Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/xOU8WGeaKCTIaagVVJXs8IbZKek.roa
File:                     xOU8WGeaKCTIaagVVJXs8IbZKek.roa (raw, json)
Hash identifier:          DMu+9VZ9vA2R5n5W/jVrNGIuCE6BO6SAJI0hZimAk4c=
Subject key identifier:   C4:E5:3C:58:67:9A:28:24:C8:69:A8:15:54:95:EC:F0:86:D9:29:E9
Certificate issuer:       /CN=44c295ca6ee8cae7006b577af54e376623df7799
Certificate serial:       018CC5DBF26DB3C169923070D237BC6D6C37
Authority key identifier: 44:C2:95:CA:6E:E8:CA:E7:00:6B:57:7A:F5:4E:37:66:23:DF:77:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RMKVym7oyucAa1d69U43ZiPfd5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/xOU8WGeaKCTIaagVVJXs8IbZKek.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205330
IP address blocks:        193.239.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/RMKVym7oyucAa1d69U43ZiPfd5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/RMKVym7oyucAa1d69U43ZiPfd5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RMKVym7oyucAa1d69U43ZiPfd5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:6d:b3:c1:69:92:30:70:d2:37:bc:6d:6c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44c295ca6ee8cae7006b577af54e376623df7799
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4e53c58679a2824c869a8155495ecf086d929e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:52:49:f3:5a:1c:3b:89:4f:c3:6c:b1:46:b3:
                    23:b6:d0:88:bf:70:1a:a4:95:74:d9:21:86:7b:f6:
                    16:5d:a7:e9:e9:e5:24:96:a1:b8:4c:96:b5:ed:0d:
                    d1:d1:ec:6d:62:a5:6a:5c:0e:22:02:8f:dc:56:fd:
                    28:64:04:71:6f:8f:0e:12:b7:a3:6b:5a:42:19:c1:
                    b5:00:71:76:f8:38:50:45:4f:e4:2d:3b:96:20:60:
                    d1:6b:0f:a2:6f:b5:00:37:2e:82:59:6e:7b:b1:cb:
                    f2:5d:00:e5:ee:b1:da:e1:f4:0c:8a:30:61:c8:88:
                    15:3a:40:52:a8:93:66:ac:4d:01:63:56:66:6d:54:
                    dc:ea:2a:cf:9a:ce:86:8f:d5:2c:a6:04:42:c8:e9:
                    28:20:0f:bb:25:18:cc:fe:f7:b6:4d:55:4d:8d:54:
                    f4:02:e3:a0:8d:da:92:91:b2:41:07:1c:cc:f5:fc:
                    78:d3:30:17:bd:1c:4e:62:cb:31:f8:4b:fc:9f:d4:
                    2b:aa:44:73:08:af:7f:1f:c5:b7:9a:a5:8b:46:84:
                    04:79:fe:7a:4b:99:58:ac:49:d0:91:b4:0b:e3:70:
                    af:70:68:97:af:93:17:0a:ea:47:2c:83:8b:b8:f5:
                    4f:eb:11:ac:53:d9:07:a8:27:dd:44:44:b3:f7:59:
                    14:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E5:3C:58:67:9A:28:24:C8:69:A8:15:54:95:EC:F0:86:D9:29:E9
            X509v3 Authority Key Identifier:
                keyid:44:C2:95:CA:6E:E8:CA:E7:00:6B:57:7A:F5:4E:37:66:23:DF:77:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RMKVym7oyucAa1d69U43ZiPfd5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/xOU8WGeaKCTIaagVVJXs8IbZKek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/17a88d-236d-4fad-9035-7599b441cd1c/1/RMKVym7oyucAa1d69U43ZiPfd5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:04:c6:d8:05:dc:d9:43:16:2a:ec:57:7d:92:19:5e:fc:5e:
         8b:dc:df:25:f0:1b:a7:d6:b5:48:85:0d:72:32:87:00:27:67:
         d0:b0:eb:5e:9e:74:92:b9:54:d4:75:d4:62:68:90:0b:f9:31:
         22:67:a9:24:e2:83:1e:ea:b6:71:24:42:9a:d7:f1:73:4c:07:
         8b:a4:fd:de:ab:a3:36:20:e5:8c:4a:64:a4:a9:a3:30:a0:cc:
         65:6b:6f:97:1f:6c:e2:8a:f6:81:a4:3f:dc:dd:7d:af:00:71:
         47:6b:1e:54:45:16:ff:f5:2a:1e:f7:f4:c3:29:fc:76:fb:45:
         0e:c4:bb:fd:7f:6c:61:fb:83:e9:7b:48:5d:27:13:e8:04:21:
         db:77:b2:61:b4:3a:7e:63:8c:66:8e:56:f7:75:e0:8c:e7:20:
         af:94:74:f2:62:aa:5d:d8:49:1c:dd:37:01:b2:b0:a4:10:d6:
         91:c9:b9:57:98:70:2f:2e:79:bf:84:76:a2:7b:e1:43:7f:5b:
         17:93:c6:bf:15:b9:fe:95:3a:85:50:90:2a:40:b1:ab:e8:4f:
         db:5b:b6:c3:fb:5a:0e:fa:55:19:cf:65:30:dc:d1:1c:7b:31:
         b7:b8:bd:45:01:1c:b1:bf:9f:f9:69:44:7f:93:3b:7d:56:7a:
         85:6e:a4:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/Jts8FpkjBw0je8bWw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YzI5NWNhNmVlOGNhZTcwMDZiNTc3YWY1NGUzNzY2MjNk
Zjc3OTkwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU1M2M1ODY3OWEyODI0Yzg2OWE4MTU1NDk1ZWNmMDg2ZDkyOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1JJ81ocO4lPw2yxRrMjttCIv3Aa
pJV02SGGe/YWXafp6eUklqG4TJa17Q3R0extYqVqXA4iAo/cVv0oZARxb48OErej
a1pCGcG1AHF2+DhQRU/kLTuWIGDRaw+ib7UANy6CWW57scvyXQDl7rHa4fQMijBh
yIgVOkBSqJNmrE0BY1ZmbVTc6irPms6Gj9UspgRCyOkoIA+7JRjM/ve2TVVNjVT0
AuOgjdqSkbJBBxzM9fx40zAXvRxOYssx+Ev8n9QrqkRzCK9/H8W3mqWLRoQEef56
S5lYrEnQkbQL43CvcGiXr5MXCupHLIOLuPVP6xGsU9kHqCfdRESz91kUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTlPFhnmigkyGmoFVSV7PCG2SnpMB8GA1UdIwQY
MBaAFETClcpu6MrnAGtXevVON2Yj33eZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk1LVnltN295dWNBYTFkNjlVNDNaaVBmZDVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xN2E4OGQtMjM2ZC00ZmFkLTkwMzUt
NzU5OWI0NDFjZDFjLzEveE9VOFdHZWFLQ1RJYWFnVlZKWHM4SWJaS2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xN2E4OGQtMjM2ZC00ZmFkLTkwMzUtNzU5OWI0NDFjZDFj
LzEvUk1LVnltN295dWNBYTFkNjlVNDNaaVBmZDVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe/LMA0G
CSqGSIb3DQEBCwUAA4IBAQBTBMbYBdzZQxYq7Fd9khle/F6L3N8l8Bun1rVIhQ1y
MocAJ2fQsOtennSSuVTUddRiaJAL+TEiZ6kk4oMe6rZxJEKa1/FzTAeLpP3eq6M2
IOWMSmSkqaMwoMxla2+XH2ziivaBpD/c3X2vAHFHax5URRb/9Soe9/TDKfx2+0UO
xLv9f2xh+4Ppe0hdJxPoBCHbd7JhtDp+Y4xmjlb3deCM5yCvlHTyYqpd2Ekc3TcB
srCkENaRyblXmHAvLnm/hHaie+FDf1sXk8a/Fbn+lTqFUJAqQLGr6E/bW7bD+1oO
+lUZz2Uw3NEcezG3uL1FARyxv5/5aUR/kzt9VnqFbqRH
-----END CERTIFICATE-----