Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/OnnK7Gpfkdg677hPdFUAC74Slbw.roa
File:                     OnnK7Gpfkdg677hPdFUAC74Slbw.roa (raw, json)
Hash identifier:          vKBQUn41hyzX9vQKbp6gVTVfeK53morsZzwwcyyq+xM=
Subject key identifier:   3A:79:CA:EC:6A:5F:91:D8:3A:EF:B8:4F:74:55:00:0B:BE:12:95:BC
Certificate issuer:       /CN=212ed13b1ab7da090aee42f6aedddfdbb156a5f8
Certificate serial:       018CCA2A6CDC643D63A430FE4B894DAF8B56
Authority key identifier: 21:2E:D1:3B:1A:B7:DA:09:0A:EE:42:F6:AE:DD:DF:DB:B1:56:A5:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IS7ROxq32gkK7kL2rt3f27FWpfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/OnnK7Gpfkdg677hPdFUAC74Slbw.roa
Signing time:             Tue 02 Jan 2024 12:33:47 +0000
ROA not before:           Tue 02 Jan 2024 12:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48626
IP address blocks:        193.34.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/IS7ROxq32gkK7kL2rt3f27FWpfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/IS7ROxq32gkK7kL2rt3f27FWpfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IS7ROxq32gkK7kL2rt3f27FWpfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6c:dc:64:3d:63:a4:30:fe:4b:89:4d:af:8b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=212ed13b1ab7da090aee42f6aedddfdbb156a5f8
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a79caec6a5f91d83aefb84f7455000bbe1295bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ab:32:57:fa:c7:8b:a4:ed:63:8d:6c:dc:fc:
                    d3:f4:57:87:e6:de:8f:5d:4c:ab:d2:12:e1:16:ff:
                    8f:bf:d1:4e:b2:4c:d5:97:ca:35:7c:60:f8:4b:91:
                    da:43:f3:53:d3:ea:99:b8:cc:e1:85:22:ca:ed:23:
                    64:d0:b7:00:8c:be:56:7a:9a:39:3d:97:15:29:04:
                    27:5c:f8:93:cb:4e:ca:f5:ae:e2:8a:4b:75:1c:05:
                    68:cd:f5:93:5d:99:11:f6:e9:81:53:57:c1:89:40:
                    24:9a:09:7d:ba:c4:81:db:35:55:8b:f4:85:91:6c:
                    06:36:5a:52:fd:e6:8b:22:0c:4e:6e:49:57:81:48:
                    e6:2f:4b:0f:30:67:51:04:0d:ae:9c:f0:89:f6:9e:
                    98:3c:1d:12:3c:4c:7d:bc:34:e7:af:a5:34:b3:b1:
                    cb:ce:5d:18:14:96:6b:c0:c5:5e:c4:58:03:15:55:
                    d7:63:cb:5d:0b:d7:e9:a1:b0:49:fe:83:07:03:5a:
                    ef:87:0c:66:8b:c0:dc:0b:2c:7a:43:5b:e6:c1:e3:
                    ab:f8:2b:79:5e:1f:57:2a:26:b7:50:5a:f1:be:89:
                    81:bd:1c:18:69:c4:20:6c:47:ce:be:56:3f:97:97:
                    52:c1:3c:ba:59:63:6a:b2:a5:22:71:e6:4a:79:2f:
                    e2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:79:CA:EC:6A:5F:91:D8:3A:EF:B8:4F:74:55:00:0B:BE:12:95:BC
            X509v3 Authority Key Identifier:
                keyid:21:2E:D1:3B:1A:B7:DA:09:0A:EE:42:F6:AE:DD:DF:DB:B1:56:A5:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IS7ROxq32gkK7kL2rt3f27FWpfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/OnnK7Gpfkdg677hPdFUAC74Slbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/726869-bd53-4d75-b7e2-34349331d104/1/IS7ROxq32gkK7kL2rt3f27FWpfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:0d:1c:9f:aa:59:30:23:2e:46:a3:03:ed:34:a7:b9:80:fc:
         27:59:9e:ab:11:8a:2f:4f:17:d6:e5:80:90:8a:af:1e:b1:3c:
         72:b0:d7:38:47:b6:78:0c:f7:8f:63:c6:76:48:0c:01:c8:ec:
         2b:99:4b:65:b7:8e:9b:41:9c:09:63:40:6a:9b:6e:8d:4f:35:
         c0:9e:e8:21:02:8d:a5:66:f3:6c:9b:4d:f6:5a:44:48:63:82:
         91:f4:c6:83:38:a2:81:04:a2:e6:d3:81:45:da:bf:15:3a:38:
         a7:45:2e:4a:ff:48:45:57:e8:2e:31:5c:c1:10:f2:be:62:6c:
         5b:ab:e1:a8:39:b3:51:03:b9:e7:aa:c9:e2:f7:d8:4c:41:db:
         dd:87:32:3b:47:31:b8:e9:aa:c1:b4:7b:49:22:87:a9:c7:fa:
         6f:32:81:82:2e:3a:f9:2c:86:ee:62:dd:1c:71:30:ac:99:09:
         32:93:74:19:9e:73:e9:8a:19:08:52:4d:da:b4:a3:02:fa:76:
         55:8a:87:ef:d1:db:66:18:14:43:a7:c0:ef:78:b1:67:95:91:
         87:80:31:0d:89:c5:d4:c6:91:28:e0:2d:88:fb:3b:15:e8:57:
         63:ab:31:cf:bc:f6:a9:f8:3d:8b:6c:3a:08:4a:f8:c6:79:21:
         84:44:e5:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmzcZD1jpDD+S4lNr4tWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMmVkMTNiMWFiN2RhMDkwYWVlNDJmNmFlZGRkZmRiYjE1
NmE1ZjgwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc5Y2FlYzZhNWY5MWQ4M2FlZmI4NGY3NDU1MDAwYmJlMTI5NWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlasyV/rHi6TtY41s3PzT9FeH5t6P
XUyr0hLhFv+Pv9FOskzVl8o1fGD4S5HaQ/NT0+qZuMzhhSLK7SNk0LcAjL5Wepo5
PZcVKQQnXPiTy07K9a7iikt1HAVozfWTXZkR9umBU1fBiUAkmgl9usSB2zVVi/SF
kWwGNlpS/eaLIgxObklXgUjmL0sPMGdRBA2unPCJ9p6YPB0SPEx9vDTnr6U0s7HL
zl0YFJZrwMVexFgDFVXXY8tdC9fpobBJ/oMHA1rvhwxmi8DcCyx6Q1vmweOr+Ct5
Xh9XKia3UFrxvomBvRwYacQgbEfOvlY/l5dSwTy6WWNqsqUiceZKeS/i1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp5yuxqX5HYOu+4T3RVAAu+EpW8MB8GA1UdIwQY
MBaAFCEu0Tsat9oJCu5C9q7d39uxVqX4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVM3Uk94cTMyZ2tLN2tMMnJ0M2YyN0ZXcGZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS83MjY4NjktYmQ1My00ZDc1LWI3ZTIt
MzQzNDkzMzFkMTA0LzEvT25uSzdHcGZrZGc2NzdoUGRGVUFDNzRTbGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS83MjY4NjktYmQ1My00ZDc1LWI3ZTItMzQzNDkzMzFkMTA0
LzEvSVM3Uk94cTMyZ2tLN2tMMnJ0M2YyN0ZXcGZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSI0MA0G
CSqGSIb3DQEBCwUAA4IBAQCEDRyfqlkwIy5GowPtNKe5gPwnWZ6rEYovTxfW5YCQ
iq8esTxysNc4R7Z4DPePY8Z2SAwByOwrmUtlt46bQZwJY0Bqm26NTzXAnughAo2l
ZvNsm032WkRIY4KR9MaDOKKBBKLm04FF2r8VOjinRS5K/0hFV+guMVzBEPK+Ymxb
q+GoObNRA7nnqsni99hMQdvdhzI7RzG46arBtHtJIoepx/pvMoGCLjr5LIbuYt0c
cTCsmQkyk3QZnnPpihkIUk3atKMC+nZViofv0dtmGBRDp8DveLFnlZGHgDENicXU
xpEo4C2I+zsV6FdjqzHPvPap+D2LbDoISvjGeSGEROWE
-----END CERTIFICATE-----