Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/T2NjpK1DWn2K_pPVw_G_U1ml1iQ.roa
File:                     T2NjpK1DWn2K_pPVw_G_U1ml1iQ.roa (raw, json)
Hash identifier:          QhMqZPk24qhYtIAUbVoOgehbVogopXoYDYG7sLDzYyg=
Subject key identifier:   4F:63:63:A4:AD:43:5A:7D:8A:FE:93:D5:C3:F1:BF:53:59:A5:D6:24
Certificate issuer:       /CN=2a6f8ffbe098922071f0c9c3a60f5dfdcde46da4
Certificate serial:       01909CED952183121CC26908003B28F11DBD
Authority key identifier: 2A:6F:8F:FB:E0:98:92:20:71:F0:C9:C3:A6:0F:5D:FD:CD:E4:6D:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/T2NjpK1DWn2K_pPVw_G_U1ml1iQ.roa
Signing time:             Wed 10 Jul 2024 13:55:34 +0000
ROA not before:           Wed 10 Jul 2024 13:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32787
IP address blocks:        193.194.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:ed:95:21:83:12:1c:c2:69:08:00:3b:28:f1:1d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6f8ffbe098922071f0c9c3a60f5dfdcde46da4
        Validity
            Not Before: Jul 10 13:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f6363a4ad435a7d8afe93d5c3f1bf5359a5d624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:73:ef:48:ac:28:ab:dd:eb:87:ef:9e:c3:ec:
                    e8:69:8b:90:e1:1f:94:85:54:65:4b:eb:9e:3c:a3:
                    f2:10:9c:0e:a9:85:39:b9:e8:5f:9a:d4:9f:77:96:
                    75:be:af:13:b7:a7:89:ca:b9:3a:88:42:e9:9a:74:
                    09:08:c2:87:64:cf:09:e3:c6:70:0e:6b:d8:4b:ef:
                    df:ec:85:95:ae:b6:4a:82:b4:4b:94:59:1b:3d:b6:
                    7c:df:dc:c7:14:9a:2b:17:e0:cc:5a:dd:a4:c0:8a:
                    60:bf:dc:bb:f5:8a:9a:01:c7:74:bb:a5:49:b0:b7:
                    7e:54:f1:3d:bf:be:51:27:98:cd:d4:76:7f:5f:21:
                    a8:de:1a:6d:90:60:6b:22:5a:7b:12:95:57:7f:7d:
                    02:3b:2a:23:b3:31:41:42:c8:70:d3:a6:c5:b0:41:
                    df:0a:0e:55:04:69:a9:ed:f7:83:68:ce:04:4c:f5:
                    cc:74:f8:71:5c:34:10:33:95:33:6f:b2:93:48:15:
                    bd:97:e5:73:94:eb:44:d4:36:7e:11:cc:d5:8c:a6:
                    64:53:ac:d8:82:13:13:8d:77:9c:c1:e4:c2:ae:0d:
                    58:ce:4a:97:cf:2c:28:07:a6:2b:12:af:14:dd:43:
                    50:50:e8:b7:0e:fb:08:07:e6:26:74:95:fc:7f:8e:
                    09:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:63:63:A4:AD:43:5A:7D:8A:FE:93:D5:C3:F1:BF:53:59:A5:D6:24
            X509v3 Authority Key Identifier:
                keyid:2A:6F:8F:FB:E0:98:92:20:71:F0:C9:C3:A6:0F:5D:FD:CD:E4:6D:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/T2NjpK1DWn2K_pPVw_G_U1ml1iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.194.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:08:be:c0:72:5c:ed:33:f4:ed:ae:23:29:e2:2e:1e:80:ff:
         1d:3d:00:a4:21:a8:a0:88:32:cd:a3:95:f6:7b:b4:f5:cc:ce:
         19:5a:3b:19:b4:87:16:46:ef:a3:39:92:f3:39:6d:54:9f:b7:
         bb:6b:1c:5e:2e:e4:f8:ee:e5:bb:8e:f9:b2:ac:69:5d:26:a1:
         7f:a5:b5:ec:63:aa:29:8b:68:87:26:af:b7:0e:24:c1:b4:04:
         cb:9e:51:fe:40:ad:e0:d5:c3:4f:1e:39:46:a3:92:b0:d9:05:
         46:2f:72:11:f4:6a:d2:65:fe:23:bc:18:14:84:f5:31:93:15:
         ec:fd:bb:32:e8:72:80:4e:f6:9a:6f:d7:f4:e3:da:5c:7a:3a:
         f0:51:d4:9c:3d:68:44:99:91:04:23:22:fa:aa:fb:fe:88:66:
         c4:82:18:74:06:fd:51:0f:83:93:7c:9a:d7:09:12:61:db:7b:
         b8:e7:d9:a8:70:df:86:aa:85:00:ec:ee:04:69:c5:33:d3:3e:
         af:a3:44:d8:e0:57:77:d4:5f:6f:a0:0c:44:f8:bf:2a:3d:c4:
         3b:6e:82:e0:93:9e:3a:44:23:27:e1:76:dd:e6:e6:5f:95:49:
         fa:17:79:1e:c9:68:81:e2:af:b4:c6:f0:1c:6f:70:2c:4d:f9:
         58:ed:e5:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCc7ZUhgxIcwmkIADso8R29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNmY4ZmZiZTA5ODkyMjA3MWYwYzljM2E2MGY1ZGZkY2Rl
NDZkYTQwHhcNMjQwNzEwMTM1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjYzNjNhNGFkNDM1YTdkOGFmZTkzZDVjM2YxYmY1MzU5YTVkNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3PvSKwoq93rh++ew+zoaYuQ4R+U
hVRlS+uePKPyEJwOqYU5uehfmtSfd5Z1vq8Tt6eJyrk6iELpmnQJCMKHZM8J48Zw
DmvYS+/f7IWVrrZKgrRLlFkbPbZ839zHFJorF+DMWt2kwIpgv9y79YqaAcd0u6VJ
sLd+VPE9v75RJ5jN1HZ/XyGo3hptkGBrIlp7EpVXf30COyojszFBQshw06bFsEHf
Cg5VBGmp7feDaM4ETPXMdPhxXDQQM5Uzb7KTSBW9l+VzlOtE1DZ+EczVjKZkU6zY
ghMTjXecweTCrg1YzkqXzywoB6YrEq8U3UNQUOi3DvsIB+YmdJX8f44JjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9jY6StQ1p9iv6T1cPxv1NZpdYkMB8GA1UdIwQY
MBaAFCpvj/vgmJIgcfDJw6YPXf3N5G2kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS20tUC0tQ1lraUJ4OE1uRHBnOWRfYzNrYmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MzhkODgtNDk1Mi00OTYwLTg3NzQt
YzFjNGQ4Y2JmNDU5LzEvVDJOanBLMURXbjJLX3BQVndfR19VMW1sMWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MzhkODgtNDk1Mi00OTYwLTg3NzQtYzFjNGQ4Y2JmNDU5
LzEvS20tUC0tQ1lraUJ4OE1uRHBnOWRfYzNrYmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcJ6MA0G
CSqGSIb3DQEBCwUAA4IBAQA5CL7AclztM/TtriMp4i4egP8dPQCkIaigiDLNo5X2
e7T1zM4ZWjsZtIcWRu+jOZLzOW1Un7e7axxeLuT47uW7jvmyrGldJqF/pbXsY6op
i2iHJq+3DiTBtATLnlH+QK3g1cNPHjlGo5Kw2QVGL3IR9GrSZf4jvBgUhPUxkxXs
/bsy6HKATvaab9f049pcejrwUdScPWhEmZEEIyL6qvv+iGbEghh0Bv1RD4OTfJrX
CRJh23u459mocN+GqoUA7O4EacUz0z6vo0TY4Fd31F9voAxE+L8qPcQ7boLgk546
RCMn4Xbd5uZflUn6F3keyWiB4q+0xvAcb3AsTflY7eVz
-----END CERTIFICATE-----