Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/PEnmIM5B5t3MJulvggi9ABmPubg.roa
File:                     PEnmIM5B5t3MJulvggi9ABmPubg.roa (raw, json)
Hash identifier:          T/hZQjwr9tx0HfzC7KgsCxJrfa9tgCaE1we83Hn0byM=
Subject key identifier:   3C:49:E6:20:CE:41:E6:DD:CC:26:E9:6F:82:08:BD:00:19:8F:B9:B8
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A3F11EE6686D28A4BB89B070529D
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/PEnmIM5B5t3MJulvggi9ABmPubg.roa
Signing time:             Tue 02 Jan 2024 00:30:56 +0000
ROA not before:           Tue 02 Jan 2024 00:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211885
IP address blocks:        176.103.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a3:f1:1e:e6:68:6d:28:a4:bb:89:b0:70:52:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c49e620ce41e6ddcc26e96f8208bd00198fb9b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:3c:e2:52:93:34:d2:7f:47:3c:fa:31:2f:f2:
                    23:c8:44:96:83:b9:ef:a0:2c:75:49:b4:cd:19:6d:
                    e6:ba:b1:59:bc:b3:93:01:13:c9:d2:4c:d4:18:0a:
                    7a:11:56:49:07:55:15:02:63:0a:fd:5b:e0:4e:e7:
                    a3:b5:28:45:65:33:a8:7e:a7:20:c6:68:1b:74:50:
                    06:e2:46:84:73:23:0a:18:36:f6:d8:8f:dd:27:04:
                    d4:2c:06:62:c2:d7:8d:2e:1e:6e:f0:17:84:b8:f1:
                    17:e5:24:2f:a0:40:e0:69:6d:8b:0e:b6:ee:f8:5a:
                    ce:46:bb:7b:8c:39:44:63:14:85:a1:97:1c:bc:db:
                    85:78:dc:d9:42:91:20:c6:9e:5c:f3:de:b6:4f:9c:
                    0f:63:02:d4:a6:40:d2:ad:20:78:24:d9:24:7d:16:
                    c0:2f:a9:77:d6:85:48:8e:ac:27:ce:f9:ff:15:43:
                    24:62:19:cf:88:af:7d:82:10:b1:95:da:22:45:8d:
                    e9:0c:8f:cd:c7:31:fa:a2:90:bf:83:24:b0:f2:a5:
                    52:56:b2:2f:64:cd:05:8d:a8:23:08:94:94:cf:39:
                    ee:58:41:fe:c8:96:94:a2:1e:db:b7:d9:8b:fa:d6:
                    b3:cc:71:88:cd:e7:28:a0:b6:33:0a:76:53:f6:ee:
                    ae:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:49:E6:20:CE:41:E6:DD:CC:26:E9:6F:82:08:BD:00:19:8F:B9:B8
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/PEnmIM5B5t3MJulvggi9ABmPubg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e5:d9:2d:ff:c9:40:11:a6:1d:92:26:58:ab:13:40:4d:f4:
         66:9a:35:4a:98:dd:ff:14:bd:a3:ec:13:80:58:c5:c6:16:f5:
         35:28:12:bb:da:cb:17:2a:2e:19:43:9b:10:b6:4d:7c:b4:29:
         9d:29:95:11:26:d7:16:e3:a6:b2:27:a0:72:45:94:ec:8a:28:
         7b:fa:27:aa:53:cf:e3:5d:0f:f2:01:38:02:04:13:44:37:4b:
         80:91:1a:a1:4f:ea:b2:4d:96:ca:98:30:02:ce:50:a2:de:4e:
         95:9a:79:91:8b:f5:20:d5:25:a7:51:83:9c:fe:1f:33:64:7d:
         9f:09:9e:f5:2d:2e:63:39:e7:dd:ba:40:e8:ab:c8:bc:6b:3f:
         2e:1c:7c:b5:91:3a:35:90:53:24:33:ec:e5:29:67:e3:17:13:
         62:1b:85:1d:b9:97:a4:55:ca:90:4f:8a:3a:13:3a:4e:29:4b:
         d7:1b:6a:ce:26:34:d5:62:c7:2e:d4:f8:d8:75:8e:fa:be:4c:
         15:54:32:68:ae:ec:79:43:0c:d5:4a:22:ca:d9:c0:5b:7c:28:
         96:8e:04:a5:79:ba:49:16:6a:09:ae:db:ba:21:61:9f:2b:62:
         54:f5:0c:17:9f:86:7a:68:68:fb:bd:fa:c1:55:19:f7:53:ec:
         38:d9:1b:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKPxHuZobSiku4mwcFKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQ5ZTYyMGNlNDFlNmRkY2MyNmU5NmY4MjA4YmQwMDE5OGZiOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTziUpM00n9HPPoxL/IjyESWg7nv
oCx1SbTNGW3murFZvLOTARPJ0kzUGAp6EVZJB1UVAmMK/VvgTuejtShFZTOofqcg
xmgbdFAG4kaEcyMKGDb22I/dJwTULAZiwteNLh5u8BeEuPEX5SQvoEDgaW2LDrbu
+FrORrt7jDlEYxSFoZccvNuFeNzZQpEgxp5c8962T5wPYwLUpkDSrSB4JNkkfRbA
L6l31oVIjqwnzvn/FUMkYhnPiK99ghCxldoiRY3pDI/NxzH6opC/gySw8qVSVrIv
ZM0FjagjCJSUzznuWEH+yJaUoh7bt9mL+tazzHGIzecooLYzCnZT9u6uFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxJ5iDOQebdzCbpb4IIvQAZj7m4MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvUEVubUlNNUI1dDNNSnVsdmdnaTlBQm1QdWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBR5dkt/8lAEaYdkiZYqxNATfRmmjVKmN3/FL2j7BOA
WMXGFvU1KBK72ssXKi4ZQ5sQtk18tCmdKZURJtcW46ayJ6ByRZTsiih7+ieqU8/j
XQ/yATgCBBNEN0uAkRqhT+qyTZbKmDACzlCi3k6VmnmRi/Ug1SWnUYOc/h8zZH2f
CZ71LS5jOefdukDoq8i8az8uHHy1kTo1kFMkM+zlKWfjFxNiG4UduZekVcqQT4o6
EzpOKUvXG2rOJjTVYscu1PjYdY76vkwVVDJorux5QwzVSiLK2cBbfCiWjgSlebpJ
FmoJrtu6IWGfK2JU9QwXn4Z6aGj7vfrBVRn3U+w42Rsx
-----END CERTIFICATE-----