Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/oohi7G0i0sl4jQpOW68uQvSyQZ0.roa
File:                     oohi7G0i0sl4jQpOW68uQvSyQZ0.roa (raw, json)
Hash identifier:          ZYFQMZTVFLYbMFU4PuByl5h1/9E9Ex1Y13v0IiHn0D8=
Subject key identifier:   A2:88:62:EC:6D:22:D2:C9:78:8D:0A:4E:5B:AF:2E:42:F4:B2:41:9D
Certificate issuer:       /CN=bdf960b0ee6bc5d0f6a0c64a69f2f86259fdcd58
Certificate serial:       018CC8DF870B2CFBA21DD7A32D63DCAD1203
Authority key identifier: BD:F9:60:B0:EE:6B:C5:D0:F6:A0:C6:4A:69:F2:F8:62:59:FD:CD:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/oohi7G0i0sl4jQpOW68uQvSyQZ0.roa
Signing time:             Tue 02 Jan 2024 06:32:21 +0000
ROA not before:           Tue 02 Jan 2024 06:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49369
IP address blocks:        193.169.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:87:0b:2c:fb:a2:1d:d7:a3:2d:63:dc:ad:12:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf960b0ee6bc5d0f6a0c64a69f2f86259fdcd58
        Validity
            Not Before: Jan  2 06:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a28862ec6d22d2c9788d0a4e5baf2e42f4b2419d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6b:31:6a:5a:2e:7a:9e:3d:7e:72:9d:aa:b5:
                    e0:ad:5b:73:f2:76:63:30:ea:af:9a:27:4f:56:ad:
                    d1:f7:86:3c:16:df:e2:aa:70:07:c4:52:0a:79:03:
                    13:e2:e9:6c:af:8f:4a:8c:fd:36:91:c0:4b:57:f8:
                    d3:dc:21:1c:76:31:f0:f4:42:20:82:df:29:30:ae:
                    63:8f:a9:9a:17:aa:91:b6:b2:f3:27:9d:3a:35:22:
                    0a:95:e5:24:4f:55:ca:66:b4:9c:f3:36:67:c5:3c:
                    82:5a:9c:b8:35:d5:54:76:e9:39:26:86:c0:d6:34:
                    59:44:d4:76:3c:d0:a1:12:93:6d:02:f6:72:72:f9:
                    ae:b9:06:6e:b9:66:1c:1b:be:80:b2:af:46:83:26:
                    7b:38:a0:7e:01:60:c4:5e:37:6d:a2:01:64:a9:f5:
                    e8:50:74:39:3f:f6:ab:e1:de:2e:f3:3e:5a:d4:3c:
                    03:e1:29:c4:a3:f7:c3:8c:b2:d7:f5:61:c5:2f:54:
                    73:8f:0a:ce:ee:e8:9d:e1:02:d2:63:51:6f:08:b9:
                    b9:b1:79:3d:4e:55:fe:c2:88:36:01:c3:0a:45:64:
                    f9:94:14:16:ae:29:7f:5b:a1:67:78:8d:c8:94:df:
                    39:4b:59:14:f6:b9:a6:ec:f7:aa:49:07:81:aa:36:
                    3f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:88:62:EC:6D:22:D2:C9:78:8D:0A:4E:5B:AF:2E:42:F4:B2:41:9D
            X509v3 Authority Key Identifier:
                keyid:BD:F9:60:B0:EE:6B:C5:D0:F6:A0:C6:4A:69:F2:F8:62:59:FD:CD:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/oohi7G0i0sl4jQpOW68uQvSyQZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:e5:4a:cc:67:ba:a6:53:9f:86:12:7b:51:ea:cc:ad:a3:d9:
         bc:bc:43:d3:7a:7c:6f:e4:d0:c2:a8:35:5c:1f:be:bd:77:70:
         ed:d6:9c:49:98:14:21:74:1d:42:cd:e2:0e:00:17:e8:4f:70:
         5a:47:7f:c4:6c:6f:d0:e1:55:86:c5:a7:96:6c:28:35:24:21:
         53:a7:22:2c:3a:99:7c:89:ef:ad:5b:3d:fb:30:5d:07:34:29:
         59:e5:08:23:26:6f:82:9f:39:43:d0:6b:c7:3d:db:a1:a2:1c:
         3b:6b:50:19:d6:bb:e2:76:35:f0:fe:a3:04:b3:99:36:d1:26:
         0b:c2:89:15:9c:2c:65:54:66:a6:d4:b8:37:71:36:e9:24:b0:
         64:ba:3f:4b:5d:fe:95:68:fd:b5:44:ca:3b:8c:1e:89:93:27:
         26:4f:00:b3:9e:c9:fd:8f:b5:96:23:fa:ca:ad:12:d4:01:63:
         d1:c0:67:f2:28:08:0a:8c:d3:74:46:41:18:4b:ac:60:a9:3b:
         00:33:08:aa:94:b3:b3:66:fb:11:ed:66:9f:83:a3:fc:79:a7:
         c8:32:ce:34:78:59:e6:43:42:f5:34:64:4d:c8:c2:a5:cd:80:
         93:e8:5a:63:2f:10:42:d8:85:5e:78:99:dc:eb:64:61:c4:0c:
         4d:43:6a:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34cLLPuiHdejLWPcrRIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjk2MGIwZWU2YmM1ZDBmNmEwYzY0YTY5ZjJmODYyNTlm
ZGNkNTgwHhcNMjQwMTAyMDYzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg4NjJlYzZkMjJkMmM5Nzg4ZDBhNGU1YmFmMmU0MmY0YjI0MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Wsxalouep49fnKdqrXgrVtz8nZj
MOqvmidPVq3R94Y8Ft/iqnAHxFIKeQMT4ulsr49KjP02kcBLV/jT3CEcdjHw9EIg
gt8pMK5jj6maF6qRtrLzJ506NSIKleUkT1XKZrSc8zZnxTyCWpy4NdVUduk5JobA
1jRZRNR2PNChEpNtAvZycvmuuQZuuWYcG76Asq9GgyZ7OKB+AWDEXjdtogFkqfXo
UHQ5P/ar4d4u8z5a1DwD4SnEo/fDjLLX9WHFL1RzjwrO7uid4QLSY1FvCLm5sXk9
TlX+wog2AcMKRWT5lBQWril/W6FneI3IlN85S1kU9rmm7PeqSQeBqjY/SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKIYuxtItLJeI0KTluvLkL0skGdMB8GA1UdIwQY
MBaAFL35YLDua8XQ9qDGSmny+GJZ/c1YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZsZ3NPNXJ4ZEQyb01aS2FmTDRZbG45elZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMzY4NGEtMTJjMi00MjNhLWJkM2Et
M2RkZmZkZWI5MjA3LzEvb29oaTdHMGkwc2w0alFwT1c2OHVRdlN5UVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMzY4NGEtMTJjMi00MjNhLWJkM2EtM2RkZmZkZWI5MjA3
LzEvdmZsZ3NPNXJ4ZEQyb01aS2FmTDRZbG45elZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwakiMA0G
CSqGSIb3DQEBCwUAA4IBAQBT5UrMZ7qmU5+GEntR6syto9m8vEPTenxv5NDCqDVc
H769d3Dt1pxJmBQhdB1CzeIOABfoT3BaR3/EbG/Q4VWGxaeWbCg1JCFTpyIsOpl8
ie+tWz37MF0HNClZ5QgjJm+CnzlD0GvHPduhohw7a1AZ1rvidjXw/qMEs5k20SYL
wokVnCxlVGam1Lg3cTbpJLBkuj9LXf6VaP21RMo7jB6JkycmTwCznsn9j7WWI/rK
rRLUAWPRwGfyKAgKjNN0RkEYS6xgqTsAMwiqlLOzZvsR7Wafg6P8eafIMs40eFnm
Q0L1NGRNyMKlzYCT6FpjLxBC2IVeeJnc62RhxAxNQ2o1
-----END CERTIFICATE-----