Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Uj8njsPYdgRZYjZt_ospB351jos.roa
File:                     Uj8njsPYdgRZYjZt_ospB351jos.roa (raw, json)
Hash identifier:          LYqRDwSI7zwNyZiE9YMTNwUElSgWURvGf1f5eOoJElY=
Subject key identifier:   52:3F:27:8E:C3:D8:76:04:59:62:36:6D:FE:8B:29:07:7E:75:8E:8B
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0196F8669676A8F0B7C873106D5A8C48696B
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Uj8njsPYdgRZYjZt_ospB351jos.roa
Signing time:             Thu 22 May 2025 14:29:54 +0000
ROA not before:           Thu 22 May 2025 14:29:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395374
IP address blocks:        193.108.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:66:96:76:a8:f0:b7:c8:73:10:6d:5a:8c:48:69:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 22 14:29:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=523f278ec3d876045962366dfe8b29077e758e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6f:d9:7b:2d:25:d4:95:3a:0b:7a:a8:c3:a4:
                    79:6a:60:fc:1a:b2:69:99:05:71:02:1c:45:76:28:
                    65:b3:b5:72:e2:ac:c4:f6:c5:ee:46:c3:ad:fd:21:
                    ea:0e:e7:05:b4:b7:ea:0b:13:4d:76:8b:5f:48:37:
                    8a:17:32:da:bf:79:e8:6b:58:12:0f:09:b1:72:4b:
                    3d:97:55:78:8d:d7:f0:bb:0e:6f:a6:fd:a5:e4:73:
                    fb:26:5b:39:20:73:9b:67:4e:78:97:07:d8:46:91:
                    dc:6e:9c:c8:32:4a:48:36:67:12:e6:95:dc:b7:77:
                    e7:a8:e2:72:43:7f:9e:2f:63:e5:84:b6:30:5f:ea:
                    92:d9:fe:2e:ce:9e:c5:0b:c9:4a:02:fb:f5:d2:5c:
                    68:1b:a6:54:60:c8:9a:8e:d4:82:04:f3:c5:d1:08:
                    06:ad:cc:05:60:97:fd:8d:ff:5d:f5:c6:ad:ef:62:
                    cf:0b:9a:9f:10:fa:99:61:83:33:69:2f:c6:3c:37:
                    8b:43:88:15:64:fb:4c:c4:7f:f4:79:ba:4d:b4:d7:
                    01:a5:41:7b:24:99:f0:91:fc:00:43:a3:99:46:55:
                    8f:97:fe:d6:e7:bb:b1:cc:e6:25:61:53:35:17:fa:
                    5f:2c:37:ce:f3:4a:82:c7:2d:51:c8:cb:ae:31:72:
                    db:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3F:27:8E:C3:D8:76:04:59:62:36:6D:FE:8B:29:07:7E:75:8E:8B
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Uj8njsPYdgRZYjZt_ospB351jos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ac:0d:f0:0d:b0:97:7b:1f:b2:e5:51:5b:24:64:a8:a1:c7:
         33:43:0e:cc:44:6f:6a:a1:b6:eb:bd:b2:c4:11:20:ce:e7:27:
         ee:e8:ed:06:9e:ed:66:b9:55:c0:9b:47:6d:11:a2:3a:6b:42:
         a9:2e:56:99:8a:7e:16:fd:d5:5c:85:8a:1f:e4:91:fc:47:7d:
         5c:c2:cb:3c:db:20:ac:8e:b0:9f:9a:7f:51:e4:24:b5:cf:4f:
         12:ae:b0:98:9b:05:7c:52:d0:0a:83:33:4d:82:79:b8:c4:cd:
         2a:32:e9:72:de:01:0a:de:34:33:76:66:7a:b0:e7:d5:b0:2d:
         77:05:ef:96:d6:db:80:bf:67:a8:ea:18:8e:e1:a1:9c:a2:33:
         d0:97:86:17:33:a2:e1:e2:1f:08:76:47:11:3f:37:c8:be:56:
         7a:ea:55:db:ff:f0:7d:70:f0:c3:15:10:2f:19:a7:74:5a:de:
         84:61:86:1e:04:30:d6:0a:41:8a:a4:3b:ca:fe:0b:06:49:fc:
         d9:ed:f6:a4:19:07:35:c3:ca:09:89:60:c0:04:55:53:cd:c2:
         77:8e:fb:8d:78:91:73:8f:e8:d3:91:6b:db:c3:db:80:af:03:
         64:61:09:54:1b:37:a9:18:d1:a8:94:f2:1c:8c:a7:a6:bc:fb:
         1c:3d:69:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4ZpZ2qPC3yHMQbVqMSGlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNTIyMTQyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNmMjc4ZWMzZDg3NjA0NTk2MjM2NmRmZThiMjkwNzdlNzU4ZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW/Zey0l1JU6C3qow6R5amD8GrJp
mQVxAhxFdihls7Vy4qzE9sXuRsOt/SHqDucFtLfqCxNNdotfSDeKFzLav3noa1gS
Dwmxcks9l1V4jdfwuw5vpv2l5HP7Jls5IHObZ054lwfYRpHcbpzIMkpINmcS5pXc
t3fnqOJyQ3+eL2PlhLYwX+qS2f4uzp7FC8lKAvv10lxoG6ZUYMiajtSCBPPF0QgG
rcwFYJf9jf9d9cat72LPC5qfEPqZYYMzaS/GPDeLQ4gVZPtMxH/0ebpNtNcBpUF7
JJnwkfwAQ6OZRlWPl/7W57uxzOYlYVM1F/pfLDfO80qCxy1RyMuuMXLbCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI/J47D2HYEWWI2bf6LKQd+dY6LMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvVWo4bmpzUFlkZ1JaWWpadF9vc3BCMzUxam9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw7MA0G
CSqGSIb3DQEBCwUAA4IBAQAerA3wDbCXex+y5VFbJGSoocczQw7MRG9qobbrvbLE
ESDO5yfu6O0Gnu1muVXAm0dtEaI6a0KpLlaZin4W/dVchYof5JH8R31cwss82yCs
jrCfmn9R5CS1z08SrrCYmwV8UtAKgzNNgnm4xM0qMuly3gEK3jQzdmZ6sOfVsC13
Be+W1tuAv2eo6hiO4aGcojPQl4YXM6Lh4h8IdkcRPzfIvlZ66lXb//B9cPDDFRAv
Gad0Wt6EYYYeBDDWCkGKpDvK/gsGSfzZ7fakGQc1w8oJiWDABFVTzcJ3jvuNeJFz
j+jTkWvbw9uArwNkYQlUGzepGNGolPIcjKemvPscPWkL
-----END CERTIFICATE-----