Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/Fsq3EtqxJ66Ukb_quBPDVhDYI5w.roa
File:                     Fsq3EtqxJ66Ukb_quBPDVhDYI5w.roa (raw, json)
Hash identifier:          H1Rx50utuZwxtnbVT1WuXsXtdEEItUkT/mrIJHUmjEM=
Subject key identifier:   16:CA:B7:12:DA:B1:27:AE:94:91:BF:EA:B8:13:C3:56:10:D8:23:9C
Certificate issuer:       /CN=d75ba0594d065ab722465cfa305eff8d41617fa8
Certificate serial:       018CC7954B1DB1C525746E44CCF51B5519FF
Authority key identifier: D7:5B:A0:59:4D:06:5A:B7:22:46:5C:FA:30:5E:FF:8D:41:61:7F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/11ugWU0GWrciRlz6MF7_jUFhf6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/Fsq3EtqxJ66Ukb_quBPDVhDYI5w.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48343
IP address blocks:        193.33.192.0/24 maxlen: 24
                          193.33.192.0/23 maxlen: 23
                          193.33.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/11ugWU0GWrciRlz6MF7_jUFhf6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/11ugWU0GWrciRlz6MF7_jUFhf6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/11ugWU0GWrciRlz6MF7_jUFhf6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4b:1d:b1:c5:25:74:6e:44:cc:f5:1b:55:19:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d75ba0594d065ab722465cfa305eff8d41617fa8
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16cab712dab127ae9491bfeab813c35610d8239c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:98:d2:33:88:46:15:bf:6c:fa:81:ee:3e:be:
                    2d:57:7f:56:3c:15:aa:c8:9e:90:35:f8:7f:d8:6b:
                    c0:c6:42:b4:93:07:89:0e:c4:35:ad:40:41:f4:74:
                    0f:2a:c8:8c:e3:5e:15:99:cb:76:27:53:bd:19:73:
                    a9:b7:0b:87:4b:f5:c2:12:4f:db:8f:ae:47:bb:ca:
                    29:73:b7:90:d1:4a:13:87:a8:7e:c7:ab:f7:32:44:
                    c0:b3:3a:e2:19:40:a1:98:bb:79:35:e9:25:04:7b:
                    5b:14:9b:ba:dd:86:f9:e3:ad:09:2c:e7:30:4e:b5:
                    f8:1e:db:db:10:10:45:1d:b9:52:34:12:bc:31:ec:
                    1a:6c:9d:61:0e:45:36:4b:6b:a2:ac:2a:19:f3:0f:
                    92:34:69:61:92:68:1d:54:cd:ec:12:ba:a3:8c:92:
                    e3:2d:10:7f:f6:7f:7f:43:e5:b8:01:ad:1a:ce:fc:
                    f2:5e:65:99:e6:3d:2d:fc:05:8c:cf:cf:b5:1d:64:
                    d6:25:33:0d:b5:a7:22:d2:25:f9:5d:d9:bc:12:1e:
                    1f:a1:14:84:74:6c:b4:ed:58:ca:06:8f:17:d7:0d:
                    88:2d:a4:aa:50:04:f3:60:0a:04:f0:03:a7:a1:21:
                    12:0b:74:c8:eb:30:fa:aa:27:b7:af:88:c5:16:dc:
                    85:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:CA:B7:12:DA:B1:27:AE:94:91:BF:EA:B8:13:C3:56:10:D8:23:9C
            X509v3 Authority Key Identifier:
                keyid:D7:5B:A0:59:4D:06:5A:B7:22:46:5C:FA:30:5E:FF:8D:41:61:7F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/11ugWU0GWrciRlz6MF7_jUFhf6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/Fsq3EtqxJ66Ukb_quBPDVhDYI5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/a6ca0f-5489-43a1-a1a5-2def38e45ba0/1/11ugWU0GWrciRlz6MF7_jUFhf6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:0a:8c:2b:81:49:7f:18:db:85:95:b2:39:01:04:aa:47:16:
         85:76:f9:19:b9:7e:30:1b:c0:63:ab:85:3f:c9:82:ee:57:e5:
         85:a2:0a:d3:bc:73:35:fa:e7:4b:63:2f:9c:d0:08:2c:5c:f1:
         82:c8:01:f7:a3:f1:e4:f7:dd:da:d7:0b:0c:b6:0a:37:29:9a:
         09:af:1b:0b:a5:0d:34:93:be:18:c5:5d:b2:93:13:49:f5:39:
         22:98:d2:87:2b:ef:83:b8:8b:41:d7:73:08:0a:38:03:aa:2b:
         35:c3:66:56:e3:1d:cd:dc:cf:58:4c:a8:54:44:85:33:dc:46:
         66:34:a4:0b:8a:c8:84:65:9d:27:db:20:00:e3:91:f0:3d:f7:
         e6:d0:e8:07:27:81:41:4a:eb:e0:af:d9:1d:a9:24:39:02:db:
         6d:dd:b9:20:e2:7d:98:2b:00:c1:36:47:0b:93:a2:fd:e8:7f:
         f6:ef:90:27:3f:69:48:2b:e7:a2:51:45:37:95:74:91:23:7a:
         37:a1:ee:2e:10:f8:fb:c7:27:a0:dd:d1:cc:b5:29:4e:56:31:
         d7:22:8c:95:da:47:16:16:82:e6:ef:58:a5:c8:ca:06:7d:de:
         8b:db:19:de:f5:10:45:7b:24:b3:39:45:0f:e1:20:ce:a2:a3:
         7c:64:44:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUsdscUldG5EzPUbVRn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NWJhMDU5NGQwNjVhYjcyMjQ2NWNmYTMwNWVmZjhkNDE2
MTdmYTgwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmNhYjcxMmRhYjEyN2FlOTQ5MWJmZWFiODEzYzM1NjEwZDgyMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpjSM4hGFb9s+oHuPr4tV39WPBWq
yJ6QNfh/2GvAxkK0kweJDsQ1rUBB9HQPKsiM414Vmct2J1O9GXOptwuHS/XCEk/b
j65Hu8opc7eQ0UoTh6h+x6v3MkTAszriGUChmLt5NeklBHtbFJu63Yb5460JLOcw
TrX4HtvbEBBFHblSNBK8MewabJ1hDkU2S2uirCoZ8w+SNGlhkmgdVM3sErqjjJLj
LRB/9n9/Q+W4Aa0azvzyXmWZ5j0t/AWMz8+1HWTWJTMNtaci0iX5Xdm8Eh4foRSE
dGy07VjKBo8X1w2ILaSqUATzYAoE8AOnoSESC3TI6zD6qie3r4jFFtyFuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbKtxLasSeulJG/6rgTw1YQ2COcMB8GA1UdIwQY
MBaAFNdboFlNBlq3IkZc+jBe/41BYX+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTF1Z1dVMEdXcmNpUmx6Nk1GN19qVUZoZjZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9hNmNhMGYtNTQ4OS00M2ExLWExYTUt
MmRlZjM4ZTQ1YmEwLzEvRnNxM0V0cXhKNjZVa2JfcXVCUERWaERZSTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9hNmNhMGYtNTQ4OS00M2ExLWExYTUtMmRlZjM4ZTQ1YmEw
LzEvMTF1Z1dVMEdXcmNpUmx6Nk1GN19qVUZoZjZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSHAMA0G
CSqGSIb3DQEBCwUAA4IBAQAICowrgUl/GNuFlbI5AQSqRxaFdvkZuX4wG8Bjq4U/
yYLuV+WFogrTvHM1+udLYy+c0AgsXPGCyAH3o/Hk993a1wsMtgo3KZoJrxsLpQ00
k74YxV2ykxNJ9TkimNKHK++DuItB13MICjgDqis1w2ZW4x3N3M9YTKhURIUz3EZm
NKQLisiEZZ0n2yAA45HwPffm0OgHJ4FBSuvgr9kdqSQ5Attt3bkg4n2YKwDBNkcL
k6L96H/275AnP2lIK+eiUUU3lXSRI3o3oe4uEPj7xyeg3dHMtSlOVjHXIoyV2kcW
FoLm71ilyMoGfd6L2xne9RBFeySzOUUP4SDOoqN8ZESk
-----END CERTIFICATE-----