Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/l_EZY5w4wxDMjSEhdDhvjiWXPaA.roa
File:                     l_EZY5w4wxDMjSEhdDhvjiWXPaA.roa (raw, json)
Hash identifier:          0O3ZN25hdapV+usFr4R2OPkh+FsiEQ8hRp4dQBHlr2k=
Subject key identifier:   97:F1:19:63:9C:38:C3:10:CC:8D:21:21:74:38:6F:8E:25:97:3D:A0
Certificate issuer:       /CN=276e13525244af0d2e640aba29b0f8236bc61e20
Certificate serial:       01936A8A047240E08BC18ABBF87A05FA13BA
Authority key identifier: 27:6E:13:52:52:44:AF:0D:2E:64:0A:BA:29:B0:F8:23:6B:C6:1E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J24TUlJErw0uZAq6KbD4I2vGHiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/l_EZY5w4wxDMjSEhdDhvjiWXPaA.roa
Signing time:             Tue 26 Nov 2024 22:14:10 +0000
ROA not before:           Tue 26 Nov 2024 22:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205358
IP address blocks:        193.17.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/J24TUlJErw0uZAq6KbD4I2vGHiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/J24TUlJErw0uZAq6KbD4I2vGHiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J24TUlJErw0uZAq6KbD4I2vGHiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6a:8a:04:72:40:e0:8b:c1:8a:bb:f8:7a:05:fa:13:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=276e13525244af0d2e640aba29b0f8236bc61e20
        Validity
            Not Before: Nov 26 22:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97f119639c38c310cc8d212174386f8e25973da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:38:5c:36:e9:71:0e:43:e7:6d:f4:51:f6:b5:
                    93:57:78:fc:ea:0f:bd:69:87:df:9a:2c:f7:a1:d0:
                    83:31:6e:33:bf:6b:43:af:50:b0:4a:82:f5:89:45:
                    78:a4:ae:6c:3e:51:ae:0f:40:90:a5:0f:a4:4d:cd:
                    9d:02:80:7b:2a:ae:07:6b:fa:7a:b9:7e:0a:fc:d7:
                    d5:aa:81:37:33:ce:24:a7:e6:24:fa:6f:28:a4:b2:
                    f9:b0:98:80:01:2d:17:cd:23:92:f0:4e:3d:ee:b8:
                    ab:61:c0:f8:b6:03:e0:a7:6e:4f:ea:93:fb:8e:b4:
                    d8:3b:9c:bb:7e:38:0e:f0:42:d0:1d:cd:ae:3f:91:
                    3c:0e:98:98:06:35:01:61:26:e4:7b:b4:a7:8f:4d:
                    c0:46:0e:16:bf:d3:29:a6:c4:71:40:3c:96:35:dd:
                    67:6c:19:05:cf:db:82:bc:a7:92:07:95:d2:41:f9:
                    61:da:3a:ff:84:18:4e:4e:59:3c:96:80:af:30:e2:
                    e0:24:03:71:ce:63:f0:f0:4a:c8:e5:ae:51:7b:55:
                    2c:dd:a7:2c:f2:29:17:12:ac:ff:4c:af:9e:d0:27:
                    0b:9c:63:db:88:1e:4f:d5:85:96:36:71:65:8e:05:
                    f0:0e:4f:75:9a:a5:60:0c:12:2f:47:64:d7:95:9a:
                    1f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F1:19:63:9C:38:C3:10:CC:8D:21:21:74:38:6F:8E:25:97:3D:A0
            X509v3 Authority Key Identifier:
                keyid:27:6E:13:52:52:44:AF:0D:2E:64:0A:BA:29:B0:F8:23:6B:C6:1E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J24TUlJErw0uZAq6KbD4I2vGHiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/l_EZY5w4wxDMjSEhdDhvjiWXPaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3dd1ae-7b90-4b57-8a3c-4099f4aa9369/1/J24TUlJErw0uZAq6KbD4I2vGHiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:28:7a:9d:cd:38:a5:ba:c3:f9:ca:4c:16:91:e5:31:fa:b9:
         49:9e:bb:d8:30:7d:ab:29:17:39:bc:13:0c:a8:44:fe:f1:b7:
         7e:c6:b4:1c:0e:cb:5d:b6:13:fc:d3:81:47:b9:92:a1:40:86:
         73:6e:a4:06:b1:18:7a:52:29:af:b0:11:17:39:9a:54:ba:fa:
         7a:91:04:22:d6:6c:3a:a0:56:c4:f8:97:38:a3:42:b0:10:83:
         1b:e5:b6:c5:ba:77:ea:3f:71:e5:51:e5:f3:80:34:74:f0:b6:
         52:c8:41:8b:a0:77:20:6a:f3:ed:95:3d:10:d7:8f:7f:62:ef:
         55:0d:ca:c1:1f:ce:6e:05:51:ba:f2:49:e2:25:73:ea:83:ee:
         cf:f8:22:f6:3d:e3:94:0f:7d:9a:e2:d5:e5:c1:d3:6d:ba:e6:
         ac:a1:21:fa:f2:1e:e9:8a:7d:8d:36:97:22:0a:0b:e7:34:9b:
         f7:b7:99:5c:e9:62:d0:64:79:ef:7b:4c:4e:50:6b:e3:b3:ff:
         a2:20:06:0b:15:88:9a:ba:b4:da:45:40:23:a7:20:2c:40:11:
         50:45:23:5a:56:1d:2c:c6:a4:d3:0c:60:31:b6:00:ff:29:8a:
         0f:89:51:a2:98:01:ca:20:e5:d3:3f:30:62:f6:dc:4e:f6:e8:
         f1:95:51:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNqigRyQOCLwYq7+HoF+hO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NmUxMzUyNTI0NGFmMGQyZTY0MGFiYTI5YjBmODIzNmJj
NjFlMjAwHhcNMjQxMTI2MjIxNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2YxMTk2MzljMzhjMzEwY2M4ZDIxMjE3NDM4NmY4ZTI1OTczZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zhcNulxDkPnbfRR9rWTV3j86g+9
aYffmiz3odCDMW4zv2tDr1CwSoL1iUV4pK5sPlGuD0CQpQ+kTc2dAoB7Kq4Ha/p6
uX4K/NfVqoE3M84kp+Yk+m8opLL5sJiAAS0XzSOS8E497rirYcD4tgPgp25P6pP7
jrTYO5y7fjgO8ELQHc2uP5E8DpiYBjUBYSbke7Snj03ARg4Wv9MppsRxQDyWNd1n
bBkFz9uCvKeSB5XSQflh2jr/hBhOTlk8loCvMOLgJANxzmPw8ErI5a5Re1Us3acs
8ikXEqz/TK+e0CcLnGPbiB5P1YWWNnFljgXwDk91mqVgDBIvR2TXlZof/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfxGWOcOMMQzI0hIXQ4b44llz2gMB8GA1UdIwQY
MBaAFCduE1JSRK8NLmQKuimw+CNrxh4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjI0VFVsSkVydzB1WkFxNktiRDRJMnZHSGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zZGQxYWUtN2I5MC00YjU3LThhM2Mt
NDA5OWY0YWE5MzY5LzEvbF9FWlk1dzR3eERNalNFaGREaHZqaVdYUGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zZGQxYWUtN2I5MC00YjU3LThhM2MtNDA5OWY0YWE5MzY5
LzEvSjI0VFVsSkVydzB1WkFxNktiRDRJMnZHSGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwREgMA0G
CSqGSIb3DQEBCwUAA4IBAQDWKHqdzTilusP5ykwWkeUx+rlJnrvYMH2rKRc5vBMM
qET+8bd+xrQcDstdthP804FHuZKhQIZzbqQGsRh6UimvsBEXOZpUuvp6kQQi1mw6
oFbE+Jc4o0KwEIMb5bbFunfqP3HlUeXzgDR08LZSyEGLoHcgavPtlT0Q149/Yu9V
DcrBH85uBVG68kniJXPqg+7P+CL2PeOUD32a4tXlwdNtuuasoSH68h7pin2NNpci
CgvnNJv3t5lc6WLQZHnve0xOUGvjs/+iIAYLFYiaurTaRUAjpyAsQBFQRSNaVh0s
xqTTDGAxtgD/KYoPiVGimAHKIOXTPzBi9txO9ujxlVGH
-----END CERTIFICATE-----