Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/Q-3kAhcKxmPf3usYG6PlnG8RhnA.roa
File:                     Q-3kAhcKxmPf3usYG6PlnG8RhnA.roa (raw, json)
Hash identifier:          XOzKipAujp1j4uNAtT9I6O6wfkm08Ndada70v7wvtQ8=
Subject key identifier:   43:ED:E4:02:17:0A:C6:63:DF:DE:EB:18:1B:A3:E5:9C:6F:11:86:70
Certificate issuer:       /CN=de8e38187ae70cbc7bed695759f0e03299fbb302
Certificate serial:       019368B56B7A8C2CFE6B73FC4F8EEF65D3CE
Authority key identifier: DE:8E:38:18:7A:E7:0C:BC:7B:ED:69:57:59:F0:E0:32:99:FB:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3o44GHrnDLx77WlXWfDgMpn7swI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/Q-3kAhcKxmPf3usYG6PlnG8RhnA.roa
Signing time:             Tue 26 Nov 2024 13:42:20 +0000
ROA not before:           Tue 26 Nov 2024 13:42:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202703
IP address blocks:        194.93.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/3o44GHrnDLx77WlXWfDgMpn7swI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/3o44GHrnDLx77WlXWfDgMpn7swI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3o44GHrnDLx77WlXWfDgMpn7swI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:b5:6b:7a:8c:2c:fe:6b:73:fc:4f:8e:ef:65:d3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de8e38187ae70cbc7bed695759f0e03299fbb302
        Validity
            Not Before: Nov 26 13:42:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43ede402170ac663dfdeeb181ba3e59c6f118670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f6:1b:28:66:07:63:45:e4:2e:b9:78:1e:cd:
                    88:6f:83:e9:42:02:5e:32:4c:77:ef:80:33:43:4a:
                    1f:9a:bc:d8:9e:a9:aa:4d:c3:9f:eb:fd:83:35:64:
                    03:0b:03:94:6f:e6:97:5a:3f:00:85:62:1d:44:91:
                    69:df:f1:33:c0:39:d5:28:37:42:be:83:f0:d1:75:
                    70:49:e5:5f:7b:db:82:5d:7f:11:55:84:39:1f:8c:
                    3a:e9:3e:a4:d6:cb:db:a6:c1:47:55:c7:dd:92:f5:
                    0a:0c:e6:bc:eb:12:f5:c7:47:d2:c4:7b:fe:e1:90:
                    21:cd:64:86:d9:2d:18:c1:0f:18:c3:e2:7b:c6:22:
                    b2:01:56:ce:08:d7:f9:81:ae:72:ea:90:5b:09:2d:
                    8f:be:8e:39:ad:07:ec:28:6b:84:fc:f8:bd:7e:8f:
                    8c:e8:e7:14:3d:a6:78:26:44:10:c6:e7:06:4e:f0:
                    e4:1b:48:78:c9:22:fe:ba:4e:32:d1:89:68:92:41:
                    0c:b7:76:46:6e:68:3c:f8:98:57:50:56:9e:9c:da:
                    a3:82:9d:ff:fa:fb:17:d8:2a:8d:c0:dc:63:08:94:
                    86:3c:46:d5:6b:41:6a:99:03:45:09:f3:8a:8a:4f:
                    00:4f:21:1f:9d:39:21:d6:30:12:af:a0:78:62:cd:
                    80:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:ED:E4:02:17:0A:C6:63:DF:DE:EB:18:1B:A3:E5:9C:6F:11:86:70
            X509v3 Authority Key Identifier:
                keyid:DE:8E:38:18:7A:E7:0C:BC:7B:ED:69:57:59:F0:E0:32:99:FB:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3o44GHrnDLx77WlXWfDgMpn7swI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/Q-3kAhcKxmPf3usYG6PlnG8RhnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/580c11-3913-4479-bea3-5b1f48b3e214/1/3o44GHrnDLx77WlXWfDgMpn7swI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:42:2d:b7:be:dc:6c:bc:1b:90:5d:44:7b:1a:98:98:e8:f4:
         2e:28:94:c4:f7:1c:68:17:5c:26:94:a3:a7:3f:d5:a6:79:71:
         c4:bd:9c:c9:c1:f0:08:57:29:27:99:51:1e:4c:3b:31:e7:33:
         df:4a:7c:59:f2:d1:d9:e4:c0:db:f6:10:fe:e6:3f:0e:02:bc:
         ca:5f:1f:57:1c:48:46:df:bb:cc:b8:54:2b:83:4b:70:c1:c2:
         8f:b2:a9:80:ad:a3:c3:33:d0:27:cb:c3:43:1e:7a:8f:4c:96:
         4d:a7:9d:64:de:4c:47:1a:f3:b3:b1:1f:fe:60:c1:5a:52:78:
         37:f8:b4:d5:72:c5:55:db:19:92:65:3e:4a:25:88:7d:01:9d:
         2e:37:78:c8:a7:c9:34:2d:df:28:3e:5b:cf:b5:68:5f:e5:c9:
         af:2b:72:a6:6a:aa:d6:2c:f0:26:40:4c:8b:69:13:92:ab:5b:
         bf:ca:9b:bf:9a:45:44:64:d5:d9:86:d5:d0:8c:eb:f3:7f:30:
         ff:21:09:cb:d9:71:47:12:3b:40:f0:e0:ba:2b:c1:ca:fb:3c:
         ad:f3:48:fe:7f:7a:01:d1:3d:1d:3d:1b:2b:e8:61:bd:77:56:
         a8:03:9d:d6:99:a0:a5:61:88:50:6a:0a:f9:a1:c2:95:b7:de:
         30:dd:ee:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNotWt6jCz+a3P8T47vZdPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOGUzODE4N2FlNzBjYmM3YmVkNjk1NzU5ZjBlMDMyOTlm
YmIzMDIwHhcNMjQxMTI2MTM0MjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2VkZTQwMjE3MGFjNjYzZGZkZWViMTgxYmEzZTU5YzZmMTE4NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvYbKGYHY0XkLrl4Hs2Ib4PpQgJe
Mkx374AzQ0ofmrzYnqmqTcOf6/2DNWQDCwOUb+aXWj8AhWIdRJFp3/EzwDnVKDdC
voPw0XVwSeVfe9uCXX8RVYQ5H4w66T6k1svbpsFHVcfdkvUKDOa86xL1x0fSxHv+
4ZAhzWSG2S0YwQ8Yw+J7xiKyAVbOCNf5ga5y6pBbCS2Pvo45rQfsKGuE/Pi9fo+M
6OcUPaZ4JkQQxucGTvDkG0h4ySL+uk4y0YlokkEMt3ZGbmg8+JhXUFaenNqjgp3/
+vsX2CqNwNxjCJSGPEbVa0FqmQNFCfOKik8ATyEfnTkh1jASr6B4Ys2A9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPt5AIXCsZj397rGBuj5ZxvEYZwMB8GA1UdIwQY
MBaAFN6OOBh65wy8e+1pV1nw4DKZ+7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM280NEdIcm5ETHg3N1dsWFdmRGdNcG43c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81ODBjMTEtMzkxMy00NDc5LWJlYTMt
NWIxZjQ4YjNlMjE0LzEvUS0za0FoY0t4bVBmM3VzWUc2UGxuRzhSaG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS81ODBjMTEtMzkxMy00NDc5LWJlYTMtNWIxZjQ4YjNlMjE0
LzEvM280NEdIcm5ETHg3N1dsWFdmRGdNcG43c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl1PMA0G
CSqGSIb3DQEBCwUAA4IBAQARQi23vtxsvBuQXUR7GpiY6PQuKJTE9xxoF1wmlKOn
P9WmeXHEvZzJwfAIVyknmVEeTDsx5zPfSnxZ8tHZ5MDb9hD+5j8OArzKXx9XHEhG
37vMuFQrg0twwcKPsqmAraPDM9Any8NDHnqPTJZNp51k3kxHGvOzsR/+YMFaUng3
+LTVcsVV2xmSZT5KJYh9AZ0uN3jIp8k0Ld8oPlvPtWhf5cmvK3KmaqrWLPAmQEyL
aROSq1u/ypu/mkVEZNXZhtXQjOvzfzD/IQnL2XFHEjtA8OC6K8HK+zyt80j+f3oB
0T0dPRsr6GG9d1aoA53WmaClYYhQagr5ocKVt94w3e4E
-----END CERTIFICATE-----