Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/r_nkJY0Dr-jS6jlOGPVPd1aozoI.roa
File:                     r_nkJY0Dr-jS6jlOGPVPd1aozoI.roa (raw, json)
Hash identifier:          IxvsxcIRV3yWQ4NN07+EmlkALgCEWeBfJmKEz4wisT8=
Subject key identifier:   AF:F9:E4:25:8D:03:AF:E8:D2:EA:39:4E:18:F5:4F:77:56:A8:CE:82
Certificate issuer:       /CN=4d94f92adbd1bb45d63f9f947017a2164e9d0efa
Certificate serial:       0192092F0426A3C0FB89177C6AE805657316
Authority key identifier: 4D:94:F9:2A:DB:D1:BB:45:D6:3F:9F:94:70:17:A2:16:4E:9D:0E:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TZT5KtvRu0XWP5-UcBeiFk6dDvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/r_nkJY0Dr-jS6jlOGPVPd1aozoI.roa
Signing time:             Thu 19 Sep 2024 07:28:48 +0000
ROA not before:           Thu 19 Sep 2024 07:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1835
IP address blocks:        193.3.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/TZT5KtvRu0XWP5-UcBeiFk6dDvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/TZT5KtvRu0XWP5-UcBeiFk6dDvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TZT5KtvRu0XWP5-UcBeiFk6dDvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:2f:04:26:a3:c0:fb:89:17:7c:6a:e8:05:65:73:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d94f92adbd1bb45d63f9f947017a2164e9d0efa
        Validity
            Not Before: Sep 19 07:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aff9e4258d03afe8d2ea394e18f54f7756a8ce82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:44:3c:6c:a1:ed:6e:4a:db:90:30:56:fc:d7:
                    42:4f:76:52:0e:71:4f:42:03:14:52:f5:84:c5:70:
                    8f:60:f1:c8:15:cb:15:f5:9e:ec:56:aa:dd:8e:65:
                    ce:5e:16:87:51:9a:dd:2c:55:75:71:a4:ab:b2:e1:
                    27:36:c6:ae:8f:40:30:e9:18:46:57:7c:cd:fe:b9:
                    1d:62:f6:4f:6b:95:14:29:3b:7c:f7:08:9d:e9:a8:
                    2a:66:15:33:70:25:28:b5:8d:55:4b:8b:50:93:7e:
                    98:fc:35:79:23:8f:f6:92:64:59:9f:d5:1f:69:85:
                    a7:06:ad:43:1d:65:9b:f1:f9:4d:52:d3:72:45:49:
                    a9:98:52:22:bd:64:ac:b5:69:85:d7:e2:e1:f3:1f:
                    56:01:44:7c:ca:4f:ca:30:f7:57:c8:5b:92:c3:d3:
                    9b:9b:fb:14:6c:e0:e9:91:2f:75:06:59:39:68:5b:
                    a1:a3:38:17:8c:07:1d:91:bc:72:d8:3d:01:7f:34:
                    c7:76:d6:eb:77:04:e6:f8:ed:e6:0b:88:25:d7:f3:
                    2a:21:c6:33:1f:83:4b:a0:28:d7:30:7d:e6:cd:8e:
                    be:61:57:60:9b:e0:77:76:60:fb:08:b8:44:eb:21:
                    35:45:08:01:cd:61:f0:27:d7:1a:1c:3e:ae:1d:f6:
                    1a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F9:E4:25:8D:03:AF:E8:D2:EA:39:4E:18:F5:4F:77:56:A8:CE:82
            X509v3 Authority Key Identifier:
                keyid:4D:94:F9:2A:DB:D1:BB:45:D6:3F:9F:94:70:17:A2:16:4E:9D:0E:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TZT5KtvRu0XWP5-UcBeiFk6dDvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/r_nkJY0Dr-jS6jlOGPVPd1aozoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/939b98-1508-4740-8dbf-24109edf6450/1/TZT5KtvRu0XWP5-UcBeiFk6dDvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:8c:46:cd:63:e3:16:92:1c:61:1f:f2:5c:34:08:73:76:82:
         27:28:40:51:1d:fa:b7:e1:97:b8:00:3f:20:f9:35:e9:dc:a1:
         ab:87:03:a3:83:a8:eb:37:60:22:e9:24:93:ab:d1:71:92:60:
         92:c5:2b:7d:d0:03:d1:47:bd:86:4f:3d:89:57:2f:1c:ce:33:
         46:be:72:03:5a:24:8d:cd:b1:9f:85:81:a0:fa:e6:c5:15:25:
         87:a3:66:95:b0:63:f2:c4:b1:d0:ef:2b:ba:4c:d7:6a:89:b6:
         03:1e:3e:59:06:9e:46:86:3a:e6:54:e6:41:a3:b5:c4:2e:d7:
         21:56:56:99:fa:e3:60:c8:cf:c0:d3:83:2d:99:a1:3d:5f:8a:
         14:dd:3d:7d:2b:d3:c9:30:ca:44:37:14:d2:8c:5c:a7:b7:0c:
         ad:ba:19:95:03:c2:e3:80:c8:3a:87:e4:1e:da:d1:b5:21:64:
         4a:32:af:1c:2c:a6:06:0a:bb:0c:a5:a7:20:2c:f6:3d:65:9b:
         e0:23:4d:32:a9:df:94:d1:8a:85:ac:2a:93:4e:5d:77:cf:15:
         ca:fd:c7:04:81:c1:79:37:66:67:a4:0f:da:60:bb:7b:00:97:
         ae:05:39:93:ca:14:0f:05:38:36:18:51:8a:4c:5a:6e:79:82:
         6c:ec:0a:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIJLwQmo8D7iRd8augFZXMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkOTRmOTJhZGJkMWJiNDVkNjNmOWY5NDcwMTdhMjE2NGU5
ZDBlZmEwHhcNMjQwOTE5MDcyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY5ZTQyNThkMDNhZmU4ZDJlYTM5NGUxOGY1NGY3NzU2YThjZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0Q8bKHtbkrbkDBW/NdCT3ZSDnFP
QgMUUvWExXCPYPHIFcsV9Z7sVqrdjmXOXhaHUZrdLFV1caSrsuEnNsauj0Aw6RhG
V3zN/rkdYvZPa5UUKTt89wid6agqZhUzcCUotY1VS4tQk36Y/DV5I4/2kmRZn9Uf
aYWnBq1DHWWb8flNUtNyRUmpmFIivWSstWmF1+Lh8x9WAUR8yk/KMPdXyFuSw9Ob
m/sUbODpkS91Blk5aFuhozgXjAcdkbxy2D0BfzTHdtbrdwTm+O3mC4gl1/MqIcYz
H4NLoCjXMH3mzY6+YVdgm+B3dmD7CLhE6yE1RQgBzWHwJ9caHD6uHfYaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/55CWNA6/o0uo5Thj1T3dWqM6CMB8GA1UdIwQY
MBaAFE2U+Srb0btF1j+flHAXohZOnQ76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFpUNUt0dlJ1MFhXUDUtVWNCZWlGazZkRHZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85MzliOTgtMTUwOC00NzQwLThkYmYt
MjQxMDllZGY2NDUwLzEvcl9ua0pZMERyLWpTNmpsT0dQVlBkMWFvem9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85MzliOTgtMTUwOC00NzQwLThkYmYtMjQxMDllZGY2NDUw
LzEvVFpUNUt0dlJ1MFhXUDUtVWNCZWlGazZkRHZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQPuMA0G
CSqGSIb3DQEBCwUAA4IBAQBUjEbNY+MWkhxhH/JcNAhzdoInKEBRHfq34Ze4AD8g
+TXp3KGrhwOjg6jrN2Ai6SSTq9FxkmCSxSt90APRR72GTz2JVy8czjNGvnIDWiSN
zbGfhYGg+ubFFSWHo2aVsGPyxLHQ7yu6TNdqibYDHj5ZBp5GhjrmVOZBo7XELtch
VlaZ+uNgyM/A04MtmaE9X4oU3T19K9PJMMpENxTSjFyntwytuhmVA8LjgMg6h+Qe
2tG1IWRKMq8cLKYGCrsMpacgLPY9ZZvgI00yqd+U0YqFrCqTTl13zxXK/ccEgcF5
N2ZnpA/aYLt7AJeuBTmTyhQPBTg2GFGKTFpueYJs7ApI
-----END CERTIFICATE-----