Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/j_q8KgpHr7oCuK76v8dpHlBv1uM.roa
File:                     j_q8KgpHr7oCuK76v8dpHlBv1uM.roa (raw, json)
Hash identifier:          pf+9vEOscx1tS6TOpO45zuLG7IhRooNDWfPIcylbD0U=
Subject key identifier:   8F:FA:BC:2A:0A:47:AF:BA:02:B8:AE:FA:BF:C7:69:1E:50:6F:D6:E3
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01922532566F27EE6C36AB613246BE01A26B
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/j_q8KgpHr7oCuK76v8dpHlBv1uM.roa
Signing time:             Tue 24 Sep 2024 18:01:48 +0000
ROA not before:           Tue 24 Sep 2024 18:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        193.56.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:25:32:56:6f:27:ee:6c:36:ab:61:32:46:be:01:a2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Sep 24 18:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ffabc2a0a47afba02b8aefabfc7691e506fd6e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:75:f3:24:98:ad:73:cf:e9:20:5c:f5:cc:48:
                    b9:53:f5:2a:e5:06:ba:46:d7:ba:43:ea:3f:67:df:
                    87:5d:32:a4:00:87:64:b1:56:fd:b5:0d:22:9e:fc:
                    c1:90:63:5b:bb:77:fb:f8:08:ba:34:33:e3:be:40:
                    a3:44:a6:71:dc:15:78:b9:15:e9:4e:2d:6e:00:39:
                    2a:c3:6b:f4:f1:62:3c:d6:b7:f4:9c:bc:d8:2f:6e:
                    16:72:5c:b7:5a:69:75:3d:b6:a2:fa:82:e9:72:05:
                    56:05:a6:09:cc:a0:f3:09:35:87:03:eb:ca:0b:42:
                    fc:bc:8b:cc:2f:24:75:0a:4e:cf:e5:29:e1:c6:4d:
                    a7:f3:46:7e:14:16:07:25:a7:f5:26:14:b6:4d:84:
                    b8:43:03:3e:79:12:97:dc:57:bb:66:fd:7e:90:6e:
                    7c:3e:f5:11:7f:03:aa:7e:bd:08:30:c2:f1:dd:84:
                    e0:4f:eb:5e:2f:49:f3:18:38:a9:11:aa:42:98:62:
                    b7:80:84:31:a8:b0:6f:3f:cd:00:e4:cd:c1:c1:e7:
                    07:51:77:80:26:a0:49:26:7b:f2:f5:ef:2a:06:c6:
                    6f:2a:19:10:c2:ed:24:69:40:64:9a:85:0b:fd:b3:
                    9d:50:37:66:f7:3f:96:68:fd:27:40:4a:4b:36:ac:
                    88:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FA:BC:2A:0A:47:AF:BA:02:B8:AE:FA:BF:C7:69:1E:50:6F:D6:E3
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/j_q8KgpHr7oCuK76v8dpHlBv1uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:7e:53:4b:17:4b:91:e5:79:de:01:eb:a4:31:cd:f4:7b:25:
         49:d3:b2:b3:12:9c:74:0b:be:50:d0:a0:12:9d:e7:b6:9a:da:
         27:38:3d:05:fd:54:91:f1:90:25:20:92:87:e1:1f:f7:ec:ea:
         31:06:20:20:5c:a3:eb:bf:42:2c:61:c6:65:9f:bf:6c:a2:97:
         33:c1:4a:76:aa:51:0a:d1:20:6b:01:55:ec:b7:11:68:3a:e8:
         9f:a8:d8:3f:60:65:f3:7a:e4:72:cc:02:7c:7a:56:f6:21:0a:
         3f:76:aa:06:24:39:28:41:66:6f:0e:a5:1a:f2:36:cb:8b:b4:
         16:ad:ce:e6:c7:fa:c3:94:ba:50:86:2f:00:25:f3:94:b0:d8:
         bd:d0:29:e1:ff:94:3d:69:df:4a:64:6b:e8:9d:61:93:0c:07:
         7e:33:30:4c:1f:cf:f9:91:af:5e:9e:44:e6:aa:3a:99:53:88:
         37:ba:51:6f:73:a3:64:91:12:6b:76:f5:13:ae:38:c7:b6:fc:
         0b:f1:3c:e4:e8:e5:93:cb:7e:6d:b9:57:14:06:c3:c9:8c:44:
         01:62:0b:c9:22:fe:52:1d:d0:c2:bd:54:d3:4c:1a:1d:87:cc:
         92:66:79:9f:f2:f3:0f:4c:3a:c1:a2:71:22:dd:fe:d1:c9:3c:
         bc:7b:b4:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIlMlZvJ+5sNqthMka+AaJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwOTI0MTgwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmZhYmMyYTBhNDdhZmJhMDJiOGFlZmFiZmM3NjkxZTUwNmZkNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknXzJJitc8/pIFz1zEi5U/Uq5Qa6
Rte6Q+o/Z9+HXTKkAIdksVb9tQ0invzBkGNbu3f7+Ai6NDPjvkCjRKZx3BV4uRXp
Ti1uADkqw2v08WI81rf0nLzYL24Wcly3Wml1Pbai+oLpcgVWBaYJzKDzCTWHA+vK
C0L8vIvMLyR1Ck7P5Snhxk2n80Z+FBYHJaf1JhS2TYS4QwM+eRKX3Fe7Zv1+kG58
PvURfwOqfr0IMMLx3YTgT+teL0nzGDipEapCmGK3gIQxqLBvP80A5M3BwecHUXeA
JqBJJnvy9e8qBsZvKhkQwu0kaUBkmoUL/bOdUDdm9z+WaP0nQEpLNqyIBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/6vCoKR6+6Ariu+r/HaR5Qb9bjMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEval9xOEtncEhyN29DdUs3NnY4ZHBIbEJ2MXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTgDMA0G
CSqGSIb3DQEBCwUAA4IBAQBdflNLF0uR5XneAeukMc30eyVJ07KzEpx0C75Q0KAS
nee2mtonOD0F/VSR8ZAlIJKH4R/37OoxBiAgXKPrv0IsYcZln79sopczwUp2qlEK
0SBrAVXstxFoOuifqNg/YGXzeuRyzAJ8elb2IQo/dqoGJDkoQWZvDqUa8jbLi7QW
rc7mx/rDlLpQhi8AJfOUsNi90Cnh/5Q9ad9KZGvonWGTDAd+MzBMH8/5ka9enkTm
qjqZU4g3ulFvc6NkkRJrdvUTrjjHtvwL8Tzk6OWTy35tuVcUBsPJjEQBYgvJIv5S
HdDCvVTTTBodh8ySZnmf8vMPTDrBonEi3f7RyTy8e7R8
-----END CERTIFICATE-----