Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/P43WRaMgov-fVBLRXaSQ5RDsUAs.roa
File:                     P43WRaMgov-fVBLRXaSQ5RDsUAs.roa (raw, json)
Hash identifier:          dFM1i343LUBQniwioeTaAK7pHA5Xof7xGBElaEQXDhw=
Subject key identifier:   3F:8D:D6:45:A3:20:A2:FF:9F:54:12:D1:5D:A4:90:E5:10:EC:50:0B
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018CC8021EA3BC8FDE0E953CFCDD12F1ABF7
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/P43WRaMgov-fVBLRXaSQ5RDsUAs.roa
Signing time:             Tue 02 Jan 2024 02:30:31 +0000
ROA not before:           Tue 02 Jan 2024 02:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49063
IP address blocks:        193.0.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:1e:a3:bc:8f:de:0e:95:3c:fc:dd:12:f1:ab:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 02:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8dd645a320a2ff9f5412d15da490e510ec500b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:42:e4:52:0e:7b:33:c3:d9:6d:75:9b:4a:64:
                    ec:93:5e:0a:90:ec:8d:c1:e4:b5:4a:ac:3b:7a:53:
                    bc:ec:d8:cc:16:f4:fa:96:24:f6:76:f4:8a:e9:8c:
                    40:26:a1:e1:fb:cf:d2:df:46:d9:6a:1d:da:3b:21:
                    44:03:3c:76:17:84:2e:47:57:d8:35:3e:5e:1f:5c:
                    a5:4f:c0:f3:28:b5:39:1c:e9:19:5c:1a:42:93:93:
                    e7:2c:b4:4c:9e:4e:19:3a:f6:de:6a:39:b9:3d:6a:
                    4f:b9:ff:c8:09:87:f5:18:8e:2c:00:b9:0b:54:72:
                    8e:35:d5:51:94:d1:46:92:8e:91:94:96:b3:5a:c1:
                    80:64:55:27:87:1e:44:ef:9e:87:83:4f:77:2f:5f:
                    20:24:17:46:c8:a0:3e:c5:24:31:dd:14:ca:ef:cc:
                    fe:67:0c:7d:9c:36:e0:08:33:26:7d:d4:fd:6c:ed:
                    b7:70:bb:3f:44:10:e9:d1:81:59:69:1a:ca:8c:ce:
                    93:74:66:9b:ea:93:19:12:dd:19:ef:b3:01:2c:77:
                    51:ae:30:63:f2:84:07:25:ca:68:e9:cd:be:e2:a8:
                    66:1a:82:35:37:f5:77:7a:19:2d:c9:2b:92:bb:bf:
                    ad:c3:3e:87:59:2d:c7:6f:fc:7b:b3:f1:1d:c1:4f:
                    53:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8D:D6:45:A3:20:A2:FF:9F:54:12:D1:5D:A4:90:E5:10:EC:50:0B
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/P43WRaMgov-fVBLRXaSQ5RDsUAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:bb:6e:07:63:c3:b5:14:05:27:f0:58:d2:a2:9b:11:32:05:
         7b:5e:c3:61:57:e4:9f:f2:bc:6d:43:ef:86:f3:80:82:76:a2:
         81:60:bc:16:04:35:55:f6:51:6e:ce:ae:70:42:d6:9b:be:16:
         9a:0b:7a:bf:10:98:59:be:37:a7:70:84:a5:4e:d1:a3:f4:98:
         de:6c:7b:f5:e1:2e:85:72:03:cc:cf:a7:e5:db:14:05:88:a5:
         fd:6b:fe:53:90:d9:1a:07:1e:5c:8a:5c:55:ea:19:94:1d:a5:
         32:51:4f:65:96:ab:e4:e6:54:da:8b:83:de:76:3d:f2:4a:ea:
         3f:fe:da:5d:95:5f:f1:8d:f0:f6:65:71:27:49:be:5d:0f:af:
         93:46:5d:16:3f:67:aa:be:a5:80:a6:34:b4:df:12:f4:20:5e:
         fc:60:06:78:43:da:dd:be:c9:85:ae:a5:6c:d2:62:f6:ed:d8:
         b9:0b:71:24:fd:6f:9d:bd:3b:86:84:79:7b:68:28:08:f0:eb:
         35:50:23:54:1f:be:6a:65:73:c5:1d:f9:48:88:cc:c1:ad:00:
         1e:ae:47:a8:4c:90:e5:c5:8a:41:7b:f1:a3:fe:ee:ee:19:0a:
         e6:0e:2e:1f:b8:7b:4c:23:d9:67:7e:85:65:c6:fb:d7:f9:dc:
         80:b2:4d:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAh6jvI/eDpU8/N0S8av3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMTAyMDIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhkZDY0NWEzMjBhMmZmOWY1NDEyZDE1ZGE0OTBlNTEwZWM1MDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiELkUg57M8PZbXWbSmTsk14KkOyN
weS1Sqw7elO87NjMFvT6liT2dvSK6YxAJqHh+8/S30bZah3aOyFEAzx2F4QuR1fY
NT5eH1ylT8DzKLU5HOkZXBpCk5PnLLRMnk4ZOvbeajm5PWpPuf/ICYf1GI4sALkL
VHKONdVRlNFGko6RlJazWsGAZFUnhx5E756Hg093L18gJBdGyKA+xSQx3RTK78z+
Zwx9nDbgCDMmfdT9bO23cLs/RBDp0YFZaRrKjM6TdGab6pMZEt0Z77MBLHdRrjBj
8oQHJcpo6c2+4qhmGoI1N/V3ehktySuSu7+twz6HWS3Hb/x7s/EdwU9T2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+N1kWjIKL/n1QS0V2kkOUQ7FALMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvUDQzV1JhTWdvdi1mVkJMUlhhU1E1UkRzVUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDlMA0G
CSqGSIb3DQEBCwUAA4IBAQA6u24HY8O1FAUn8FjSopsRMgV7XsNhV+Sf8rxtQ++G
84CCdqKBYLwWBDVV9lFuzq5wQtabvhaaC3q/EJhZvjencISlTtGj9JjebHv14S6F
cgPMz6fl2xQFiKX9a/5TkNkaBx5cilxV6hmUHaUyUU9llqvk5lTai4Pedj3ySuo/
/tpdlV/xjfD2ZXEnSb5dD6+TRl0WP2eqvqWApjS03xL0IF78YAZ4Q9rdvsmFrqVs
0mL27di5C3Ek/W+dvTuGhHl7aCgI8Os1UCNUH75qZXPFHflIiMzBrQAerkeoTJDl
xYpBe/Gj/u7uGQrmDi4fuHtMI9lnfoVlxvvX+dyAsk1f
-----END CERTIFICATE-----