Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0NFiTmuSyQvbIvanJiLjWHvt4RM.roa
File:                     0NFiTmuSyQvbIvanJiLjWHvt4RM.roa (raw, json)
Hash identifier:          luko6CdhO6PPQy8mRMEAKBgkFwNJM+Gi1UFJ4ngvy+Q=
Subject key identifier:   D0:D1:62:4E:6B:92:C9:0B:DB:22:F6:A7:26:22:E3:58:7B:ED:E1:13
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5B15664694FBD6241BC2B240133D6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0NFiTmuSyQvbIvanJiLjWHvt4RM.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        193.108.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b1:56:64:69:4f:bd:62:41:bc:2b:24:01:33:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0d1624e6b92c90bdb22f6a72622e3587bede113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c6:c3:59:be:cd:85:7b:49:3a:39:a5:31:b9:
                    2c:d9:12:b9:79:d9:eb:c3:87:bb:c4:ed:87:68:70:
                    23:aa:20:6b:79:da:93:d1:74:e3:2b:08:70:79:20:
                    64:76:b6:84:0e:0c:ed:59:47:ed:e2:19:dc:93:f0:
                    07:80:fa:a9:0f:9e:c0:31:a3:4b:9e:f3:49:af:85:
                    31:73:9e:58:9b:96:81:30:0d:e9:82:39:b3:a1:91:
                    6a:e5:fe:d4:51:44:a2:c2:44:19:24:e1:18:cf:8d:
                    b9:68:bd:6c:f0:08:d3:cb:6b:37:ee:78:ca:45:e0:
                    94:b2:19:17:0b:e1:83:43:bb:fc:4c:33:d0:33:65:
                    f6:85:8f:38:3a:f2:0f:64:54:c9:21:f7:43:23:b3:
                    ae:33:6e:f4:09:b1:05:b0:48:59:9a:c3:9a:82:45:
                    40:2e:17:fd:aa:87:f0:07:2e:4f:7a:1b:79:30:fe:
                    26:81:17:24:9c:9d:40:83:34:1e:88:b0:64:7c:17:
                    3b:ec:89:14:76:02:f3:e0:0f:95:b7:aa:1c:65:09:
                    33:24:10:8b:ef:1c:6d:a3:ba:10:91:7b:c7:26:bd:
                    57:b2:42:2e:93:84:01:ff:c8:2f:a2:8d:42:5f:68:
                    e5:e8:bd:f9:2f:7f:9f:44:a3:11:43:7c:7e:14:4f:
                    02:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D1:62:4E:6B:92:C9:0B:DB:22:F6:A7:26:22:E3:58:7B:ED:E1:13
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0NFiTmuSyQvbIvanJiLjWHvt4RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:0d:ee:e8:a9:de:c4:04:e5:de:8e:e6:a8:76:86:16:77:99:
         07:52:14:2d:9e:c1:b7:2c:67:03:97:e4:0e:78:77:f7:fe:74:
         d4:c2:e0:ce:4f:14:6e:a1:6e:6d:c5:4f:ac:bf:16:aa:7b:07:
         ab:3b:7d:46:04:d2:04:06:d4:d7:ba:65:5d:51:d8:c1:e4:96:
         4b:76:bc:dd:f9:0c:1c:ad:30:f4:c0:4a:63:f1:c1:ba:71:84:
         8b:59:ea:60:99:a6:9f:e0:6e:35:c1:4e:a0:7a:de:6c:8b:5b:
         ed:c5:0c:03:7f:14:88:6a:94:15:27:4b:1c:46:c2:0e:84:ef:
         0c:b4:65:15:7f:40:68:c1:47:74:b4:9b:ca:15:90:d3:aa:8d:
         93:00:1b:ac:1a:01:8e:73:6a:ca:7c:fc:f2:75:a1:79:cf:e5:
         8f:dc:27:f6:cb:9f:0d:88:02:02:d7:81:ca:06:52:24:b2:7f:
         30:88:fa:2b:2e:46:76:3d:d1:4d:28:3b:d3:de:8e:c3:4a:87:
         49:39:48:54:26:e4:e5:17:b4:5f:68:8f:7f:ed:cf:89:d2:1c:
         b4:2d:34:bf:87:76:bb:1d:b2:bc:6f:c7:2a:15:cd:c7:aa:44:
         64:ab:d7:81:73:3d:11:4a:9a:90:ce:ac:f4:f5:4f:22:f4:6c:
         f9:b7:48:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbFWZGlPvWJBvCskATPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQxNjI0ZTZiOTJjOTBiZGIyMmY2YTcyNjIyZTM1ODdiZWRlMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMbDWb7NhXtJOjmlMbks2RK5ednr
w4e7xO2HaHAjqiBredqT0XTjKwhweSBkdraEDgztWUft4hnck/AHgPqpD57AMaNL
nvNJr4Uxc55Ym5aBMA3pgjmzoZFq5f7UUUSiwkQZJOEYz425aL1s8AjTy2s37njK
ReCUshkXC+GDQ7v8TDPQM2X2hY84OvIPZFTJIfdDI7OuM270CbEFsEhZmsOagkVA
Lhf9qofwBy5Peht5MP4mgRcknJ1AgzQeiLBkfBc77IkUdgLz4A+Vt6ocZQkzJBCL
7xxto7oQkXvHJr1XskIuk4QB/8gvoo1CX2jl6L35L3+fRKMRQ3x+FE8CdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDRYk5rkskL2yL2pyYi41h77eETMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvME5GaVRtdVN5UXZiSXZhbkppTGpXSHZ0NFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWxoMA0G
CSqGSIb3DQEBCwUAA4IBAQA0De7oqd7EBOXejuaodoYWd5kHUhQtnsG3LGcDl+QO
eHf3/nTUwuDOTxRuoW5txU+svxaqewerO31GBNIEBtTXumVdUdjB5JZLdrzd+Qwc
rTD0wEpj8cG6cYSLWepgmaaf4G41wU6get5si1vtxQwDfxSIapQVJ0scRsIOhO8M
tGUVf0BowUd0tJvKFZDTqo2TABusGgGOc2rKfPzydaF5z+WP3Cf2y58NiAIC14HK
BlIksn8wiPorLkZ2PdFNKDvT3o7DSodJOUhUJuTlF7RfaI9/7c+J0hy0LTS/h3a7
HbK8b8cqFc3HqkRkq9eBcz0RSpqQzqz09U8i9Gz5t0jw
-----END CERTIFICATE-----