Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/4TmSKNsXZph-iEBsDVSXAsqfP64.roa
File:                     4TmSKNsXZph-iEBsDVSXAsqfP64.roa (raw, json)
Hash identifier:          loDpzpz540ok0krS9/p9yjD7Vhl3JqcJcv+qor9RgzA=
Subject key identifier:   E1:39:92:28:DB:17:66:98:7E:88:40:6C:0D:54:97:02:CA:9F:3F:AE
Certificate issuer:       /CN=3d6abe5c48aecebd4a237e153c3684f30608d444
Certificate serial:       01908A5DEB32CB0314714C3983482ADB3680
Authority key identifier: 3D:6A:BE:5C:48:AE:CE:BD:4A:23:7E:15:3C:36:84:F3:06:08:D4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/4TmSKNsXZph-iEBsDVSXAsqfP64.roa
Signing time:             Sat 06 Jul 2024 23:25:29 +0000
ROA not before:           Sat 06 Jul 2024 23:25:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        193.24.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:8a:5d:eb:32:cb:03:14:71:4c:39:83:48:2a:db:36:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d6abe5c48aecebd4a237e153c3684f30608d444
        Validity
            Not Before: Jul  6 23:25:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1399228db1766987e88406c0d549702ca9f3fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4e:c9:64:ec:0a:e1:ad:89:fd:65:20:ad:07:
                    12:60:17:d2:cb:ae:6f:fe:ee:90:3b:c9:fb:7c:ad:
                    a3:1a:9a:d0:ec:15:50:ab:7e:ab:bc:7e:bc:f9:fd:
                    04:53:0a:a7:da:7c:d1:c5:72:e1:29:3f:b0:7f:e4:
                    14:30:37:ed:00:af:46:b9:46:8a:47:be:01:27:ce:
                    56:43:95:ac:04:e9:5c:d1:82:7f:72:38:93:e4:03:
                    f3:db:f3:d4:aa:03:dc:d6:e2:d5:62:98:76:25:8e:
                    03:61:96:b6:29:06:07:c3:8f:9d:dc:f0:2a:4a:9a:
                    ce:00:67:50:c9:46:09:22:e5:ef:fd:9b:e9:29:80:
                    db:e1:b1:f6:fa:31:fd:70:1b:1a:e7:5a:0b:67:fc:
                    7b:68:a8:b3:95:4e:73:44:99:66:6a:e8:82:dc:4d:
                    15:2e:e7:47:a4:8c:43:c0:af:60:f3:fa:65:ea:59:
                    54:f6:1a:2d:ac:d7:d7:e0:f7:9d:5f:11:c4:1a:5d:
                    41:e9:65:52:22:87:99:22:f8:16:7d:86:52:14:83:
                    f7:dc:53:46:af:bd:fd:52:a4:f2:37:cc:67:ad:ec:
                    1f:67:de:6a:39:fd:cf:4d:4b:1d:df:78:b0:2f:63:
                    9d:df:18:f2:68:e3:92:e6:8a:5c:cc:ec:9f:79:5f:
                    85:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:39:92:28:DB:17:66:98:7E:88:40:6C:0D:54:97:02:CA:9F:3F:AE
            X509v3 Authority Key Identifier:
                keyid:3D:6A:BE:5C:48:AE:CE:BD:4A:23:7E:15:3C:36:84:F3:06:08:D4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/4TmSKNsXZph-iEBsDVSXAsqfP64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:b8:9a:a9:47:d4:37:e4:4c:00:44:51:67:f4:15:71:ca:41:
         88:2c:a1:3e:e0:e4:77:27:ae:7a:e8:80:1b:a4:d4:f5:c6:51:
         14:07:9f:af:e6:ca:84:f6:e6:08:17:e8:11:7a:4e:0e:14:0b:
         73:f5:1e:f8:34:13:76:03:00:d3:b9:1b:62:49:87:15:b4:d6:
         29:2b:ba:17:0b:2e:f0:66:1c:08:a6:7c:7a:a3:13:ab:77:39:
         72:48:98:02:7d:65:e7:9c:68:50:0b:7c:d4:14:71:bb:5c:9e:
         e0:c2:ae:2d:4a:8e:84:85:6b:6d:2e:83:27:60:64:02:bc:a5:
         05:80:ea:d9:14:82:6d:ba:31:80:2b:b6:74:5f:00:ea:42:cf:
         b9:ca:5b:dc:0a:88:4a:7a:a9:98:18:04:9c:cd:18:4a:29:f8:
         56:88:10:aa:56:d9:b9:81:d6:df:c2:5e:d8:60:e6:da:9f:7b:
         09:40:6e:a6:a6:2b:b1:6d:ac:f3:20:c1:ea:ea:64:7b:fa:f5:
         4c:95:fd:1f:26:3d:ea:ff:af:12:61:b5:a9:45:a5:e7:25:67:
         03:a2:73:6c:29:13:9f:99:2e:ee:a2:d6:09:35:22:02:64:ab:
         2f:5a:72:13:f1:ff:47:99:74:c7:e9:07:d2:b3:53:1c:7c:57:
         e7:a9:cf:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCKXesyywMUcUw5g0gq2zaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNmFiZTVjNDhhZWNlYmQ0YTIzN2UxNTNjMzY4NGYzMDYw
OGQ0NDQwHhcNMjQwNzA2MjMyNTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTM5OTIyOGRiMTc2Njk4N2U4ODQwNmMwZDU0OTcwMmNhOWYzZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E7JZOwK4a2J/WUgrQcSYBfSy65v
/u6QO8n7fK2jGprQ7BVQq36rvH68+f0EUwqn2nzRxXLhKT+wf+QUMDftAK9GuUaK
R74BJ85WQ5WsBOlc0YJ/cjiT5APz2/PUqgPc1uLVYph2JY4DYZa2KQYHw4+d3PAq
SprOAGdQyUYJIuXv/ZvpKYDb4bH2+jH9cBsa51oLZ/x7aKizlU5zRJlmauiC3E0V
LudHpIxDwK9g8/pl6llU9hotrNfX4PedXxHEGl1B6WVSIoeZIvgWfYZSFIP33FNG
r739UqTyN8xnrewfZ95qOf3PTUsd33iwL2Od3xjyaOOS5opczOyfeV+FEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOE5kijbF2aYfohAbA1UlwLKnz+uMB8GA1UdIwQY
MBaAFD1qvlxIrs69SiN+FTw2hPMGCNREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFdxLVhFaXV6cjFLSTM0VlBEYUU4d1lJMUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81ZmI4MDMtNDMzMy00MTc1LTkwZGYt
YWVjMTRlYTE3ZWJmLzEvNFRtU0tOc1hacGgtaUVCc0RWU1hBc3FmUDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81ZmI4MDMtNDMzMy00MTc1LTkwZGYtYWVjMTRlYTE3ZWJm
LzEvUFdxLVhFaXV6cjFLSTM0VlBEYUU4d1lJMUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRhnMA0G
CSqGSIb3DQEBCwUAA4IBAQCauJqpR9Q35EwARFFn9BVxykGILKE+4OR3J6566IAb
pNT1xlEUB5+v5sqE9uYIF+gRek4OFAtz9R74NBN2AwDTuRtiSYcVtNYpK7oXCy7w
ZhwIpnx6oxOrdzlySJgCfWXnnGhQC3zUFHG7XJ7gwq4tSo6EhWttLoMnYGQCvKUF
gOrZFIJtujGAK7Z0XwDqQs+5ylvcCohKeqmYGASczRhKKfhWiBCqVtm5gdbfwl7Y
YOban3sJQG6mpiuxbazzIMHq6mR7+vVMlf0fJj3q/68SYbWpRaXnJWcDonNsKROf
mS7uotYJNSICZKsvWnIT8f9HmXTH6QfSs1McfFfnqc96
-----END CERTIFICATE-----