Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/LN3dUajDPEWpjGqlVDAI6FUfQ2w.roa
File:                     LN3dUajDPEWpjGqlVDAI6FUfQ2w.roa (raw, json)
Hash identifier:          Q+fS+M+fU8HTHJgIVJkSdY/oE08wNrtBcL1TmNJ+gqg=
Subject key identifier:   2C:DD:DD:51:A8:C3:3C:45:A9:8C:6A:A5:54:30:08:E8:55:1F:43:6C
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       0192EC33F74CD72CC17F81EBEDBFB0833C5E
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/LN3dUajDPEWpjGqlVDAI6FUfQ2w.roa
Signing time:             Sat 02 Nov 2024 09:28:01 +0000
ROA not before:           Sat 02 Nov 2024 09:28:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        193.9.36.0/22 maxlen: 24
                          193.9.36.0/24 maxlen: 24
                          193.9.37.0/24 maxlen: 24
                          193.9.38.0/24 maxlen: 24
                          193.9.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ec:33:f7:4c:d7:2c:c1:7f:81:eb:ed:bf:b0:83:3c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Nov  2 09:28:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cdddd51a8c33c45a98c6aa5543008e8551f436c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:10:e4:6e:df:59:74:6c:a3:51:9d:d8:d9:88:
                    71:20:66:4e:c3:37:ee:fb:4a:c9:d2:36:ba:f0:48:
                    36:67:14:15:51:94:82:9e:90:09:e9:be:d5:e1:a0:
                    7f:e5:77:e7:e1:b6:33:5c:f2:3a:87:89:b1:3f:f3:
                    62:ea:0f:cf:36:04:fe:5c:93:f2:43:ce:97:de:4e:
                    ea:e3:6a:0d:9f:2f:bc:6f:9f:58:6b:08:6a:09:22:
                    c2:c0:c6:43:49:68:f0:fc:ce:45:b7:23:ca:0a:de:
                    48:48:71:44:e3:fb:f7:50:7b:c0:d3:28:e1:a4:37:
                    10:32:04:3f:5a:ab:19:88:5f:9b:c5:96:0b:3b:04:
                    70:c6:62:5e:aa:7a:55:df:63:e8:f2:39:9e:ff:b5:
                    15:c0:39:62:ea:13:28:a8:e0:79:08:2f:1e:6b:55:
                    fb:f6:8d:13:ab:fe:33:58:ec:b6:20:60:ff:d5:a5:
                    f9:6b:67:78:bd:24:6e:e7:83:08:7f:3a:fd:d7:3b:
                    50:a1:3a:43:44:5a:05:57:f6:3c:60:c9:aa:7d:c6:
                    55:66:d0:fd:ca:87:ae:b1:d5:4e:b0:d6:c3:b2:15:
                    40:69:8d:40:f0:af:be:fe:16:d1:e5:1b:37:f8:48:
                    72:d2:20:31:35:8b:0b:0f:e8:fe:64:d0:bc:d1:a9:
                    2d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DD:DD:51:A8:C3:3C:45:A9:8C:6A:A5:54:30:08:E8:55:1F:43:6C
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/LN3dUajDPEWpjGqlVDAI6FUfQ2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:9a:93:62:60:63:59:1a:d2:50:49:c7:69:5a:c3:82:08:ad:
         58:a2:8d:c6:d6:e1:2b:34:bb:79:fd:6a:77:cb:94:82:4b:9a:
         c5:43:96:f5:d1:41:d5:c9:14:f4:ab:36:52:8c:f5:c7:cd:bb:
         bc:ed:c4:9f:4e:19:e9:49:ad:f9:22:dc:b4:4e:e2:21:b3:9e:
         7b:90:fc:21:24:b6:74:da:c6:9d:8a:ff:ef:df:08:d9:34:11:
         c1:58:b8:08:ec:dd:69:57:61:00:a6:89:c3:7a:e1:f9:d2:18:
         89:96:1c:69:dc:62:7e:a1:e5:28:bd:aa:c5:cd:fb:ee:65:64:
         27:fb:19:b0:f3:b1:6d:77:74:b8:44:a1:51:99:5c:dc:f6:28:
         e2:bf:ef:9d:8b:02:f8:45:47:78:05:56:0f:cd:c7:79:ea:ee:
         ca:4f:d7:59:7d:1a:9a:be:8a:b9:3a:7c:00:16:f9:92:70:b9:
         ec:3c:89:3d:3b:d9:5e:25:e1:7e:43:74:67:b3:57:7d:a2:73:
         2d:24:5a:28:7b:0d:f0:f3:4a:93:e1:58:1d:23:00:59:2c:f8:
         58:03:10:44:5d:dd:e9:5c:64:f6:f4:08:e5:34:37:60:e3:cd:
         f0:11:16:4f:28:13:e5:d4:5f:80:65:c9:4c:1d:e7:c7:a3:b7:
         59:f1:94:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLsM/dM1yzBf4Hr7b+wgzxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjQxMTAyMDkyODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2RkZGQ1MWE4YzMzYzQ1YTk4YzZhYTU1NDMwMDhlODU1MWY0MzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBDkbt9ZdGyjUZ3Y2YhxIGZOwzfu
+0rJ0ja68Eg2ZxQVUZSCnpAJ6b7V4aB/5Xfn4bYzXPI6h4mxP/Ni6g/PNgT+XJPy
Q86X3k7q42oNny+8b59YawhqCSLCwMZDSWjw/M5FtyPKCt5ISHFE4/v3UHvA0yjh
pDcQMgQ/WqsZiF+bxZYLOwRwxmJeqnpV32Po8jme/7UVwDli6hMoqOB5CC8ea1X7
9o0Tq/4zWOy2IGD/1aX5a2d4vSRu54MIfzr91ztQoTpDRFoFV/Y8YMmqfcZVZtD9
yoeusdVOsNbDshVAaY1A8K++/hbR5Rs3+Ehy0iAxNYsLD+j+ZNC80aktTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzd3VGowzxFqYxqpVQwCOhVH0NsMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvTE4zZFVhakRQRVdwakdxbFZEQUk2RlVmUTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwQkkMA0G
CSqGSIb3DQEBCwUAA4IBAQDBmpNiYGNZGtJQScdpWsOCCK1Yoo3G1uErNLt5/Wp3
y5SCS5rFQ5b10UHVyRT0qzZSjPXHzbu87cSfThnpSa35Ity0TuIhs557kPwhJLZ0
2sadiv/v3wjZNBHBWLgI7N1pV2EAponDeuH50hiJlhxp3GJ+oeUovarFzfvuZWQn
+xmw87Ftd3S4RKFRmVzc9ijiv++diwL4RUd4BVYPzcd56u7KT9dZfRqavoq5OnwA
FvmScLnsPIk9O9leJeF+Q3Rns1d9onMtJFooew3w80qT4VgdIwBZLPhYAxBEXd3p
XGT29AjlNDdg483wERZPKBPl1F+AZclMHefHo7dZ8ZQp
-----END CERTIFICATE-----