Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/sNphM0EQpMEW8BKx6K-zEqEHMaw.roa
File:                     sNphM0EQpMEW8BKx6K-zEqEHMaw.roa (raw, json)
Hash identifier:          uywkZF8R7LMAwkoIXhMl4kCHkxczesYS85cBKiOKmA8=
Subject key identifier:   B0:DA:61:33:41:10:A4:C1:16:F0:12:B1:E8:AF:B3:12:A1:07:31:AC
Certificate issuer:       /CN=cb7e053c71995acc9bf1333fe79c3d5bfd6e964e
Certificate serial:       018CC72738553B85C5A36941DD96D1EB15E6
Authority key identifier: CB:7E:05:3C:71:99:5A:CC:9B:F1:33:3F:E7:9C:3D:5B:FD:6E:96:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y34FPHGZWsyb8TM_55w9W_1ulk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/sNphM0EQpMEW8BKx6K-zEqEHMaw.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43631
IP address blocks:        193.46.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/y34FPHGZWsyb8TM_55w9W_1ulk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/y34FPHGZWsyb8TM_55w9W_1ulk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y34FPHGZWsyb8TM_55w9W_1ulk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:38:55:3b:85:c5:a3:69:41:dd:96:d1:eb:15:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb7e053c71995acc9bf1333fe79c3d5bfd6e964e
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0da61334110a4c116f012b1e8afb312a10731ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:a5:8a:c0:27:e7:3f:d5:af:46:87:8b:c2:
                    14:48:96:29:25:cd:80:a9:1e:74:46:c6:2f:7d:04:
                    78:cf:8c:b2:66:de:b3:22:f4:8b:37:85:b1:f5:92:
                    04:e6:b5:85:43:86:e2:68:26:8a:7a:ec:80:f6:6c:
                    1f:fd:6d:ac:67:43:43:9f:04:83:68:0b:12:87:0b:
                    11:aa:eb:91:3e:ce:ae:31:aa:b1:2f:84:d9:fc:89:
                    5b:1f:ad:02:ec:8f:19:ae:04:42:76:4a:de:d8:96:
                    82:b7:60:30:e9:10:1c:77:52:e4:e2:47:af:89:f8:
                    bc:03:d9:ed:41:50:8e:5f:9f:59:6f:2f:ad:cd:a8:
                    d4:4b:3f:b4:1e:1e:6a:ed:0c:f0:30:0a:c9:45:16:
                    cf:0a:ca:ad:87:b0:b9:f1:a1:db:b9:9d:86:47:13:
                    b0:87:f1:4f:26:a7:ae:e2:a1:a4:49:34:f6:ca:29:
                    51:7b:3c:30:07:82:6f:0d:7b:a2:c9:ff:3e:50:ff:
                    00:33:e8:83:c7:9a:05:05:67:e6:fc:60:f6:fc:cb:
                    13:18:22:c8:da:02:58:fe:91:9e:69:5a:59:64:bb:
                    4e:ec:a1:73:a5:b4:2f:a0:dd:58:58:fb:de:7a:35:
                    f4:d3:f0:e4:cf:b1:34:c5:fc:a4:6a:cb:47:4c:df:
                    b0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DA:61:33:41:10:A4:C1:16:F0:12:B1:E8:AF:B3:12:A1:07:31:AC
            X509v3 Authority Key Identifier:
                keyid:CB:7E:05:3C:71:99:5A:CC:9B:F1:33:3F:E7:9C:3D:5B:FD:6E:96:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y34FPHGZWsyb8TM_55w9W_1ulk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/sNphM0EQpMEW8BKx6K-zEqEHMaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/78aad1-d61f-416e-af4c-93637d4168bd/1/y34FPHGZWsyb8TM_55w9W_1ulk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ea:52:2e:2e:d8:e2:60:3d:a7:73:2f:5a:96:3b:54:0f:03:
         7d:ac:a1:c8:1b:61:9b:80:01:3c:e8:44:ca:6d:8e:1c:e2:57:
         8f:8e:79:c0:aa:b4:d4:07:91:ab:3f:c8:3a:15:67:03:6b:87:
         b4:2c:c7:93:a7:e2:51:1e:f4:65:e2:ae:d4:31:85:12:da:ab:
         46:24:9a:94:52:c7:62:30:49:a6:59:4e:9e:43:35:82:dc:a7:
         e0:d4:9f:98:1f:7a:86:7d:ee:c0:61:48:a7:f2:d6:05:ad:9a:
         e4:67:87:e1:5c:fc:92:5a:81:b7:c7:e8:42:bf:7e:c7:95:dc:
         b3:7f:93:8c:82:96:a9:e4:89:71:46:a4:02:ec:43:e4:fd:b9:
         3d:87:c6:e4:5b:83:81:4d:48:0d:21:3e:fc:c7:da:06:b3:cd:
         cd:78:ea:20:c5:4d:a7:7e:c2:c8:1e:59:c0:74:da:be:b6:78:
         7d:d0:4d:ee:23:a6:ff:18:d1:de:2a:78:06:2b:2b:95:52:56:
         56:5d:c7:ab:e3:13:71:dd:6f:e0:a2:9a:e4:8f:6d:c9:37:79:
         da:23:b3:e1:13:74:ab:1b:9d:02:7a:d8:d6:12:85:9c:67:4d:
         7c:28:90:69:fd:a9:dd:cc:97:f5:f2:5b:c2:35:ef:2d:fa:bd:
         b9:bc:35:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzhVO4XFo2lB3ZbR6xXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiN2UwNTNjNzE5OTVhY2M5YmYxMzMzZmU3OWMzZDViZmQ2
ZTk2NGUwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGRhNjEzMzQxMTBhNGMxMTZmMDEyYjFlOGFmYjMxMmExMDczMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPylisAn5z/Vr0aHi8IUSJYpJc2A
qR50RsYvfQR4z4yyZt6zIvSLN4Wx9ZIE5rWFQ4biaCaKeuyA9mwf/W2sZ0NDnwSD
aAsShwsRquuRPs6uMaqxL4TZ/IlbH60C7I8ZrgRCdkre2JaCt2Aw6RAcd1Lk4kev
ifi8A9ntQVCOX59Zby+tzajUSz+0Hh5q7QzwMArJRRbPCsqth7C58aHbuZ2GRxOw
h/FPJqeu4qGkSTT2yilRezwwB4JvDXuiyf8+UP8AM+iDx5oFBWfm/GD2/MsTGCLI
2gJY/pGeaVpZZLtO7KFzpbQvoN1YWPveejX00/Dkz7E0xfykastHTN+wxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDaYTNBEKTBFvASseivsxKhBzGsMB8GA1UdIwQY
MBaAFMt+BTxxmVrMm/EzP+ecPVv9bpZOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTM0RlBIR1pXc3liOFRNXzU1dzlXXzF1bGs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83OGFhZDEtZDYxZi00MTZlLWFmNGMt
OTM2MzdkNDE2OGJkLzEvc05waE0wRVFwTUVXOEJLeDZLLXpFcUVITWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83OGFhZDEtZDYxZi00MTZlLWFmNGMtOTM2MzdkNDE2OGJk
LzEveTM0RlBIR1pXc3liOFRNXzU1dzlXXzF1bGs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5bMA0G
CSqGSIb3DQEBCwUAA4IBAQA46lIuLtjiYD2ncy9aljtUDwN9rKHIG2GbgAE86ETK
bY4c4lePjnnAqrTUB5GrP8g6FWcDa4e0LMeTp+JRHvRl4q7UMYUS2qtGJJqUUsdi
MEmmWU6eQzWC3Kfg1J+YH3qGfe7AYUin8tYFrZrkZ4fhXPySWoG3x+hCv37Hldyz
f5OMgpap5IlxRqQC7EPk/bk9h8bkW4OBTUgNIT78x9oGs83NeOogxU2nfsLIHlnA
dNq+tnh90E3uI6b/GNHeKngGKyuVUlZWXcer4xNx3W/goprkj23JN3naI7PhE3Sr
G50CetjWEoWcZ018KJBp/andzJf18lvCNe8t+r25vDXH
-----END CERTIFICATE-----