Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/1-hsDF_f_fN0aFFMo9DMoJkT8Vhs.roa
File:                     1-hsDF_f_fN0aFFMo9DMoJkT8Vhs.roa (raw, json)
Hash identifier:          z/On7Q8ZDzFjs/tR1ayNEhjDDzzMP/xOdb1bgzL4s0s=
Subject key identifier:   FA:1B:03:17:F7:FF:7C:DD:1A:14:53:28:F4:33:28:26:44:FC:56:1B
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018F7644691CEE95F3C654DA52DCFCFAD497
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/1-hsDF_f_fN0aFFMo9DMoJkT8Vhs.roa
Signing time:             Tue 14 May 2024 08:42:25 +0000
ROA not before:           Tue 14 May 2024 08:42:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23422
IP address blocks:        193.56.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:44:69:1c:ee:95:f3:c6:54:da:52:dc:fc:fa:d4:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: May 14 08:42:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa1b0317f7ff7cdd1a145328f433282644fc561b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9e:61:b4:4b:59:c6:56:8b:af:d4:33:26:56:
                    9f:43:9c:92:46:48:28:5d:f4:d7:36:be:ff:6b:3a:
                    cc:b7:ee:41:88:89:0c:09:ca:9f:84:b0:b7:d0:b0:
                    e7:02:8f:f8:0e:42:37:9d:4e:4d:40:74:62:19:6b:
                    67:71:a1:69:c5:b9:43:98:f8:df:9c:7e:86:95:18:
                    37:03:f7:ef:21:11:45:ba:86:67:32:b3:be:3b:93:
                    f4:12:56:8e:23:d4:69:f6:03:ac:ba:b2:51:67:1e:
                    85:9d:d4:c7:59:34:73:92:aa:a1:5e:32:6d:79:b2:
                    62:dd:2f:db:cf:2d:81:62:35:6b:41:ee:38:31:83:
                    9c:ef:46:41:68:ca:1f:34:f1:09:c6:95:21:c5:6e:
                    99:90:80:71:86:58:f0:45:df:59:c7:25:19:b7:e9:
                    7c:ed:cd:b7:d9:d7:f4:4b:ae:a8:0d:f6:b6:ba:38:
                    e3:e9:2b:d7:bf:9f:5a:10:0f:e6:c3:e3:48:c1:27:
                    ff:c3:d7:f2:c0:2a:3f:33:8a:39:39:ed:4d:5b:d6:
                    34:d5:94:dd:e5:48:e0:d1:c3:62:40:04:d4:7c:69:
                    e7:b1:66:77:77:3d:f4:8b:a4:09:bd:43:df:c8:97:
                    18:b9:ec:97:18:8a:36:df:e6:b2:1f:11:71:96:86:
                    c0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1B:03:17:F7:FF:7C:DD:1A:14:53:28:F4:33:28:26:44:FC:56:1B
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/1-hsDF_f_fN0aFFMo9DMoJkT8Vhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:61:63:25:c1:9a:b1:46:58:ab:19:4d:b7:18:a8:52:ce:e1:
         5d:16:72:c3:ad:68:69:13:36:8c:67:a2:57:56:1a:eb:be:a0:
         9a:21:1d:0e:a4:aa:cd:36:6f:d6:41:37:8d:00:7a:23:56:46:
         0a:62:0e:00:8b:39:31:6d:a5:f6:c9:91:49:e4:4a:22:32:ca:
         5d:b5:79:a2:e5:26:68:ae:22:a8:10:03:92:bd:ec:09:ed:4f:
         e1:71:9a:95:20:e6:df:62:c7:7a:50:23:5b:55:a0:7c:48:cd:
         34:3e:de:36:cb:92:09:cd:10:3d:bc:76:be:1e:c5:8c:43:fb:
         7b:87:6f:27:bb:e9:ac:ae:5b:9b:0b:ed:7a:01:30:eb:00:bb:
         77:ad:59:03:60:0b:f2:89:60:ce:c2:5d:08:4c:4a:15:a8:e7:
         4d:29:56:09:b5:49:85:a8:06:39:eb:a8:35:c5:0b:73:74:17:
         0e:13:dd:56:8c:61:63:87:a4:ac:ab:45:28:c2:74:76:39:f5:
         cb:af:d5:6a:54:69:45:d4:e9:c9:0f:6b:0c:c4:08:f6:6d:33:
         50:57:df:f8:2b:f5:4a:b5:60:05:ec:a9:d2:cf:85:c8:e7:d4:
         b2:df:09:c5:fc:f5:7a:6f:13:75:72:c9:64:d9:59:b9:ea:03:
         23:2e:b0:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY92RGkc7pXzxlTaUtz8+tSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwNTE0MDg0MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFiMDMxN2Y3ZmY3Y2RkMWExNDUzMjhmNDMzMjgyNjQ0ZmM1NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ5htEtZxlaLr9QzJlafQ5ySRkgo
XfTXNr7/azrMt+5BiIkMCcqfhLC30LDnAo/4DkI3nU5NQHRiGWtncaFpxblDmPjf
nH6GlRg3A/fvIRFFuoZnMrO+O5P0ElaOI9Rp9gOsurJRZx6FndTHWTRzkqqhXjJt
ebJi3S/bzy2BYjVrQe44MYOc70ZBaMofNPEJxpUhxW6ZkIBxhljwRd9ZxyUZt+l8
7c232df0S66oDfa2ujjj6SvXv59aEA/mw+NIwSf/w9fywCo/M4o5Oe1NW9Y01ZTd
5Ujg0cNiQATUfGnnsWZ3dz30i6QJvUPfyJcYueyXGIo23+ayHxFxlobAGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPobAxf3/3zdGhRTKPQzKCZE/FYbMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvMS1oc0RGX2ZfZk4wYUZGTW85RE1vSmtUOFZocy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzgvM2YyNDliLWU4MzYtNDFiNC05YTNhLTk5NDgwNmYwODFm
MC8xLzRzSzROUHZKR3ZEc2F4MDBfV1FGVFNKcG9mMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME4FzAN
BgkqhkiG9w0BAQsFAAOCAQEAR2FjJcGasUZYqxlNtxioUs7hXRZyw61oaRM2jGei
V1Ya676gmiEdDqSqzTZv1kE3jQB6I1ZGCmIOAIs5MW2l9smRSeRKIjLKXbV5ouUm
aK4iqBADkr3sCe1P4XGalSDm32LHelAjW1WgfEjNND7eNsuSCc0QPbx2vh7FjEP7
e4dvJ7vprK5bmwvtegEw6wC7d61ZA2AL8olgzsJdCExKFajnTSlWCbVJhagGOeuo
NcULc3QXDhPdVoxhY4ekrKtFKMJ0djn1y6/ValRpRdTpyQ9rDMQI9m0zUFff+Cv1
SrVgBeyp0s+FyOfUst8Jxfz1em8TdXLJZNlZueoDIy6wVw==
-----END CERTIFICATE-----