Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/kRaGswYSpf73Qf7Yv4qByxscliE.roa
File:                     kRaGswYSpf73Qf7Yv4qByxscliE.roa (raw, json)
Hash identifier:          zXrTHEbyIYKzr5D8u6Qa751VzE5XlaUxpLuLyOGFIKk=
Subject key identifier:   91:16:86:B3:06:12:A5:FE:F7:41:FE:D8:BF:8A:81:CB:1B:1C:96:21
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9EEC3F6A2A3CA7478F568149ABB100FF
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/kRaGswYSpf73Qf7Yv4qByxscliE.roa
Signing time:             Tue 02 Apr 2024 13:07:46 +0000
ROA not before:           Tue 02 Apr 2024 13:07:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204957
IP address blocks:        193.8.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:ec:3f:6a:2a:3c:a7:47:8f:56:81:49:ab:b1:00:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 13:07:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=911686b30612a5fef741fed8bf8a81cb1b1c9621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:27:2b:5c:99:b2:ca:87:ba:33:ff:ef:40:9e:
                    35:ff:33:05:c2:8b:e2:ee:da:29:60:b4:9a:27:0d:
                    52:f5:b5:20:8c:51:4b:93:1b:11:25:13:11:55:41:
                    af:3f:b8:34:5b:c6:2f:05:b1:7a:f2:bc:02:22:ca:
                    4b:08:f6:00:17:e2:99:7e:b0:be:86:a0:3c:ca:bf:
                    70:31:41:c7:52:99:f6:b9:cd:65:42:61:7f:93:19:
                    aa:d2:fa:6c:1f:14:fe:18:c9:21:63:35:32:89:72:
                    5a:cf:c2:9f:98:c9:51:cc:6d:d7:58:ed:2a:ba:ec:
                    e1:a6:13:9b:33:64:9b:53:93:ec:ae:d9:0e:ad:34:
                    96:a1:42:38:24:3a:32:26:0c:9f:ad:80:ec:f4:06:
                    c4:ec:6b:84:eb:a0:36:99:a5:b1:70:d3:32:31:00:
                    79:1f:63:08:5b:29:bd:79:cf:3d:7b:15:1e:4c:09:
                    b3:62:e5:87:62:10:25:61:21:ef:b2:f0:37:61:5b:
                    b7:d1:38:8d:dc:62:57:0f:3c:5b:02:f9:b7:e0:d1:
                    61:a7:8b:17:fe:16:97:15:a2:30:7e:35:b4:50:a2:
                    d2:7c:9d:76:2c:2f:32:d3:7f:94:12:92:3f:ff:8c:
                    98:b2:55:0b:90:a4:f5:b8:a7:e3:38:97:bd:78:57:
                    81:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:16:86:B3:06:12:A5:FE:F7:41:FE:D8:BF:8A:81:CB:1B:1C:96:21
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/kRaGswYSpf73Qf7Yv4qByxscliE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:3f:6b:2f:4f:dd:88:27:36:7c:cb:0e:d8:64:f4:b4:49:3a:
         39:dd:b4:e0:2e:e6:ab:05:87:10:10:0a:27:66:60:28:25:6e:
         62:03:a0:88:56:d2:fd:68:c9:99:f5:e6:32:b7:e5:f6:23:f7:
         f8:a7:74:78:57:ed:b5:81:b0:42:da:57:a2:aa:05:ad:43:23:
         29:03:e1:1d:42:b3:7e:6c:53:5a:92:69:83:ee:07:88:a3:57:
         8b:f5:0d:9b:76:b4:cd:e0:3d:77:5b:55:5a:a5:1d:87:68:1e:
         80:58:0e:ef:0a:33:9a:d8:7b:58:23:76:2f:2f:b0:73:6b:4d:
         db:96:b7:36:17:65:a6:8f:b8:a7:fa:dd:4f:55:65:85:23:e3:
         d7:45:16:9b:9f:7f:ab:83:bc:00:0b:47:4f:94:bd:d7:88:83:
         35:3e:a2:ef:3c:5b:05:e7:75:71:50:4a:99:69:f2:c6:8f:32:
         79:e2:5a:05:22:a4:e5:0c:c2:44:c9:c8:f1:13:8a:8a:b5:b0:
         24:47:a9:45:38:1e:82:61:d6:11:0a:8d:bc:0e:f5:16:e7:d1:
         b7:b4:0f:e8:c2:08:84:b9:44:73:81:0f:22:bc:32:6b:7c:9d:
         04:3f:c2:de:bd:c0:97:77:24:34:24:19:94:5f:2c:30:27:9e:
         ee:f0:e7:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6e7D9qKjynR49WgUmrsQD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTMwNzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE2ODZiMzA2MTJhNWZlZjc0MWZlZDhiZjhhODFjYjFiMWM5NjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlycrXJmyyoe6M//vQJ41/zMFwovi
7topYLSaJw1S9bUgjFFLkxsRJRMRVUGvP7g0W8YvBbF68rwCIspLCPYAF+KZfrC+
hqA8yr9wMUHHUpn2uc1lQmF/kxmq0vpsHxT+GMkhYzUyiXJaz8KfmMlRzG3XWO0q
uuzhphObM2SbU5PsrtkOrTSWoUI4JDoyJgyfrYDs9AbE7GuE66A2maWxcNMyMQB5
H2MIWym9ec89exUeTAmzYuWHYhAlYSHvsvA3YVu30TiN3GJXDzxbAvm34NFhp4sX
/haXFaIwfjW0UKLSfJ12LC8y03+UEpI//4yYslULkKT1uKfjOJe9eFeBlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEWhrMGEqX+90H+2L+KgcsbHJYhMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEva1JhR3N3WVNwZjczUWY3WXY0cUJ5eHNjbGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhLMA0G
CSqGSIb3DQEBCwUAA4IBAQAuP2svT92IJzZ8yw7YZPS0STo53bTgLuarBYcQEAon
ZmAoJW5iA6CIVtL9aMmZ9eYyt+X2I/f4p3R4V+21gbBC2leiqgWtQyMpA+EdQrN+
bFNakmmD7geIo1eL9Q2bdrTN4D13W1VapR2HaB6AWA7vCjOa2HtYI3YvL7Bza03b
lrc2F2Wmj7in+t1PVWWFI+PXRRabn3+rg7wAC0dPlL3XiIM1PqLvPFsF53VxUEqZ
afLGjzJ54loFIqTlDMJEycjxE4qKtbAkR6lFOB6CYdYRCo28DvUW59G3tA/owgiE
uURzgQ8ivDJrfJ0EP8LevcCXdyQ0JBmUXywwJ57u8OcY
-----END CERTIFICATE-----