Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/cPdfZ_8udiHrZrehYR9NRmbzTpE.roa
File:                     cPdfZ_8udiHrZrehYR9NRmbzTpE.roa (raw, json)
Hash identifier:          kRzlX4z7PCSjJWDclxej2m9ThE2+h23M92kxRJHRaYw=
Subject key identifier:   70:F7:5F:67:FF:2E:76:21:EB:66:B7:A1:61:1F:4D:46:66:F3:4E:91
Certificate issuer:       /CN=4477c699593ae2d61bc3743353b09d220429fe4a
Certificate serial:       018CCA2A258F4F53F2D1D08D356C7274FBCD
Authority key identifier: 44:77:C6:99:59:3A:E2:D6:1B:C3:74:33:53:B0:9D:22:04:29:FE:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/cPdfZ_8udiHrZrehYR9NRmbzTpE.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62098
IP address blocks:        193.30.167.0/24 maxlen: 24
                          2a0a:31c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:25:8f:4f:53:f2:d1:d0:8d:35:6c:72:74:fb:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4477c699593ae2d61bc3743353b09d220429fe4a
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70f75f67ff2e7621eb66b7a1611f4d4666f34e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4d:f8:c8:be:37:72:33:61:f2:9d:c8:66:55:
                    37:ad:84:dc:63:64:08:5f:84:e7:05:d1:f2:d3:1c:
                    7d:2d:80:ca:e2:86:ca:d4:bd:26:22:27:2a:d1:b7:
                    88:1e:6e:95:61:6f:13:6f:d0:45:92:22:ef:12:1e:
                    3e:d5:5d:18:62:9e:b3:ad:02:38:26:84:6e:35:d0:
                    3f:cc:1b:a2:87:24:10:fb:29:b5:7d:d8:6a:8b:49:
                    ae:b3:ba:b6:9b:1a:f5:ea:59:4d:29:8b:60:c1:ca:
                    dc:e6:bd:1d:96:c6:5c:86:a6:b6:02:fb:aa:da:65:
                    e4:6b:01:60:c8:13:41:9c:d7:0c:45:2b:d5:87:f2:
                    37:f5:0d:c4:78:03:a6:20:6b:d6:af:ae:c5:2b:b1:
                    b5:2b:2f:da:0e:dc:57:73:b4:96:fb:a3:56:c1:5b:
                    5a:0a:07:4b:f6:e1:b8:8a:dc:d3:ff:00:8b:b0:b8:
                    d4:08:c6:84:73:c6:4d:a2:2f:f6:e3:99:c5:58:2a:
                    92:3e:67:eb:b0:74:dc:ca:14:78:c5:82:a7:a4:09:
                    ee:6c:36:d9:35:c8:88:2e:77:14:bb:3c:f4:82:72:
                    b0:98:d1:3d:bb:0c:0b:eb:50:58:1a:7d:93:64:73:
                    21:59:c1:3a:64:a3:64:d5:86:8d:af:2f:bb:bd:50:
                    c8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F7:5F:67:FF:2E:76:21:EB:66:B7:A1:61:1F:4D:46:66:F3:4E:91
            X509v3 Authority Key Identifier:
                keyid:44:77:C6:99:59:3A:E2:D6:1B:C3:74:33:53:B0:9D:22:04:29:FE:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/cPdfZ_8udiHrZrehYR9NRmbzTpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.167.0/24
                IPv6:
                  2a0a:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:38:98:ca:94:f8:34:cf:6b:75:47:01:8b:e8:bd:fc:e0:4b:
         56:f6:92:64:af:9a:4b:b3:dd:f7:bf:8d:16:55:c7:9e:44:d4:
         46:31:f9:9f:0c:88:da:14:94:61:e9:bf:dd:d5:3a:00:92:29:
         e5:d1:55:a3:78:5e:14:b9:ea:0d:66:2d:0b:10:e9:b4:5f:33:
         32:7d:f2:cc:6b:a7:cb:17:59:e4:68:7c:7b:f1:af:3d:2c:f8:
         f5:ed:47:e8:8f:03:ad:6a:d8:f0:52:80:97:d6:c4:8f:45:c0:
         bc:af:57:ad:4d:cd:46:dc:3d:be:3e:76:12:cd:9b:d6:1b:88:
         77:dd:77:da:ca:36:7b:d4:93:1e:0e:05:f5:3f:85:0d:35:0a:
         b6:57:fd:be:9c:4e:42:7c:a8:93:26:87:b5:34:ac:2f:44:90:
         9d:5b:27:1c:7a:96:12:5d:56:50:ce:50:3c:54:72:00:f2:09:
         1c:5c:8f:21:0e:11:f8:f4:28:2c:1f:ea:28:24:fa:1c:ea:f7:
         6a:29:23:08:07:fe:52:f8:98:25:13:a8:2a:52:8d:f2:2f:02:
         e4:1b:ad:fc:3f:4c:c1:07:08:80:1d:46:75:07:07:5f:02:78:
         6f:a5:d3:b6:e9:5d:d0:bc:1a:d3:aa:75:7c:6e:06:b4:0a:76:
         18:90:1e:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKiWPT1Py0dCNNWxydPvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzdjNjk5NTkzYWUyZDYxYmMzNzQzMzUzYjA5ZDIyMDQy
OWZlNGEwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGY3NWY2N2ZmMmU3NjIxZWI2NmI3YTE2MTFmNGQ0NjY2ZjM0ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgU34yL43cjNh8p3IZlU3rYTcY2QI
X4TnBdHy0xx9LYDK4obK1L0mIicq0beIHm6VYW8Tb9BFkiLvEh4+1V0YYp6zrQI4
JoRuNdA/zBuihyQQ+ym1fdhqi0mus7q2mxr16llNKYtgwcrc5r0dlsZchqa2Avuq
2mXkawFgyBNBnNcMRSvVh/I39Q3EeAOmIGvWr67FK7G1Ky/aDtxXc7SW+6NWwVta
CgdL9uG4itzT/wCLsLjUCMaEc8ZNoi/245nFWCqSPmfrsHTcyhR4xYKnpAnubDbZ
NciILncUuzz0gnKwmNE9uwwL61BYGn2TZHMhWcE6ZKNk1YaNry+7vVDIXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHD3X2f/LnYh62a3oWEfTUZm806RMB8GA1UdIwQY
MBaAFER3xplZOuLWG8N0M1OwnSIEKf5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhmR21WazY0dFlidzNRelU3Q2RJZ1FwX2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80YmMyNDItNjQ2Mi00MTFhLWIxYWEt
ZGQzMDViODUxNTcwLzEvY1BkZlpfOHVkaUhyWnJlaFlSOU5SbWJ6VHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80YmMyNDItNjQ2Mi00MTFhLWIxYWEtZGQzMDViODUxNTcw
LzEvUkhmR21WazY0dFlidzNRelU3Q2RJZ1FwX2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwR6nMA0E
AgACMAcDBQMqCjHAMA0GCSqGSIb3DQEBCwUAA4IBAQCROJjKlPg0z2t1RwGL6L38
4EtW9pJkr5pLs933v40WVceeRNRGMfmfDIjaFJRh6b/d1ToAkinl0VWjeF4UueoN
Zi0LEOm0XzMyffLMa6fLF1nkaHx78a89LPj17UfojwOtatjwUoCX1sSPRcC8r1et
Tc1G3D2+PnYSzZvWG4h33XfayjZ71JMeDgX1P4UNNQq2V/2+nE5CfKiTJoe1NKwv
RJCdWyccepYSXVZQzlA8VHIA8gkcXI8hDhH49CgsH+ooJPoc6vdqKSMIB/5S+Jgl
E6gqUo3yLwLkG638P0zBBwiAHUZ1BwdfAnhvpdO26V3QvBrTqnV8bga0CnYYkB6U
-----END CERTIFICATE-----