Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/O_e41DfXLM8jw6ki6l91Lh5aEjQ.roa
File:                     O_e41DfXLM8jw6ki6l91Lh5aEjQ.roa (raw, json)
Hash identifier:          Ylv5msPxDQm7kXVVs64nW8tOpW3Hk+8uSgx1CohB8aw=
Subject key identifier:   3B:F7:B8:D4:37:D7:2C:CF:23:C3:A9:22:EA:5F:75:2E:1E:5A:12:34
Certificate issuer:       /CN=e33807426a7487a0844fdf4d7a52f0fb90bdb7d3
Certificate serial:       018CC64B32FE567B92059F5B837D563E4D26
Authority key identifier: E3:38:07:42:6A:74:87:A0:84:4F:DF:4D:7A:52:F0:FB:90:BD:B7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4zgHQmp0h6CET99NelLw-5C9t9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/O_e41DfXLM8jw6ki6l91Lh5aEjQ.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.8.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/4zgHQmp0h6CET99NelLw-5C9t9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/4zgHQmp0h6CET99NelLw-5C9t9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4zgHQmp0h6CET99NelLw-5C9t9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:32:fe:56:7b:92:05:9f:5b:83:7d:56:3e:4d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e33807426a7487a0844fdf4d7a52f0fb90bdb7d3
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bf7b8d437d72ccf23c3a922ea5f752e1e5a1234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:78:f2:a7:96:26:98:bf:15:ba:8e:d1:84:69:
                    57:4b:ba:83:2c:ed:d0:58:4c:be:70:2b:46:59:dc:
                    b0:de:f5:f7:b3:40:be:6f:d0:a6:8e:f5:c9:fe:ca:
                    5e:9c:37:f9:06:ad:ea:d0:e1:63:67:17:40:f8:ce:
                    40:45:40:b0:a3:6e:98:f9:44:c1:a8:83:ba:c9:84:
                    4c:1c:7d:17:e0:cc:af:05:b4:83:72:a7:fe:01:8c:
                    62:31:23:68:03:83:77:60:a0:fb:0e:3a:fd:ef:60:
                    6d:49:30:c9:70:e1:6b:18:0f:dc:c4:24:47:a0:92:
                    a4:97:d4:a1:24:17:1a:d3:9d:4a:b3:09:9f:74:56:
                    77:b6:dd:0e:d5:f3:3f:ed:6a:5c:c4:b7:3b:6d:66:
                    e1:7d:c0:0e:d3:1b:d0:ec:47:e2:1a:6e:3e:4f:1f:
                    53:83:7c:b0:3f:ca:13:5c:5d:ea:a0:48:62:05:1d:
                    1e:8a:ae:8b:25:b7:f1:cd:3f:cd:bd:4f:67:91:91:
                    0d:31:18:14:67:a7:0c:c6:47:2f:4c:0b:d2:4e:04:
                    f9:2f:a5:79:33:64:5a:3c:f7:fc:e0:07:51:a9:12:
                    95:85:4e:aa:ce:86:af:b2:7c:04:44:a1:a0:ba:ae:
                    f8:34:89:c2:70:bc:9d:54:b7:6b:07:db:f3:00:1e:
                    aa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F7:B8:D4:37:D7:2C:CF:23:C3:A9:22:EA:5F:75:2E:1E:5A:12:34
            X509v3 Authority Key Identifier:
                keyid:E3:38:07:42:6A:74:87:A0:84:4F:DF:4D:7A:52:F0:FB:90:BD:B7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4zgHQmp0h6CET99NelLw-5C9t9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/O_e41DfXLM8jw6ki6l91Lh5aEjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1750bd-47d6-4505-ab05-828197634976/1/4zgHQmp0h6CET99NelLw-5C9t9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:4d:13:a6:84:bb:76:87:65:2d:d5:9f:76:b8:d4:5c:8c:e1:
         81:ff:db:bc:5e:5a:e3:f1:c0:87:45:c2:62:8e:6e:a8:e0:a9:
         6d:d9:fd:4e:22:09:c1:96:98:b1:68:60:9c:2e:ab:e9:7c:32:
         4b:21:d9:03:ab:ab:e9:16:73:92:43:4a:1e:6f:87:ed:ad:29:
         6f:b5:df:84:a9:4a:f8:d6:0d:57:c2:cb:88:13:1f:2e:60:e5:
         e9:33:db:ee:57:05:06:26:ef:15:b8:af:23:fd:2f:04:42:9b:
         d1:82:ee:91:d8:21:e8:fd:0e:ff:f8:d7:1d:c0:46:6b:00:42:
         3c:d8:74:28:38:a8:ea:1c:0c:bd:83:b7:d6:7e:97:43:39:83:
         ba:8b:14:b3:be:73:d1:cb:cb:69:05:7b:cf:4f:48:24:19:2f:
         92:08:8e:f6:5d:aa:7d:58:a7:5a:c5:d4:02:6d:da:66:37:5c:
         28:16:2b:b4:86:79:d3:e8:2f:6b:bf:c5:92:c2:85:d4:c5:8a:
         9b:29:5c:aa:41:d8:cb:eb:13:2c:9a:f9:96:62:29:5f:25:b1:
         4e:20:3e:63:9b:dd:00:57:6d:a4:bc:2c:99:f8:9e:90:ac:11:
         3e:c1:1e:7f:04:28:ca:e5:17:2a:4a:e5:5e:fe:eb:af:b6:b2:
         e4:89:f1:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzL+VnuSBZ9bg31WPk0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMzgwNzQyNmE3NDg3YTA4NDRmZGY0ZDdhNTJmMGZiOTBi
ZGI3ZDMwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY3YjhkNDM3ZDcyY2NmMjNjM2E5MjJlYTVmNzUyZTFlNWExMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHjyp5YmmL8Vuo7RhGlXS7qDLO3Q
WEy+cCtGWdyw3vX3s0C+b9CmjvXJ/spenDf5Bq3q0OFjZxdA+M5ARUCwo26Y+UTB
qIO6yYRMHH0X4MyvBbSDcqf+AYxiMSNoA4N3YKD7Djr972BtSTDJcOFrGA/cxCRH
oJKkl9ShJBca051KswmfdFZ3tt0O1fM/7WpcxLc7bWbhfcAO0xvQ7EfiGm4+Tx9T
g3ywP8oTXF3qoEhiBR0eiq6LJbfxzT/NvU9nkZENMRgUZ6cMxkcvTAvSTgT5L6V5
M2RaPPf84AdRqRKVhU6qzoavsnwERKGguq74NInCcLydVLdrB9vzAB6qewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDv3uNQ31yzPI8OpIupfdS4eWhI0MB8GA1UdIwQY
MBaAFOM4B0JqdIeghE/fTXpS8PuQvbfTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHpnSFFtcDBoNkNFVDk5TmVsTHctNUM5dDlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xNzUwYmQtNDdkNi00NTA1LWFiMDUt
ODI4MTk3NjM0OTc2LzEvT19lNDFEZlhMTThqdzZraTZsOTFMaDVhRWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xNzUwYmQtNDdkNi00NTA1LWFiMDUtODI4MTk3NjM0OTc2
LzEvNHpnSFFtcDBoNkNFVDk5TmVsTHctNUM5dDlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj4MA0G
CSqGSIb3DQEBCwUAA4IBAQBKTROmhLt2h2Ut1Z92uNRcjOGB/9u8Xlrj8cCHRcJi
jm6o4Klt2f1OIgnBlpixaGCcLqvpfDJLIdkDq6vpFnOSQ0oeb4ftrSlvtd+EqUr4
1g1XwsuIEx8uYOXpM9vuVwUGJu8VuK8j/S8EQpvRgu6R2CHo/Q7/+NcdwEZrAEI8
2HQoOKjqHAy9g7fWfpdDOYO6ixSzvnPRy8tpBXvPT0gkGS+SCI72Xap9WKdaxdQC
bdpmN1woFiu0hnnT6C9rv8WSwoXUxYqbKVyqQdjL6xMsmvmWYilfJbFOID5jm90A
V22kvCyZ+J6QrBE+wR5/BCjK5RcqSuVe/uuvtrLkifEt
-----END CERTIFICATE-----