Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/snDf19jdvl-DupPyJ0AHca6Iro8.roa
File:                     snDf19jdvl-DupPyJ0AHca6Iro8.roa (raw, json)
Hash identifier:          Pajk8EoX3QZuZTbYlCXeXLxRPdUWolukQwJ96dmCLuM=
Subject key identifier:   B2:70:DF:D7:D8:DD:BE:5F:83:BA:93:F2:27:40:07:71:AE:88:AE:8F
Certificate issuer:       /CN=a8929cb343bdf3cf204c405af0a5533ea4b0933c
Certificate serial:       018CC8DCE3C47695176DC136AC58F8D96BE3
Authority key identifier: A8:92:9C:B3:43:BD:F3:CF:20:4C:40:5A:F0:A5:53:3E:A4:B0:93:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qJKcs0O9888gTEBa8KVTPqSwkzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/snDf19jdvl-DupPyJ0AHca6Iro8.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34489
IP address blocks:        193.0.226.0/24 maxlen: 24
                          195.250.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/qJKcs0O9888gTEBa8KVTPqSwkzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/qJKcs0O9888gTEBa8KVTPqSwkzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qJKcs0O9888gTEBa8KVTPqSwkzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e3:c4:76:95:17:6d:c1:36:ac:58:f8:d9:6b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8929cb343bdf3cf204c405af0a5533ea4b0933c
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b270dfd7d8ddbe5f83ba93f227400771ae88ae8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e5:df:a7:99:15:cd:83:c7:15:29:ed:b8:57:
                    be:04:eb:f0:ae:bf:90:15:c6:14:68:c4:52:8e:29:
                    43:4d:7d:f6:3a:74:45:ef:30:d6:2f:7d:b2:3a:7d:
                    75:20:dd:8b:5b:fe:a9:10:f9:43:d2:2d:84:5d:49:
                    87:5b:c8:63:a6:b2:b5:c1:91:e8:e3:25:89:13:05:
                    9f:8f:75:4f:45:0a:cd:fc:93:5c:26:15:92:7d:32:
                    06:c3:04:a0:e1:66:2c:00:7b:61:ab:d9:91:ba:c8:
                    82:ea:36:d2:01:3c:ed:d2:fb:0a:af:36:11:2a:ae:
                    39:5a:d5:6a:0e:cb:e9:4f:f0:c9:64:f4:9b:a0:cd:
                    30:ca:45:38:c9:03:d8:08:0a:76:d9:73:36:2b:42:
                    c5:83:2a:41:3d:be:6a:17:18:0a:76:16:4f:38:26:
                    e8:c0:02:df:cb:1a:d1:ff:00:9b:6f:08:ca:fd:4a:
                    c1:bd:0e:0d:30:a7:4e:80:46:91:a2:70:1c:6f:72:
                    c5:48:5f:3f:89:1a:91:8f:53:bf:35:10:78:f5:26:
                    75:d5:7f:cb:85:e4:24:d2:f3:e6:5d:9a:6c:18:53:
                    86:8e:d2:6f:e4:d9:e2:09:7c:7d:dd:ac:e7:2f:2d:
                    03:d1:51:a8:3f:b3:44:f0:4e:0c:71:ed:2d:a3:70:
                    8d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:70:DF:D7:D8:DD:BE:5F:83:BA:93:F2:27:40:07:71:AE:88:AE:8F
            X509v3 Authority Key Identifier:
                keyid:A8:92:9C:B3:43:BD:F3:CF:20:4C:40:5A:F0:A5:53:3E:A4:B0:93:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qJKcs0O9888gTEBa8KVTPqSwkzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/snDf19jdvl-DupPyJ0AHca6Iro8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b7cc36-777e-44b9-ad62-59d44ef7e4ff/1/qJKcs0O9888gTEBa8KVTPqSwkzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.226.0/24
                  195.250.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:cc:3d:09:41:0a:58:bf:26:20:20:7e:5a:67:7f:a4:9f:19:
         e5:7f:b4:f6:1f:56:26:9c:04:f5:da:06:59:fa:6c:93:15:51:
         13:1e:ab:e4:c9:1b:25:b3:a0:28:c3:5b:80:7c:a5:ad:59:72:
         91:4f:69:43:55:73:85:be:f0:b2:a9:a6:11:57:33:b6:87:88:
         10:eb:e5:5d:33:8c:2b:2a:d8:3f:d4:a2:b3:f4:c2:6b:5f:f2:
         e3:98:9d:cc:6f:3a:6b:21:aa:09:e6:44:89:7f:0b:c6:e3:af:
         41:6b:98:42:c2:3c:56:be:77:bc:47:20:c9:c7:d8:74:8e:d4:
         47:0c:bd:e9:9b:ad:ff:f9:b2:e0:eb:51:09:d3:67:5d:93:5f:
         88:3a:37:bf:a7:e5:b5:04:5b:55:54:f6:8d:7b:fd:9c:c9:9f:
         9b:a7:ea:20:55:e3:76:4c:1a:d3:7a:61:34:d5:f6:c8:12:31:
         6b:42:23:67:96:33:38:39:f5:c0:b9:75:73:5d:62:19:9c:ac:
         d4:81:9d:5f:53:d1:f5:65:28:9b:9d:6e:de:ae:fc:41:44:da:
         6b:7e:67:07:cc:e5:e2:23:b4:88:ea:0b:89:5f:65:3a:d7:d2:
         25:cf:92:45:d5:24:81:fc:a0:5f:4c:23:90:14:63:8d:25:22:
         f8:b0:2b:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3OPEdpUXbcE2rFj42WvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OTI5Y2IzNDNiZGYzY2YyMDRjNDA1YWYwYTU1MzNlYTRi
MDkzM2MwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjcwZGZkN2Q4ZGRiZTVmODNiYTkzZjIyNzQwMDc3MWFlODhhZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOXfp5kVzYPHFSntuFe+BOvwrr+Q
FcYUaMRSjilDTX32OnRF7zDWL32yOn11IN2LW/6pEPlD0i2EXUmHW8hjprK1wZHo
4yWJEwWfj3VPRQrN/JNcJhWSfTIGwwSg4WYsAHthq9mRusiC6jbSATzt0vsKrzYR
Kq45WtVqDsvpT/DJZPSboM0wykU4yQPYCAp22XM2K0LFgypBPb5qFxgKdhZPOCbo
wALfyxrR/wCbbwjK/UrBvQ4NMKdOgEaRonAcb3LFSF8/iRqRj1O/NRB49SZ11X/L
heQk0vPmXZpsGFOGjtJv5NniCXx93aznLy0D0VGoP7NE8E4Mce0to3CNXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLJw39fY3b5fg7qT8idAB3GuiK6PMB8GA1UdIwQY
MBaAFKiSnLNDvfPPIExAWvClUz6ksJM8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUpLY3MwTzk4ODhnVEVCYThLVlRQcVN3a3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iN2NjMzYtNzc3ZS00NGI5LWFkNjIt
NTlkNDRlZjdlNGZmLzEvc25EZjE5amR2bC1EdXBQeUowQUhjYTZJcm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iN2NjMzYtNzc3ZS00NGI5LWFkNjItNTlkNDRlZjdlNGZm
LzEvcUpLY3MwTzk4ODhnVEVCYThLVlRQcVN3a3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQDiAwQA
w/onMA0GCSqGSIb3DQEBCwUAA4IBAQCmzD0JQQpYvyYgIH5aZ3+knxnlf7T2H1Ym
nAT12gZZ+myTFVETHqvkyRsls6Aow1uAfKWtWXKRT2lDVXOFvvCyqaYRVzO2h4gQ
6+VdM4wrKtg/1KKz9MJrX/LjmJ3MbzprIaoJ5kSJfwvG469Ba5hCwjxWvne8RyDJ
x9h0jtRHDL3pm63/+bLg61EJ02ddk1+IOje/p+W1BFtVVPaNe/2cyZ+bp+ogVeN2
TBrTemE01fbIEjFrQiNnljM4OfXAuXVzXWIZnKzUgZ1fU9H1ZSibnW7ervxBRNpr
fmcHzOXiI7SI6guJX2U619Ilz5JF1SSB/KBfTCOQFGONJSL4sCvR
-----END CERTIFICATE-----