Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/URbxbhyVSxmC3IoX1cerAXUVCts.roa
File:                     URbxbhyVSxmC3IoX1cerAXUVCts.roa (raw, json)
Hash identifier:          3gWIXPZ0pvbaV7NdKSQBGMHoq1UP3v+LtrMntP6AmlQ=
Subject key identifier:   51:16:F1:6E:1C:95:4B:19:82:DC:8A:17:D5:C7:AB:01:75:15:0A:DB
Certificate issuer:       /CN=cd434fd859223ae76e8d78648a937295e8ecd79a
Certificate serial:       01930B5EEFD67984B9A5A8A7B4326EA2FB77
Authority key identifier: CD:43:4F:D8:59:22:3A:E7:6E:8D:78:64:8A:93:72:95:E8:EC:D7:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/URbxbhyVSxmC3IoX1cerAXUVCts.roa
Signing time:             Fri 08 Nov 2024 10:43:11 +0000
ROA not before:           Fri 08 Nov 2024 10:43:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44299
IP address blocks:        194.48.153.0/24 maxlen: 24
                          2a0c:6940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:5e:ef:d6:79:84:b9:a5:a8:a7:b4:32:6e:a2:fb:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd434fd859223ae76e8d78648a937295e8ecd79a
        Validity
            Not Before: Nov  8 10:43:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5116f16e1c954b1982dc8a17d5c7ab0175150adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e5:87:d0:09:74:27:b4:2d:90:c0:56:63:48:
                    b0:dc:51:e9:68:c8:72:cb:70:b0:9c:f1:86:86:c0:
                    36:61:71:36:fd:09:f4:dc:27:3b:d6:f8:c2:82:8e:
                    0e:0b:98:4c:58:93:e3:0b:e2:bd:62:07:7f:f4:5c:
                    9c:56:34:47:fa:cd:db:3a:53:f3:18:8f:0e:30:ab:
                    a5:30:fb:5d:9f:83:01:19:11:46:67:ac:98:fa:d5:
                    18:ca:e4:74:43:db:8b:20:c8:47:8f:f2:78:21:62:
                    e6:e3:2c:11:bb:3c:8b:40:d2:ae:3a:6e:e0:60:a8:
                    a1:bd:31:b8:3d:8f:59:b3:fc:f4:c6:84:93:62:56:
                    03:2b:ff:ea:29:cf:3f:50:0a:53:9f:77:6b:a0:88:
                    91:fc:aa:cf:3b:9d:2d:6d:02:eb:26:70:64:3e:84:
                    32:2c:5e:15:4f:c1:a9:55:4b:8f:6c:96:c5:13:30:
                    9f:57:1b:d4:74:b2:cb:46:10:06:f5:46:01:18:f5:
                    07:f6:72:01:e6:47:8d:e1:58:1f:38:e9:25:ca:f6:
                    a1:b9:7e:f8:fb:b4:55:41:5c:be:eb:de:60:15:65:
                    34:cb:5f:a9:1a:b7:ec:6f:a1:77:df:ac:08:df:b3:
                    d1:ed:84:0f:f4:c3:fb:03:82:fb:fc:a9:49:a4:7d:
                    8d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:16:F1:6E:1C:95:4B:19:82:DC:8A:17:D5:C7:AB:01:75:15:0A:DB
            X509v3 Authority Key Identifier:
                keyid:CD:43:4F:D8:59:22:3A:E7:6E:8D:78:64:8A:93:72:95:E8:EC:D7:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/URbxbhyVSxmC3IoX1cerAXUVCts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.153.0/24
                IPv6:
                  2a0c:6940::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:a2:ee:00:bb:e8:45:15:2a:d1:e1:74:41:79:39:39:38:b1:
         5b:76:e8:bb:75:ce:fa:c9:fc:24:b1:3a:2d:b2:4e:f4:5c:30:
         a2:02:13:fd:3f:27:c9:fe:48:9f:94:3b:fb:d5:1f:ca:08:cc:
         44:5d:80:41:3d:0f:ad:b8:9b:01:7b:f7:96:eb:44:6b:1a:b9:
         ab:be:f6:e4:c9:5e:32:04:f3:93:ad:b3:a8:64:cb:c7:09:e9:
         10:bf:d0:ea:0e:62:b2:a3:38:60:cf:fa:02:47:df:bb:b0:ed:
         c6:32:13:63:08:85:ad:3e:36:be:6f:ee:ad:4d:2b:da:31:79:
         f3:87:26:7b:40:39:1d:62:2f:22:5e:7b:f2:b9:16:23:de:be:
         0c:01:27:b0:f1:e6:11:49:d2:5f:60:3e:12:60:ec:14:9c:07:
         6c:43:b9:96:a5:f0:b7:19:79:f3:52:76:06:d0:a4:48:53:84:
         0f:70:ae:90:ee:77:93:af:b7:35:92:68:94:da:20:45:98:17:
         21:9d:b8:ee:d1:87:36:cc:6a:06:81:43:f3:86:21:51:f5:58:
         93:2b:74:68:ac:46:79:d9:32:54:19:5c:55:8b:67:51:ac:9f:
         81:13:31:fa:a6:6a:2c:ed:dd:b2:a9:ac:82:d1:cc:f5:02:51:
         63:d5:83:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMLXu/WeYS5paintDJuovt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDM0ZmQ4NTkyMjNhZTc2ZThkNzg2NDhhOTM3Mjk1ZThl
Y2Q3OWEwHhcNMjQxMTA4MTA0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE2ZjE2ZTFjOTU0YjE5ODJkYzhhMTdkNWM3YWIwMTc1MTUwYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquWH0Al0J7QtkMBWY0iw3FHpaMhy
y3CwnPGGhsA2YXE2/Qn03Cc71vjCgo4OC5hMWJPjC+K9Ygd/9FycVjRH+s3bOlPz
GI8OMKulMPtdn4MBGRFGZ6yY+tUYyuR0Q9uLIMhHj/J4IWLm4ywRuzyLQNKuOm7g
YKihvTG4PY9Zs/z0xoSTYlYDK//qKc8/UApTn3droIiR/KrPO50tbQLrJnBkPoQy
LF4VT8GpVUuPbJbFEzCfVxvUdLLLRhAG9UYBGPUH9nIB5keN4VgfOOklyvahuX74
+7RVQVy+695gFWU0y1+pGrfsb6F336wI37PR7YQP9MP7A4L7/KlJpH2NeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFEW8W4clUsZgtyKF9XHqwF1FQrbMB8GA1UdIwQY
MBaAFM1DT9hZIjrnbo14ZIqTcpXo7NeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVOUDJGa2lPdWR1alhoa2lwTnlsZWpzMTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zZDE4ZGMtNzNjNi00YzZmLThjMjgt
NWE1NzIzNGRkYjc2LzEvVVJieGJoeVZTeG1DM0lvWDFjZXJBWFVWQ3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zZDE4ZGMtNzNjNi00YzZmLThjMjgtNWE1NzIzNGRkYjc2
LzEvelVOUDJGa2lPdWR1alhoa2lwTnlsZWpzMTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwjCZMA0E
AgACMAcDBQMqDGlAMA0GCSqGSIb3DQEBCwUAA4IBAQBjou4Au+hFFSrR4XRBeTk5
OLFbdui7dc76yfwksTotsk70XDCiAhP9PyfJ/kiflDv71R/KCMxEXYBBPQ+tuJsB
e/eW60RrGrmrvvbkyV4yBPOTrbOoZMvHCekQv9DqDmKyozhgz/oCR9+7sO3GMhNj
CIWtPja+b+6tTSvaMXnzhyZ7QDkdYi8iXnvyuRYj3r4MASew8eYRSdJfYD4SYOwU
nAdsQ7mWpfC3GXnzUnYG0KRIU4QPcK6Q7neTr7c1kmiU2iBFmBchnbju0Yc2zGoG
gUPzhiFR9ViTK3RorEZ52TJUGVxVi2dRrJ+BEzH6pmos7d2yqayC0cz1AlFj1YNr
-----END CERTIFICATE-----