Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/Et9SX7waqHVsOCHaM9XC6E9Pf4g.roa
File:                     Et9SX7waqHVsOCHaM9XC6E9Pf4g.roa (raw, json)
Hash identifier:          79rZSbMlaqHq3jHCzw3/OmsSBxWvi+9RuZ8gN45ARBs=
Subject key identifier:   12:DF:52:5F:BC:1A:A8:75:6C:38:21:DA:33:D5:C2:E8:4F:4F:7F:88
Certificate issuer:       /CN=3938a907772a59fdf59f62f9ad90be502171946e
Certificate serial:       0192F71FFDBC34C4B2475EE44093062B4AFD
Authority key identifier: 39:38:A9:07:77:2A:59:FD:F5:9F:62:F9:AD:90:BE:50:21:71:94:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTipB3cqWf31n2L5rZC-UCFxlG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/Et9SX7waqHVsOCHaM9XC6E9Pf4g.roa
Signing time:             Mon 04 Nov 2024 12:22:01 +0000
ROA not before:           Mon 04 Nov 2024 12:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8717
IP address blocks:        193.109.54.0/24 maxlen: 24
                          193.109.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/OTipB3cqWf31n2L5rZC-UCFxlG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/OTipB3cqWf31n2L5rZC-UCFxlG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTipB3cqWf31n2L5rZC-UCFxlG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f7:1f:fd:bc:34:c4:b2:47:5e:e4:40:93:06:2b:4a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3938a907772a59fdf59f62f9ad90be502171946e
        Validity
            Not Before: Nov  4 12:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12df525fbc1aa8756c3821da33d5c2e84f4f7f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:82:31:73:f0:e5:8b:84:ab:34:e9:6c:2c:81:
                    73:c5:1f:f7:93:a5:62:52:11:8c:11:62:07:45:a2:
                    29:7e:9f:e6:22:14:19:5e:00:0e:cd:77:04:0b:26:
                    e1:d9:df:a1:b5:d5:04:33:07:85:32:2f:b6:b3:d1:
                    a6:94:52:b4:ee:10:41:b7:85:b4:10:07:0d:67:1f:
                    18:1d:47:83:3d:7c:75:c8:59:1d:f6:c2:a4:39:d3:
                    ad:83:18:4b:b1:11:97:f2:a5:68:49:a0:70:bf:ce:
                    b4:7c:f3:04:3c:7d:b9:08:27:43:bd:d5:0b:ca:72:
                    98:bc:c8:f1:a3:cd:f1:22:6a:5c:a7:90:ed:2c:89:
                    4b:d4:54:e6:5c:9f:1e:97:5e:3a:a4:ee:f5:f7:e3:
                    1c:b8:48:72:7d:a8:99:2e:9e:2d:d9:9e:5d:b2:27:
                    30:0d:92:c5:31:31:f6:4e:c2:d2:cf:80:42:26:af:
                    99:12:d1:92:c8:d6:10:92:51:ad:ec:d8:c5:12:57:
                    e7:22:bc:e2:95:34:4d:23:2d:fa:d9:9a:39:3b:11:
                    99:81:1c:5c:f3:50:29:96:07:db:06:40:78:bf:de:
                    c1:46:5c:3a:4d:cd:4c:e7:e4:c1:91:63:fa:2e:1f:
                    a3:8b:be:41:de:f3:d3:75:29:f3:ff:f6:75:4f:b2:
                    1c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DF:52:5F:BC:1A:A8:75:6C:38:21:DA:33:D5:C2:E8:4F:4F:7F:88
            X509v3 Authority Key Identifier:
                keyid:39:38:A9:07:77:2A:59:FD:F5:9F:62:F9:AD:90:BE:50:21:71:94:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTipB3cqWf31n2L5rZC-UCFxlG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/Et9SX7waqHVsOCHaM9XC6E9Pf4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/818e10-409b-451a-82b7-e5c1c62cfe37/1/OTipB3cqWf31n2L5rZC-UCFxlG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:ac:2a:59:9b:41:96:87:75:be:d1:ce:9a:12:78:f5:a6:1c:
         0c:68:d7:1f:32:f5:9a:6f:59:05:f3:15:a3:07:45:b8:50:b5:
         27:4b:db:08:5e:0e:dc:27:94:52:48:90:54:a4:36:1f:b0:b3:
         29:1d:25:86:8f:fc:30:78:f7:1a:b3:3e:63:b1:bc:a3:0e:fc:
         a4:18:6b:28:7a:38:8c:b6:f4:7f:8f:93:08:1d:2b:e5:54:ab:
         c2:ee:6c:3b:87:1b:4d:24:1e:b5:bf:22:3d:7a:9a:81:c5:87:
         05:d0:0c:26:2d:dc:8f:e7:33:48:cb:84:bf:b3:3a:dc:ae:e8:
         48:68:db:ee:fa:e5:60:20:da:d4:ff:a3:c7:89:35:78:70:b8:
         81:fe:86:23:08:a0:cd:32:c7:b5:8f:24:f8:9a:39:5d:93:0a:
         6f:78:f8:e9:af:12:fb:6d:f0:8b:e0:32:db:bd:2c:1e:fc:06:
         4a:df:91:4a:13:9c:9b:60:5b:c6:15:98:33:d2:a2:66:46:20:
         00:4f:33:c9:6f:94:92:28:a7:99:b2:61:e6:e6:18:33:bf:17:
         e0:b5:30:08:51:36:55:15:ae:f5:c5:5e:24:71:fb:28:e3:be:
         5c:a5:80:3e:80:a2:56:c8:40:05:9f:12:dc:d7:11:b1:bf:fd:
         a5:25:8b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL3H/28NMSyR17kQJMGK0r9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzhhOTA3NzcyYTU5ZmRmNTlmNjJmOWFkOTBiZTUwMjE3
MTk0NmUwHhcNMjQxMTA0MTIyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRmNTI1ZmJjMWFhODc1NmMzODIxZGEzM2Q1YzJlODRmNGY3Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloIxc/Dli4SrNOlsLIFzxR/3k6Vi
UhGMEWIHRaIpfp/mIhQZXgAOzXcECybh2d+htdUEMweFMi+2s9GmlFK07hBBt4W0
EAcNZx8YHUeDPXx1yFkd9sKkOdOtgxhLsRGX8qVoSaBwv860fPMEPH25CCdDvdUL
ynKYvMjxo83xImpcp5DtLIlL1FTmXJ8el146pO719+McuEhyfaiZLp4t2Z5dsicw
DZLFMTH2TsLSz4BCJq+ZEtGSyNYQklGt7NjFElfnIrzilTRNIy362Zo5OxGZgRxc
81AplgfbBkB4v97BRlw6Tc1M5+TBkWP6Lh+ji75B3vPTdSnz//Z1T7IcmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLfUl+8Gqh1bDgh2jPVwuhPT3+IMB8GA1UdIwQY
MBaAFDk4qQd3Kln99Z9i+a2QvlAhcZRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RpcEIzY3FXZjMxbjJMNXJaQy1VQ0Z4bEc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi84MThlMTAtNDA5Yi00NTFhLTgyYjct
ZTVjMWM2MmNmZTM3LzEvRXQ5U1g3d2FxSFZzT0NIYU05WEM2RTlQZjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi84MThlMTAtNDA5Yi00NTFhLTgyYjctZTVjMWM2MmNmZTM3
LzEvT1RpcEIzY3FXZjMxbjJMNXJaQy1VQ0Z4bEc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW02MA0G
CSqGSIb3DQEBCwUAA4IBAQBqrCpZm0GWh3W+0c6aEnj1phwMaNcfMvWab1kF8xWj
B0W4ULUnS9sIXg7cJ5RSSJBUpDYfsLMpHSWGj/wwePcasz5jsbyjDvykGGsoejiM
tvR/j5MIHSvlVKvC7mw7hxtNJB61vyI9epqBxYcF0AwmLdyP5zNIy4S/szrcruhI
aNvu+uVgINrU/6PHiTV4cLiB/oYjCKDNMse1jyT4mjldkwpvePjprxL7bfCL4DLb
vSwe/AZK35FKE5ybYFvGFZgz0qJmRiAATzPJb5SSKKeZsmHm5hgzvxfgtTAIUTZV
Fa71xV4kcfso475cpYA+gKJWyEAFnxLc1xGxv/2lJYt1
-----END CERTIFICATE-----