Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/48Qz3fEZNU28sMVUMlESkYGKAI0.roa
File:                     48Qz3fEZNU28sMVUMlESkYGKAI0.roa (raw, json)
Hash identifier:          zvBYEXSdqN88kEFDVuFexhovrsxMiceF5qZwUDvuylk=
Subject key identifier:   E3:C4:33:DD:F1:19:35:4D:BC:B0:C5:54:32:51:12:91:81:8A:00:8D
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       0191E16A59FC324B0FFBF0C0E4A6FC1EDA65
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/48Qz3fEZNU28sMVUMlESkYGKAI0.roa
Signing time:             Wed 11 Sep 2024 14:08:48 +0000
ROA not before:           Wed 11 Sep 2024 14:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214447
IP address blocks:        213.238.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:6a:59:fc:32:4b:0f:fb:f0:c0:e4:a6:fc:1e:da:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Sep 11 14:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3c433ddf119354dbcb0c55432511291818a008d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:01:6c:f9:40:f1:e3:38:75:da:8b:4e:dc:
                    0a:09:39:03:91:67:40:83:fc:42:52:d6:c1:6f:86:
                    9b:a5:93:8a:a2:6a:13:41:ac:1e:79:80:7d:5b:45:
                    e6:f8:12:36:0c:1a:45:7d:d5:06:31:df:b8:f6:7b:
                    7b:e2:9e:d9:19:83:76:b9:cb:32:b3:ed:ff:a0:aa:
                    f5:7b:1e:a6:44:3c:18:57:aa:da:b0:be:d2:24:cc:
                    dd:ac:38:1f:21:c6:0a:47:2d:18:8d:61:29:d3:1c:
                    6d:e4:42:f3:a8:59:17:60:8f:f4:a3:b6:34:db:64:
                    08:ec:56:db:a6:60:6b:4c:84:40:b9:16:8a:eb:9b:
                    be:f9:e6:a8:56:1d:6d:d5:57:e3:72:ec:a5:8f:68:
                    4f:61:ff:21:0d:2e:35:c7:3f:49:a9:b5:95:86:d2:
                    f8:17:e3:ab:ef:ba:67:47:79:f1:f2:8b:28:76:c9:
                    c4:67:77:75:d7:cb:2e:40:1c:c9:1b:8c:06:06:fd:
                    73:81:f1:e6:aa:23:03:a7:54:2b:62:cc:0a:46:5b:
                    85:79:bd:93:e4:3a:fe:fe:84:c8:21:52:21:b7:f0:
                    e5:56:37:b4:85:cd:9e:98:fd:bd:c2:74:bf:a7:b9:
                    fc:08:03:9f:d5:52:7f:bf:1f:2d:46:3b:40:d7:50:
                    2b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C4:33:DD:F1:19:35:4D:BC:B0:C5:54:32:51:12:91:81:8A:00:8D
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/48Qz3fEZNU28sMVUMlESkYGKAI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:d0:98:ad:ab:6d:7c:31:0a:cd:ca:3f:2d:a5:c0:85:71:b0:
         27:d9:16:77:a7:8b:ad:fa:09:ee:4f:a6:17:d1:c4:49:b8:6b:
         32:d6:9a:66:21:cd:28:13:07:ec:6d:55:6e:3e:93:68:6e:06:
         ca:39:28:2d:08:d8:94:2f:0b:9c:17:ae:3f:64:18:5c:fb:89:
         68:66:a7:6a:11:0b:7a:83:77:3a:4a:9d:4c:5b:a1:3e:03:02:
         cd:c1:4c:0d:f6:b1:64:09:e6:d0:13:ca:52:bc:d1:c5:c1:70:
         c3:9a:d6:c2:3e:9e:fd:a7:90:a6:3d:cd:28:d4:e9:b8:1d:84:
         e6:40:8e:25:55:c6:fe:a5:2f:b1:c7:68:35:2c:71:ef:76:46:
         02:06:f9:56:fc:c5:03:7d:ec:51:24:71:18:f2:55:21:ab:53:
         bd:20:be:76:0e:97:66:42:f9:32:fa:f2:94:c1:6a:1b:85:e8:
         c5:43:23:63:1d:73:e3:52:02:17:53:8c:06:c2:81:a5:ff:7e:
         a9:0d:b1:b3:77:16:95:57:08:e3:a2:88:16:23:ab:b8:10:cd:
         ee:f6:a9:0f:bf:14:0a:4e:7a:1d:0e:d1:c9:a7:e7:45:0e:2e:
         8f:ec:d5:36:45:f0:4e:01:cb:e4:5c:1a:7b:05:c6:f5:69:33:
         e3:21:68:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhaln8MksP+/DA5Kb8HtplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwOTExMTQwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M0MzNkZGYxMTkzNTRkYmNiMGM1NTQzMjUxMTI5MTgxOGEwMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFMBbPlA8eM4ddqLTtwKCTkDkWdA
g/xCUtbBb4abpZOKomoTQaweeYB9W0Xm+BI2DBpFfdUGMd+49nt74p7ZGYN2ucsy
s+3/oKr1ex6mRDwYV6rasL7SJMzdrDgfIcYKRy0YjWEp0xxt5ELzqFkXYI/0o7Y0
22QI7FbbpmBrTIRAuRaK65u++eaoVh1t1Vfjcuylj2hPYf8hDS41xz9JqbWVhtL4
F+Or77pnR3nx8osodsnEZ3d118suQBzJG4wGBv1zgfHmqiMDp1QrYswKRluFeb2T
5Dr+/oTIIVIht/DlVje0hc2emP29wnS/p7n8CAOf1VJ/vx8tRjtA11ArXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPEM93xGTVNvLDFVDJREpGBigCNMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvNDhRejNmRVpOVTI4c01WVU1sRVNrWUdLQUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6uMA0G
CSqGSIb3DQEBCwUAA4IBAQAc0Jitq218MQrNyj8tpcCFcbAn2RZ3p4ut+gnuT6YX
0cRJuGsy1ppmIc0oEwfsbVVuPpNobgbKOSgtCNiULwucF64/ZBhc+4loZqdqEQt6
g3c6Sp1MW6E+AwLNwUwN9rFkCebQE8pSvNHFwXDDmtbCPp79p5CmPc0o1Om4HYTm
QI4lVcb+pS+xx2g1LHHvdkYCBvlW/MUDfexRJHEY8lUhq1O9IL52DpdmQvky+vKU
wWobhejFQyNjHXPjUgIXU4wGwoGl/36pDbGzdxaVVwjjoogWI6u4EM3u9qkPvxQK
TnodDtHJp+dFDi6P7NU2RfBOAcvkXBp7Bcb1aTPjIWjw
-----END CERTIFICATE-----