Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/xgAjK3UpVlbWMJ5lH01QCmJPhRY.roa
File:                     xgAjK3UpVlbWMJ5lH01QCmJPhRY.roa (raw, json)
Hash identifier:          sdbZUGo1C9uD51rJjlYvxRl1v4mVkvQW97kGxU3scoo=
Subject key identifier:   C6:00:23:2B:75:29:56:56:D6:30:9E:65:1F:4D:50:0A:62:4F:85:16
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C866C7B7204401348AA0FFC65C77
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/xgAjK3UpVlbWMJ5lH01QCmJPhRY.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        193.242.117.0/24 maxlen: 24
                          193.108.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c8:66:c7:b7:20:44:01:34:8a:a0:ff:c6:5c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c600232b75295656d6309e651f4d500a624f8516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:06:67:93:61:49:7b:eb:eb:38:72:a5:06:
                    4b:03:2d:e6:17:33:d8:a8:c6:6d:7c:bb:a3:7e:ba:
                    fc:f9:6a:e5:87:ac:d7:19:84:be:97:77:65:c8:44:
                    6c:7f:ca:76:04:b4:31:48:7e:11:93:93:d9:89:c1:
                    d2:bd:44:8f:a9:d1:9e:b9:d4:0e:6e:f6:db:63:64:
                    09:d7:5c:21:b2:a8:d8:fc:e0:d0:ed:d1:2b:6c:8a:
                    c0:32:31:d9:d3:a3:ca:10:b4:b9:40:58:1c:e1:73:
                    14:6a:7e:98:ca:a3:c9:c4:74:b1:05:b5:9a:7d:57:
                    06:37:d3:9f:6e:06:61:7a:88:44:6c:b0:aa:d8:cf:
                    6e:2c:4c:2e:66:f0:d8:3d:a0:1f:f1:d1:e5:b4:e7:
                    86:af:ca:b9:f8:71:7d:49:a1:4c:6e:4b:de:fc:52:
                    15:38:07:ef:45:5e:b2:0e:2f:a8:11:fa:41:be:34:
                    79:f9:c1:a1:65:27:6e:8f:1f:2d:60:5e:7f:56:a5:
                    d6:31:3d:48:67:78:2f:ad:41:46:f0:5c:a7:08:e0:
                    e9:86:ff:12:59:27:16:01:77:3c:e3:34:87:09:d1:
                    f7:61:7d:dc:35:16:4e:bb:9b:fd:39:90:56:56:9c:
                    db:9a:a6:2e:4b:a7:23:3e:98:0b:ac:11:fd:b4:ff:
                    d7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:00:23:2B:75:29:56:56:D6:30:9E:65:1F:4D:50:0A:62:4F:85:16
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/xgAjK3UpVlbWMJ5lH01QCmJPhRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.102.0/24
                  193.242.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:58:73:8b:6f:28:94:e0:db:a5:67:9d:10:a1:f2:ec:17:10:
         96:00:1f:b9:73:46:95:cb:2c:ea:2e:63:3d:10:50:db:8b:7e:
         e0:5b:f8:a1:c4:96:08:81:5d:81:be:2c:40:39:6c:cb:92:05:
         15:f7:b2:31:0b:b2:68:69:aa:34:2a:14:9e:e4:b0:25:6f:3c:
         4a:45:86:2d:52:27:20:b9:77:ce:8b:a5:1c:39:04:d3:54:3d:
         76:a8:4f:29:17:a6:c3:b3:86:4e:63:b9:03:70:37:c4:5f:ad:
         2d:08:5c:bf:11:7d:f1:d1:90:c6:3c:a3:b2:eb:83:73:60:e6:
         94:26:c2:3b:8f:dd:ea:75:ce:28:33:f4:4c:86:3b:79:49:71:
         8f:f6:4b:d0:65:19:ed:d0:c9:1d:5a:c2:e9:f9:1e:d6:5f:14:
         17:81:c1:53:19:b5:c2:41:80:76:9c:b8:54:6b:eb:48:ee:b6:
         94:67:ea:5a:d7:46:3d:e0:fa:5d:e8:b5:7e:26:02:3d:c9:4a:
         c7:89:c3:d0:42:31:2b:69:57:c3:9f:ec:75:29:82:fc:a0:0a:
         30:51:ed:a0:69:0f:c2:34:e4:c4:3b:75:86:a4:ca:b2:ba:4f:
         60:f8:27:18:d8:0f:dc:b7:42:29:35:0d:65:05:1b:45:bf:74:
         e9:aa:d4:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAMhmx7cgRAE0iqD/xlx3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjAwMjMyYjc1Mjk1NjU2ZDYzMDllNjUxZjRkNTAwYTYyNGY4NTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKYGZ5NhSXvr6zhypQZLAy3mFzPY
qMZtfLujfrr8+Wrlh6zXGYS+l3dlyERsf8p2BLQxSH4Rk5PZicHSvUSPqdGeudQO
bvbbY2QJ11whsqjY/ODQ7dErbIrAMjHZ06PKELS5QFgc4XMUan6YyqPJxHSxBbWa
fVcGN9OfbgZheohEbLCq2M9uLEwuZvDYPaAf8dHltOeGr8q5+HF9SaFMbkve/FIV
OAfvRV6yDi+oEfpBvjR5+cGhZSdujx8tYF5/VqXWMT1IZ3gvrUFG8FynCODphv8S
WScWAXc84zSHCdH3YX3cNRZOu5v9OZBWVpzbmqYuS6cjPpgLrBH9tP/XQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYAIyt1KVZW1jCeZR9NUApiT4UWMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEveGdBakszVXBWbGJXTUo1bEgwMVFDbUpQaFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWxmAwQA
wfJ1MA0GCSqGSIb3DQEBCwUAA4IBAQBpWHOLbyiU4NulZ50QofLsFxCWAB+5c0aV
yyzqLmM9EFDbi37gW/ihxJYIgV2BvixAOWzLkgUV97IxC7Joaao0KhSe5LAlbzxK
RYYtUicguXfOi6UcOQTTVD12qE8pF6bDs4ZOY7kDcDfEX60tCFy/EX3x0ZDGPKOy
64NzYOaUJsI7j93qdc4oM/RMhjt5SXGP9kvQZRnt0MkdWsLp+R7WXxQXgcFTGbXC
QYB2nLhUa+tI7raUZ+pa10Y94Ppd6LV+JgI9yUrHicPQQjEraVfDn+x1KYL8oAow
Ue2gaQ/CNOTEO3WGpMqyuk9g+CcY2A/ct0IpNQ1lBRtFv3TpqtQC
-----END CERTIFICATE-----