Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/SHXtPV4kgZiSMLrfaQNfttE3YEg.roa
File:                     SHXtPV4kgZiSMLrfaQNfttE3YEg.roa (raw, json)
Hash identifier:          vCULHOU0pm0NUpWsnrVNz86sxtEUOZpw65hpej3MIxs=
Subject key identifier:   48:75:ED:3D:5E:24:81:98:92:30:BA:DF:69:03:5F:B6:D1:37:60:48
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       019426D8A00859F2D1BA7A5AD9730834115E
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/SHXtPV4kgZiSMLrfaQNfttE3YEg.roa
Signing time:             Thu 02 Jan 2025 11:48:38 +0000
ROA not before:           Thu 02 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48920
IP address blocks:        193.23.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:a0:08:59:f2:d1:ba:7a:5a:d9:73:08:34:11:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4875ed3d5e2481989230badf69035fb6d1376048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:df:e1:48:8e:01:cb:5d:40:81:de:54:97:63:
                    93:66:ce:2a:5b:1a:f0:b6:67:fe:6c:cd:ee:67:a0:
                    ca:34:91:5a:f8:ad:d2:f1:1a:4f:d0:f8:77:8e:a3:
                    57:ca:7b:b9:9d:60:38:d1:92:8d:34:16:47:82:c5:
                    e7:03:e4:a3:16:5d:3a:b4:c1:e7:7a:83:9f:b1:e0:
                    58:d6:d6:51:d1:c5:c4:ef:d7:2a:c3:db:5d:c3:b4:
                    c6:c2:e2:b8:00:5b:8d:b3:2d:34:e0:f5:72:cf:e1:
                    bb:55:e1:ad:20:fa:4c:e4:20:e1:b2:5a:fa:e4:eb:
                    32:5a:54:60:69:44:b6:95:ec:c2:0d:55:d4:fd:61:
                    b9:2c:a6:b7:f5:6a:8f:8d:25:a0:71:0f:92:22:4d:
                    ba:fa:33:5a:f5:1b:35:f0:61:03:76:cc:1b:25:6d:
                    89:5b:1b:ae:fe:3d:27:2d:a5:35:c0:b3:1d:31:0b:
                    e6:95:07:a9:25:3a:f8:bd:62:52:51:f2:e6:e1:a6:
                    60:ae:e8:35:1b:5b:98:be:64:91:2b:38:90:27:39:
                    c4:92:9e:bc:b3:7d:b6:e7:0a:fa:75:32:1f:df:99:
                    04:87:18:af:4e:fc:cf:55:0e:e5:c2:1b:aa:eb:63:
                    e7:a1:2b:07:99:63:39:3d:b4:3d:30:cb:cb:fe:15:
                    fa:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:75:ED:3D:5E:24:81:98:92:30:BA:DF:69:03:5F:B6:D1:37:60:48
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/SHXtPV4kgZiSMLrfaQNfttE3YEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ff:1e:9d:d5:0d:07:b5:9c:5e:67:95:04:b6:29:35:10:8e:
         47:7f:e6:be:07:85:a0:e6:bc:7f:22:2f:ef:02:c4:39:62:2b:
         61:66:88:c9:ad:e8:8f:cf:80:8b:66:ca:fe:16:52:ed:66:a1:
         9a:13:2d:1c:5d:be:21:b3:4f:66:56:c1:0a:7f:b3:5a:87:a1:
         1c:60:af:70:d4:5b:af:07:3b:19:76:f1:bd:ec:ce:28:45:e2:
         c2:81:71:66:97:82:d9:4a:54:a0:89:08:69:e3:b8:27:5e:e4:
         38:d4:35:20:9e:dc:4b:fe:fe:12:08:92:39:69:d1:36:44:b7:
         b4:be:f2:09:9d:f2:d2:8f:15:26:86:c3:48:92:ef:9c:b6:b9:
         c9:98:3d:7d:9c:20:31:80:9f:3c:80:d6:79:8e:ca:38:26:44:
         7e:b8:47:2d:34:46:d1:b3:29:2e:61:52:d7:83:ac:ae:63:64:
         48:39:d9:ee:5a:71:e9:5f:c6:05:0f:4d:75:20:26:44:3f:f2:
         d5:39:80:46:ee:e5:02:83:79:01:d3:68:51:ef:3e:9a:d2:bb:
         33:19:1a:4e:5b:4d:41:b7:3c:cc:49:a4:e7:5d:6b:35:29:8b:
         82:43:c0:38:dd:b5:74:dc:2c:b9:76:50:ba:d0:10:d1:12:8c:
         2d:53:d8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2KAIWfLRunpa2XMINBFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjUwMTAyMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODc1ZWQzZDVlMjQ4MTk4OTIzMGJhZGY2OTAzNWZiNmQxMzc2MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9/hSI4By11Agd5Ul2OTZs4qWxrw
tmf+bM3uZ6DKNJFa+K3S8RpP0Ph3jqNXynu5nWA40ZKNNBZHgsXnA+SjFl06tMHn
eoOfseBY1tZR0cXE79cqw9tdw7TGwuK4AFuNsy004PVyz+G7VeGtIPpM5CDhslr6
5OsyWlRgaUS2lezCDVXU/WG5LKa39WqPjSWgcQ+SIk26+jNa9Rs18GEDdswbJW2J
Wxuu/j0nLaU1wLMdMQvmlQepJTr4vWJSUfLm4aZgrug1G1uYvmSRKziQJznEkp68
s3225wr6dTIf35kEhxivTvzPVQ7lwhuq62PnoSsHmWM5PbQ9MMvL/hX6TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh17T1eJIGYkjC632kDX7bRN2BIMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvU0hYdFBWNGtnWmlTTUxyZmFRTmZ0dEUzWUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBW/x6d1Q0HtZxeZ5UEtik1EI5Hf+a+B4Wg5rx/Ii/v
AsQ5YithZojJreiPz4CLZsr+FlLtZqGaEy0cXb4hs09mVsEKf7Nah6EcYK9w1Fuv
BzsZdvG97M4oReLCgXFml4LZSlSgiQhp47gnXuQ41DUgntxL/v4SCJI5adE2RLe0
vvIJnfLSjxUmhsNIku+ctrnJmD19nCAxgJ88gNZ5jso4JkR+uEctNEbRsykuYVLX
g6yuY2RIOdnuWnHpX8YFD011ICZEP/LVOYBG7uUCg3kB02hR7z6a0rszGRpOW01B
tzzMSaTnXWs1KYuCQ8A43bV03Cy5dlC60BDREowtU9jK
-----END CERTIFICATE-----