Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/xNOZidl0wEUCu4bO61CtUatTrsY.roa
File:                     xNOZidl0wEUCu4bO61CtUatTrsY.roa (raw, json)
Hash identifier:          tJUvYUht5aTVGNoMwvoG0FpsBP7IK5Qsep4UWNo8KPU=
Subject key identifier:   C4:D3:99:89:D9:74:C0:45:02:BB:86:CE:EB:50:AD:51:AB:53:AE:C6
Certificate issuer:       /CN=3f56231e7ef53181b630260f5739a939980bce0f
Certificate serial:       01905377BCFC3250F908D892EE7C2FAB15C0
Authority key identifier: 3F:56:23:1E:7E:F5:31:81:B6:30:26:0F:57:39:A9:39:98:0B:CE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/xNOZidl0wEUCu4bO61CtUatTrsY.roa
Signing time:             Wed 26 Jun 2024 07:34:34 +0000
ROA not before:           Wed 26 Jun 2024 07:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        193.106.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:77:bc:fc:32:50:f9:08:d8:92:ee:7c:2f:ab:15:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f56231e7ef53181b630260f5739a939980bce0f
        Validity
            Not Before: Jun 26 07:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4d39989d974c04502bb86ceeb50ad51ab53aec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d0:8e:d7:f2:58:93:19:d0:08:26:77:83:0c:
                    9b:9d:22:10:41:7e:b9:09:43:c3:54:f4:f9:9e:29:
                    ee:37:4c:11:10:24:25:93:ed:36:c3:00:50:56:4a:
                    12:34:b4:a3:93:94:18:22:b3:5c:45:53:b4:74:ad:
                    c1:19:2c:fa:02:24:67:67:6a:15:75:d9:62:af:25:
                    e4:14:2d:6d:5e:a6:23:1d:68:91:3e:22:e2:27:be:
                    c0:b6:4e:6b:35:1e:13:33:a9:cf:8e:d4:a7:7a:1c:
                    d2:7e:75:e0:c8:9f:a7:b6:0c:40:94:ef:a3:26:49:
                    8f:cc:64:89:6f:48:c6:0a:9a:70:07:c2:8a:c4:62:
                    70:13:2f:89:fe:df:cc:68:ba:e2:72:24:5e:d8:8a:
                    37:6a:5c:d5:da:29:a5:14:4c:70:e8:56:28:b2:44:
                    09:b9:10:05:4c:69:9c:5d:13:50:f9:fd:5f:62:69:
                    11:6b:b8:7b:05:f6:72:e7:21:dc:ac:c8:d5:7a:7c:
                    6a:97:d6:39:bd:66:5c:c4:23:7f:70:44:75:f4:8b:
                    9b:15:6a:2e:38:2e:11:ae:c1:4f:3c:4f:fb:63:0e:
                    b9:2a:15:e3:74:8b:ab:7b:f9:d4:54:ca:47:a0:05:
                    33:e3:a6:71:73:63:c4:1b:0b:fa:62:b3:ec:96:ed:
                    cf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D3:99:89:D9:74:C0:45:02:BB:86:CE:EB:50:AD:51:AB:53:AE:C6
            X509v3 Authority Key Identifier:
                keyid:3F:56:23:1E:7E:F5:31:81:B6:30:26:0F:57:39:A9:39:98:0B:CE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/xNOZidl0wEUCu4bO61CtUatTrsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:68:50:59:16:50:f7:a2:fc:aa:a2:c5:6d:ba:9a:fd:68:99:
         08:f9:ac:e6:50:3e:24:1c:db:17:11:b3:f5:51:af:5d:6c:17:
         94:6d:25:9e:24:d9:44:66:6e:ed:7c:7c:e2:ee:36:bc:57:c7:
         cb:d0:75:0f:e6:63:72:1c:78:93:71:71:a0:82:d7:07:9e:7f:
         1f:e3:9b:13:6e:07:14:ea:91:de:1f:77:5d:e9:80:7a:37:77:
         b0:92:aa:b4:9d:a9:a6:d6:27:2e:9a:63:2b:29:a8:5b:c4:bd:
         8d:2f:67:dc:bd:9c:e6:f3:64:bd:d0:8a:ca:45:f3:0f:cf:96:
         df:c7:41:a5:1a:9d:80:b1:8a:da:05:fe:b7:3b:f2:c4:95:67:
         46:43:9e:63:68:b2:96:1f:8f:9e:41:89:02:71:5f:3b:ce:ed:
         c2:15:53:f5:8b:d8:cf:01:73:09:67:df:8b:0f:0e:64:a9:d9:
         60:d8:78:65:8d:dd:b2:bc:5b:e6:79:a4:4a:70:40:8c:35:8a:
         c7:ed:75:9e:99:2e:5d:7b:32:ab:b5:29:62:d3:a8:97:94:49:
         71:a3:f1:4c:f2:aa:d7:a4:7c:38:ad:8a:a4:2a:7c:38:8b:33:
         87:aa:71:6e:39:92:ab:ea:1d:19:3d:e7:8d:ae:4f:dd:3f:58:
         97:e0:91:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBTd7z8MlD5CNiS7nwvqxXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNTYyMzFlN2VmNTMxODFiNjMwMjYwZjU3MzlhOTM5OTgw
YmNlMGYwHhcNMjQwNjI2MDczNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQzOTk4OWQ5NzRjMDQ1MDJiYjg2Y2VlYjUwYWQ1MWFiNTNhZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNCO1/JYkxnQCCZ3gwybnSIQQX65
CUPDVPT5ninuN0wRECQlk+02wwBQVkoSNLSjk5QYIrNcRVO0dK3BGSz6AiRnZ2oV
ddliryXkFC1tXqYjHWiRPiLiJ77Atk5rNR4TM6nPjtSnehzSfnXgyJ+ntgxAlO+j
JkmPzGSJb0jGCppwB8KKxGJwEy+J/t/MaLriciRe2Io3alzV2imlFExw6FYoskQJ
uRAFTGmcXRNQ+f1fYmkRa7h7BfZy5yHcrMjVenxql9Y5vWZcxCN/cER19IubFWou
OC4RrsFPPE/7Yw65KhXjdIure/nUVMpHoAUz46Zxc2PEGwv6YrPslu3PcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTTmYnZdMBFAruGzutQrVGrU67GMB8GA1UdIwQY
MBaAFD9WIx5+9TGBtjAmD1c5qTmYC84PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDFZakhuNzFNWUcyTUNZUFZ6bXBPWmdMemc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81YzJlMzYtYTlkYi00NTIyLWE2M2Ut
NDU1ZGRjN2Q5ZTM4LzEveE5PWmlkbDB3RVVDdTRiTzYxQ3RVYXRUcnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81YzJlMzYtYTlkYi00NTIyLWE2M2UtNDU1ZGRjN2Q5ZTM4
LzEvUDFZakhuNzFNWUcyTUNZUFZ6bXBPWmdMemc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWq/MA0G
CSqGSIb3DQEBCwUAA4IBAQBcaFBZFlD3ovyqosVtupr9aJkI+azmUD4kHNsXEbP1
Ua9dbBeUbSWeJNlEZm7tfHzi7ja8V8fL0HUP5mNyHHiTcXGggtcHnn8f45sTbgcU
6pHeH3dd6YB6N3ewkqq0namm1icummMrKahbxL2NL2fcvZzm82S90IrKRfMPz5bf
x0GlGp2AsYraBf63O/LElWdGQ55jaLKWH4+eQYkCcV87zu3CFVP1i9jPAXMJZ9+L
Dw5kqdlg2Hhljd2yvFvmeaRKcECMNYrH7XWemS5dezKrtSli06iXlElxo/FM8qrX
pHw4rYqkKnw4izOHqnFuOZKr6h0ZPeeNrk/dP1iX4JGS
-----END CERTIFICATE-----