Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/1CEOM6XIwfTTxhGZUtfXtk1lC4U.roa
File:                     1CEOM6XIwfTTxhGZUtfXtk1lC4U.roa (raw, json)
Hash identifier:          DxU9xA9WbOsNQjOV/HLImv3zNgC52DY6s8eny7OUYy8=
Subject key identifier:   D4:21:0E:33:A5:C8:C1:F4:D3:C6:11:99:52:D7:D7:B6:4D:65:0B:85
Certificate issuer:       /CN=3bce3d474a775ce4776371632bc196ca1f4ec23b
Certificate serial:       019345672D88670B394F73431ECC75101D5E
Authority key identifier: 3B:CE:3D:47:4A:77:5C:E4:77:63:71:63:2B:C1:96:CA:1F:4E:C2:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O849R0p3XOR3Y3FjK8GWyh9Owjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/1CEOM6XIwfTTxhGZUtfXtk1lC4U.roa
Signing time:             Tue 19 Nov 2024 17:10:09 +0000
ROA not before:           Tue 19 Nov 2024 17:10:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29278
IP address blocks:        193.17.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/O849R0p3XOR3Y3FjK8GWyh9Owjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/O849R0p3XOR3Y3FjK8GWyh9Owjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O849R0p3XOR3Y3FjK8GWyh9Owjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:67:2d:88:67:0b:39:4f:73:43:1e:cc:75:10:1d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bce3d474a775ce4776371632bc196ca1f4ec23b
        Validity
            Not Before: Nov 19 17:10:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4210e33a5c8c1f4d3c6119952d7d7b64d650b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ca:43:13:d2:1d:a8:86:85:52:27:83:c3:3f:
                    a1:a3:7d:a2:60:fa:06:37:d3:98:0f:79:73:d1:db:
                    ae:d5:a5:a8:9b:8a:bf:ac:d1:5e:9e:e0:8d:b3:0a:
                    62:3a:37:db:c9:00:41:68:f0:96:8a:c6:da:31:8a:
                    e4:6e:1c:5c:73:42:d6:97:5c:0c:ff:85:f8:94:8f:
                    d8:0d:c5:0e:73:de:db:87:42:39:56:3f:a2:32:5a:
                    c7:c0:09:bd:9d:cb:cb:3c:71:e9:66:92:c2:0e:fc:
                    e8:48:8e:b1:0d:07:75:5a:be:74:84:86:51:64:36:
                    cd:f3:cd:8e:d6:0a:3e:1b:c7:f5:c5:2e:b2:fc:0e:
                    cc:67:b8:5d:0b:55:0c:f4:e0:06:41:93:73:09:e2:
                    d2:ca:52:32:cb:0f:b4:c0:ce:56:01:f5:be:e1:95:
                    1b:b8:40:dc:02:02:d0:a1:a1:fd:9a:d4:1b:ab:86:
                    18:79:f3:f3:ac:4d:34:f8:1a:bf:2e:ed:81:60:50:
                    8f:a1:3f:bd:00:31:2d:78:11:ab:18:77:b8:11:10:
                    70:5b:58:4f:9d:10:53:2e:50:98:9f:d8:ff:6f:9f:
                    d0:20:5c:98:1f:a1:c6:73:d3:42:61:24:41:8a:76:
                    76:a2:91:ec:57:62:28:26:ec:da:9b:28:63:8f:cf:
                    e1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:21:0E:33:A5:C8:C1:F4:D3:C6:11:99:52:D7:D7:B6:4D:65:0B:85
            X509v3 Authority Key Identifier:
                keyid:3B:CE:3D:47:4A:77:5C:E4:77:63:71:63:2B:C1:96:CA:1F:4E:C2:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O849R0p3XOR3Y3FjK8GWyh9Owjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/1CEOM6XIwfTTxhGZUtfXtk1lC4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/5338bd-f321-4d51-be4a-63cc6c67c995/1/O849R0p3XOR3Y3FjK8GWyh9Owjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6e:01:57:5b:7c:e1:50:79:83:b0:3c:1d:91:bb:52:c8:bc:
         61:8c:6f:45:32:57:33:02:d4:52:cc:86:3c:8c:cf:23:fb:3d:
         7d:83:e4:0a:d3:cb:c7:d4:36:d5:6a:9a:02:83:06:86:13:05:
         11:c2:9d:ff:9e:63:b7:31:4b:b7:82:e9:56:6b:4e:08:2e:44:
         33:24:c7:fd:bf:1b:0e:bd:6a:c4:c0:56:d5:bb:06:a5:86:35:
         c8:07:3b:c1:77:d3:54:84:99:e1:04:a1:23:d9:c4:6f:fc:cf:
         fe:28:00:45:f2:79:93:2b:44:b0:81:16:25:90:aa:de:18:6e:
         be:a5:09:a3:a5:bf:6c:28:e7:29:1a:5f:3f:45:f6:b4:26:35:
         ed:51:d3:f0:2a:e0:e9:aa:87:64:22:1a:7b:13:4b:d0:1b:07:
         2a:6c:04:c4:d3:67:08:20:44:a8:c6:fb:0e:92:24:5f:f4:4e:
         0c:7a:0e:cf:63:33:fe:68:b7:e0:d5:62:d5:95:a3:dd:aa:34:
         3b:34:f9:ae:9e:09:2e:68:9f:c6:39:43:3b:11:36:a7:77:2c:
         1b:05:05:6b:92:38:e7:d7:74:c7:55:0c:7a:40:47:ad:32:fd:
         66:3f:b3:31:53:f7:8a:25:b3:2c:61:f3:f7:76:a0:c7:95:60:
         58:42:aa:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNFZy2IZws5T3NDHsx1EB1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2UzZDQ3NGE3NzVjZTQ3NzYzNzE2MzJiYzE5NmNhMWY0
ZWMyM2IwHhcNMjQxMTE5MTcxMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDIxMGUzM2E1YzhjMWY0ZDNjNjExOTk1MmQ3ZDdiNjRkNjUwYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocpDE9IdqIaFUieDwz+ho32iYPoG
N9OYD3lz0duu1aWom4q/rNFenuCNswpiOjfbyQBBaPCWisbaMYrkbhxcc0LWl1wM
/4X4lI/YDcUOc97bh0I5Vj+iMlrHwAm9ncvLPHHpZpLCDvzoSI6xDQd1Wr50hIZR
ZDbN882O1go+G8f1xS6y/A7MZ7hdC1UM9OAGQZNzCeLSylIyyw+0wM5WAfW+4ZUb
uEDcAgLQoaH9mtQbq4YYefPzrE00+Bq/Lu2BYFCPoT+9ADEteBGrGHe4ERBwW1hP
nRBTLlCYn9j/b5/QIFyYH6HGc9NCYSRBinZ2opHsV2IoJuzamyhjj8/hjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQhDjOlyMH008YRmVLX17ZNZQuFMB8GA1UdIwQY
MBaAFDvOPUdKd1zkd2NxYyvBlsofTsI7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzg0OVIwcDNYT1IzWTNGaks4R1d5aDlPd2pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni81MzM4YmQtZjMyMS00ZDUxLWJlNGEt
NjNjYzZjNjdjOTk1LzEvMUNFT002WEl3ZlRUeGhHWlV0Zlh0azFsQzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni81MzM4YmQtZjMyMS00ZDUxLWJlNGEtNjNjYzZjNjdjOTk1
LzEvTzg0OVIwcDNYT1IzWTNGaks4R1d5aDlPd2pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRGvMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbgFXW3zhUHmDsDwdkbtSyLxhjG9FMlczAtRSzIY8
jM8j+z19g+QK08vH1DbVapoCgwaGEwURwp3/nmO3MUu3gulWa04ILkQzJMf9vxsO
vWrEwFbVuwalhjXIBzvBd9NUhJnhBKEj2cRv/M/+KABF8nmTK0SwgRYlkKreGG6+
pQmjpb9sKOcpGl8/Rfa0JjXtUdPwKuDpqodkIhp7E0vQGwcqbATE02cIIESoxvsO
kiRf9E4Meg7PYzP+aLfg1WLVlaPdqjQ7NPmungkuaJ/GOUM7ETandywbBQVrkjjn
13THVQx6QEetMv1mP7MxU/eKJbMsYfP3dqDHlWBYQqpY
-----END CERTIFICATE-----