a5:b5:d6:86:60:85:ed:43:c3:b5:37:
                    e9:4f:0a:b8:83:81:5d:12:99:19:66:a4:e2:fa:58:
                    63:44:ee:08:38:ee:c5:b7:af:77:8c:1a:87:61:9e:
                    2b:a2:3a:70:ba:c3:65:1d:08:05:31:32:ab:33:67:
                    67:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:68:B8:E4:C1:C3:82:1A:FE:D0:A6:7D:E9:C2:93:98:ED:63:26:13
            X509v3 Authority Key Identifier:
                keyid:C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/y2i45MHDghr-0KZ96cKTmO1jJhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.14.0/24
                IPv6:
                  2a0c:9f00:a000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:2f:28:35:e0:82:13:2e:8d:41:f4:d2:a9:af:07:47:ff:99:
         c9:e2:4b:0f:32:84:13:43:c0:3a:5f:c7:86:b6:e8:17:21:fd:
         ef:9c:b9:c4:2c:f8:b1:1f:dc:5d:6c:fd:18:a0:a9:41:e7:51:
         5d:f9:23:1f:3a:0f:fd:45:1f:f5:5c:a8:56:1f:dd:4f:74:58:
         48:2e:af:d0:3d:e6:d4:00:98:50:a1:9f:43:78:a3:25:d2:4d:
         e4:04:9a:77:24:e8:6d:2f:a0:15:89:51:e1:df:db:13:83:6a:
         ec:0a:e9:01:1f:d7:32:6d:aa:0f:f8:6e:e0:d3:02:11:3d:42:
         b6:0e:8f:45:50:f8:1a:d9:29:3d:47:f5:75:b4:8d:83:87:57:
         c4:78:25:e2:24:db:8a:d7:44:db:4c:09:d0:fa:62:39:98:4f:
         37:9e:64:64:d8:9e:e8:b5:d8:07:8b:ec:e3:69:09:ec:62:2f:
         45:d9:54:82:be:2e:57:2d:2c:fe:3e:80:cb:91:c9:b0:13:a1:
         38:86:63:c0:34:ba:47:19:b8:72:57:ff:09:6d:94:95:72:23:
         dc:0d:b7:4f:2c:07:24:4d:5f:45:cc:1d:24:c2:d9:69:4a:37:
         fa:14:1e:e8:b7:8e:0a:40:bf:55:bf:ce:08:65:8b:99:82:7a:
         3c:13:5f:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3wdwVCYtjvt2IOytdgr6PbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYzEyYjUyN2E1ZDFmOGI4YmNmMjMwZWI2MTFmNTJmMTFk
NTJiYmYwHhcNMjQwMjI4MTYwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY4YjhlNGMxYzM4MjFhZmVkMGE2N2RlOWMyOTM5OGVkNjMyNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1YYHOddEJcqSJXociUcjlFM4lsf
UtXTv8kfeSXtyNj/joLW6odX1pRNBY6Vi+E1aS65o0TZNv1XbIiUwy0gmqWZAeIO
+2AnupxrAE6oUSO2DDm+ZjMpm9jg/qVt5SaLVz91QZXqlb8mxKRa2kaz5yaMrEi/
tOvKFQlu3OdbXx0yXeNNi2jCUTAxp4e29VdWWxFHROxBprdbVI0Xz3ZSvGU7zCkT
k48HK2ffa5PH2ibQIXfR+AwMKYkoV0YivLhZovIxU3NhpbXWhmCF7UPDtTfpTwq4
g4FdEpkZZqTi+lhjRO4IOO7Ft693jBqHYZ4rojpwusNlHQgFMTKrM2dnOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMtouOTBw4Ia/tCmfenCk5jtYyYTMB8GA1UdIwQY
MBaAFMLBK1J6XR+Li88jDrYR9S8R1Su/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMt
NDZlZTU3OGEwYmZlLzEveTJpNDVNSERnaHItMEtaOTZjS1RtTzFqSmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMtNDZlZTU3OGEwYmZl
LzEvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwR0OMA8E
AgACMAkDBwAqDJ8AoAAwDQYJKoZIhvcNAQELBQADggEBAKYvKDXgghMujUH00qmv
B0f/mcniSw8yhBNDwDpfx4a26Bch/e+cucQs+LEf3F1s/RigqUHnUV35Ix86D/1F
H/VcqFYf3U90WEgur9A95tQAmFChn0N4oyXSTeQEmnck6G0voBWJUeHf2xODauwK
6QEf1zJtqg/4buDTAhE9QrYOj0VQ+BrZKT1H9XW0jYOHV8R4JeIk24rXRNtMCdD6
YjmYTzeeZGTYnui12AeL7ONpCexiL0XZVIK+LlctLP4+gMuRybAToTiGY8A0ukcZ
uHJX/wltlJVyI9wNt08sByRNX0XMHSTC2WlKN/oUHui3jgpAv1W/zghli5mCejwT
X+U=
-----END CERTIFICATE-----