Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vo1lKaiBt9fW9LkOX8WocpaYPa0.roa
File:                     vo1lKaiBt9fW9LkOX8WocpaYPa0.roa (raw, json)
Hash identifier:          koCgFs8y6+bwtxAdl5GdpuXxAeA2Wq/o0z7QgAeqw0o=
Subject key identifier:   BE:8D:65:29:A8:81:B7:D7:D6:F4:B9:0E:5F:C5:A8:72:96:98:3D:AD
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9532D42B7D25BEE04D2B5DCB8809
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vo1lKaiBt9fW9LkOX8WocpaYPa0.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205342
IP address blocks:        193.192.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:95:32:d4:2b:7d:25:be:e0:4d:2b:5d:cb:88:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be8d6529a881b7d7d6f4b90e5fc5a87296983dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:63:36:68:71:57:00:ba:8a:b4:1c:86:d2:66:
                    36:71:b6:ae:44:b0:a5:02:c9:13:71:1c:e9:b5:1e:
                    2a:30:ff:e5:18:c7:b5:0a:31:ee:33:fd:0a:3a:96:
                    39:7e:ab:72:11:9f:54:4f:e6:eb:d9:2e:05:f3:f6:
                    1b:ba:73:0d:45:f4:08:b1:84:88:47:1e:c2:5c:ef:
                    2f:e5:f2:5d:b4:92:cc:86:d3:bb:1c:a8:c4:8a:c6:
                    11:c1:89:57:da:55:39:76:e5:f1:53:8e:9f:f7:4e:
                    47:62:34:a9:c0:34:f7:83:b4:5b:a7:e4:22:6c:1d:
                    a3:9e:03:75:21:63:25:b5:bd:49:4f:21:96:9b:26:
                    6e:41:a4:54:5b:41:41:ed:3d:8b:76:38:c5:81:23:
                    5b:2b:ce:e4:6f:26:67:f7:f7:dd:cc:5e:0f:87:d5:
                    c3:78:91:8b:7f:13:d5:53:00:11:81:1c:43:89:71:
                    02:2b:01:18:4f:79:c0:9d:4d:a9:84:32:c7:2f:fa:
                    8e:2c:48:96:39:f1:1a:9b:cb:a2:96:80:11:c5:a6:
                    a1:77:88:dc:99:c8:ce:ef:2c:38:a3:40:e6:95:2e:
                    7b:2d:ae:14:3f:26:03:1b:ee:6e:46:ed:d8:3d:57:
                    44:2c:ba:0e:3b:e1:ee:34:2d:a5:72:6d:9c:12:f5:
                    e4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:8D:65:29:A8:81:B7:D7:D6:F4:B9:0E:5F:C5:A8:72:96:98:3D:AD
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vo1lKaiBt9fW9LkOX8WocpaYPa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:05:b0:24:c6:2d:1e:85:c6:6d:6a:17:74:63:9a:97:50:ce:
         96:b3:0d:e6:8a:36:97:94:f9:88:53:5e:fb:d3:17:e1:b9:21:
         8c:b7:42:5d:a8:2a:67:64:b4:82:c9:ea:94:21:2b:c9:66:2e:
         27:97:53:a5:41:cf:39:6b:0a:75:6c:cd:14:f7:ca:fe:5f:0f:
         61:cd:cc:b8:bf:4e:29:03:af:bc:01:f8:68:34:60:ab:0b:fc:
         93:15:72:12:00:b5:27:9b:a9:d0:5b:a7:4b:6e:70:fa:67:82:
         47:a0:53:d9:c6:0d:0e:fc:c6:81:04:f9:76:3f:94:5f:bc:d2:
         1e:ff:a6:71:09:92:59:6b:c4:f7:02:25:da:57:69:52:c3:35:
         d6:ca:f7:fb:87:55:63:0c:47:f4:20:c1:e7:59:37:94:be:05:
         dd:8c:7c:75:31:b6:70:fb:cc:15:f2:93:b1:d5:49:9a:2e:86:
         a6:ae:d8:a9:ba:f3:5a:da:77:ed:07:0c:ad:09:0c:b4:4d:60:
         a0:6c:e5:6d:66:1f:e0:bf:34:36:00:05:0f:43:3f:0e:01:ee:
         f6:15:fa:d2:9b:82:28:7a:28:a0:84:d8:c0:d9:1c:c7:e2:15:
         6b:24:a1:06:ec:3b:ed:86:04:16:1f:07:7d:8c:ab:5b:5e:06:
         9e:71:5b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5Uy1Ct9Jb7gTStdy4gJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZThkNjUyOWE4ODFiN2Q3ZDZmNGI5MGU1ZmM1YTg3Mjk2OTgzZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGM2aHFXALqKtByG0mY2cbauRLCl
AskTcRzptR4qMP/lGMe1CjHuM/0KOpY5fqtyEZ9UT+br2S4F8/YbunMNRfQIsYSI
Rx7CXO8v5fJdtJLMhtO7HKjEisYRwYlX2lU5duXxU46f905HYjSpwDT3g7Rbp+Qi
bB2jngN1IWMltb1JTyGWmyZuQaRUW0FB7T2LdjjFgSNbK87kbyZn9/fdzF4Ph9XD
eJGLfxPVUwARgRxDiXECKwEYT3nAnU2phDLHL/qOLEiWOfEam8uiloARxaahd4jc
mcjO7yw4o0DmlS57La4UPyYDG+5uRu3YPVdELLoOO+HuNC2lcm2cEvXkgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6NZSmogbfX1vS5Dl/FqHKWmD2tMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvdm8xbEthaUJ0OWZXOUxrT1g4V29jcGFZUGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcCkMA0G
CSqGSIb3DQEBCwUAA4IBAQBvBbAkxi0ehcZtahd0Y5qXUM6Wsw3mijaXlPmIU177
0xfhuSGMt0JdqCpnZLSCyeqUISvJZi4nl1OlQc85awp1bM0U98r+Xw9hzcy4v04p
A6+8AfhoNGCrC/yTFXISALUnm6nQW6dLbnD6Z4JHoFPZxg0O/MaBBPl2P5RfvNIe
/6ZxCZJZa8T3AiXaV2lSwzXWyvf7h1VjDEf0IMHnWTeUvgXdjHx1MbZw+8wV8pOx
1UmaLoamrtipuvNa2nftBwytCQy0TWCgbOVtZh/gvzQ2AAUPQz8OAe72FfrSm4Io
eiighNjA2RzH4hVrJKEG7DvthgQWHwd9jKtbXgaecVtA
-----END CERTIFICATE-----