Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/kiUjqOQQw0-Gzaxe83XGYR53hZQ.roa
File:                     kiUjqOQQw0-Gzaxe83XGYR53hZQ.roa (raw, json)
Hash identifier:          Bh1BypJYLiE4CP7XNuvryqkP7TZqPNle0TuPHT4PS3w=
Subject key identifier:   92:25:23:A8:E4:10:C3:4F:86:CD:AC:5E:F3:75:C6:61:1E:77:85:94
Certificate issuer:       /CN=e3d5159882e77a67f797f8f8b996b62c4ebabc20
Certificate serial:       018CC500DB6DED643B886F733F64AE8F827F
Authority key identifier: E3:D5:15:98:82:E7:7A:67:F7:97:F8:F8:B9:96:B6:2C:4E:BA:BC:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/kiUjqOQQw0-Gzaxe83XGYR53hZQ.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39306
IP address blocks:        193.37.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:db:6d:ed:64:3b:88:6f:73:3f:64:ae:8f:82:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d5159882e77a67f797f8f8b996b62c4ebabc20
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=922523a8e410c34f86cdac5ef375c6611e778594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e4:dd:f1:24:75:d3:7d:82:29:b0:09:a6:03:
                    d9:c5:17:d3:4f:0a:3e:b3:06:77:03:ac:2d:1e:1f:
                    e8:4c:0c:5d:1d:02:0c:26:93:45:0a:45:89:b6:a2:
                    46:66:13:d6:d5:84:e7:ba:46:f1:35:fe:f0:54:a3:
                    35:5a:ef:78:59:61:9d:2c:f2:92:f0:a5:37:92:8e:
                    b8:0a:09:c5:7f:77:38:39:db:c3:a9:61:cb:40:36:
                    de:66:d4:06:8c:50:e2:44:d4:0b:83:52:46:5e:5b:
                    63:1e:d5:b3:bf:27:92:4b:cc:c3:09:1d:f5:fa:97:
                    1e:26:3b:da:36:a6:b0:61:8c:b0:98:2b:8a:ec:05:
                    e8:62:76:1a:76:96:0e:f8:22:1f:cf:b6:4d:b6:8e:
                    2f:e2:3c:94:88:ea:03:d6:de:a3:58:45:d4:f8:a9:
                    6a:9b:ef:53:ba:89:43:82:a5:6c:b6:e0:2a:6e:87:
                    5a:03:02:a9:80:b3:2f:7d:0f:79:df:ca:10:8f:e3:
                    d1:c5:3d:6c:05:25:20:2c:7f:3a:4a:8e:e7:c8:cf:
                    1d:a5:f9:3c:32:42:29:cb:f7:dc:b0:b5:ed:71:2b:
                    12:ce:93:8f:e9:0e:e1:06:3c:13:c8:af:01:9c:8d:
                    07:4e:bc:48:31:02:e7:ea:b8:17:9e:dc:3f:a1:11:
                    24:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:25:23:A8:E4:10:C3:4F:86:CD:AC:5E:F3:75:C6:61:1E:77:85:94
            X509v3 Authority Key Identifier:
                keyid:E3:D5:15:98:82:E7:7A:67:F7:97:F8:F8:B9:96:B6:2C:4E:BA:BC:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/kiUjqOQQw0-Gzaxe83XGYR53hZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e3:0c:70:95:63:f4:88:9f:3d:51:11:31:54:f9:24:25:c8:
         f1:36:ec:ac:00:45:5c:6d:d3:63:e7:02:db:ee:27:6c:a1:50:
         68:e9:5e:c4:73:54:73:71:4d:1f:8e:1f:3f:1c:1f:be:68:6f:
         ad:c7:68:a4:40:f0:b2:6e:d8:27:7f:c6:ee:cf:f3:fb:b0:25:
         6b:a4:63:55:31:54:e4:6b:bf:e6:81:27:04:cf:fe:91:dd:79:
         e0:f0:ba:2c:22:33:96:73:3d:73:e7:c8:fa:df:ce:3d:f2:11:
         d6:65:25:b9:53:53:77:b6:bd:17:36:1e:1c:9a:54:00:37:d6:
         2e:91:65:3a:90:86:be:0b:67:54:3b:9e:15:db:50:76:6f:24:
         a6:f1:66:6a:21:f0:92:18:0a:07:11:0f:02:8e:d9:56:31:2d:
         b5:0f:64:0b:61:dc:fb:d2:f3:7e:cc:ea:65:88:52:12:ad:39:
         b7:d1:9d:60:19:8a:58:30:f0:d8:3a:ee:df:a6:e7:dd:02:43:
         df:f1:c0:e9:80:d5:e4:e9:09:d0:b6:43:7b:f2:dc:7b:69:cc:
         ae:db:ee:cb:d4:4a:f3:d7:71:74:e7:82:dc:c0:3d:fa:a6:1c:
         a8:7f:28:56:66:29:31:78:6b:af:8e:63:d4:9b:33:c8:a2:be:
         6c:bc:71:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANtt7WQ7iG9zP2Suj4J/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDUxNTk4ODJlNzdhNjdmNzk3ZjhmOGI5OTZiNjJjNGVi
YWJjMjAwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjI1MjNhOGU0MTBjMzRmODZjZGFjNWVmMzc1YzY2MTFlNzc4NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOTd8SR1032CKbAJpgPZxRfTTwo+
swZ3A6wtHh/oTAxdHQIMJpNFCkWJtqJGZhPW1YTnukbxNf7wVKM1Wu94WWGdLPKS
8KU3ko64CgnFf3c4OdvDqWHLQDbeZtQGjFDiRNQLg1JGXltjHtWzvyeSS8zDCR31
+pceJjvaNqawYYywmCuK7AXoYnYadpYO+CIfz7ZNto4v4jyUiOoD1t6jWEXU+Klq
m+9TuolDgqVstuAqbodaAwKpgLMvfQ9538oQj+PRxT1sBSUgLH86So7nyM8dpfk8
MkIpy/fcsLXtcSsSzpOP6Q7hBjwTyK8BnI0HTrxIMQLn6rgXntw/oREkqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIlI6jkEMNPhs2sXvN1xmEed4WUMB8GA1UdIwQY
MBaAFOPVFZiC53pn95f4+LmWtixOurwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlVVm1JTG5lbWYzbF9qNHVaYTJMRTY2dkNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zMDUyM2ItOGIzYy00NmNiLWFiYmMt
ZTEwMTQ3N2VmYjhhLzEva2lVanFPUVF3MC1HemF4ZTgzWEdZUjUzaFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zMDUyM2ItOGIzYy00NmNiLWFiYmMtZTEwMTQ3N2VmYjhh
LzEvNDlVVm1JTG5lbWYzbF9qNHVaYTJMRTY2dkNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWKMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ4wxwlWP0iJ89URExVPkkJcjxNuysAEVcbdNj5wLb
7idsoVBo6V7Ec1RzcU0fjh8/HB++aG+tx2ikQPCybtgnf8buz/P7sCVrpGNVMVTk
a7/mgScEz/6R3Xng8LosIjOWcz1z58j638498hHWZSW5U1N3tr0XNh4cmlQAN9Yu
kWU6kIa+C2dUO54V21B2bySm8WZqIfCSGAoHEQ8CjtlWMS21D2QLYdz70vN+zOpl
iFISrTm30Z1gGYpYMPDYOu7fpufdAkPf8cDpgNXk6QnQtkN78tx7acyu2+7L1Erz
13F054LcwD36phyofyhWZikxeGuvjmPUmzPIor5svHEr
-----END CERTIFICATE-----