Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/D4WSO03jiEw1kzb7ndTCvZppED8.roa
File:                     D4WSO03jiEw1kzb7ndTCvZppED8.roa (raw, json)
Hash identifier:          91K1tOs91bcoBI4JkBxfYAcoNFaPEkkdbj6eyaYsnvA=
Subject key identifier:   0F:85:92:3B:4D:E3:88:4C:35:93:36:FB:9D:D4:C2:BD:9A:69:10:3F
Certificate issuer:       /CN=093ad08ad73c2ac438ac69816381e7aa3e86579a
Certificate serial:       01953220C2D0E6485B8B4383E5E83F63AF0C
Authority key identifier: 09:3A:D0:8A:D7:3C:2A:C4:38:AC:69:81:63:81:E7:AA:3E:86:57:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/D4WSO03jiEw1kzb7ndTCvZppED8.roa
Signing time:             Sun 23 Feb 2025 09:26:02 +0000
ROA not before:           Sun 23 Feb 2025 09:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34412
IP address blocks:        193.37.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:32:20:c2:d0:e6:48:5b:8b:43:83:e5:e8:3f:63:af:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093ad08ad73c2ac438ac69816381e7aa3e86579a
        Validity
            Not Before: Feb 23 09:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f85923b4de3884c359336fb9dd4c2bd9a69103f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bc:73:0c:9a:65:ed:44:85:6c:74:af:75:3b:
                    b9:49:3f:93:2c:53:b0:16:38:3f:ee:00:65:40:86:
                    e3:9d:0b:f1:4a:2c:18:33:77:a5:f8:1f:f3:7e:5b:
                    ce:a8:c5:07:59:ba:c3:3c:c8:3a:25:c0:30:14:3a:
                    61:aa:53:b0:31:5d:dd:b8:16:28:4c:0c:cd:f6:1f:
                    d7:70:52:29:fb:25:63:b3:53:ae:71:17:99:81:46:
                    5c:03:47:42:d6:05:14:37:11:56:34:05:32:36:b7:
                    75:22:2c:21:e0:f5:c8:49:d7:82:c5:95:89:c2:5a:
                    2e:13:8f:b4:f6:28:37:0e:6c:bd:9d:cd:a3:4a:33:
                    12:e6:f3:29:40:36:ad:0e:06:18:49:d6:37:70:56:
                    87:2d:65:89:a7:27:9b:8f:29:d4:91:1c:4d:55:0f:
                    52:f1:f7:28:c1:74:af:06:1a:59:da:ff:f4:f7:ab:
                    4d:1f:bf:31:c2:c2:75:c7:5e:3c:0e:23:ce:45:74:
                    0a:78:19:ad:2c:44:6c:0a:94:77:18:bd:95:61:13:
                    66:20:e5:d8:0f:35:2c:8c:e4:b7:80:af:43:24:67:
                    0f:ba:40:4f:c1:b3:8b:ac:a1:50:22:82:47:79:71:
                    a0:ba:cf:5c:ca:90:90:76:74:4d:e3:b7:ee:3a:c8:
                    f7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:85:92:3B:4D:E3:88:4C:35:93:36:FB:9D:D4:C2:BD:9A:69:10:3F
            X509v3 Authority Key Identifier:
                keyid:09:3A:D0:8A:D7:3C:2A:C4:38:AC:69:81:63:81:E7:AA:3E:86:57:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/D4WSO03jiEw1kzb7ndTCvZppED8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:d2:2e:81:3f:84:bd:21:b1:84:96:69:60:11:b5:a9:f3:c1:
         14:a2:1e:a1:b7:71:3d:b6:62:06:82:16:e4:2c:11:01:60:38:
         96:5c:b6:de:76:a8:2c:d0:7a:0f:75:b0:cf:94:87:d0:ed:37:
         18:51:77:97:c2:84:60:a9:f7:28:0f:92:90:0f:79:94:46:c4:
         38:05:e0:40:8c:2e:b2:37:18:ae:7b:2e:51:f6:c1:5b:1a:b7:
         4b:fb:62:f0:40:90:77:d1:35:a3:3b:3d:ce:72:a0:53:73:46:
         6f:36:0f:2d:7f:7b:da:7e:ad:95:74:22:21:c7:e7:8b:2a:56:
         04:b1:45:83:e9:18:8a:c5:84:c2:d5:fb:21:2f:c7:8c:d8:89:
         67:2b:d6:28:f3:9f:78:e5:ea:c2:b1:16:f1:ca:72:31:1a:3a:
         d3:4f:4f:bb:a5:8f:29:42:e7:d6:3b:13:f7:03:dc:74:ad:94:
         f6:55:a6:da:40:fb:e0:b8:a2:b1:2a:77:b2:82:00:d1:ea:6f:
         0f:b3:ae:bc:da:9e:c1:3f:7b:5e:64:6c:1d:ae:3c:d1:2f:e6:
         3e:21:a1:df:94:f8:83:79:1d:ba:58:1a:f6:0c:05:52:cd:3f:
         ac:db:4a:67:09:c3:71:3f:39:f8:c0:cd:95:fa:61:86:92:3d:
         fa:83:79:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUyIMLQ5khbi0OD5eg/Y68MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5M2FkMDhhZDczYzJhYzQzOGFjNjk4MTYzODFlN2FhM2U4
NjU3OWEwHhcNMjUwMjIzMDkyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjg1OTIzYjRkZTM4ODRjMzU5MzM2ZmI5ZGQ0YzJiZDlhNjkxMDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7xzDJpl7USFbHSvdTu5ST+TLFOw
Fjg/7gBlQIbjnQvxSiwYM3el+B/zflvOqMUHWbrDPMg6JcAwFDphqlOwMV3duBYo
TAzN9h/XcFIp+yVjs1OucReZgUZcA0dC1gUUNxFWNAUyNrd1Iiwh4PXISdeCxZWJ
wlouE4+09ig3Dmy9nc2jSjMS5vMpQDatDgYYSdY3cFaHLWWJpyebjynUkRxNVQ9S
8fcowXSvBhpZ2v/096tNH78xwsJ1x148DiPORXQKeBmtLERsCpR3GL2VYRNmIOXY
DzUsjOS3gK9DJGcPukBPwbOLrKFQIoJHeXGgus9cypCQdnRN47fuOsj3SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+FkjtN44hMNZM2+53Uwr2aaRA/MB8GA1UdIwQY
MBaAFAk60IrXPCrEOKxpgWOB56o+hleaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1RyUWl0YzhLc1E0ckdtQlk0SG5xajZHVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wOTU5ODUtZDBkYy00ZDQxLTk4ZWIt
NDFhYTQ3NWQxNWI4LzEvRDRXU08wM2ppRXcxa3piN25kVEN2WnBwRUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wOTU5ODUtZDBkYy00ZDQxLTk4ZWItNDFhYTQ3NWQxNWI4
LzEvQ1RyUWl0YzhLc1E0ckdtQlk0SG5xajZHVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUmMA0G
CSqGSIb3DQEBCwUAA4IBAQAX0i6BP4S9IbGElmlgEbWp88EUoh6ht3E9tmIGghbk
LBEBYDiWXLbedqgs0HoPdbDPlIfQ7TcYUXeXwoRgqfcoD5KQD3mURsQ4BeBAjC6y
Nxiuey5R9sFbGrdL+2LwQJB30TWjOz3OcqBTc0ZvNg8tf3vafq2VdCIhx+eLKlYE
sUWD6RiKxYTC1fshL8eM2IlnK9Yo85945erCsRbxynIxGjrTT0+7pY8pQufWOxP3
A9x0rZT2VabaQPvguKKxKneyggDR6m8Ps6682p7BP3teZGwdrjzRL+Y+IaHflPiD
eR26WBr2DAVSzT+s20pnCcNxPzn4wM2V+mGGkj36g3mZ
-----END CERTIFICATE-----