Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/I3asWb0Ke_YTZ9x8-oMXPECbM9c.roa
File:                     I3asWb0Ke_YTZ9x8-oMXPECbM9c.roa (raw, json)
Hash identifier:          DFO6kXzPePgIeZm2V5GpwnQuioD5uOOrmUgP/RCLs14=
Subject key identifier:   23:76:AC:59:BD:0A:7B:F6:13:67:DC:7C:FA:83:17:3C:40:9B:33:D7
Certificate issuer:       /CN=40c3d37be435a9c33f1c63e50d0d6464ed161004
Certificate serial:       0194258E992D2D261CE97D11E9EAECED06F2
Authority key identifier: 40:C3:D3:7B:E4:35:A9:C3:3F:1C:63:E5:0D:0D:64:64:ED:16:10:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/I3asWb0Ke_YTZ9x8-oMXPECbM9c.roa
Signing time:             Thu 02 Jan 2025 05:48:09 +0000
ROA not before:           Thu 02 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        193.239.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:99:2d:2d:26:1c:e9:7d:11:e9:ea:ec:ed:06:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40c3d37be435a9c33f1c63e50d0d6464ed161004
        Validity
            Not Before: Jan  2 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2376ac59bd0a7bf61367dc7cfa83173c409b33d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:48:96:39:78:2b:cc:08:a5:65:5e:5d:81:e2:
                    3b:f9:b4:e0:d9:0a:3e:70:1a:f4:c8:65:22:5c:69:
                    bb:e0:17:22:c7:4b:37:62:ae:49:e1:3d:6c:a6:27:
                    94:e7:6a:c5:41:ba:e3:bb:bb:dd:51:c6:d7:fb:6b:
                    7c:ca:60:6b:11:20:65:dc:c9:37:26:23:ab:24:5d:
                    ef:67:08:3c:d5:cb:11:09:dd:f7:e5:5c:68:f6:15:
                    24:c0:00:64:dd:05:63:e7:31:09:86:66:aa:ad:80:
                    f8:a9:60:69:03:d1:f2:b7:30:1a:ef:bd:18:85:f1:
                    6b:84:8c:33:60:1c:0b:53:a6:15:de:d3:73:c5:60:
                    da:5e:3b:da:85:5b:df:a9:dd:25:8b:b1:b2:bf:1a:
                    1a:10:bc:06:89:81:ef:55:50:36:4b:85:7c:33:43:
                    b9:d6:20:d4:9c:75:70:12:86:82:61:c9:60:b2:62:
                    60:c9:d8:72:f6:bc:95:cc:ed:9c:54:e8:f0:88:63:
                    88:74:a7:16:14:24:b3:c9:01:fb:9f:ec:c2:8b:2c:
                    4b:26:23:a2:f8:c2:9a:a2:57:fa:35:6a:6d:2f:57:
                    fe:50:0e:85:01:b1:1b:fc:a3:c7:be:d3:bb:42:e1:
                    96:2c:6e:6f:1b:60:7b:ec:77:69:b5:fc:74:1f:e6:
                    7e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:76:AC:59:BD:0A:7B:F6:13:67:DC:7C:FA:83:17:3C:40:9B:33:D7
            X509v3 Authority Key Identifier:
                keyid:40:C3:D3:7B:E4:35:A9:C3:3F:1C:63:E5:0D:0D:64:64:ED:16:10:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/I3asWb0Ke_YTZ9x8-oMXPECbM9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:79:33:3c:14:95:84:4f:ba:18:59:cc:70:d3:81:fb:df:f1:
         d2:9f:1d:70:ae:eb:5b:29:4d:05:05:46:ca:bf:99:90:8b:db:
         14:58:af:00:be:7d:da:c8:c0:0e:61:a3:e3:db:69:f2:e4:ad:
         79:38:bf:f6:63:47:60:28:93:22:d5:fa:4a:be:5d:e4:16:31:
         62:59:be:ec:81:5a:76:98:21:84:a7:91:25:20:27:39:88:55:
         69:40:c7:c2:3e:40:8e:9a:70:40:d7:49:c9:d6:ae:08:fa:f1:
         7a:ef:5b:fc:ef:4a:bb:45:75:d3:74:85:b9:48:53:91:2b:ba:
         8f:fd:2d:74:8b:32:27:95:3b:4b:1a:7f:f7:5d:a3:35:4f:b3:
         9a:37:33:ad:64:18:f1:bf:13:f1:25:f8:f7:96:d3:fd:8e:39:
         9b:62:f1:49:e6:61:1a:e4:a5:9c:9a:5f:9c:7b:02:7d:f3:38:
         ab:ed:5d:d6:6c:da:fe:19:94:3a:4b:36:c3:6f:6b:ad:fe:d6:
         05:3d:a4:ac:76:0d:f4:6a:69:d4:db:fd:6c:e5:8c:18:5e:3f:
         4d:e0:e1:7b:c8:5d:48:7a:4d:42:19:5f:15:26:e9:fa:ab:a0:
         83:9f:72:2c:37:05:5b:f4:1a:5d:3e:31:f4:95:6c:8c:22:7b:
         86:cf:6c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljpktLSYc6X0R6ers7QbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYzNkMzdiZTQzNWE5YzMzZjFjNjNlNTBkMGQ2NDY0ZWQx
NjEwMDQwHhcNMjUwMTAyMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzc2YWM1OWJkMGE3YmY2MTM2N2RjN2NmYTgzMTczYzQwOWIzM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEiWOXgrzAilZV5dgeI7+bTg2Qo+
cBr0yGUiXGm74Bcix0s3Yq5J4T1spieU52rFQbrju7vdUcbX+2t8ymBrESBl3Mk3
JiOrJF3vZwg81csRCd335Vxo9hUkwABk3QVj5zEJhmaqrYD4qWBpA9HytzAa770Y
hfFrhIwzYBwLU6YV3tNzxWDaXjvahVvfqd0li7GyvxoaELwGiYHvVVA2S4V8M0O5
1iDUnHVwEoaCYclgsmJgydhy9ryVzO2cVOjwiGOIdKcWFCSzyQH7n+zCiyxLJiOi
+MKaolf6NWptL1f+UA6FAbEb/KPHvtO7QuGWLG5vG2B77Hdptfx0H+Z+JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCN2rFm9Cnv2E2fcfPqDFzxAmzPXMB8GA1UdIwQY
MBaAFEDD03vkNanDPxxj5Q0NZGTtFhAEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU1QVGUtUTFxY01fSEdQbERRMWtaTzBXRUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi83ZTNjN2YtMjE4NC00MDNkLTgwY2Yt
NmU0YjNjOTJhODI3LzEvSTNhc1diMEtlX1lUWjl4OC1vTVhQRUNiTTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi83ZTNjN2YtMjE4NC00MDNkLTgwY2YtNmU0YjNjOTJhODI3
LzEvUU1QVGUtUTFxY01fSEdQbERRMWtaTzBXRUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+uMA0G
CSqGSIb3DQEBCwUAA4IBAQB1eTM8FJWET7oYWcxw04H73/HSnx1wrutbKU0FBUbK
v5mQi9sUWK8Avn3ayMAOYaPj22ny5K15OL/2Y0dgKJMi1fpKvl3kFjFiWb7sgVp2
mCGEp5ElICc5iFVpQMfCPkCOmnBA10nJ1q4I+vF671v870q7RXXTdIW5SFORK7qP
/S10izInlTtLGn/3XaM1T7OaNzOtZBjxvxPxJfj3ltP9jjmbYvFJ5mEa5KWcml+c
ewJ98zir7V3WbNr+GZQ6SzbDb2ut/tYFPaSsdg30amnU2/1s5YwYXj9N4OF7yF1I
ek1CGV8VJun6q6CDn3IsNwVb9BpdPjH0lWyMInuGz2wi
-----END CERTIFICATE-----