Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/eTNJAVgVhQEPOgwjkiuym6Aq7dI.roa
File:                     eTNJAVgVhQEPOgwjkiuym6Aq7dI.roa (raw, json)
Hash identifier:          pSwQDQRTWTvBiUA7hqsL8eVffpuqebZFLi89azLE72o=
Subject key identifier:   79:33:49:01:58:15:85:01:0F:3A:0C:23:92:2B:B2:9B:A0:2A:ED:D2
Certificate issuer:       /CN=878f7b7240c58ad7e9eef50574f6088e9b90b02d
Certificate serial:       018CC34907D993EFB8F3AE9E7840C0AB53E3
Authority key identifier: 87:8F:7B:72:40:C5:8A:D7:E9:EE:F5:05:74:F6:08:8E:9B:90:B0:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/eTNJAVgVhQEPOgwjkiuym6Aq7dI.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29396
IP address blocks:        193.222.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:07:d9:93:ef:b8:f3:ae:9e:78:40:c0:ab:53:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=878f7b7240c58ad7e9eef50574f6088e9b90b02d
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79334901581585010f3a0c23922bb29ba02aedd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:29:3d:49:3d:24:c6:d6:7c:2a:9d:49:0e:a0:
                    ff:14:89:19:2c:09:49:cc:5a:e1:3e:e7:7f:8a:e3:
                    1b:07:1d:a3:f5:b5:21:77:be:ce:3d:fe:ed:3f:06:
                    5a:2e:15:57:02:ff:36:fd:6e:32:94:fe:e7:18:f4:
                    36:fd:12:f8:7f:6b:e2:98:7a:e8:b6:e8:49:91:8c:
                    d3:7f:7b:02:fa:12:96:ce:f9:a5:ac:d3:a9:15:83:
                    bb:45:20:9c:ad:78:d6:31:14:f3:0d:a5:d5:a5:ce:
                    a3:a0:72:2c:fe:18:e9:14:f9:9d:44:b4:e3:19:66:
                    73:bb:7d:59:72:f6:9c:c7:b2:4a:9b:aa:03:e4:c4:
                    f7:c5:b4:eb:a9:08:08:59:63:b6:67:f2:c9:12:38:
                    eb:9f:8b:96:58:60:cc:19:72:e8:50:9d:8b:a9:f2:
                    7e:02:65:59:3c:d1:c1:9a:cf:e8:20:8a:36:ba:28:
                    c7:26:55:83:ec:ce:17:57:ab:32:bf:a5:1d:4e:cc:
                    80:8f:72:5e:fd:70:9a:f6:2b:63:61:38:5c:53:df:
                    4c:03:d1:ab:dd:21:da:77:b5:5d:4f:2f:e7:d0:40:
                    05:94:2b:07:00:87:39:43:23:f8:c4:de:cb:25:70:
                    09:07:48:6a:fd:27:2a:28:7d:7f:8f:5b:a7:02:4a:
                    32:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:33:49:01:58:15:85:01:0F:3A:0C:23:92:2B:B2:9B:A0:2A:ED:D2
            X509v3 Authority Key Identifier:
                keyid:87:8F:7B:72:40:C5:8A:D7:E9:EE:F5:05:74:F6:08:8E:9B:90:B0:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/eTNJAVgVhQEPOgwjkiuym6Aq7dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:95:a4:96:d5:43:f3:0a:56:d3:ec:7c:f6:24:d3:83:f2:5e:
         d6:1e:5e:4f:52:77:57:ab:33:ca:3b:e2:aa:d2:62:d5:4c:8c:
         0c:1a:34:b5:35:0f:6c:82:76:87:0c:8c:08:b6:b4:dc:79:9c:
         29:86:80:5b:3e:4c:f3:25:26:93:a4:86:5e:4e:46:26:7d:59:
         6e:ae:4e:15:67:2a:c6:13:30:af:45:ee:43:34:1d:97:70:c0:
         dc:5b:88:5e:38:80:bb:7c:6b:f8:27:c4:b7:8d:f2:78:2b:fd:
         22:88:bd:22:39:37:a7:a3:0f:18:c9:8b:e0:da:2d:30:6e:7b:
         f4:4c:28:09:66:b9:22:f7:31:0f:02:ae:e3:a3:61:98:16:dd:
         5c:65:82:4f:41:d5:42:7d:80:89:6b:24:d2:a8:02:76:0f:c0:
         c0:b6:d3:d0:b3:97:7c:99:a8:99:08:04:4d:54:b1:7e:70:32:
         6b:2b:32:ac:a7:0b:f3:e1:8f:3a:14:5c:6b:76:5e:d0:ba:3a:
         d4:ed:99:13:53:cf:7b:16:d4:4c:1c:74:ee:75:bc:2c:74:de:
         08:07:83:d6:34:28:9c:61:6f:8b:22:42:b8:5e:31:21:e7:3d:
         21:ed:fa:18:3b:2f:bd:8d:23:44:77:89:27:49:6f:09:c4:fc:
         78:32:f2:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQfZk++4866eeEDAq1PjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGY3YjcyNDBjNThhZDdlOWVlZjUwNTc0ZjYwODhlOWI5
MGIwMmQwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTMzNDkwMTU4MTU4NTAxMGYzYTBjMjM5MjJiYjI5YmEwMmFlZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSk9ST0kxtZ8Kp1JDqD/FIkZLAlJ
zFrhPud/iuMbBx2j9bUhd77OPf7tPwZaLhVXAv82/W4ylP7nGPQ2/RL4f2vimHro
tuhJkYzTf3sC+hKWzvmlrNOpFYO7RSCcrXjWMRTzDaXVpc6joHIs/hjpFPmdRLTj
GWZzu31Zcvacx7JKm6oD5MT3xbTrqQgIWWO2Z/LJEjjrn4uWWGDMGXLoUJ2LqfJ+
AmVZPNHBms/oIIo2uijHJlWD7M4XV6syv6UdTsyAj3Je/XCa9itjYThcU99MA9Gr
3SHad7VdTy/n0EAFlCsHAIc5QyP4xN7LJXAJB0hq/ScqKH1/j1unAkoyMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkzSQFYFYUBDzoMI5IrspugKu3SMB8GA1UdIwQY
MBaAFIePe3JAxYrX6e71BXT2CI6bkLAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDQ5N2NrREZpdGZwN3ZVRmRQWUlqcHVRc0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mYzE1OWUtOGQ1Ni00YzNhLWFlNDIt
MGNiZGQ5NWExNmRkLzEvZVROSkFWZ1ZoUUVQT2d3amtpdXltNkFxN2RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mYzE1OWUtOGQ1Ni00YzNhLWFlNDItMGNiZGQ5NWExNmRk
LzEvaDQ5N2NrREZpdGZwN3ZVRmRQWUlqcHVRc0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd6+MA0G
CSqGSIb3DQEBCwUAA4IBAQBPlaSW1UPzClbT7Hz2JNOD8l7WHl5PUndXqzPKO+Kq
0mLVTIwMGjS1NQ9sgnaHDIwItrTceZwphoBbPkzzJSaTpIZeTkYmfVlurk4VZyrG
EzCvRe5DNB2XcMDcW4heOIC7fGv4J8S3jfJ4K/0iiL0iOTenow8YyYvg2i0wbnv0
TCgJZrki9zEPAq7jo2GYFt1cZYJPQdVCfYCJayTSqAJ2D8DAttPQs5d8maiZCARN
VLF+cDJrKzKspwvz4Y86FFxrdl7QujrU7ZkTU897FtRMHHTudbwsdN4IB4PWNCic
YW+LIkK4XjEh5z0h7foYOy+9jSNEd4knSW8JxPx4MvKb
-----END CERTIFICATE-----