Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/q0Z7Dr56OVsdUQ0ISxD5WsjLNmQ.roa
File:                     q0Z7Dr56OVsdUQ0ISxD5WsjLNmQ.roa (raw, json)
Hash identifier:          HA9zjPlCPFkr+JV7SL8d7xBBCp1MGXlzMLWDq4+SEkQ=
Subject key identifier:   AB:46:7B:0E:BE:7A:39:5B:1D:51:0D:08:4B:10:F9:5A:C8:CB:36:64
Certificate issuer:       /CN=ea9a580a4cf64a884190a5b0fb227f309e9040eb
Certificate serial:       018CC34944B85C331532FE598B57F4281C68
Authority key identifier: EA:9A:58:0A:4C:F6:4A:88:41:90:A5:B0:FB:22:7F:30:9E:90:40:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/q0Z7Dr56OVsdUQ0ISxD5WsjLNmQ.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196901
IP address blocks:        193.106.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:44:b8:5c:33:15:32:fe:59:8b:57:f4:28:1c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea9a580a4cf64a884190a5b0fb227f309e9040eb
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab467b0ebe7a395b1d510d084b10f95ac8cb3664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:82:55:0c:a2:39:a1:74:6e:38:9b:2d:d0:87:
                    18:cb:cb:23:7b:76:21:8e:73:23:cb:f4:6c:ed:82:
                    74:2e:7e:cb:17:4b:f0:1c:f6:d8:f3:71:85:17:f7:
                    3d:24:19:d0:c9:3b:e3:19:de:dd:ce:f7:85:90:a3:
                    84:80:0f:f1:5a:ad:57:ec:70:a8:d6:20:a8:7c:71:
                    ca:0d:ab:38:87:d8:27:17:fe:14:64:63:99:da:25:
                    21:4e:6b:75:fd:1c:56:b3:cc:77:97:6e:0d:b7:8b:
                    78:4c:9f:fb:5a:b4:45:45:2a:82:af:e8:10:13:35:
                    fb:46:08:88:d1:5c:e4:17:54:9f:f9:8a:05:88:10:
                    c8:93:57:f1:74:cb:8d:17:23:05:8b:58:d8:56:aa:
                    97:f2:35:9b:30:b4:90:2a:2d:3c:40:84:2e:28:c7:
                    49:aa:0d:0f:bf:cb:91:26:9d:84:15:c4:56:79:4c:
                    84:89:cd:cf:a3:9e:5d:b6:40:75:a0:43:f6:e4:db:
                    b4:21:0b:bd:1f:b4:37:77:3d:f0:e2:34:a1:ec:a5:
                    71:fa:39:61:ff:45:9b:57:b5:bf:f4:72:31:9e:ca:
                    3a:6d:0c:bf:4c:26:a8:55:11:31:48:78:23:7c:d7:
                    3e:3c:37:65:20:31:cd:b0:07:b8:07:64:a5:9f:c7:
                    2d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:46:7B:0E:BE:7A:39:5B:1D:51:0D:08:4B:10:F9:5A:C8:CB:36:64
            X509v3 Authority Key Identifier:
                keyid:EA:9A:58:0A:4C:F6:4A:88:41:90:A5:B0:FB:22:7F:30:9E:90:40:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/q0Z7Dr56OVsdUQ0ISxD5WsjLNmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/73d3b2-9bd1-410f-91ec-8074a55250ea/1/6ppYCkz2SohBkKWw-yJ_MJ6QQOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:86:66:cb:be:9d:5c:20:d6:57:46:a6:22:ef:fa:0b:b6:d6:
         26:0c:d6:96:99:aa:54:ba:a9:95:9f:65:91:ec:68:c1:ea:94:
         05:d0:31:6d:1b:60:03:34:af:66:8a:f7:28:e1:dc:4b:30:68:
         d5:dd:3a:f5:dd:4b:bd:b9:a1:67:13:47:15:63:05:2f:07:99:
         37:47:44:47:19:21:3b:09:77:f3:c7:b3:5f:71:31:ad:8e:70:
         3a:8a:9e:39:d6:1d:72:08:1d:15:68:13:b3:ec:d0:b0:2c:d8:
         2a:5c:d3:a7:6a:cf:fa:ac:c8:07:00:e4:dc:7a:93:b5:cb:a5:
         e2:f6:97:14:0f:98:0b:ff:5b:3b:f1:14:47:8e:f0:f8:27:0e:
         b8:36:31:2d:7d:41:5f:60:01:3c:b7:90:c8:fc:79:31:fe:4f:
         1e:80:34:bb:83:c3:2e:48:17:6f:93:ed:5d:b2:b4:0f:86:56:
         74:3c:be:c8:3c:68:b7:76:ec:72:c5:e5:41:15:c9:e4:37:e7:
         c1:83:ac:f1:05:4c:3b:31:a6:32:3d:85:00:38:19:1c:5e:c6:
         1c:9f:46:8a:32:e8:d8:ec:3e:f7:2a:a3:3e:6f:04:4c:45:c4:
         cb:66:ff:68:12:75:eb:1d:f1:0c:b8:1e:ab:d4:76:a0:7c:74:
         f2:11:40:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUS4XDMVMv5Zi1f0KBxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOWE1ODBhNGNmNjRhODg0MTkwYTViMGZiMjI3ZjMwOWU5
MDQwZWIwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ2N2IwZWJlN2EzOTViMWQ1MTBkMDg0YjEwZjk1YWM4Y2IzNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIJVDKI5oXRuOJst0IcYy8sje3Yh
jnMjy/Rs7YJ0Ln7LF0vwHPbY83GFF/c9JBnQyTvjGd7dzveFkKOEgA/xWq1X7HCo
1iCofHHKDas4h9gnF/4UZGOZ2iUhTmt1/RxWs8x3l24Nt4t4TJ/7WrRFRSqCr+gQ
EzX7RgiI0VzkF1Sf+YoFiBDIk1fxdMuNFyMFi1jYVqqX8jWbMLSQKi08QIQuKMdJ
qg0Pv8uRJp2EFcRWeUyEic3Po55dtkB1oEP25Nu0IQu9H7Q3dz3w4jSh7KVx+jlh
/0WbV7W/9HIxnso6bQy/TCaoVRExSHgjfNc+PDdlIDHNsAe4B2Sln8ct5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtGew6+ejlbHVENCEsQ+VrIyzZkMB8GA1UdIwQY
MBaAFOqaWApM9kqIQZClsPsifzCekEDrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBwWUNrejJTb2hCa0tXdy15Sl9NSjZRUU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83M2QzYjItOWJkMS00MTBmLTkxZWMt
ODA3NGE1NTI1MGVhLzEvcTBaN0RyNTZPVnNkVVEwSVN4RDVXc2pMTm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83M2QzYjItOWJkMS00MTBmLTkxZWMtODA3NGE1NTI1MGVh
LzEvNnBwWUNrejJTb2hCa0tXdy15Sl9NSjZRUU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWrAMA0G
CSqGSIb3DQEBCwUAA4IBAQAAhmbLvp1cINZXRqYi7/oLttYmDNaWmapUuqmVn2WR
7GjB6pQF0DFtG2ADNK9mivco4dxLMGjV3Tr13Uu9uaFnE0cVYwUvB5k3R0RHGSE7
CXfzx7NfcTGtjnA6ip451h1yCB0VaBOz7NCwLNgqXNOnas/6rMgHAOTcepO1y6Xi
9pcUD5gL/1s78RRHjvD4Jw64NjEtfUFfYAE8t5DI/Hkx/k8egDS7g8MuSBdvk+1d
srQPhlZ0PL7IPGi3duxyxeVBFcnkN+fBg6zxBUw7MaYyPYUAOBkcXsYcn0aKMujY
7D73KqM+bwRMRcTLZv9oEnXrHfEMuB6r1HagfHTyEUBI
-----END CERTIFICATE-----