Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/al4U2JPxxiid9aONoVxE42bXtsM.roa
File:                     al4U2JPxxiid9aONoVxE42bXtsM.roa (raw, json)
Hash identifier:          XIfhyTCn1Ywozl9yi5YvzH2FdKI/ST5gD2VgyepHB5A=
Subject key identifier:   6A:5E:14:D8:93:F1:C6:28:9D:F5:A3:8D:A1:5C:44:E3:66:D7:B6:C3
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5B31F339EB41706F1B254A1511C65
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/al4U2JPxxiid9aONoVxE42bXtsM.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212416
IP address blocks:        193.108.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b3:1f:33:9e:b4:17:06:f1:b2:54:a1:51:1c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a5e14d893f1c6289df5a38da15c44e366d7b6c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f6:4f:10:e0:07:d8:2e:10:68:14:dd:bc:ea:
                    59:1d:49:eb:79:bd:fa:c1:2a:54:77:bc:f8:d0:86:
                    65:94:09:13:b5:3a:e4:ee:fa:02:98:13:1e:7e:74:
                    ea:5c:59:91:36:9a:38:3c:1c:6a:ca:77:e4:d9:84:
                    2b:47:cc:69:3d:f1:18:3c:cd:5f:73:03:bb:77:a9:
                    c9:81:94:62:23:78:7e:74:c8:ec:93:bf:1e:18:7b:
                    00:d1:8d:b8:be:d9:c6:96:74:02:50:c4:95:be:2c:
                    87:4e:09:d2:e2:3f:18:d0:0e:6e:a5:e2:4d:c1:fc:
                    36:fd:52:fa:b2:48:5f:63:c9:60:c3:66:6a:50:41:
                    b8:d3:af:8a:ea:48:b9:dd:8e:cd:e0:7e:a7:ae:13:
                    4c:83:06:42:ac:83:c4:9b:17:a3:c7:5f:49:56:60:
                    ee:1b:0d:c3:d5:54:d9:92:42:16:0f:95:90:a5:3f:
                    30:53:7b:1c:fd:dc:07:32:3a:c8:fe:7a:55:36:81:
                    b3:9e:4c:0b:30:34:38:14:a2:a1:0c:b0:22:a1:b4:
                    10:0d:98:51:45:f3:6e:f8:04:7e:93:a6:ef:de:6c:
                    fc:36:e4:9c:24:8d:fe:13:bc:78:19:f0:e6:ed:53:
                    34:ba:00:12:35:aa:ae:52:5b:62:d0:ee:0a:ae:f2:
                    3f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5E:14:D8:93:F1:C6:28:9D:F5:A3:8D:A1:5C:44:E3:66:D7:B6:C3
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/al4U2JPxxiid9aONoVxE42bXtsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:3a:15:7a:f0:03:6f:92:36:b4:6c:d3:f9:67:3f:b0:a8:f9:
         22:2d:cb:38:4f:bd:be:00:7b:f4:e0:68:b0:5b:75:01:fc:52:
         a1:0d:bc:e1:8d:bd:7d:3a:d9:f9:45:bc:c6:d6:8d:69:50:be:
         81:46:47:f9:5a:dd:96:c1:bd:17:78:a3:9a:e4:2d:9d:5b:5b:
         a8:42:a0:c3:19:64:37:9a:5e:96:2b:58:06:d6:50:48:e3:3f:
         1f:77:03:5a:a2:15:a2:99:65:be:f2:9d:1a:d0:82:4f:d3:44:
         9c:ff:a9:18:98:5d:2f:78:47:8f:5f:4b:1f:78:8f:7f:9b:b7:
         f9:0b:f6:86:8a:7d:96:e5:97:a6:b8:a8:cf:5e:99:d1:51:9f:
         7f:8a:94:4c:9e:28:85:3d:be:74:30:97:b2:45:49:aa:84:dd:
         be:46:af:01:d3:6b:13:a0:d2:e2:60:9d:48:2d:9b:10:df:c2:
         63:58:85:0a:aa:48:83:08:d0:58:bb:a9:0c:25:e7:4d:c3:37:
         53:ef:04:b5:e0:38:e8:01:fc:6f:ce:db:2b:5d:9f:eb:b9:15:
         b0:e9:70:89:38:ec:04:de:cf:2a:24:9b:63:f6:1a:a9:2f:d7:
         b0:25:8e:e6:b7:54:94:fe:2b:60:73:0b:ae:b5:fb:af:42:7d:
         cc:8a:75:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbMfM560FwbxslShURxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTVlMTRkODkzZjFjNjI4OWRmNWEzOGRhMTVjNDRlMzY2ZDdiNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvZPEOAH2C4QaBTdvOpZHUnreb36
wSpUd7z40IZllAkTtTrk7voCmBMefnTqXFmRNpo4PBxqynfk2YQrR8xpPfEYPM1f
cwO7d6nJgZRiI3h+dMjsk78eGHsA0Y24vtnGlnQCUMSVviyHTgnS4j8Y0A5upeJN
wfw2/VL6skhfY8lgw2ZqUEG406+K6ki53Y7N4H6nrhNMgwZCrIPEmxejx19JVmDu
Gw3D1VTZkkIWD5WQpT8wU3sc/dwHMjrI/npVNoGznkwLMDQ4FKKhDLAiobQQDZhR
RfNu+AR+k6bv3mz8NuScJI3+E7x4GfDm7VM0ugASNaquUlti0O4KrvI/zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpeFNiT8cYonfWjjaFcRONm17bDMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvYWw0VTJKUHh4aWlkOWFPTm9WeEU0MmJYdHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw5MA0G
CSqGSIb3DQEBCwUAA4IBAQCROhV68ANvkja0bNP5Zz+wqPkiLcs4T72+AHv04Giw
W3UB/FKhDbzhjb19Otn5RbzG1o1pUL6BRkf5Wt2Wwb0XeKOa5C2dW1uoQqDDGWQ3
ml6WK1gG1lBI4z8fdwNaohWimWW+8p0a0IJP00Sc/6kYmF0veEePX0sfeI9/m7f5
C/aGin2W5ZemuKjPXpnRUZ9/ipRMniiFPb50MJeyRUmqhN2+Rq8B02sToNLiYJ1I
LZsQ38JjWIUKqkiDCNBYu6kMJedNwzdT7wS14DjoAfxvztsrXZ/ruRWw6XCJOOwE
3s8qJJtj9hqpL9ewJY7mt1SU/itgcwuutfuvQn3MinU2
-----END CERTIFICATE-----