Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/q4PedCM0bA7ZyMUIvdUHwyn_hAE.roa
File:                     q4PedCM0bA7ZyMUIvdUHwyn_hAE.roa (raw, json)
Hash identifier:          Ot66aeSmcsEj4g1jRkL1C6rafHFNNQyI7SlYCsc7pi4=
Subject key identifier:   AB:83:DE:74:23:34:6C:0E:D9:C8:C5:08:BD:D5:07:C3:29:FF:84:01
Certificate issuer:       /CN=276abb1ad567e5bb1e475a72a0a68453e3fba1cd
Certificate serial:       018E56BA7914ACDDA858BD650175A750764F
Authority key identifier: 27:6A:BB:1A:D5:67:E5:BB:1E:47:5A:72:A0:A6:84:53:E3:FB:A1:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J2q7GtVn5bseR1pyoKaEU-P7oc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/q4PedCM0bA7ZyMUIvdUHwyn_hAE.roa
Signing time:             Tue 19 Mar 2024 12:40:44 +0000
ROA not before:           Tue 19 Mar 2024 12:40:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212033
IP address blocks:        193.3.45.0/24 maxlen: 32
                          2a10:5dc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/J2q7GtVn5bseR1pyoKaEU-P7oc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/J2q7GtVn5bseR1pyoKaEU-P7oc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J2q7GtVn5bseR1pyoKaEU-P7oc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:ba:79:14:ac:dd:a8:58:bd:65:01:75:a7:50:76:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=276abb1ad567e5bb1e475a72a0a68453e3fba1cd
        Validity
            Not Before: Mar 19 12:40:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab83de7423346c0ed9c8c508bdd507c329ff8401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7a:00:e5:05:13:1a:b1:1f:cb:1c:c5:01:b4:
                    c1:1d:ac:6c:77:b9:50:ff:aa:d9:a2:c5:68:45:82:
                    bf:95:e7:7d:27:d4:30:36:62:d1:cd:9c:84:0c:ad:
                    e5:a8:cc:bc:83:60:cd:a7:af:5e:f8:71:6e:33:f1:
                    2c:e6:1a:45:1c:27:02:25:93:70:62:52:ce:6e:9d:
                    72:de:4a:9f:f1:26:0e:67:40:04:40:e1:32:59:7a:
                    df:13:5b:11:e0:77:8c:11:8f:0c:b4:41:56:7e:ef:
                    62:ec:8d:61:f1:bf:74:ed:26:a4:de:99:15:ef:0e:
                    20:99:1e:74:78:6e:24:67:34:ef:9b:b4:60:4f:96:
                    38:de:cb:ee:31:af:60:f7:a6:e7:5a:ae:c4:a7:13:
                    7f:9f:c3:74:d1:30:3c:38:47:60:cb:a2:39:6c:dd:
                    ce:9f:27:4a:28:2e:ed:f1:12:b6:f3:1e:4f:8d:fd:
                    ae:22:e1:39:9e:62:e4:fd:01:fd:8e:16:a4:bb:51:
                    27:51:57:f1:65:d6:c5:ed:7c:0f:c1:e5:cf:90:74:
                    24:ca:71:ed:99:f2:1d:21:a6:03:2d:2e:8f:ad:b0:
                    aa:10:41:1b:35:d2:f5:14:54:61:30:fd:ff:0f:57:
                    02:c4:26:32:fe:74:5c:94:0d:6b:3c:45:72:10:8a:
                    8e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:83:DE:74:23:34:6C:0E:D9:C8:C5:08:BD:D5:07:C3:29:FF:84:01
            X509v3 Authority Key Identifier:
                keyid:27:6A:BB:1A:D5:67:E5:BB:1E:47:5A:72:A0:A6:84:53:E3:FB:A1:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J2q7GtVn5bseR1pyoKaEU-P7oc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/q4PedCM0bA7ZyMUIvdUHwyn_hAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/42694f-89a6-43c8-8346-bb0eed13f23b/1/J2q7GtVn5bseR1pyoKaEU-P7oc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.45.0/24
                IPv6:
                  2a10:5dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:a2:bd:26:9d:5b:9b:f9:fa:bb:1e:11:d2:bf:c8:9d:85:c2:
         8b:3d:3f:f7:f5:7d:c3:b7:11:a2:3d:54:eb:49:5c:ad:91:92:
         4b:2c:59:77:2f:29:c7:2b:05:ae:8c:9e:4b:f2:03:6c:8a:e7:
         49:28:fd:ef:df:f9:b4:00:5e:7f:23:ab:09:ee:e2:aa:e9:fd:
         0a:37:59:05:c8:34:f3:ff:17:4a:ba:34:52:f9:ae:63:d6:5a:
         b1:e9:75:98:02:6e:da:03:ae:0b:16:a9:b8:d8:03:67:2f:1c:
         01:66:06:81:7b:c2:a7:6c:1a:c9:7b:7a:7b:c4:14:ac:de:18:
         85:d0:ec:eb:d1:fd:1e:c9:c7:62:a5:0b:ca:38:59:bc:39:94:
         9d:e8:41:87:c8:6b:9a:11:bb:37:99:48:03:14:37:d9:0f:38:
         f6:81:14:21:e0:a0:b8:96:a6:3b:f8:1f:91:56:21:22:21:12:
         16:eb:0d:d2:3e:d3:01:5b:7f:32:3e:9e:32:1f:06:72:b3:49:
         39:ce:2f:e1:85:cc:09:8a:3a:aa:f2:a1:a4:41:37:3b:af:13:
         ff:8b:22:7a:2b:a8:85:c8:ef:bf:d5:8a:19:f1:1a:54:c2:52:
         8d:2c:65:8b:42:b4:72:f8:ea:31:d6:fc:0c:e5:bb:e7:73:99:
         80:5d:86:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5WunkUrN2oWL1lAXWnUHZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NmFiYjFhZDU2N2U1YmIxZTQ3NWE3MmEwYTY4NDUzZTNm
YmExY2QwHhcNMjQwMzE5MTI0MDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjgzZGU3NDIzMzQ2YzBlZDljOGM1MDhiZGQ1MDdjMzI5ZmY4NDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3oA5QUTGrEfyxzFAbTBHaxsd7lQ
/6rZosVoRYK/led9J9QwNmLRzZyEDK3lqMy8g2DNp69e+HFuM/Es5hpFHCcCJZNw
YlLObp1y3kqf8SYOZ0AEQOEyWXrfE1sR4HeMEY8MtEFWfu9i7I1h8b907Sak3pkV
7w4gmR50eG4kZzTvm7RgT5Y43svuMa9g96bnWq7EpxN/n8N00TA8OEdgy6I5bN3O
nydKKC7t8RK28x5Pjf2uIuE5nmLk/QH9jhaku1EnUVfxZdbF7XwPweXPkHQkynHt
mfIdIaYDLS6PrbCqEEEbNdL1FFRhMP3/D1cCxCYy/nRclA1rPEVyEIqOAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKuD3nQjNGwO2cjFCL3VB8Mp/4QBMB8GA1UdIwQY
MBaAFCdquxrVZ+W7HkdacqCmhFPj+6HNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjJxN0d0Vm41YnNlUjFweW9LYUVVLVA3b2MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80MjY5NGYtODlhNi00M2M4LTgzNDYt
YmIwZWVkMTNmMjNiLzEvcTRQZWRDTTBiQTdaeU1VSXZkVUh3eW5faEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80MjY5NGYtODlhNi00M2M4LTgzNDYtYmIwZWVkMTNmMjNi
LzEvSjJxN0d0Vm41YnNlUjFweW9LYUVVLVA3b2MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwQMtMA0E
AgACMAcDBQAqEF3AMA0GCSqGSIb3DQEBCwUAA4IBAQBDor0mnVub+fq7HhHSv8id
hcKLPT/39X3DtxGiPVTrSVytkZJLLFl3LynHKwWujJ5L8gNsiudJKP3v3/m0AF5/
I6sJ7uKq6f0KN1kFyDTz/xdKujRS+a5j1lqx6XWYAm7aA64LFqm42ANnLxwBZgaB
e8KnbBrJe3p7xBSs3hiF0Ozr0f0eycdipQvKOFm8OZSd6EGHyGuaEbs3mUgDFDfZ
Dzj2gRQh4KC4lqY7+B+RViEiIRIW6w3SPtMBW38yPp4yHwZys0k5zi/hhcwJijqq
8qGkQTc7rxP/iyJ6K6iFyO+/1YoZ8RpUwlKNLGWLQrRy+Oox1vwM5bvnc5mAXYYA
-----END CERTIFICATE-----