Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/jEV79KTKUAuS_vRA31Kc6SufGxI.roa
File:                     jEV79KTKUAuS_vRA31Kc6SufGxI.roa (raw, json)
Hash identifier:          CmChxnD1pIc4PBhCgE8rXBiJNaLGrCwKJGvwXoi/cX0=
Subject key identifier:   8C:45:7B:F4:A4:CA:50:0B:92:FE:F4:40:DF:52:9C:E9:2B:9F:1B:12
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0191FB13411D7F6F9D74216663173BE5D08E
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/jEV79KTKUAuS_vRA31Kc6SufGxI.roa
Signing time:             Mon 16 Sep 2024 13:43:48 +0000
ROA not before:           Mon 16 Sep 2024 13:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        193.9.47.0/24 maxlen: 24
                          2a14:640::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fb:13:41:1d:7f:6f:9d:74:21:66:63:17:3b:e5:d0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Sep 16 13:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c457bf4a4ca500b92fef440df529ce92b9f1b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ed:ef:24:d3:04:18:96:f0:d1:1c:82:f0:a5:
                    6b:97:fb:96:f9:45:1e:86:9a:a6:04:47:68:fc:8a:
                    20:16:48:2c:0b:a9:18:f1:a0:23:c9:d4:14:02:a7:
                    7a:2c:92:60:d8:d5:af:57:12:a3:da:4f:90:17:15:
                    6b:63:3c:3f:a8:ce:af:8f:d6:37:19:97:b2:90:dc:
                    66:1b:35:79:59:bc:f7:ae:87:f1:57:2b:35:9c:89:
                    d3:0c:74:a8:e5:13:31:e2:a3:ba:a4:5d:0a:3f:de:
                    8a:92:83:09:7d:ae:f3:c7:1f:36:f2:76:1d:02:38:
                    7e:4e:df:e8:13:9a:66:b1:f6:cf:13:48:e5:01:33:
                    48:43:dc:fc:8e:64:cc:3f:bb:50:bb:0e:95:15:f7:
                    28:37:d8:db:7b:12:84:bf:18:e3:04:b3:c0:73:61:
                    ea:69:b8:42:9d:32:5d:f4:0e:86:e7:7d:83:71:0f:
                    51:4b:9d:5d:26:07:c0:35:8a:fb:3f:21:49:6b:b5:
                    59:78:a8:4c:11:cf:61:e7:cc:74:1f:ed:68:c5:bf:
                    70:45:0a:7f:7a:37:ba:d8:3c:93:c3:45:a7:2f:de:
                    05:68:b0:42:a0:9e:21:12:e6:72:49:bb:07:5f:9c:
                    96:05:6a:12:4f:5f:e7:ca:41:0b:3e:c6:d6:95:fe:
                    3f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:45:7B:F4:A4:CA:50:0B:92:FE:F4:40:DF:52:9C:E9:2B:9F:1B:12
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/jEV79KTKUAuS_vRA31Kc6SufGxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.47.0/24
                IPv6:
                  2a14:640::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:42:28:84:a7:e1:9a:f8:ef:46:d8:c3:2e:b2:5b:45:65:34:
         9b:69:42:db:1a:c9:bb:20:23:18:29:09:d0:d7:48:95:f7:02:
         f0:aa:29:cb:c2:f0:63:48:8b:1b:4a:62:fb:1d:3c:a1:f1:24:
         2b:ad:e9:4f:3d:f0:09:63:ca:03:3c:77:4f:9f:c8:fa:f4:cb:
         1a:e0:e8:a5:e6:af:6a:b2:be:77:b8:94:ee:b4:64:11:b0:bc:
         09:96:8c:7b:3d:f7:2f:85:7a:11:86:0c:cb:4d:c2:4d:6a:ce:
         8a:be:0d:d7:85:08:69:3d:e3:2a:72:a8:de:b0:3c:d5:e3:4d:
         a9:eb:9d:9d:9d:39:17:6d:03:80:30:79:0a:4a:35:83:be:a8:
         06:21:15:70:10:ed:74:b7:84:47:65:56:c9:ab:5a:37:85:8a:
         06:60:04:d5:d3:f9:5c:2b:48:dd:dd:62:15:c6:5f:a3:a3:f9:
         c4:31:96:ae:43:6e:68:1b:74:04:b5:53:92:f3:8b:f3:3e:db:
         80:47:41:f0:77:93:73:45:c7:35:d5:cd:19:e0:ca:58:98:e9:
         ee:2d:f5:07:ea:9a:94:87:6d:65:f7:49:51:63:42:e1:18:d3:
         9c:f3:0f:de:b8:e4:35:19:be:5e:63:20:40:91:2d:96:18:44:
         c9:2b:29:bc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZH7E0Edf2+ddCFmYxc75dCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjQwOTE2MTM0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQ1N2JmNGE0Y2E1MDBiOTJmZWY0NDBkZjUyOWNlOTJiOWYxYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO3vJNMEGJbw0RyC8KVrl/uW+UUe
hpqmBEdo/IogFkgsC6kY8aAjydQUAqd6LJJg2NWvVxKj2k+QFxVrYzw/qM6vj9Y3
GZeykNxmGzV5Wbz3rofxVys1nInTDHSo5RMx4qO6pF0KP96KkoMJfa7zxx828nYd
Ajh+Tt/oE5pmsfbPE0jlATNIQ9z8jmTMP7tQuw6VFfcoN9jbexKEvxjjBLPAc2Hq
abhCnTJd9A6G532DcQ9RS51dJgfANYr7PyFJa7VZeKhMEc9h58x0H+1oxb9wRQp/
eje62DyTw0WnL94FaLBCoJ4hEuZySbsHX5yWBWoST1/nykELPsbWlf4/LQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIxFe/SkylALkv70QN9SnOkrnxsSMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvakVWNzlLVEtVQXVTX3ZSQTMxS2M2U3VmR3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQkvMA8E
AgACMAkDBwAqFAZAAAAwDQYJKoZIhvcNAQELBQADggEBAI1CKISn4Zr470bYwy6y
W0VlNJtpQtsaybsgIxgpCdDXSJX3AvCqKcvC8GNIixtKYvsdPKHxJCut6U898Alj
ygM8d0+fyPr0yxrg6KXmr2qyvne4lO60ZBGwvAmWjHs99y+FehGGDMtNwk1qzoq+
DdeFCGk94ypyqN6wPNXjTanrnZ2dORdtA4AweQpKNYO+qAYhFXAQ7XS3hEdlVsmr
WjeFigZgBNXT+VwrSN3dYhXGX6Oj+cQxlq5DbmgbdAS1U5Lzi/M+24BHQfB3k3NF
xzXVzRngyliY6e4t9QfqmpSHbWX3SVFjQuEY05zzD9645DUZvl5jIECRLZYYRMkr
Kbw=
-----END CERTIFICATE-----