Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/SnEqwajG555kM2l9cOc62O24-Jo.roa
File:                     SnEqwajG555kM2l9cOc62O24-Jo.roa (raw, json)
Hash identifier:          dqDRqXGrkI14SBAJ7uKhCKpzp3KSpcpNM3chDcx4H5U=
Subject key identifier:   4A:71:2A:C1:A8:C6:E7:9E:64:33:69:7D:70:E7:3A:D8:ED:B8:F8:9A
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       019150DA2699F240A6C6CE1F3062B2C17836
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/SnEqwajG555kM2l9cOc62O24-Jo.roa
Signing time:             Wed 14 Aug 2024 12:25:59 +0000
ROA not before:           Wed 14 Aug 2024 12:25:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        188.209.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:da:26:99:f2:40:a6:c6:ce:1f:30:62:b2:c1:78:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Aug 14 12:25:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a712ac1a8c6e79e6433697d70e73ad8edb8f89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c6:57:4e:b1:f3:7b:81:1b:ce:62:f0:d9:74:
                    50:2d:c2:74:94:5c:9a:61:27:ca:6c:2c:40:13:2a:
                    9d:eb:2a:3f:83:7c:2c:4f:a6:03:1f:f5:02:bb:d3:
                    17:b4:12:cf:8a:11:8a:da:8f:a2:e3:fc:10:83:4e:
                    fa:26:61:a8:f2:fa:2b:bb:87:4c:1f:f3:9b:7e:60:
                    a8:11:66:73:b5:c9:d2:28:5d:50:86:d3:c9:75:68:
                    13:2e:30:35:43:87:3e:a4:29:99:08:e4:49:17:9d:
                    c8:4d:63:af:25:67:82:7d:2a:32:ac:a8:3a:f5:31:
                    d5:29:49:36:ca:9b:2e:c5:36:5a:59:19:6d:17:a4:
                    34:5f:0a:94:a6:1b:74:4e:8c:85:52:bd:a1:12:c1:
                    15:16:e2:f1:43:f5:5f:2d:48:b4:f0:f9:ad:f3:05:
                    47:77:22:9d:b1:6f:15:78:fb:b0:94:51:0a:0a:b3:
                    2c:13:ff:0b:80:ba:1d:e8:5e:3e:ec:dc:5c:2b:de:
                    ab:63:e1:86:04:08:9e:fa:66:5b:33:66:2b:f1:ba:
                    19:63:8b:fe:89:e7:26:30:e7:39:cf:a5:ea:6c:4f:
                    03:31:0e:30:52:69:ae:25:08:ac:d5:56:b8:3a:d9:
                    f3:9b:8a:af:cb:9a:24:76:76:18:ec:a3:8a:06:02:
                    6a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:71:2A:C1:A8:C6:E7:9E:64:33:69:7D:70:E7:3A:D8:ED:B8:F8:9A
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/SnEqwajG555kM2l9cOc62O24-Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:7c:9a:b7:6d:24:45:37:2a:74:a9:0a:27:81:09:5b:f1:b9:
         2b:ef:fd:49:70:cc:6b:18:8e:31:77:46:f0:d8:86:5f:98:ec:
         1b:91:a1:05:1a:4c:d5:b8:88:2c:3c:27:24:cc:00:4d:4a:64:
         0f:28:53:3b:b8:93:68:de:df:cc:e6:7e:dd:46:48:31:7c:bf:
         fc:43:7a:75:54:fe:cd:f5:b3:b1:13:65:28:7b:1a:38:13:34:
         0e:1b:67:56:26:d1:ed:8b:c5:ac:70:52:99:81:aa:85:f4:7e:
         79:43:dc:03:a3:2a:22:8e:5d:91:c7:2d:2c:ac:09:84:b6:b0:
         d8:33:c1:20:bc:b8:31:09:57:0d:54:33:3c:a4:af:05:5f:89:
         6f:59:3f:f6:2d:12:66:d6:d0:f7:54:cd:07:3d:e3:d4:34:ec:
         af:d2:fe:31:aa:7e:95:48:57:93:92:30:2b:ee:dc:66:3e:fe:
         ae:6c:d8:63:ac:02:12:38:d6:a8:b1:84:d4:99:7f:d0:c0:cf:
         23:90:cd:65:67:d0:6b:c7:d2:50:61:ba:42:fd:a7:a2:43:3c:
         b7:75:80:46:10:af:15:45:a0:58:65:88:ed:12:b1:5e:ea:2f:
         d6:d6:2b:51:a3:bc:4e:6e:3b:93:aa:de:9c:f5:ab:0f:b6:09:
         3e:5a:08:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFQ2iaZ8kCmxs4fMGKywXg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwODE0MTIyNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTcxMmFjMWE4YzZlNzllNjQzMzY5N2Q3MGU3M2FkOGVkYjhmODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8ZXTrHze4EbzmLw2XRQLcJ0lFya
YSfKbCxAEyqd6yo/g3wsT6YDH/UCu9MXtBLPihGK2o+i4/wQg076JmGo8voru4dM
H/ObfmCoEWZztcnSKF1QhtPJdWgTLjA1Q4c+pCmZCORJF53ITWOvJWeCfSoyrKg6
9THVKUk2ypsuxTZaWRltF6Q0XwqUpht0ToyFUr2hEsEVFuLxQ/VfLUi08Pmt8wVH
dyKdsW8VePuwlFEKCrMsE/8LgLod6F4+7NxcK96rY+GGBAie+mZbM2Yr8boZY4v+
iecmMOc5z6XqbE8DMQ4wUmmuJQis1Va4Otnzm4qvy5okdnYY7KOKBgJqVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpxKsGoxueeZDNpfXDnOtjtuPiaMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvU25FcXdhakc1NTVrTTJsOWNPYzYyTzI0LUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGJMA0G
CSqGSIb3DQEBCwUAA4IBAQCqfJq3bSRFNyp0qQongQlb8bkr7/1JcMxrGI4xd0bw
2IZfmOwbkaEFGkzVuIgsPCckzABNSmQPKFM7uJNo3t/M5n7dRkgxfL/8Q3p1VP7N
9bOxE2Uoexo4EzQOG2dWJtHti8WscFKZgaqF9H55Q9wDoyoijl2Rxy0srAmEtrDY
M8EgvLgxCVcNVDM8pK8FX4lvWT/2LRJm1tD3VM0HPePUNOyv0v4xqn6VSFeTkjAr
7txmPv6ubNhjrAISONaosYTUmX/QwM8jkM1lZ9Brx9JQYbpC/aeiQzy3dYBGEK8V
RaBYZYjtErFe6i/W1itRo7xObjuTqt6c9asPtgk+WgiV
-----END CERTIFICATE-----