Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/02UNUsIQyfpAbMMmvTUZ33TeAmw.roa
File:                     02UNUsIQyfpAbMMmvTUZ33TeAmw.roa (raw, json)
Hash identifier:          RXwzkMXiWEIN9cpmS0j+E/p8BQSPaf5OEf8dEqFXk58=
Subject key identifier:   D3:65:0D:52:C2:10:C9:FA:40:6C:C3:26:BD:35:19:DF:74:DE:02:6C
Certificate issuer:       /CN=29e52842a6e2c50c0e2c0f5db891dd2d9656fafd
Certificate serial:       018E83E76AE5FE7EC2EE6BE454FC13838883
Authority key identifier: 29:E5:28:42:A6:E2:C5:0C:0E:2C:0F:5D:B8:91:DD:2D:96:56:FA:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/02UNUsIQyfpAbMMmvTUZ33TeAmw.roa
Signing time:             Thu 28 Mar 2024 07:12:45 +0000
ROA not before:           Thu 28 Mar 2024 07:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.104.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:83:e7:6a:e5:fe:7e:c2:ee:6b:e4:54:fc:13:83:88:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29e52842a6e2c50c0e2c0f5db891dd2d9656fafd
        Validity
            Not Before: Mar 28 07:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3650d52c210c9fa406cc326bd3519df74de026c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:80:ba:5f:65:a4:1b:f6:e8:f0:04:4e:0e:f4:
                    7b:15:2c:7b:be:2b:7c:74:dd:15:12:dd:b6:dd:85:
                    63:cc:68:82:2e:dc:17:56:e6:86:8c:e4:e3:8f:af:
                    91:bf:69:5b:93:d3:b8:ae:63:3b:f7:b8:a5:b2:34:
                    fb:1b:e0:62:d9:d8:f8:04:fa:ad:6c:73:bd:f1:38:
                    10:7a:7b:05:67:da:84:44:ac:83:ac:29:93:3b:a8:
                    b3:5c:89:42:fc:34:55:0b:82:94:66:71:44:74:bf:
                    14:cb:ab:73:3e:39:69:43:df:58:c9:67:93:c3:62:
                    e9:23:65:7e:11:d2:b9:71:64:9d:b4:e7:f5:d1:5f:
                    10:71:cd:33:23:1c:2d:26:d9:e1:98:41:95:6e:46:
                    09:ec:02:df:d3:f3:c3:10:b5:b3:eb:54:e6:2f:2c:
                    5a:6d:05:28:ba:d0:ba:1f:61:20:45:f3:6e:77:b5:
                    75:94:21:2e:c0:32:b4:ee:b1:b6:b8:06:b1:df:0d:
                    44:fe:6f:19:8f:13:b7:1f:29:ea:71:5f:8b:98:ad:
                    7c:db:cf:f5:00:72:35:cb:ee:20:36:80:fd:b4:72:
                    17:ef:6a:9b:56:21:49:1a:50:0a:04:cc:d8:45:46:
                    ed:9c:0f:f5:39:60:bf:06:b9:b1:05:1f:39:05:5f:
                    0b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:65:0D:52:C2:10:C9:FA:40:6C:C3:26:BD:35:19:DF:74:DE:02:6C
            X509v3 Authority Key Identifier:
                keyid:29:E5:28:42:A6:E2:C5:0C:0E:2C:0F:5D:B8:91:DD:2D:96:56:FA:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/02UNUsIQyfpAbMMmvTUZ33TeAmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:68:7e:61:fa:53:7b:ed:8c:49:ad:0f:04:92:83:7b:2c:0b:
         ca:f7:37:34:35:3a:b0:f0:a6:6e:b4:b8:de:ca:e1:c7:82:ce:
         c7:d2:76:d4:a9:4a:92:1f:df:bb:f2:d9:73:5b:19:60:29:80:
         3a:f2:4a:db:93:71:3b:e6:99:54:4a:62:f9:7e:4a:fe:a9:d1:
         3f:9e:5e:ba:3c:b9:fc:5d:54:e0:83:66:c6:ab:9a:73:ca:75:
         bd:01:ff:7c:5a:cd:b3:4b:dc:fd:d4:35:8f:5a:3c:9b:ba:a0:
         b3:d6:7c:69:15:4e:03:20:97:18:cc:ef:c0:84:de:da:9f:89:
         88:08:6b:2d:06:47:78:4b:67:5d:54:37:c0:62:3f:4f:81:db:
         61:95:29:a2:8f:66:dd:0e:84:37:8f:0a:6a:0b:f5:5f:29:e4:
         93:f0:1e:01:d9:9c:73:fa:c7:db:0a:a5:c6:12:39:30:a9:1e:
         ed:3b:98:b8:f4:8b:35:47:7e:85:10:06:2b:2a:3f:d6:3f:c3:
         81:36:53:f7:40:b7:08:0c:23:6f:32:70:cb:5f:4d:05:06:a2:
         9f:09:9f:da:e8:14:f9:ff:95:3d:ad:13:2e:94:88:ae:f8:5b:
         d4:64:e6:dc:a8:a3:1e:7f:a1:3d:95:b1:5e:9f:0c:e1:cf:36:
         4d:27:7e:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6D52rl/n7C7mvkVPwTg4iDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZTUyODQyYTZlMmM1MGMwZTJjMGY1ZGI4OTFkZDJkOTY1
NmZhZmQwHhcNMjQwMzI4MDcxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY1MGQ1MmMyMTBjOWZhNDA2Y2MzMjZiZDM1MTlkZjc0ZGUwMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIC6X2WkG/bo8ARODvR7FSx7vit8
dN0VEt223YVjzGiCLtwXVuaGjOTjj6+Rv2lbk9O4rmM797ilsjT7G+Bi2dj4BPqt
bHO98TgQensFZ9qERKyDrCmTO6izXIlC/DRVC4KUZnFEdL8Uy6tzPjlpQ99YyWeT
w2LpI2V+EdK5cWSdtOf10V8Qcc0zIxwtJtnhmEGVbkYJ7ALf0/PDELWz61TmLyxa
bQUoutC6H2EgRfNud7V1lCEuwDK07rG2uAax3w1E/m8ZjxO3HynqcV+LmK1828/1
AHI1y+4gNoD9tHIX72qbViFJGlAKBMzYRUbtnA/1OWC/BrmxBR85BV8LNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNlDVLCEMn6QGzDJr01Gd903gJsMB8GA1UdIwQY
MBaAFCnlKEKm4sUMDiwPXbiR3S2WVvr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2VVb1FxYml4UXdPTEE5ZHVKSGRMWlpXLXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yNThkZjItYjhmZi00YmRhLWEyMDAt
ZmJiMmUxNGNiYjc1LzEvMDJVTlVzSVF5ZnBBYk1NbXZUVVozM1RlQW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yNThkZjItYjhmZi00YmRhLWEyMDAtZmJiMmUxNGNiYjc1
LzEvS2VVb1FxYml4UXdPTEE5ZHVKSGRMWlpXLXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWggMA0G
CSqGSIb3DQEBCwUAA4IBAQAjaH5h+lN77YxJrQ8EkoN7LAvK9zc0NTqw8KZutLje
yuHHgs7H0nbUqUqSH9+78tlzWxlgKYA68krbk3E75plUSmL5fkr+qdE/nl66PLn8
XVTgg2bGq5pzynW9Af98Ws2zS9z91DWPWjybuqCz1nxpFU4DIJcYzO/AhN7an4mI
CGstBkd4S2ddVDfAYj9PgdthlSmij2bdDoQ3jwpqC/VfKeST8B4B2Zxz+sfbCqXG
EjkwqR7tO5i49Is1R36FEAYrKj/WP8OBNlP3QLcIDCNvMnDLX00FBqKfCZ/a6BT5
/5U9rRMulIiu+FvUZObcqKMef6E9lbFenwzhzzZNJ35L
-----END CERTIFICATE-----