Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/erRL4g97SUQTXTKIHJmuTkuZab8.roa
File:                     erRL4g97SUQTXTKIHJmuTkuZab8.roa (raw, json)
Hash identifier:          YQSymn+F5eAetzfu8JPySIOoWv/yPq5KGrosA2p6Gck=
Subject key identifier:   7A:B4:4B:E2:0F:7B:49:44:13:5D:32:88:1C:99:AE:4E:4B:99:69:BF
Certificate issuer:       /CN=4534cab4450404862b201fe733f2c70a6bf52924
Certificate serial:       018CC5DC0BBB449897B9F72954A50F1FB71D
Authority key identifier: 45:34:CA:B4:45:04:04:86:2B:20:1F:E7:33:F2:C7:0A:6B:F5:29:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/erRL4g97SUQTXTKIHJmuTkuZab8.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209418
IP address blocks:        193.17.80.0/22 maxlen: 23
                          2a0c:7d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0b:bb:44:98:97:b9:f7:29:54:a5:0f:1f:b7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4534cab4450404862b201fe733f2c70a6bf52924
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ab44be20f7b4944135d32881c99ae4e4b9969bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:70:dd:ee:1f:08:7c:22:0e:2e:fe:18:15:57:
                    e0:a4:5f:78:37:6a:c3:bd:0a:93:6b:6c:3e:df:05:
                    73:52:22:c7:65:a1:27:8c:53:75:77:eb:30:73:18:
                    94:cc:6a:33:8e:52:59:30:b9:81:03:23:5c:d1:c1:
                    c7:c2:eb:0c:88:33:e3:11:b0:bf:95:64:54:e1:05:
                    14:60:cc:fa:47:e7:cd:1a:3f:d3:b5:ab:ca:18:ab:
                    0f:44:8b:0c:81:fd:93:58:49:b6:d6:62:2c:33:97:
                    0d:ca:8d:c7:41:90:74:aa:c7:ca:9e:ec:d8:7b:23:
                    d0:54:ba:26:3e:24:fd:f7:f9:7d:10:96:c4:50:0f:
                    48:f0:3a:f4:98:b3:51:92:c1:11:ad:7e:94:78:29:
                    84:49:09:65:a9:33:0c:7a:53:e3:17:ca:79:e2:34:
                    b4:9b:74:02:27:65:e9:0f:79:29:77:9f:02:67:86:
                    11:34:c5:9b:69:8a:e1:89:e1:de:91:9c:08:da:7e:
                    dd:41:fc:a2:88:75:b3:e3:7b:46:eb:fb:0f:ff:00:
                    e5:20:35:92:b8:b4:83:de:96:ca:a3:96:dc:e2:86:
                    99:9e:57:ff:89:bc:6c:f6:74:26:78:02:7d:9b:69:
                    b9:35:54:ab:cf:66:44:0e:a7:85:2e:6f:f5:08:cf:
                    6b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B4:4B:E2:0F:7B:49:44:13:5D:32:88:1C:99:AE:4E:4B:99:69:BF
            X509v3 Authority Key Identifier:
                keyid:45:34:CA:B4:45:04:04:86:2B:20:1F:E7:33:F2:C7:0A:6B:F5:29:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/erRL4g97SUQTXTKIHJmuTkuZab8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5d4678-497c-4740-940f-6b084ea9993f/1/RTTKtEUEBIYrIB_nM_LHCmv1KSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.80.0/22
                IPv6:
                  2a0c:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:d1:6b:c6:4c:50:9e:4d:2d:6d:1c:db:64:f3:4c:6a:25:2e:
         10:f0:35:32:62:02:76:86:f6:65:b9:aa:8a:70:37:41:7c:5d:
         40:cb:f7:d8:58:27:a8:24:54:42:38:6d:48:33:0a:a5:94:e9:
         38:aa:85:12:85:f5:4e:2f:91:79:a7:d3:c4:6a:b0:44:f9:68:
         ef:e8:ab:7f:0e:40:ce:87:86:2b:93:bf:38:ef:cc:96:93:37:
         2d:7e:5a:e3:68:e4:6a:e7:ab:58:eb:08:90:a5:f4:41:3f:e3:
         55:4c:45:d7:1a:3e:40:89:37:fc:c0:e7:21:4b:ce:15:51:12:
         6d:13:6f:c5:6f:61:27:05:c7:32:9e:c3:c3:d9:00:3d:e4:13:
         d2:a0:f1:6d:ea:cd:64:2f:b1:31:fe:3b:9e:90:20:51:58:35:
         31:25:ea:f6:0b:33:ca:e0:55:46:87:e8:53:7d:f9:a2:87:fa:
         68:84:d9:35:21:d5:0c:ff:07:e5:17:e7:81:a2:d0:a0:11:44:
         83:2e:7b:e3:e6:fc:96:4f:2a:3c:f3:ee:cb:5a:ec:d9:7e:73:
         bf:f5:c0:5c:92:99:f2:92:ea:c4:77:ed:c9:b4:fc:f1:4c:ce:
         cf:39:43:06:38:2c:ee:49:30:bf:e8:e0:5e:69:53:54:1c:b5:
         a8:fd:d2:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Au7RJiXufcpVKUPH7cdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MzRjYWI0NDUwNDA0ODYyYjIwMWZlNzMzZjJjNzBhNmJm
NTI5MjQwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI0NGJlMjBmN2I0OTQ0MTM1ZDMyODgxYzk5YWU0ZTRiOTk2OWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnDd7h8IfCIOLv4YFVfgpF94N2rD
vQqTa2w+3wVzUiLHZaEnjFN1d+swcxiUzGozjlJZMLmBAyNc0cHHwusMiDPjEbC/
lWRU4QUUYMz6R+fNGj/TtavKGKsPRIsMgf2TWEm21mIsM5cNyo3HQZB0qsfKnuzY
eyPQVLomPiT99/l9EJbEUA9I8Dr0mLNRksERrX6UeCmESQllqTMMelPjF8p54jS0
m3QCJ2XpD3kpd58CZ4YRNMWbaYrhieHekZwI2n7dQfyiiHWz43tG6/sP/wDlIDWS
uLSD3pbKo5bc4oaZnlf/ibxs9nQmeAJ9m2m5NVSrz2ZEDqeFLm/1CM9rmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHq0S+IPe0lEE10yiByZrk5LmWm/MB8GA1UdIwQY
MBaAFEU0yrRFBASGKyAf5zPyxwpr9SkkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlRUS3RFVUVCSVlySUJfbk1fTEhDbXYxS1NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC81ZDQ2NzgtNDk3Yy00NzQwLTk0MGYt
NmIwODRlYTk5OTNmLzEvZXJSTDRnOTdTVVFUWFRLSUhKbXVUa3VaYWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC81ZDQ2NzgtNDk3Yy00NzQwLTk0MGYtNmIwODRlYTk5OTNm
LzEvUlRUS3RFVUVCSVlySUJfbk1fTEhDbXYxS1NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwRFQMA0E
AgACMAcDBQAqDH1AMA0GCSqGSIb3DQEBCwUAA4IBAQAA0WvGTFCeTS1tHNtk80xq
JS4Q8DUyYgJ2hvZluaqKcDdBfF1Ay/fYWCeoJFRCOG1IMwqllOk4qoUShfVOL5F5
p9PEarBE+Wjv6Kt/DkDOh4Yrk78478yWkzctflrjaORq56tY6wiQpfRBP+NVTEXX
Gj5AiTf8wOchS84VURJtE2/Fb2EnBccynsPD2QA95BPSoPFt6s1kL7Ex/juekCBR
WDUxJer2CzPK4FVGh+hTffmih/pohNk1IdUM/wflF+eBotCgEUSDLnvj5vyWTyo8
8+7LWuzZfnO/9cBckpnykurEd+3JtPzxTM7POUMGOCzuSTC/6OBeaVNUHLWo/dJ9
-----END CERTIFICATE-----