Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/xjry8vsaO9LEUsWvPhVTYK4KdgY.roa
File:                     xjry8vsaO9LEUsWvPhVTYK4KdgY.roa (raw, json)
Hash identifier:          dT/p3DtPGsD03gvsA2+CIRV3nXgPavXzvUqwY+KiRX0=
Subject key identifier:   C6:3A:F2:F2:FB:1A:3B:D2:C4:52:C5:AF:3E:15:53:60:AE:0A:76:06
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0192A079007194C46960EFD5736D39D2BBD4
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/xjry8vsaO9LEUsWvPhVTYK4KdgY.roa
Signing time:             Fri 18 Oct 2024 16:32:17 +0000
ROA not before:           Fri 18 Oct 2024 16:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400175
IP address blocks:        45.141.15.0/24 maxlen: 24
                          93.177.108.0/24 maxlen: 24
                          93.177.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a0:79:00:71:94:c4:69:60:ef:d5:73:6d:39:d2:bb:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Oct 18 16:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c63af2f2fb1a3bd2c452c5af3e155360ae0a7606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fb:a0:7f:fd:a8:1c:65:bc:d8:bf:cc:45:1c:
                    d1:6b:8d:42:11:05:51:15:b4:e1:bf:7f:8c:8b:36:
                    29:65:e9:22:e6:1e:f4:f6:da:5f:90:96:98:32:e7:
                    14:80:2c:64:f8:1c:b3:3c:09:3f:2a:1e:11:1c:9f:
                    a8:3c:e9:92:fe:58:f6:22:ca:0f:1b:2c:aa:11:38:
                    ab:f9:f2:a6:7f:fa:ca:c8:2a:40:91:1a:10:60:73:
                    ec:48:b7:93:01:fd:c7:4f:cc:09:ef:ca:c6:34:b1:
                    6f:c7:67:ad:b7:28:57:ae:d9:1b:27:77:fb:65:10:
                    16:c3:fc:bd:c1:3c:94:f8:3e:44:35:c1:51:20:de:
                    d0:9b:bc:95:2d:bd:c8:f5:2c:f5:07:60:9f:b4:89:
                    92:fa:1d:3a:ad:4f:cf:83:c2:e9:93:85:42:5c:47:
                    54:97:41:1b:a2:60:c4:3a:a3:46:1e:89:38:86:f9:
                    c8:77:2c:78:3d:b0:fd:08:d4:26:ec:03:c5:95:dd:
                    61:7e:ee:4a:cf:30:94:f7:ea:31:3d:fd:86:81:d1:
                    78:87:48:30:1c:9b:7c:0b:66:a7:c0:ab:f3:bb:74:
                    d8:72:19:0a:86:a5:31:6c:92:38:68:3a:a7:37:1e:
                    31:4c:48:c2:e6:a0:be:ea:67:ef:14:37:d0:28:a4:
                    3d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3A:F2:F2:FB:1A:3B:D2:C4:52:C5:AF:3E:15:53:60:AE:0A:76:06
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/xjry8vsaO9LEUsWvPhVTYK4KdgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.15.0/24
                  93.177.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:7f:3c:22:f1:17:07:a7:f5:95:64:19:68:5e:78:79:41:f5:
         32:6b:2b:1e:3f:4d:6f:38:5f:bb:d6:3c:87:ac:71:42:cf:87:
         38:1c:2a:3b:54:44:60:a4:be:28:11:ff:a6:f9:b0:f5:75:80:
         0b:73:66:44:4b:11:48:da:fa:a8:be:f9:96:c1:df:fc:35:6e:
         32:01:f4:b8:de:f9:57:35:28:3b:c8:69:b3:37:4c:4f:6a:4c:
         6d:20:2b:44:32:a4:1d:ee:f6:85:63:c0:f7:2f:1d:d2:30:42:
         61:55:5e:70:e1:4a:9c:d1:d0:56:c7:e6:d6:62:1f:cf:ed:51:
         4a:32:17:4c:8b:8c:84:77:4e:3b:a5:42:9e:95:01:df:6d:74:
         c3:99:76:2a:9c:c1:f7:93:31:c2:01:47:09:39:d1:02:5f:39:
         d3:6a:bb:91:f1:d9:31:1b:6f:cb:2d:c7:fa:a7:71:6b:ab:f8:
         53:bf:ff:28:06:fa:e1:79:7f:21:f1:fd:79:5f:c3:a8:03:49:
         c2:88:3e:a6:c7:74:e3:a7:41:b6:ff:55:69:74:5f:d5:c8:62:
         13:e9:05:3b:1d:66:2a:4f:b2:7f:d5:e4:ec:9f:90:7b:7e:22:
         23:af:dc:7b:53:6e:4e:f0:3b:db:af:20:57:5c:d0:79:60:89:
         c0:72:25:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKgeQBxlMRpYO/Vc2050rvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQxMDE4MTYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNhZjJmMmZiMWEzYmQyYzQ1MmM1YWYzZTE1NTM2MGFlMGE3NjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvugf/2oHGW82L/MRRzRa41CEQVR
FbThv3+MizYpZeki5h709tpfkJaYMucUgCxk+ByzPAk/Kh4RHJ+oPOmS/lj2IsoP
GyyqETir+fKmf/rKyCpAkRoQYHPsSLeTAf3HT8wJ78rGNLFvx2ettyhXrtkbJ3f7
ZRAWw/y9wTyU+D5ENcFRIN7Qm7yVLb3I9Sz1B2CftImS+h06rU/Pg8Lpk4VCXEdU
l0EbomDEOqNGHok4hvnIdyx4PbD9CNQm7APFld1hfu5KzzCU9+oxPf2GgdF4h0gw
HJt8C2anwKvzu3TYchkKhqUxbJI4aDqnNx4xTEjC5qC+6mfvFDfQKKQ9xwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMY68vL7GjvSxFLFrz4VU2CuCnYGMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEveGpyeTh2c2FPOUxFVXNXdlBoVlRZSzRLZGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY0PAwQB
XbFsMA0GCSqGSIb3DQEBCwUAA4IBAQAtfzwi8RcHp/WVZBloXnh5QfUyayseP01v
OF+71jyHrHFCz4c4HCo7VERgpL4oEf+m+bD1dYALc2ZESxFI2vqovvmWwd/8NW4y
AfS43vlXNSg7yGmzN0xPakxtICtEMqQd7vaFY8D3Lx3SMEJhVV5w4Uqc0dBWx+bW
Yh/P7VFKMhdMi4yEd047pUKelQHfbXTDmXYqnMH3kzHCAUcJOdECXznTaruR8dkx
G2/LLcf6p3Frq/hTv/8oBvrheX8h8f15X8OoA0nCiD6mx3Tjp0G2/1VpdF/VyGIT
6QU7HWYqT7J/1eTsn5B7fiIjr9x7U25O8DvbryBXXNB5YInAciWy
-----END CERTIFICATE-----