Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pnbDggFjR8Z1Qgc_1Qc-UDhj7rY.roa
File:                     pnbDggFjR8Z1Qgc_1Qc-UDhj7rY.roa (raw, json)
Hash identifier:          bHqcCRyP28KQV11RhwKXb+dqQODQv4qroixCpA+/B1w=
Subject key identifier:   A6:76:C3:82:01:63:47:C6:75:42:07:3F:D5:07:3E:50:38:63:EE:B6
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018F958B4A99B35B95841E8398F124ACAEA5
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pnbDggFjR8Z1Qgc_1Qc-UDhj7rY.roa
Signing time:             Mon 20 May 2024 10:28:04 +0000
ROA not before:           Mon 20 May 2024 10:28:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        193.108.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:8b:4a:99:b3:5b:95:84:1e:83:98:f1:24:ac:ae:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 20 10:28:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a676c382016347c67542073fd5073e503863eeb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a5:3c:2c:e2:05:22:0d:77:3f:ff:d4:c6:0e:
                    d0:99:7b:36:0f:08:ad:0a:d2:af:c6:42:9a:41:e6:
                    21:ab:f8:0a:0f:d5:ee:c2:35:48:53:e1:2f:3b:cb:
                    28:a0:f2:11:03:87:e8:ac:c0:69:2c:f4:d5:7c:70:
                    31:66:50:78:f9:76:1b:2d:4e:2e:b0:dd:23:87:98:
                    a5:5c:4f:02:7a:94:80:5d:c3:8e:0b:f1:1d:cf:23:
                    d8:12:0c:f5:a3:4a:d8:bb:99:14:33:2f:98:05:15:
                    e8:da:53:9a:0c:9f:c6:cc:1f:f3:71:e6:1f:37:23:
                    0f:57:59:d0:60:cb:df:09:e8:e5:85:d2:85:e5:7f:
                    ec:82:4f:84:94:74:2e:a6:72:73:a8:18:79:c7:0e:
                    ba:0c:fa:5d:cf:93:0b:8b:72:ab:46:6f:97:ae:40:
                    ea:c9:1a:b5:61:8f:37:74:21:82:59:02:d5:bd:ff:
                    14:ea:a8:7e:28:ee:b8:1a:5f:4a:64:52:9b:5e:e5:
                    b0:ee:bb:8e:7a:b4:77:e0:37:72:56:a8:c4:e1:80:
                    d2:d3:5c:d5:32:51:0d:81:32:85:10:d7:ef:59:75:
                    a4:10:b3:c9:22:ec:0f:a0:1e:d4:db:79:73:21:b4:
                    09:74:ff:62:b6:1b:ee:f6:79:1f:6f:35:0e:80:47:
                    fc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:76:C3:82:01:63:47:C6:75:42:07:3F:D5:07:3E:50:38:63:EE:B6
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pnbDggFjR8Z1Qgc_1Qc-UDhj7rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:55:84:66:9f:76:ab:7f:08:34:55:c1:9d:ca:09:d2:a8:8c:
         cf:3e:75:5d:fd:3f:fd:b7:e7:76:1e:45:85:e6:90:39:3a:bf:
         e7:8a:73:7b:c4:31:b9:9f:1e:88:9b:5c:fa:6d:f6:2b:6a:11:
         43:0c:75:cc:da:78:d8:0a:d2:49:e8:dc:a8:2c:c1:a7:74:ca:
         d6:ba:93:2b:56:01:46:84:41:e6:85:1a:b2:4c:f7:c6:c7:f6:
         07:15:c2:0f:cc:e2:79:e6:9a:d7:62:15:68:ed:b1:14:9f:1d:
         f5:7c:c4:ee:e8:62:ea:fa:b4:d9:e9:fd:7d:b8:d1:ec:8f:2e:
         62:aa:f5:65:c5:9c:bc:b9:0c:7d:06:ba:70:1a:06:14:61:18:
         b3:38:00:21:16:33:6a:95:00:29:2b:a5:17:49:55:cc:cc:81:
         89:a4:50:19:a4:f7:33:26:2a:3e:7a:08:13:65:90:07:1c:3b:
         2a:e3:c5:23:81:55:40:6c:c8:d1:cd:b2:a3:8e:88:c4:cc:b6:
         12:18:62:8e:3f:df:56:9c:cb:5e:6f:80:a7:97:53:90:5a:85:
         40:7f:34:27:64:cd:5e:10:bd:a7:1a:68:dd:72:59:65:b9:b7:
         76:df:75:61:ac:40:96:06:73:71:4f:3b:83:58:c9:4c:78:75:
         83:4e:ea:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+Vi0qZs1uVhB6DmPEkrK6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwNTIwMTAyODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc2YzM4MjAxNjM0N2M2NzU0MjA3M2ZkNTA3M2U1MDM4NjNlZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KU8LOIFIg13P//Uxg7QmXs2Dwit
CtKvxkKaQeYhq/gKD9XuwjVIU+EvO8sooPIRA4forMBpLPTVfHAxZlB4+XYbLU4u
sN0jh5ilXE8CepSAXcOOC/EdzyPYEgz1o0rYu5kUMy+YBRXo2lOaDJ/GzB/zceYf
NyMPV1nQYMvfCejlhdKF5X/sgk+ElHQupnJzqBh5xw66DPpdz5MLi3KrRm+XrkDq
yRq1YY83dCGCWQLVvf8U6qh+KO64Gl9KZFKbXuWw7ruOerR34DdyVqjE4YDS01zV
MlENgTKFENfvWXWkELPJIuwPoB7U23lzIbQJdP9ithvu9nkfbzUOgEf8vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ2w4IBY0fGdUIHP9UHPlA4Y+62MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcG5iRGdnRmpSOFoxUWdjXzFRYy1VRGhqN3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWxpMA0G
CSqGSIb3DQEBCwUAA4IBAQBmVYRmn3arfwg0VcGdygnSqIzPPnVd/T/9t+d2HkWF
5pA5Or/ninN7xDG5nx6Im1z6bfYrahFDDHXM2njYCtJJ6NyoLMGndMrWupMrVgFG
hEHmhRqyTPfGx/YHFcIPzOJ55prXYhVo7bEUnx31fMTu6GLq+rTZ6f19uNHsjy5i
qvVlxZy8uQx9BrpwGgYUYRizOAAhFjNqlQApK6UXSVXMzIGJpFAZpPczJio+eggT
ZZAHHDsq48UjgVVAbMjRzbKjjojEzLYSGGKOP99WnMteb4Cnl1OQWoVAfzQnZM1e
EL2nGmjdclllubd233VhrECWBnNxTzuDWMlMeHWDTuqz
-----END CERTIFICATE-----