Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/zB4DK4xuq1XzyMGQt0yUpiCH1mI.roa
File:                     zB4DK4xuq1XzyMGQt0yUpiCH1mI.roa (raw, json)
Hash identifier:          lAQP8m8UapwTe64UInkYcZkWzCw4ZGMoLx8CAM1NvV8=
Subject key identifier:   CC:1E:03:2B:8C:6E:AB:55:F3:C8:C1:90:B7:4C:94:A6:20:87:D6:62
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5AB1F87E9E812B86B52A9909D9241
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/zB4DK4xuq1XzyMGQt0yUpiCH1mI.roa
Signing time:             Thu 02 Jan 2025 15:50:04 +0000
ROA not before:           Thu 02 Jan 2025 15:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        193.108.102.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ab:1f:87:e9:e8:12:b8:6b:52:a9:90:9d:92:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc1e032b8c6eab55f3c8c190b74c94a62087d662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:93:67:18:5f:e9:ba:66:f9:b3:a4:71:bc:
                    4f:d7:7d:16:2d:e9:41:ef:b7:c7:37:82:45:db:39:
                    a8:1c:d6:8f:82:2c:a2:72:90:32:22:c2:b6:df:5d:
                    ce:49:45:1c:f9:34:ac:d4:6c:39:5d:8e:5d:50:3c:
                    f3:bd:13:f5:c9:f4:1c:4f:a7:e0:33:2f:65:bc:5f:
                    74:fa:0c:0b:2a:55:80:3c:d3:c4:e5:7d:a2:82:5f:
                    47:ec:34:ae:3d:3e:c7:33:52:4e:5a:46:b1:37:2a:
                    af:7f:e6:7f:57:6d:03:00:2f:39:ff:a5:84:1f:3e:
                    b7:0f:49:0c:84:f4:69:d3:d5:f4:e5:2f:c8:86:a4:
                    bf:a7:09:12:2d:3d:68:23:df:27:8f:46:90:05:04:
                    e5:33:a3:ff:87:b1:85:ea:8a:42:dd:01:9f:8f:9f:
                    51:1d:b9:1c:d9:e6:4b:a6:f5:9f:d2:20:2e:4b:06:
                    c9:cc:bf:34:ee:87:72:9c:91:f7:ca:a4:46:5b:c5:
                    47:c1:06:33:07:2c:4e:37:79:eb:53:16:9f:97:f9:
                    2a:61:b0:b8:35:5a:12:f5:5c:b5:9c:9b:ca:51:67:
                    f6:a9:24:0e:80:c8:a0:bd:1e:c1:2e:63:f5:10:ac:
                    ec:a4:45:f2:96:35:c3:89:e2:4d:9f:ad:81:d2:4a:
                    bc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1E:03:2B:8C:6E:AB:55:F3:C8:C1:90:B7:4C:94:A6:20:87:D6:62
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/zB4DK4xuq1XzyMGQt0yUpiCH1mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:db:df:8d:38:77:20:65:f0:4d:1c:1e:d1:35:9d:81:40:64:
         a0:6f:3b:7f:d4:dd:c0:49:dd:49:0d:e2:ba:dd:0b:c5:02:66:
         9a:04:50:3b:9d:37:13:37:57:2b:79:e5:d6:05:cd:c9:ab:f1:
         63:72:d5:2a:d4:90:af:c4:07:9c:a2:ea:f3:f0:f1:a6:a8:e9:
         4b:4c:f1:ab:0c:75:e7:23:a5:d0:79:18:2d:af:57:13:9c:bf:
         c3:77:78:80:fe:92:57:4a:4b:3e:7c:1b:4c:95:23:03:60:d5:
         fd:8f:ca:32:19:e8:82:d7:fc:e3:c2:e9:0a:e9:11:53:bb:5a:
         7a:05:8f:58:85:3a:ca:8c:94:1a:3c:2e:22:cf:25:9a:e5:38:
         33:9e:f8:82:5e:5d:51:54:7a:00:c5:91:2a:68:5a:7a:89:f5:
         81:0f:ab:3a:00:e1:ee:64:2a:28:2b:08:46:f2:3a:31:c1:9f:
         1c:5c:95:e5:87:50:c3:0e:82:8b:05:aa:dd:60:78:b8:dc:13:
         77:8c:f2:93:94:32:39:4b:a5:00:10:a3:a6:f8:76:cb:ca:e3:
         6b:ae:61:d1:01:0e:c3:03:ec:c0:6b:fa:2a:3f:f9:96:ae:5a:
         0c:0e:04:50:67:5e:a8:a5:4c:eb:58:24:e0:e7:82:41:74:08:
         8d:c2:3e:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntasfh+noErhrUqmQnZJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFlMDMyYjhjNmVhYjU1ZjNjOGMxOTBiNzRjOTRhNjIwODdkNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF6TZxhf6bpm+bOkcbxP130WLelB
77fHN4JF2zmoHNaPgiyicpAyIsK2313OSUUc+TSs1Gw5XY5dUDzzvRP1yfQcT6fg
My9lvF90+gwLKlWAPNPE5X2igl9H7DSuPT7HM1JOWkaxNyqvf+Z/V20DAC85/6WE
Hz63D0kMhPRp09X05S/IhqS/pwkSLT1oI98nj0aQBQTlM6P/h7GF6opC3QGfj59R
Hbkc2eZLpvWf0iAuSwbJzL807odynJH3yqRGW8VHwQYzByxON3nrUxafl/kqYbC4
NVoS9Vy1nJvKUWf2qSQOgMigvR7BLmP1EKzspEXyljXDieJNn62B0kq8CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMweAyuMbqtV88jBkLdMlKYgh9ZiMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvekI0REs0eHVxMVh6eU1HUXQweVVwaUNIMW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwWxmMA0G
CSqGSIb3DQEBCwUAA4IBAQB729+NOHcgZfBNHB7RNZ2BQGSgbzt/1N3ASd1JDeK6
3QvFAmaaBFA7nTcTN1creeXWBc3Jq/FjctUq1JCvxAecourz8PGmqOlLTPGrDHXn
I6XQeRgtr1cTnL/Dd3iA/pJXSks+fBtMlSMDYNX9j8oyGeiC1/zjwukK6RFTu1p6
BY9YhTrKjJQaPC4izyWa5TgznviCXl1RVHoAxZEqaFp6ifWBD6s6AOHuZCooKwhG
8joxwZ8cXJXlh1DDDoKLBardYHi43BN3jPKTlDI5S6UAEKOm+HbLyuNrrmHRAQ7D
A+zAa/oqP/mWrloMDgRQZ16opUzrWCTg54JBdAiNwj7F
-----END CERTIFICATE-----