Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/N2qgMcIQXV0k8i9K5h7E-t3wuds.roa
File:                     N2qgMcIQXV0k8i9K5h7E-t3wuds.roa (raw, json)
Hash identifier:          m84gc+Bv+7wAo7neNAa7tcnIl6E4hZ4i6h7LhRaMtdo=
Subject key identifier:   37:6A:A0:31:C2:10:5D:5D:24:F2:2F:4A:E6:1E:C4:FA:DD:F0:B9:DB
Certificate issuer:       /CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
Certificate serial:       0192DD4B21185C79AC16291BFA7FEA3D9EC8
Authority key identifier: 09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/N2qgMcIQXV0k8i9K5h7E-t3wuds.roa
Signing time:             Wed 30 Oct 2024 11:59:01 +0000
ROA not before:           Wed 30 Oct 2024 11:59:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214623
IP address blocks:        199.244.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:4b:21:18:5c:79:ac:16:29:1b:fa:7f:ea:3d:9e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
        Validity
            Not Before: Oct 30 11:59:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376aa031c2105d5d24f22f4ae61ec4faddf0b9db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:83:27:5f:78:52:01:91:df:d0:04:97:35:0b:
                    c8:6e:d1:65:22:b9:21:a1:5e:bd:eb:e4:0e:8f:da:
                    97:95:77:10:0f:d7:55:08:bc:c7:99:f5:98:cd:fb:
                    5b:58:3a:25:3d:79:ef:67:65:bc:b9:af:d0:f4:da:
                    15:8f:e7:6a:36:9c:6a:2d:93:05:c1:cb:36:69:52:
                    0b:62:95:c6:a7:54:0b:98:e3:8c:fd:bd:39:45:61:
                    c8:67:ea:a6:83:b2:cc:d1:00:29:a0:e2:35:93:07:
                    50:9b:03:63:0e:52:37:e9:08:63:1f:ea:82:d9:d3:
                    f7:cd:6f:15:70:67:6d:d5:49:52:9c:e6:c5:6f:62:
                    8e:48:ed:40:5f:7b:b1:66:1c:17:52:d6:7a:ca:c1:
                    47:a1:c1:b9:87:f6:94:7f:77:06:30:6a:fe:7e:21:
                    1a:8b:49:78:10:8d:0c:dd:e2:85:da:6a:28:a1:86:
                    9c:67:fa:c8:b3:59:70:ba:50:73:77:23:ec:8f:35:
                    db:19:3a:23:c4:2d:f8:4a:bd:d4:6e:3c:b0:3c:9b:
                    ec:4f:54:cb:34:56:fb:f8:5f:c8:c7:03:95:0e:1a:
                    8a:4e:08:ff:97:ec:05:b3:14:eb:5b:aa:89:f7:be:
                    65:73:06:2b:80:5c:b7:30:67:f3:4f:5e:6f:c3:26:
                    54:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6A:A0:31:C2:10:5D:5D:24:F2:2F:4A:E6:1E:C4:FA:DD:F0:B9:DB
            X509v3 Authority Key Identifier:
                keyid:09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/N2qgMcIQXV0k8i9K5h7E-t3wuds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.244.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f8:13:8b:01:f9:95:4d:39:1b:2a:eb:8f:4f:8a:33:b5:e5:
         42:95:54:ec:6f:eb:aa:77:36:bf:3a:ac:3c:42:f8:11:75:0d:
         b0:a7:b7:a9:3b:31:b6:21:0d:50:2c:9a:e4:a2:da:d8:d1:6d:
         cf:37:aa:03:c3:c3:96:4c:d7:4c:fe:63:a3:b7:8a:4c:24:14:
         31:87:ed:3e:47:36:c9:b7:72:b7:ed:0f:a3:fc:d7:52:62:cc:
         8c:68:f8:03:c8:8e:d6:be:fe:c9:7d:d5:fd:0d:93:8c:08:b9:
         8c:98:d1:93:9d:55:f9:7b:bc:bc:33:14:9d:c1:29:da:72:00:
         bc:a3:7f:a5:70:c8:b2:93:8c:ab:6d:58:6d:a5:e4:6f:2d:e4:
         6f:8b:e0:17:a1:7b:b7:ac:93:8a:2c:71:61:ed:d6:0b:f2:10:
         70:4b:38:4d:83:25:47:ba:59:20:b5:80:76:45:01:3a:fb:66:
         5e:de:99:a7:1c:6b:cb:a7:e3:9e:f4:67:dc:b7:34:87:5b:68:
         ab:67:75:78:71:8c:98:90:a8:0f:b2:3d:d6:06:1a:a0:00:94:
         93:6f:cc:93:04:b7:88:90:f9:33:ac:b6:94:7c:c6:a0:52:b7:
         b6:5f:9b:54:0d:26:89:da:99:8a:3f:be:aa:20:63:90:22:3e:
         76:34:89:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLdSyEYXHmsFikb+n/qPZ7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MGU1OTJhMmUwZDQyN2EwOWFhMmRlMWI5YmFmMDhjY2Qx
NGYwYTAwHhcNMjQxMDMwMTE1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZhYTAzMWMyMTA1ZDVkMjRmMjJmNGFlNjFlYzRmYWRkZjBiOWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYMnX3hSAZHf0ASXNQvIbtFlIrkh
oV696+QOj9qXlXcQD9dVCLzHmfWYzftbWDolPXnvZ2W8ua/Q9NoVj+dqNpxqLZMF
wcs2aVILYpXGp1QLmOOM/b05RWHIZ+qmg7LM0QApoOI1kwdQmwNjDlI36QhjH+qC
2dP3zW8VcGdt1UlSnObFb2KOSO1AX3uxZhwXUtZ6ysFHocG5h/aUf3cGMGr+fiEa
i0l4EI0M3eKF2moooYacZ/rIs1lwulBzdyPsjzXbGTojxC34Sr3UbjywPJvsT1TL
NFb7+F/IxwOVDhqKTgj/l+wFsxTrW6qJ975lcwYrgFy3MGfzT15vwyZUyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdqoDHCEF1dJPIvSuYexPrd8LnbMB8GA1UdIwQY
MBaAFAkOWSouDUJ6Caot4bm68IzNFPCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYt
MzNiZGM3M2VkMGVhLzEvTjJxZ01jSVFYVjBrOGk5SzVoN0UtdDN3dWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYtMzNiZGM3M2VkMGVh
LzEvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx/RnMA0G
CSqGSIb3DQEBCwUAA4IBAQAW+BOLAfmVTTkbKuuPT4ozteVClVTsb+uqdza/Oqw8
QvgRdQ2wp7epOzG2IQ1QLJrkotrY0W3PN6oDw8OWTNdM/mOjt4pMJBQxh+0+RzbJ
t3K37Q+j/NdSYsyMaPgDyI7Wvv7JfdX9DZOMCLmMmNGTnVX5e7y8MxSdwSnacgC8
o3+lcMiyk4yrbVhtpeRvLeRvi+AXoXu3rJOKLHFh7dYL8hBwSzhNgyVHulkgtYB2
RQE6+2Ze3pmnHGvLp+Oe9GfctzSHW2irZ3V4cYyYkKgPsj3WBhqgAJSTb8yTBLeI
kPkzrLaUfMagUre2X5tUDSaJ2pmKP76qIGOQIj52NImR
-----END CERTIFICATE-----