Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/q72QyHCJYkMYrTcmP8zZWeI1EPE.roa
File:                     q72QyHCJYkMYrTcmP8zZWeI1EPE.roa (raw, json)
Hash identifier:          qqtzVObVs5y4UeOo/1Xqe/xxou/Ce0Q2eEXEH0pYUyQ=
Subject key identifier:   AB:BD:90:C8:70:89:62:43:18:AD:37:26:3F:CC:D9:59:E2:35:10:F1
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF1B7226602C87AD89007CCE4FD5B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/q72QyHCJYkMYrTcmP8zZWeI1EPE.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        194.102.168.0/24 maxlen: 24
                          194.102.169.0/24 maxlen: 24
                          194.102.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f1:b7:22:66:02:c8:7a:d8:90:07:cc:e4:fd:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abbd90c87089624318ad37263fccd959e23510f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6b:42:f1:78:83:c0:2c:0f:ae:97:72:d2:8b:
                    db:a4:1f:48:43:78:6d:1b:01:e0:1b:d0:6b:12:ad:
                    4a:51:9f:69:a5:05:f9:7e:2f:e2:3b:55:46:e4:82:
                    a5:28:c1:62:b2:b0:d1:c2:58:40:b4:9d:bb:d8:da:
                    37:c4:a4:4c:8e:21:26:76:c1:d1:ae:13:b8:2c:24:
                    55:bb:9a:ae:fc:c1:98:49:5d:0c:37:0d:22:17:49:
                    5b:a2:b8:49:04:90:ef:ba:aa:57:e1:a7:11:22:68:
                    2d:b8:0a:eb:84:65:11:48:cc:70:4a:72:45:77:eb:
                    2c:38:c5:d0:1b:23:83:11:0a:bb:57:2e:ec:be:27:
                    46:db:24:7c:ef:8d:cb:f7:75:29:d9:0f:e0:25:8b:
                    f1:bb:84:fd:5a:f5:76:4f:64:eb:94:63:11:74:68:
                    87:9e:22:9e:27:b0:94:b3:ec:96:1f:89:18:63:13:
                    e0:8f:b7:c4:4f:07:1c:3c:dc:37:ab:ec:ed:74:bb:
                    3d:8f:5d:03:ff:d6:1b:af:96:0b:48:60:56:2d:8d:
                    d5:80:b3:fa:2d:32:ca:50:7c:0a:9b:25:eb:c8:97:
                    65:89:04:ee:d6:dc:8b:b9:c2:52:47:cc:a8:dc:13:
                    4e:a7:22:b6:2a:38:aa:fa:6e:a7:01:5c:65:9b:ec:
                    99:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:BD:90:C8:70:89:62:43:18:AD:37:26:3F:CC:D9:59:E2:35:10:F1
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/q72QyHCJYkMYrTcmP8zZWeI1EPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.168.0/23
                  194.102.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:c6:38:eb:62:17:98:8c:a8:f9:af:5f:be:f5:79:5b:d6:51:
         00:7c:ed:73:2c:11:41:d1:20:68:62:33:45:b4:fa:e9:72:80:
         33:6c:f4:c9:0d:67:9a:d4:57:ee:36:4a:c4:27:03:33:08:a0:
         56:ed:e9:14:42:d2:ce:ae:ad:c4:51:26:38:25:33:99:22:89:
         b9:7f:f4:da:12:6e:66:26:ac:13:2c:5c:da:ed:19:2b:e9:6f:
         5b:bf:56:5f:85:b6:2e:dd:4e:3d:a8:b1:87:54:ca:3a:c8:5d:
         be:d8:68:fb:56:86:05:0c:8c:ca:e0:a0:41:e2:c6:1a:01:09:
         eb:8e:61:98:78:f7:99:1c:4e:35:79:fa:a1:d9:37:6e:25:bb:
         1b:a0:ef:21:54:3b:dd:f0:cb:48:a5:92:ce:82:4c:9f:5b:e4:
         82:ea:e1:27:f0:bc:75:fe:f3:1b:54:ca:0f:f9:0c:35:c7:d6:
         96:34:5e:ed:42:94:0f:bf:78:e3:52:0d:10:37:98:69:94:7e:
         b6:f0:59:b9:74:94:b9:b6:fb:8e:d2:a4:25:e2:34:49:f8:92:
         3a:97:1e:2f:09:53:9e:2c:e6:5a:b7:5e:c3:7f:d3:05:59:8a:
         dd:42:2e:13:e8:43:31:12:7f:c7:36:81:0a:04:09:4c:d9:fa:
         89:4a:80:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSvG3ImYCyHrYkAfM5P1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmJkOTBjODcwODk2MjQzMThhZDM3MjYzZmNjZDk1OWUyMzUxMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimtC8XiDwCwPrpdy0ovbpB9IQ3ht
GwHgG9BrEq1KUZ9ppQX5fi/iO1VG5IKlKMFisrDRwlhAtJ272No3xKRMjiEmdsHR
rhO4LCRVu5qu/MGYSV0MNw0iF0lborhJBJDvuqpX4acRImgtuArrhGURSMxwSnJF
d+ssOMXQGyODEQq7Vy7svidG2yR8743L93Up2Q/gJYvxu4T9WvV2T2TrlGMRdGiH
niKeJ7CUs+yWH4kYYxPgj7fETwccPNw3q+ztdLs9j10D/9Ybr5YLSGBWLY3VgLP6
LTLKUHwKmyXryJdliQTu1tyLucJSR8yo3BNOpyK2Kjiq+m6nAVxlm+yZPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKu9kMhwiWJDGK03Jj/M2VniNRDxMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcTcyUXlIQ0pZa01ZclRjbVA4elpXZUkxRVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwmaoAwQA
wmarMA0GCSqGSIb3DQEBCwUAA4IBAQBNxjjrYheYjKj5r1++9Xlb1lEAfO1zLBFB
0SBoYjNFtPrpcoAzbPTJDWea1FfuNkrEJwMzCKBW7ekUQtLOrq3EUSY4JTOZIom5
f/TaEm5mJqwTLFza7Rkr6W9bv1ZfhbYu3U49qLGHVMo6yF2+2Gj7VoYFDIzK4KBB
4sYaAQnrjmGYePeZHE41efqh2TduJbsboO8hVDvd8MtIpZLOgkyfW+SC6uEn8Lx1
/vMbVMoP+Qw1x9aWNF7tQpQPv3jjUg0QN5hplH628Fm5dJS5tvuO0qQl4jRJ+JI6
lx4vCVOeLOZat17Df9MFWYrdQi4T6EMxEn/HNoEKBAlM2fqJSoCj
-----END CERTIFICATE-----