Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/mR7icI0Jkm6vOUrLmtZXig6smic.roa
File:                     mR7icI0Jkm6vOUrLmtZXig6smic.roa (raw, json)
Hash identifier:          ApOVZjcKNuhEaV2GNt2Za7DXa/+Y31KRjFmK4wwSoow=
Subject key identifier:   99:1E:E2:70:8D:09:92:6E:AF:39:4A:CB:9A:D6:57:8A:0E:AC:9A:27
Certificate issuer:       /CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
Certificate serial:       0192E24A1F89F51705B0B4643D493945CD9D
Authority key identifier: B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/mR7icI0Jkm6vOUrLmtZXig6smic.roa
Signing time:             Thu 31 Oct 2024 11:16:01 +0000
ROA not before:           Thu 31 Oct 2024 11:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51200
IP address blocks:        193.242.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:4a:1f:89:f5:17:05:b0:b4:64:3d:49:39:45:cd:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
        Validity
            Not Before: Oct 31 11:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=991ee2708d09926eaf394acb9ad6578a0eac9a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:44:eb:fb:62:9b:d0:e7:92:2d:29:1f:38:3d:
                    bc:df:43:b7:7b:fd:d5:7f:c9:ce:28:a3:65:45:9b:
                    b3:2c:b6:7a:83:d5:3e:80:48:06:74:b1:d1:03:e8:
                    02:0e:63:46:13:eb:0a:7a:2c:aa:bc:c8:0a:18:e6:
                    5d:d7:97:8c:a0:fe:c6:1c:31:dc:79:cc:9b:71:ff:
                    3a:62:aa:5b:f2:70:3f:2e:02:d1:aa:b6:1d:a7:70:
                    56:8a:2f:36:00:20:b1:66:53:8a:e1:0e:3b:38:75:
                    64:fd:d7:af:7c:e7:2f:b4:9c:f6:34:de:d7:a6:e0:
                    4e:22:45:68:69:66:77:34:0f:41:9a:05:c7:93:a8:
                    2d:db:23:b1:90:c3:19:be:58:06:b3:78:72:d5:c0:
                    de:ae:6c:8c:41:18:b4:3e:e4:06:eb:44:06:fa:c2:
                    f6:dc:34:5c:9a:0e:52:fc:cd:45:22:e5:6a:8c:06:
                    4c:09:b5:37:3d:87:90:f8:33:35:6f:67:f6:b9:5b:
                    e9:1d:c1:d9:7b:40:5b:c4:fa:17:6d:84:b8:9c:20:
                    98:65:35:7b:b0:6e:30:4a:20:57:56:59:c4:c1:3d:
                    e9:33:78:5e:86:25:e4:89:37:48:7b:77:dc:7e:96:
                    f7:ec:16:05:ad:7c:38:8e:fa:bd:f9:59:43:6d:9d:
                    42:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:1E:E2:70:8D:09:92:6E:AF:39:4A:CB:9A:D6:57:8A:0E:AC:9A:27
            X509v3 Authority Key Identifier:
                keyid:B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/mR7icI0Jkm6vOUrLmtZXig6smic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:ac:92:d0:08:2e:ef:ca:96:87:e2:9d:cd:65:4b:a9:55:15:
         76:ff:99:64:a8:23:d0:b6:9c:36:c4:9e:00:c0:e5:5b:c7:9d:
         34:3e:0c:a8:a1:94:d8:76:c8:55:ee:d7:37:5f:fb:a7:41:68:
         60:5c:56:33:1d:e9:b8:55:66:e2:89:72:70:ea:66:a3:62:33:
         69:8e:c7:71:6c:15:22:15:63:3c:12:ff:2f:1f:06:7c:ae:41:
         1b:98:72:00:d9:1b:4c:04:80:34:76:e1:7c:dc:08:b9:2f:f5:
         a3:3d:03:6f:6d:8f:3b:23:05:44:f1:39:bd:9d:b0:6b:a4:bf:
         0c:db:ff:a6:4e:3f:2f:bc:23:73:fb:bf:6b:b4:62:ed:e8:13:
         2f:9f:d7:5d:99:02:9b:1a:74:6f:f7:96:95:f6:7a:28:5d:23:
         09:ac:1f:7b:26:9a:ff:45:57:04:17:e4:d3:0f:52:a8:d0:2a:
         6c:cc:f4:74:c8:08:ae:d7:7e:5d:81:7f:a5:c5:76:9b:d6:3e:
         3f:1e:4a:34:56:58:2d:a1:fc:8e:34:72:c6:e7:72:5b:bc:95:
         91:e6:b1:15:4a:1c:be:ed:e7:49:81:ca:cc:d1:33:92:87:3a:
         ff:46:01:b4:45:86:48:2e:09:f8:41:38:02:3a:95:1a:56:e0:
         c5:90:6a:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLiSh+J9RcFsLRkPUk5Rc2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MWJiMWNkZDViODZiZTc3ODA2ODg5ZDJlMWIyMDJhY2My
N2IyMjUwHhcNMjQxMDMxMTExNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTFlZTI3MDhkMDk5MjZlYWYzOTRhY2I5YWQ2NTc4YTBlYWM5YTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUTr+2Kb0OeSLSkfOD2830O3e/3V
f8nOKKNlRZuzLLZ6g9U+gEgGdLHRA+gCDmNGE+sKeiyqvMgKGOZd15eMoP7GHDHc
ecybcf86Yqpb8nA/LgLRqrYdp3BWii82ACCxZlOK4Q47OHVk/devfOcvtJz2NN7X
puBOIkVoaWZ3NA9BmgXHk6gt2yOxkMMZvlgGs3hy1cDermyMQRi0PuQG60QG+sL2
3DRcmg5S/M1FIuVqjAZMCbU3PYeQ+DM1b2f2uVvpHcHZe0BbxPoXbYS4nCCYZTV7
sG4wSiBXVlnEwT3pM3hehiXkiTdIe3fcfpb37BYFrXw4jvq9+VlDbZ1CbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJke4nCNCZJurzlKy5rWV4oOrJonMB8GA1UdIwQY
MBaAFLQbsc3VuGvneAaInS4bICrMJ7IlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQt
ZGM0ZTc5ODhhMjhhLzEvbVI3aWNJMEprbTZ2T1VyTG10WlhpZzZzbWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQtZGM0ZTc5ODhhMjhh
LzEvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfJpMA0G
CSqGSIb3DQEBCwUAA4IBAQBErJLQCC7vypaH4p3NZUupVRV2/5lkqCPQtpw2xJ4A
wOVbx500PgyooZTYdshV7tc3X/unQWhgXFYzHem4VWbiiXJw6majYjNpjsdxbBUi
FWM8Ev8vHwZ8rkEbmHIA2RtMBIA0duF83Ai5L/WjPQNvbY87IwVE8Tm9nbBrpL8M
2/+mTj8vvCNz+79rtGLt6BMvn9ddmQKbGnRv95aV9nooXSMJrB97Jpr/RVcEF+TT
D1Ko0CpszPR0yAiu135dgX+lxXab1j4/Hko0VlgtofyONHLG53JbvJWR5rEVShy+
7edJgcrM0TOShzr/RgG0RYZILgn4QTgCOpUaVuDFkGpj
-----END CERTIFICATE-----