Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/RP0gebLVRG2omORUJdBcDsuEcN0.roa
File:                     RP0gebLVRG2omORUJdBcDsuEcN0.roa (raw, json)
Hash identifier:          l5xTPNZV1DfT+WqYvm72hqccbPSauqPLdMe6jisY1nY=
Subject key identifier:   44:FD:20:79:B2:D5:44:6D:A8:98:E4:54:25:D0:5C:0E:CB:84:70:DD
Certificate issuer:       /CN=1120a0ce013e2d52a6ff354a270894bb998e4547
Certificate serial:       018CC49230CDCEE1CC4AB914CE8F2347496B
Authority key identifier: 11:20:A0:CE:01:3E:2D:52:A6:FF:35:4A:27:08:94:BB:99:8E:45:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ESCgzgE-LVKm_zVKJwiUu5mORUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/RP0gebLVRG2omORUJdBcDsuEcN0.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15442
IP address blocks:        193.17.120.0/21 maxlen: 24
                          193.17.96.0/21 maxlen: 24
                          193.17.104.0/21 maxlen: 24
                          193.17.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/ESCgzgE-LVKm_zVKJwiUu5mORUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/ESCgzgE-LVKm_zVKJwiUu5mORUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ESCgzgE-LVKm_zVKJwiUu5mORUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:30:cd:ce:e1:cc:4a:b9:14:ce:8f:23:47:49:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1120a0ce013e2d52a6ff354a270894bb998e4547
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44fd2079b2d5446da898e45425d05c0ecb8470dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:44:77:6a:8e:2b:cf:cf:bd:6d:d9:d7:ad:dc:
                    ef:83:1b:03:d3:5f:b4:23:a8:e9:9d:03:11:d4:5a:
                    64:a3:6c:e9:da:67:94:ca:d0:a4:10:ee:40:6a:ca:
                    76:3d:df:ac:dc:0c:8a:88:99:d6:e6:7c:51:b7:d0:
                    41:87:f3:bf:75:4b:d1:6a:bb:46:89:6c:26:6c:1f:
                    38:d2:a9:9c:f8:1c:e3:b8:36:80:b9:85:e3:b1:24:
                    18:dc:24:20:7d:27:f2:7d:b9:eb:ba:91:7c:09:58:
                    e4:71:b3:8b:9d:78:c2:45:06:22:e5:85:c5:37:1c:
                    dd:cb:5d:94:75:71:14:80:1f:d6:f6:4e:46:93:9e:
                    95:f9:ca:46:d0:9d:9f:f2:46:d9:b1:71:fa:19:b7:
                    9c:aa:58:09:46:d0:ed:60:98:6c:35:5f:10:45:f9:
                    ca:7e:db:2b:50:c3:8e:ba:33:ba:29:0f:1a:b3:13:
                    59:87:08:27:e2:bb:18:bd:6e:70:02:99:41:52:a9:
                    e4:ac:b9:91:59:be:04:8f:da:6b:c7:8d:df:e4:a1:
                    91:7e:f8:43:cb:f5:af:87:b9:43:e1:6b:de:5f:e6:
                    74:85:89:79:c1:c1:e0:a6:63:b1:a2:9d:3c:49:66:
                    2c:81:01:7f:46:48:d1:c8:25:7a:dd:c0:bb:ce:34:
                    58:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FD:20:79:B2:D5:44:6D:A8:98:E4:54:25:D0:5C:0E:CB:84:70:DD
            X509v3 Authority Key Identifier:
                keyid:11:20:A0:CE:01:3E:2D:52:A6:FF:35:4A:27:08:94:BB:99:8E:45:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ESCgzgE-LVKm_zVKJwiUu5mORUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/RP0gebLVRG2omORUJdBcDsuEcN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/421498-28d3-4376-b625-31af3e294671/1/ESCgzgE-LVKm_zVKJwiUu5mORUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         84:19:ea:dc:9e:5b:00:54:36:99:83:4c:3a:18:ea:15:39:bb:
         69:73:e4:dc:ac:57:2a:31:81:45:6f:64:5d:63:35:d3:d5:49:
         a4:34:99:fb:bd:7e:a9:08:49:bc:c6:31:ba:61:eb:b3:77:4c:
         c6:f1:af:4c:d0:bf:33:c3:7d:24:6a:35:6f:1e:ad:89:6c:3d:
         14:2a:71:13:a3:d3:7a:dd:6e:2e:20:af:57:80:67:96:bb:72:
         90:01:58:ff:84:b9:e0:b0:77:dd:75:50:8d:5c:0b:6e:54:14:
         14:68:99:b7:be:08:4b:e1:dc:47:67:cf:a7:a9:f0:b2:e1:4b:
         82:d9:3c:90:d7:f3:55:a0:09:97:04:cd:65:2c:0f:f2:06:08:
         4a:b7:59:4c:32:2a:13:81:1d:97:bf:e9:82:90:da:b4:2b:15:
         dd:08:a6:36:93:41:4a:5f:e3:34:f2:14:5c:c6:72:9f:ce:fc:
         04:9f:1a:d5:76:cd:30:c8:3d:ca:9b:e8:c9:0a:c1:da:b4:00:
         58:4a:85:57:21:aa:40:20:b8:10:e0:a1:b7:d7:23:90:d3:90:
         7c:c7:3c:e6:54:5e:4e:4e:dd:7b:32:91:9e:9f:59:08:e8:73:
         9d:ab:40:58:2d:4d:94:28:f6:ec:c3:82:4d:1f:6a:b4:f6:24:
         2a:95:f5:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjDNzuHMSrkUzo8jR0lrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMjBhMGNlMDEzZTJkNTJhNmZmMzU0YTI3MDg5NGJiOTk4
ZTQ1NDcwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGZkMjA3OWIyZDU0NDZkYTg5OGU0NTQyNWQwNWMwZWNiODQ3MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkR3ao4rz8+9bdnXrdzvgxsD01+0
I6jpnQMR1Fpko2zp2meUytCkEO5Aasp2Pd+s3AyKiJnW5nxRt9BBh/O/dUvRartG
iWwmbB840qmc+BzjuDaAuYXjsSQY3CQgfSfyfbnrupF8CVjkcbOLnXjCRQYi5YXF
Nxzdy12UdXEUgB/W9k5Gk56V+cpG0J2f8kbZsXH6GbecqlgJRtDtYJhsNV8QRfnK
ftsrUMOOujO6KQ8asxNZhwgn4rsYvW5wAplBUqnkrLmRWb4Ej9prx43f5KGRfvhD
y/Wvh7lD4WveX+Z0hYl5wcHgpmOxop08SWYsgQF/RkjRyCV63cC7zjRYJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFET9IHmy1URtqJjkVCXQXA7LhHDdMB8GA1UdIwQY
MBaAFBEgoM4BPi1Spv81SicIlLuZjkVHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVNDZ3pnRS1MVkttX3pWS0p3aVV1NW1PUlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MjE0OTgtMjhkMy00Mzc2LWI2MjUt
MzFhZjNlMjk0NjcxLzEvUlAwZ2ViTFZSRzJvbU9SVUpkQmNEc3VFY04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MjE0OTgtMjhkMy00Mzc2LWI2MjUtMzFhZjNlMjk0Njcx
LzEvRVNDZ3pnRS1MVkttX3pWS0p3aVV1NW1PUlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwRFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCEGercnlsAVDaZg0w6GOoVObtpc+TcrFcqMYFFb2Rd
YzXT1UmkNJn7vX6pCEm8xjG6Yeuzd0zG8a9M0L8zw30kajVvHq2JbD0UKnETo9N6
3W4uIK9XgGeWu3KQAVj/hLngsHfddVCNXAtuVBQUaJm3vghL4dxHZ8+nqfCy4UuC
2TyQ1/NVoAmXBM1lLA/yBghKt1lMMioTgR2Xv+mCkNq0KxXdCKY2k0FKX+M08hRc
xnKfzvwEnxrVds0wyD3Km+jJCsHatABYSoVXIapAILgQ4KG31yOQ05B8xzzmVF5O
Tt17MpGen1kI6HOdq0BYLU2UKPbsw4JNH2q09iQqlfV3
-----END CERTIFICATE-----