Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1-nlkvRFb_0dY33_QQWe7MT55B_U.roa
File:                     1-nlkvRFb_0dY33_QQWe7MT55B_U.roa (raw, json)
Hash identifier:          xM8t5GiicySe8TkQxN5K9fwDc3cDsUvknXQKAZ4xQ2o=
Subject key identifier:   FA:79:64:BD:11:5B:FF:47:58:DF:7F:D0:41:67:BB:31:3E:79:07:F5
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018F80DE7469A1EC2C8976B68EE36E722F93
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1-nlkvRFb_0dY33_QQWe7MT55B_U.roa
Signing time:             Thu 16 May 2024 10:06:53 +0000
ROA not before:           Thu 16 May 2024 10:06:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        193.108.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:de:74:69:a1:ec:2c:89:76:b6:8e:e3:6e:72:2f:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 16 10:06:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa7964bd115bff4758df7fd04167bb313e7907f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1d:39:e3:26:34:39:52:88:79:7c:87:69:d3:
                    53:6f:84:41:6c:61:24:96:4d:7b:63:e2:7b:7a:06:
                    5a:22:cd:bd:49:8b:be:b7:55:6f:b7:db:ef:b5:7e:
                    c8:9e:d9:29:03:94:a4:88:f9:0f:0f:67:c1:5c:bc:
                    4a:f4:f2:0c:b7:47:99:1a:14:3b:a2:5d:74:73:59:
                    c3:0c:10:3c:35:2f:61:13:4a:29:22:07:df:c8:8c:
                    4d:bc:b0:d9:f8:9b:50:6b:1d:f0:21:e1:d9:ff:2d:
                    56:ed:4e:9e:51:ca:e7:1a:7f:85:52:f0:c4:a3:73:
                    dd:4c:55:f5:a2:78:48:f3:b0:28:b9:7e:24:1b:f6:
                    c1:86:45:44:eb:52:a2:4f:a8:86:35:89:a9:13:a2:
                    96:21:fb:4a:40:7b:f5:14:81:47:85:8e:1a:33:62:
                    ca:6a:55:72:cc:fc:f2:e5:bd:a2:ab:fd:c8:c9:ae:
                    5e:40:02:70:be:38:ce:1f:ca:ad:dd:1c:0c:e9:cc:
                    5f:43:1d:f4:96:7f:8f:00:f9:f8:17:57:d0:e2:68:
                    d0:8d:5c:13:4b:ed:ad:54:7b:17:c6:21:8b:1d:9a:
                    13:cb:15:1f:35:c4:5a:a5:34:c9:9e:6a:1f:4c:09:
                    16:a7:8f:36:7d:5f:e0:24:79:60:cc:c3:3b:d1:91:
                    1b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:79:64:BD:11:5B:FF:47:58:DF:7F:D0:41:67:BB:31:3E:79:07:F5
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/1-nlkvRFb_0dY33_QQWe7MT55B_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:8d:6c:9e:95:fb:a9:f5:a9:d6:e3:2a:d8:dc:3e:ec:43:44:
         f0:91:9d:ca:4f:5b:0d:56:9b:7f:7f:ea:e8:0d:67:bb:1b:3b:
         80:e9:2f:6f:99:c9:db:90:dd:0f:bf:93:4c:61:d1:fc:a1:f3:
         b1:ee:ea:da:66:52:50:e4:ac:1b:45:38:b1:42:70:78:42:e4:
         19:7e:cd:63:50:c0:a4:f4:08:15:2a:3d:f9:6d:12:b4:5b:9f:
         88:86:fb:35:53:80:86:54:97:d8:ac:08:0b:f4:84:60:76:00:
         10:29:09:0b:dc:2e:81:db:51:58:e0:84:44:32:57:85:96:50:
         1c:95:3d:11:6c:31:4b:b3:72:c3:54:b3:3a:64:74:a9:33:7a:
         c9:e1:d2:25:82:d0:0e:88:e8:54:59:ff:4f:1e:5b:d2:d8:94:
         5e:0f:c8:ca:12:27:a5:b1:25:9f:1c:3d:3c:07:65:fc:4e:92:
         2a:6b:8b:34:02:9a:ac:86:d7:af:57:b0:43:7e:61:5b:cf:e7:
         10:cf:9c:12:ff:b2:3a:ff:6b:96:27:c4:57:fe:ae:4c:ed:58:
         06:f7:8b:b2:38:a7:3d:3a:4a:dc:85:37:06:9b:71:82:03:e4:
         96:ec:bd:7c:43:22:2a:15:70:e1:8d:82:79:07:ad:0a:c2:11:
         32:06:9e:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+A3nRpoewsiXa2juNuci+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwNTE2MTAwNjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTc5NjRiZDExNWJmZjQ3NThkZjdmZDA0MTY3YmIzMTNlNzkwN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArR054yY0OVKIeXyHadNTb4RBbGEk
lk17Y+J7egZaIs29SYu+t1Vvt9vvtX7IntkpA5SkiPkPD2fBXLxK9PIMt0eZGhQ7
ol10c1nDDBA8NS9hE0opIgffyIxNvLDZ+JtQax3wIeHZ/y1W7U6eUcrnGn+FUvDE
o3PdTFX1onhI87AouX4kG/bBhkVE61KiT6iGNYmpE6KWIftKQHv1FIFHhY4aM2LK
alVyzPzy5b2iq/3Iya5eQAJwvjjOH8qt3RwM6cxfQx30ln+PAPn4F1fQ4mjQjVwT
S+2tVHsXxiGLHZoTyxUfNcRapTTJnmofTAkWp482fV/gJHlgzMM70ZEb+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPp5ZL0RW/9HWN9/0EFnuzE+eQf1MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvMS1ubGt2UkZiXzBkWTMzX1FRV2U3TVQ1NUJfVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2QvM2UyYjE4LTU1YzktNDE4MC04YzZlLTJjNzA4NmZkZWQ5
My8xL0NJUmxzM3N0VHA5Qk9qSGNlMzVzdWlvejI1WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFsaDAN
BgkqhkiG9w0BAQsFAAOCAQEAQI1snpX7qfWp1uMq2Nw+7ENE8JGdyk9bDVabf3/q
6A1nuxs7gOkvb5nJ25DdD7+TTGHR/KHzse7q2mZSUOSsG0U4sUJweELkGX7NY1DA
pPQIFSo9+W0StFufiIb7NVOAhlSX2KwIC/SEYHYAECkJC9wugdtRWOCERDJXhZZQ
HJU9EWwxS7Nyw1SzOmR0qTN6yeHSJYLQDojoVFn/Tx5b0tiUXg/IyhInpbElnxw9
PAdl/E6SKmuLNAKarIbXr1ewQ35hW8/nEM+cEv+yOv9rlifEV/6uTO1YBveLsjin
PTpK3IU3BptxggPkluy9fEMiKhVw4Y2CeQetCsIRMgaeyg==
-----END CERTIFICATE-----