Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8oM4dESRd0FYOAH19ZB4u6l_g4k.roa
File:                     8oM4dESRd0FYOAH19ZB4u6l_g4k.roa (raw, json)
Hash identifier:          SP6ZCSo23zUfTnjbiXoVBbUnUZHOEyp7JJtWvtL5onM=
Subject key identifier:   F2:83:38:74:44:91:77:41:58:38:01:F5:F5:90:78:BB:A9:7F:83:89
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019364006F94595C4EE5067A9F7C7D924AE6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8oM4dESRd0FYOAH19ZB4u6l_g4k.roa
Signing time:             Mon 25 Nov 2024 15:46:10 +0000
ROA not before:           Mon 25 Nov 2024 15:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        193.108.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:64:00:6f:94:59:5c:4e:e5:06:7a:9f:7c:7d:92:4a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Nov 25 15:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f283387444917741583801f5f59078bba97f8389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fd:07:22:27:bc:8a:6f:9d:cc:5f:61:56:3f:
                    21:dd:64:db:67:95:a9:ac:8b:7f:3a:6c:7c:57:af:
                    31:33:86:ca:d2:88:eb:7f:43:4e:d7:49:38:da:2e:
                    c4:c7:63:ae:90:41:c0:d5:4a:6c:5e:f2:4d:06:d1:
                    4e:f6:d4:ed:04:f9:3c:fe:7e:56:61:b6:c0:4a:1e:
                    2b:cd:2a:7f:ff:3d:e4:ec:37:82:ff:f4:3c:56:31:
                    3d:d5:42:7a:3d:2f:5a:13:0c:5b:9c:fb:e5:18:1e:
                    a3:5a:b7:50:95:ff:fb:46:0c:e8:2b:12:0c:ae:09:
                    da:f0:14:8e:9b:33:aa:f3:ab:28:86:55:0c:00:c0:
                    00:cc:41:38:85:93:5f:ab:d1:86:e5:f5:92:a7:2c:
                    4f:42:e1:5a:4a:91:74:a1:da:7f:10:f5:8e:a2:1e:
                    88:e6:4b:3f:c0:5a:4a:17:4e:04:42:86:1a:ff:c9:
                    5b:39:3a:f8:57:7b:17:b8:b3:c7:24:72:14:5a:0c:
                    1e:97:44:aa:46:9f:18:46:ca:ce:65:cd:23:5f:98:
                    ec:08:ad:20:26:fd:5f:48:e7:25:ed:e0:34:b7:67:
                    7c:8f:11:3e:b0:52:57:87:0f:67:29:e4:76:c4:f1:
                    7d:f6:24:d0:07:fe:b7:ad:f1:54:6e:f5:93:7c:51:
                    4c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:83:38:74:44:91:77:41:58:38:01:F5:F5:90:78:BB:A9:7F:83:89
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8oM4dESRd0FYOAH19ZB4u6l_g4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7b:48:35:4e:75:8d:5c:f1:61:15:0d:3e:2a:ee:74:0e:8a:
         6e:46:77:ca:09:32:2c:4a:67:79:d6:95:37:e1:de:f6:49:dd:
         10:8a:f9:92:5c:d6:0b:eb:67:d8:8a:de:fd:fa:4e:a6:34:4a:
         82:f9:84:c6:88:81:b7:b9:76:1e:cc:d2:a1:ad:79:39:ff:b5:
         54:f0:03:18:73:ef:bb:ee:00:7e:d4:db:76:ba:d2:04:97:fc:
         0e:c9:44:57:13:2f:7b:d7:42:d0:e8:97:8c:f8:0d:0f:2f:28:
         e9:68:8b:76:21:08:35:3d:ec:b3:73:8b:14:a8:3b:b9:78:80:
         90:f1:03:2e:4e:04:ab:22:fb:29:c1:19:77:49:dc:19:1c:e3:
         5a:d3:5f:c2:76:f9:f4:cd:8f:36:71:bd:67:45:08:80:cd:f1:
         e6:26:c4:ea:9e:e9:6d:3f:36:52:2a:93:e7:dc:66:ce:67:c5:
         4b:be:e0:f9:ee:b2:36:71:3d:46:bc:20:24:05:26:7f:cf:c9:
         9a:c2:0c:43:0c:5e:67:b5:b0:be:e0:dc:03:59:6c:a4:03:2d:
         39:5f:5b:22:6e:f2:cb:11:44:22:21:89:2d:4a:ce:28:c2:7d:
         dc:06:18:a8:3b:5c:5d:73:b8:19:60:c5:b3:9f:78:37:7a:53:
         39:32:3f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNkAG+UWVxO5QZ6n3x9kkrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQxMTI1MTU0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgzMzg3NDQ0OTE3NzQxNTgzODAxZjVmNTkwNzhiYmE5N2Y4Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv0HIie8im+dzF9hVj8h3WTbZ5Wp
rIt/Omx8V68xM4bK0ojrf0NO10k42i7Ex2OukEHA1UpsXvJNBtFO9tTtBPk8/n5W
YbbASh4rzSp//z3k7DeC//Q8VjE91UJ6PS9aEwxbnPvlGB6jWrdQlf/7RgzoKxIM
rgna8BSOmzOq86sohlUMAMAAzEE4hZNfq9GG5fWSpyxPQuFaSpF0odp/EPWOoh6I
5ks/wFpKF04EQoYa/8lbOTr4V3sXuLPHJHIUWgwel0SqRp8YRsrOZc0jX5jsCK0g
Jv1fSOcl7eA0t2d8jxE+sFJXhw9nKeR2xPF99iTQB/63rfFUbvWTfFFMIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKDOHREkXdBWDgB9fWQeLupf4OJMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvOG9NNGRFU1JkMEZZT0FIMTlaQjR1NmxfZzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw7MA0G
CSqGSIb3DQEBCwUAA4IBAQA7e0g1TnWNXPFhFQ0+Ku50DopuRnfKCTIsSmd51pU3
4d72Sd0QivmSXNYL62fYit79+k6mNEqC+YTGiIG3uXYezNKhrXk5/7VU8AMYc++7
7gB+1Nt2utIEl/wOyURXEy9710LQ6JeM+A0PLyjpaIt2IQg1Peyzc4sUqDu5eICQ
8QMuTgSrIvspwRl3SdwZHONa01/Cdvn0zY82cb1nRQiAzfHmJsTqnultPzZSKpPn
3GbOZ8VLvuD57rI2cT1GvCAkBSZ/z8mawgxDDF5ntbC+4NwDWWykAy05X1sibvLL
EUQiIYktSs4own3cBhioO1xdc7gZYMWzn3g3elM5Mj/w
-----END CERTIFICATE-----