Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T3lv5RFnYttrWXDs7pzKJ3x5PmA.roa
File:                     T3lv5RFnYttrWXDs7pzKJ3x5PmA.roa (raw, json)
Hash identifier:          KD3OEBKrI6++OjRXSjggRoldvQmwc1CkfDxyltY1Ix8=
Subject key identifier:   4F:79:6F:E5:11:67:62:DB:6B:59:70:EC:EE:9C:CA:27:7C:79:3E:60
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C69DE51723C65955C82F40B432AA8
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T3lv5RFnYttrWXDs7pzKJ3x5PmA.roa
Signing time:             Thu 02 Jan 2025 09:50:26 +0000
ROA not before:           Thu 02 Jan 2025 09:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28267
IP address blocks:        188.17.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:69:de:51:72:3c:65:95:5c:82:f4:0b:43:2a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f796fe5116762db6b5970ecee9cca277c793e60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:51:5e:e9:d1:12:06:4a:89:f2:bf:ba:c2:10:
                    d9:87:43:f3:90:1b:d1:8e:50:27:28:20:a7:1d:6d:
                    f6:86:8b:6d:e0:f6:08:4f:97:69:3d:8e:6d:1d:0f:
                    90:8a:24:c6:75:c0:0d:f4:c3:75:a8:e7:0e:ab:3c:
                    ce:73:88:49:f8:97:70:6d:0c:ee:18:78:f8:58:59:
                    b9:2c:53:02:b3:98:99:23:88:d3:44:2f:3a:d5:a8:
                    20:1c:3c:32:66:9d:5c:ff:e4:d8:4b:48:2d:3a:51:
                    21:bd:dc:67:63:d9:d5:a6:b8:96:61:47:db:4d:f1:
                    d1:9b:61:b0:9d:c4:94:9f:cf:14:79:56:63:d1:8a:
                    cd:c7:d7:ae:e4:a0:73:35:70:50:d4:bb:cf:f0:d8:
                    d8:db:4e:49:ca:1a:1e:b4:91:1c:e2:e7:44:f4:eb:
                    ec:83:23:17:92:54:a8:7c:bf:03:fa:e2:42:fc:e2:
                    0c:cd:17:db:f0:65:fd:a8:e2:82:52:cd:75:c1:62:
                    83:5c:f9:d6:af:d6:19:19:fe:29:cb:cd:7f:66:e1:
                    08:d2:42:66:bb:84:b8:60:8d:68:4e:5a:67:bd:bd:
                    df:f0:4d:b6:08:c7:3e:19:71:a9:84:bc:98:bd:d2:
                    c9:1c:76:2b:39:02:da:16:54:64:65:04:b4:03:6a:
                    11:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:79:6F:E5:11:67:62:DB:6B:59:70:EC:EE:9C:CA:27:7C:79:3E:60
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T3lv5RFnYttrWXDs7pzKJ3x5PmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.17.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fa:33:5f:20:23:9a:a4:8e:84:f8:9b:dd:38:cc:bd:57:4f:
         af:c5:a9:bf:68:2d:c5:b8:47:a1:ea:eb:1b:80:c5:1c:4c:26:
         28:3a:cb:77:1b:1e:b5:21:c0:32:09:98:6d:8b:fb:f6:2a:8f:
         cc:7c:31:6e:85:db:1d:4c:80:c3:95:6c:2b:56:14:6d:a7:b5:
         cd:68:01:f3:98:64:98:19:04:38:ff:66:b4:ff:98:d1:f8:22:
         ac:40:ca:2d:79:f2:e0:51:ba:47:76:86:5e:11:4d:2a:1e:24:
         81:d4:d8:1e:fb:d3:83:fe:12:94:f8:8a:a5:8b:21:37:68:6d:
         8b:a6:4b:c5:c9:4f:f7:0a:c9:4a:e1:70:ae:6a:81:83:a9:ad:
         dd:a9:17:35:5c:db:7a:a3:e3:a5:ee:92:a0:a6:09:cf:d4:b8:
         62:f4:f9:8b:a1:35:13:83:89:39:7c:67:e3:a8:97:c7:d5:e3:
         9e:53:54:aa:9c:93:26:f2:cf:77:a8:c5:83:86:a7:10:c6:bc:
         ce:cb:a6:53:67:41:4d:da:4d:04:fc:1a:f6:9b:6d:0e:98:9b:
         81:ba:51:95:10:99:c4:d4:45:98:ed:48:df:b9:1c:6b:b5:80:
         c6:01:73:7f:bd:1b:f8:02:3d:77:08:6f:c5:0c:3d:17:93:26:
         0c:37:52:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbGneUXI8ZZVcgvQLQyqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjc5NmZlNTExNjc2MmRiNmI1OTcwZWNlZTljY2EyNzdjNzkzZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1Fe6dESBkqJ8r+6whDZh0PzkBvR
jlAnKCCnHW32hott4PYIT5dpPY5tHQ+QiiTGdcAN9MN1qOcOqzzOc4hJ+JdwbQzu
GHj4WFm5LFMCs5iZI4jTRC861aggHDwyZp1c/+TYS0gtOlEhvdxnY9nVpriWYUfb
TfHRm2GwncSUn88UeVZj0YrNx9eu5KBzNXBQ1LvP8NjY205JyhoetJEc4udE9Ovs
gyMXklSofL8D+uJC/OIMzRfb8GX9qOKCUs11wWKDXPnWr9YZGf4py81/ZuEI0kJm
u4S4YI1oTlpnvb3f8E22CMc+GXGphLyYvdLJHHYrOQLaFlRkZQS0A2oRzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE95b+URZ2Lba1lw7O6cyid8eT5gMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVDNsdjVSRm5ZdHRyV1hEczdwektKM3g1UG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvBHiMA0G
CSqGSIb3DQEBCwUAA4IBAQA++jNfICOapI6E+JvdOMy9V0+vxam/aC3FuEeh6usb
gMUcTCYoOst3Gx61IcAyCZhti/v2Ko/MfDFuhdsdTIDDlWwrVhRtp7XNaAHzmGSY
GQQ4/2a0/5jR+CKsQMotefLgUbpHdoZeEU0qHiSB1Nge+9OD/hKU+IqliyE3aG2L
pkvFyU/3CslK4XCuaoGDqa3dqRc1XNt6o+Ol7pKgpgnP1Lhi9PmLoTUTg4k5fGfj
qJfH1eOeU1SqnJMm8s93qMWDhqcQxrzOy6ZTZ0FN2k0E/Br2m20OmJuBulGVEJnE
1EWY7UjfuRxrtYDGAXN/vRv4Aj13CG/FDD0XkyYMN1Im
-----END CERTIFICATE-----