Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/0dQubYWgWZNshp4TptP26xgUfjU.roa
File:                     0dQubYWgWZNshp4TptP26xgUfjU.roa (raw, json)
Hash identifier:          gfeRKkdNSQ8h6doIPUrlDdtpMwjMXfsk0QGwfESWfzk=
Subject key identifier:   D1:D4:2E:6D:85:A0:59:93:6C:86:9E:13:A6:D3:F6:EB:18:14:7E:35
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       0191FC2992FAC7A1C2397C8A7DC95C198CC1
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/0dQubYWgWZNshp4TptP26xgUfjU.roa
Signing time:             Mon 16 Sep 2024 18:47:48 +0000
ROA not before:           Mon 16 Sep 2024 18:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213005
IP address blocks:        46.253.138.0/24 maxlen: 24
                          188.93.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fc:29:92:fa:c7:a1:c2:39:7c:8a:7d:c9:5c:19:8c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Sep 16 18:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1d42e6d85a059936c869e13a6d3f6eb18147e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:d3:b9:ab:f5:6d:54:63:10:ed:06:b1:b9:
                    d4:4b:34:8c:18:a9:6d:fa:78:41:3d:79:e1:4f:9d:
                    3c:59:48:d7:e8:11:50:13:a7:c1:ea:1d:78:37:e9:
                    fd:80:4c:07:1c:b4:c4:7d:83:7f:2f:e7:d7:b6:2c:
                    db:d0:2b:39:a9:ca:f3:74:72:1c:b0:8f:de:1c:08:
                    63:77:1a:8d:8e:89:e9:51:96:45:64:15:a6:5f:88:
                    68:a4:9c:a2:e6:ef:18:95:be:b5:75:4d:67:2d:31:
                    86:31:c1:18:3d:13:b8:2c:ff:8b:fe:29:a7:8f:98:
                    2a:d4:c8:f5:7f:09:2f:38:47:ad:eb:ba:95:49:41:
                    f7:0f:c3:a6:34:3e:8a:6c:8f:54:5a:2d:f5:dc:58:
                    7f:38:91:f0:57:42:e9:86:0a:e8:d2:fd:4f:5b:ff:
                    25:4e:c9:2e:a5:fb:dd:1d:b7:f4:10:4f:89:46:97:
                    8d:d2:a3:18:01:10:4a:87:0f:aa:6f:f3:aa:4e:9c:
                    b3:83:48:35:4e:62:b6:9d:fa:ea:25:c7:8e:96:57:
                    8f:f8:e8:77:e0:c0:37:52:21:86:c9:4b:ec:e4:70:
                    f0:83:5b:e8:96:9c:73:2d:92:39:39:a3:b3:9c:f2:
                    fa:92:9b:e5:b3:f9:92:bc:89:90:0e:4f:0f:fa:e4:
                    75:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D4:2E:6D:85:A0:59:93:6C:86:9E:13:A6:D3:F6:EB:18:14:7E:35
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/0dQubYWgWZNshp4TptP26xgUfjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.138.0/24
                  188.93.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:9a:fa:5d:eb:bf:4c:3d:75:9a:c7:a3:c2:90:40:0a:c3:9b:
         c7:b3:87:de:58:19:3d:69:c3:95:d4:e5:12:e6:3f:48:d6:f6:
         fd:f0:51:31:3f:9c:38:57:3b:60:cf:ba:08:26:49:98:70:dc:
         47:4a:fe:72:d3:6d:be:e1:fc:40:6b:28:4b:ad:d4:89:0a:15:
         07:3e:0b:ad:2e:98:7f:b6:42:f3:36:9d:65:70:9d:da:04:e7:
         af:ed:dc:44:ea:ac:8d:a6:07:97:c0:d0:17:4f:09:c2:54:c2:
         f8:33:09:d8:8e:92:6e:45:e4:59:2a:5c:87:2b:ca:89:71:cf:
         a5:c5:70:f4:1f:7f:a9:32:7c:3b:19:91:9f:be:0b:80:28:84:
         27:ba:d7:78:32:bc:c2:48:50:89:71:70:7a:6f:ce:28:ca:66:
         ac:9c:d5:2b:13:1d:5f:80:79:03:28:b9:62:18:50:c1:e2:00:
         da:14:37:94:00:da:8a:9c:18:b6:ef:6b:d9:8f:7b:50:13:6c:
         ac:1d:99:73:79:0d:c7:54:85:33:dd:6a:9a:5b:78:55:7c:e4:
         2f:19:2c:55:2c:a6:15:15:4d:59:cc:36:96:e0:0a:d7:11:ea:
         2a:86:2f:61:5f:72:eb:b0:dc:e2:20:6b:f0:3c:5d:d7:e1:5f:
         8e:13:c3:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH8KZL6x6HCOXyKfclcGYzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwOTE2MTg0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ0MmU2ZDg1YTA1OTkzNmM4NjllMTNhNmQzZjZlYjE4MTQ3ZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwibTuav1bVRjEO0GsbnUSzSMGKlt
+nhBPXnhT508WUjX6BFQE6fB6h14N+n9gEwHHLTEfYN/L+fXtizb0Cs5qcrzdHIc
sI/eHAhjdxqNjonpUZZFZBWmX4hopJyi5u8Ylb61dU1nLTGGMcEYPRO4LP+L/imn
j5gq1Mj1fwkvOEet67qVSUH3D8OmND6KbI9UWi313Fh/OJHwV0Lphgro0v1PW/8l
TskupfvdHbf0EE+JRpeN0qMYARBKhw+qb/OqTpyzg0g1TmK2nfrqJceOlleP+Oh3
4MA3UiGGyUvs5HDwg1volpxzLZI5OaOznPL6kpvls/mSvImQDk8P+uR1cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNHULm2FoFmTbIaeE6bT9usYFH41MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvMGRRdWJZV2dXWk5zaHA0VHB0UDI2eGdVZmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALv2KAwQA
vF11MA0GCSqGSIb3DQEBCwUAA4IBAQB+mvpd679MPXWax6PCkEAKw5vHs4feWBk9
acOV1OUS5j9I1vb98FExP5w4Vztgz7oIJkmYcNxHSv5y022+4fxAayhLrdSJChUH
PgutLph/tkLzNp1lcJ3aBOev7dxE6qyNpgeXwNAXTwnCVML4MwnYjpJuReRZKlyH
K8qJcc+lxXD0H3+pMnw7GZGfvguAKIQnutd4MrzCSFCJcXB6b84oymasnNUrEx1f
gHkDKLliGFDB4gDaFDeUANqKnBi272vZj3tQE2ysHZlzeQ3HVIUz3WqaW3hVfOQv
GSxVLKYVFU1ZzDaW4ArXEeoqhi9hX3LrsNziIGvwPF3X4V+OE8MQ
-----END CERTIFICATE-----