Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/PaIWTn6UbDEA0vW7VHvR5QC53mU.roa
File:                     PaIWTn6UbDEA0vW7VHvR5QC53mU.roa (raw, json)
Hash identifier:          VMswWyZ/DK0Gc6F9oqLmlxT9gne3SyKjP2SnD9g/+7A=
Subject key identifier:   3D:A2:16:4E:7E:94:6C:31:00:D2:F5:BB:54:7B:D1:E5:00:B9:DE:65
Certificate issuer:       /CN=82733146e3e9d6e11546317f75219ea202c5f92d
Certificate serial:       018D59652DB64C5CCD952BA5E3D485F5AD90
Authority key identifier: 82:73:31:46:E3:E9:D6:E1:15:46:31:7F:75:21:9E:A2:02:C5:F9:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/PaIWTn6UbDEA0vW7VHvR5QC53mU.roa
Signing time:             Tue 30 Jan 2024 08:03:39 +0000
ROA not before:           Tue 30 Jan 2024 08:03:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        193.39.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:65:2d:b6:4c:5c:cd:95:2b:a5:e3:d4:85:f5:ad:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82733146e3e9d6e11546317f75219ea202c5f92d
        Validity
            Not Before: Jan 30 08:03:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3da2164e7e946c3100d2f5bb547bd1e500b9de65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fb:9b:0d:32:ee:4a:1a:45:ab:03:02:5a:af:
                    3a:69:f7:11:5d:e0:51:13:72:95:d3:94:e1:04:58:
                    c0:26:e6:c2:03:cc:cd:e3:84:70:c5:04:0c:2f:fa:
                    2f:60:3b:28:ab:ab:df:ca:9a:bc:ed:10:79:50:23:
                    e3:47:72:63:ad:d1:48:b5:96:c6:03:eb:07:85:08:
                    02:7a:76:93:fd:f5:d8:d6:43:3d:2b:37:4c:e5:90:
                    b6:78:3e:ad:e8:fa:77:cf:3b:76:ac:97:8c:d3:6f:
                    14:12:bf:13:91:e7:47:07:28:25:d6:95:59:8e:75:
                    0e:b0:f0:d3:b7:d0:21:cf:dc:e5:fd:0b:7b:90:42:
                    14:25:81:a4:50:f3:62:c5:47:72:a7:8a:d4:c8:c4:
                    d6:2d:0c:8e:c8:7d:78:35:c4:39:4d:64:0b:60:be:
                    fe:3a:dd:45:fd:da:32:ff:4c:68:7c:4f:87:25:f7:
                    82:4a:58:9d:32:60:1b:94:80:a3:b4:b0:bf:a9:49:
                    4b:66:d8:4f:d4:14:62:4b:24:ff:ae:01:1b:ce:90:
                    a0:86:df:9a:fc:dd:37:02:c9:32:bd:5b:1e:c6:f3:
                    b9:b0:4c:72:a4:d5:17:06:31:3a:46:6a:4b:4a:39:
                    4f:ea:91:fe:bf:cd:45:22:ef:37:da:b7:22:5f:4b:
                    0e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A2:16:4E:7E:94:6C:31:00:D2:F5:BB:54:7B:D1:E5:00:B9:DE:65
            X509v3 Authority Key Identifier:
                keyid:82:73:31:46:E3:E9:D6:E1:15:46:31:7F:75:21:9E:A2:02:C5:F9:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/PaIWTn6UbDEA0vW7VHvR5QC53mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:34:05:d6:ec:e0:3f:e2:98:98:b0:4c:12:a1:e8:38:e4:f3:
         e8:0f:91:17:c3:b5:9e:65:dd:cf:54:21:c9:d2:5d:5b:9e:b5:
         16:0f:d9:62:b1:da:3d:7b:82:f9:fd:cd:a2:e9:c7:fe:d9:ed:
         f3:a8:d3:b0:93:73:9b:64:e1:ff:f1:46:76:e4:e9:1c:81:21:
         3f:ef:51:75:82:d5:c3:1e:50:52:8d:fa:e7:e7:7c:04:a6:db:
         3b:8a:32:7a:8a:4d:58:05:a1:88:81:93:d3:58:c2:db:22:ad:
         58:5e:44:5b:d9:2a:b2:61:48:bf:d4:78:91:48:ef:f8:b6:67:
         73:3d:a5:bb:b3:5d:e5:fa:57:53:38:d4:f2:cd:c6:aa:68:f6:
         71:04:2e:f2:04:a2:82:a5:f4:33:bb:13:80:b8:7a:f1:e1:1a:
         9f:ec:db:54:af:c2:97:e4:83:87:b3:75:67:fe:71:79:e1:08:
         50:8f:c4:65:20:a6:b8:07:c7:b0:11:99:a6:9a:56:ba:bb:24:
         6b:55:d7:6f:2f:37:c7:a2:b1:53:4c:cf:ca:c3:2f:20:ba:39:
         a4:5c:ab:49:b5:c0:3b:cb:e4:f9:d1:5e:ed:ca:31:2e:aa:6c:
         1d:86:41:4f:50:39:1d:e8:ab:c6:a5:fc:81:06:36:92:0f:35:
         c1:4d:83:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ZZS22TFzNlSul49SF9a2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzMzMTQ2ZTNlOWQ2ZTExNTQ2MzE3Zjc1MjE5ZWEyMDJj
NWY5MmQwHhcNMjQwMTMwMDgwMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGEyMTY0ZTdlOTQ2YzMxMDBkMmY1YmI1NDdiZDFlNTAwYjlkZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fubDTLuShpFqwMCWq86afcRXeBR
E3KV05ThBFjAJubCA8zN44RwxQQML/ovYDsoq6vfypq87RB5UCPjR3JjrdFItZbG
A+sHhQgCenaT/fXY1kM9KzdM5ZC2eD6t6Pp3zzt2rJeM028UEr8TkedHBygl1pVZ
jnUOsPDTt9Ahz9zl/Qt7kEIUJYGkUPNixUdyp4rUyMTWLQyOyH14NcQ5TWQLYL7+
Ot1F/doy/0xofE+HJfeCSlidMmAblICjtLC/qUlLZthP1BRiSyT/rgEbzpCght+a
/N03AskyvVsexvO5sExypNUXBjE6RmpLSjlP6pH+v81FIu832rciX0sOtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2iFk5+lGwxANL1u1R70eUAud5lMB8GA1UdIwQY
MBaAFIJzMUbj6dbhFUYxf3UhnqICxfktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25NeFJ1UHAxdUVWUmpGX2RTR2VvZ0xGLVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS80ZDVlMTYtNWU2NS00ZWQ4LWJiZTMt
YmFjYjAyODUzOGRjLzEvUGFJV1RuNlViREVBMHZXN1ZIdlI1UUM1M21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS80ZDVlMTYtNWU2NS00ZWQ4LWJiZTMtYmFjYjAyODUzOGRj
LzEvZ25NeFJ1UHAxdUVWUmpGX2RTR2VvZ0xGLVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSdzMA0G
CSqGSIb3DQEBCwUAA4IBAQBsNAXW7OA/4piYsEwSoeg45PPoD5EXw7WeZd3PVCHJ
0l1bnrUWD9lisdo9e4L5/c2i6cf+2e3zqNOwk3ObZOH/8UZ25OkcgSE/71F1gtXD
HlBSjfrn53wEpts7ijJ6ik1YBaGIgZPTWMLbIq1YXkRb2SqyYUi/1HiRSO/4tmdz
PaW7s13l+ldTONTyzcaqaPZxBC7yBKKCpfQzuxOAuHrx4Rqf7NtUr8KX5IOHs3Vn
/nF54QhQj8RlIKa4B8ewEZmmmla6uyRrVddvLzfHorFTTM/Kwy8gujmkXKtJtcA7
y+T50V7tyjEuqmwdhkFPUDkd6KvGpfyBBjaSDzXBTYOy
-----END CERTIFICATE-----