Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/msuImJO_o4oR1O6uUQOxkSVzufw.roa
File:                     msuImJO_o4oR1O6uUQOxkSVzufw.roa (raw, json)
Hash identifier:          bSWP60/C7CScbo4rxaKvStncSJiR2QfZOjdD6gVT8tg=
Subject key identifier:   9A:CB:88:98:93:BF:A3:8A:11:D4:EE:AE:51:03:B1:91:25:73:B9:FC
Certificate issuer:       /CN=f02e3224e3e32928192628d26487d500f2707765
Certificate serial:       018CC56EBB3829334D52884C2F653A3A83B4
Authority key identifier: F0:2E:32:24:E3:E3:29:28:19:26:28:D2:64:87:D5:00:F2:70:77:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/msuImJO_o4oR1O6uUQOxkSVzufw.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204642
IP address blocks:        193.203.96.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 02:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bb:38:29:33:4d:52:88:4c:2f:65:3a:3a:83:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02e3224e3e32928192628d26487d500f2707765
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9acb889893bfa38a11d4eeae5103b1912573b9fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4d:59:bc:c6:da:fa:b0:e3:f2:cc:18:e9:cd:
                    87:e1:7b:3d:68:8f:f0:fb:c4:20:ac:32:a3:8a:3a:
                    18:e8:45:c0:91:1e:f6:38:06:35:31:b1:89:65:53:
                    dd:b6:89:2c:55:8a:2f:ac:b1:e4:1d:fb:09:b9:88:
                    27:39:8f:f5:c4:f1:c1:68:4e:dc:44:e0:73:42:f6:
                    71:15:ff:9c:24:3d:c2:c5:0e:a9:1b:11:57:ea:fd:
                    d1:6c:4f:e6:4b:7b:9c:7d:f2:1a:d0:94:10:4f:ba:
                    0f:2c:85:04:87:11:a1:73:ce:78:03:d3:4b:7a:51:
                    52:32:2d:85:b6:e9:0e:f3:d8:f8:9e:92:07:89:5f:
                    b3:69:5b:6b:9c:69:c5:c1:e8:d4:24:7d:e0:76:a2:
                    0e:4a:21:9a:4a:3d:7c:59:df:a0:c6:74:73:e2:c5:
                    fc:8d:75:12:0d:ef:a7:b9:6f:58:d1:b1:48:e6:e0:
                    7f:01:ef:0c:7b:b1:40:6b:bc:ee:17:d7:e4:83:96:
                    86:4d:6b:d3:1c:1c:ae:1c:3e:e2:ac:fa:79:44:c9:
                    09:fe:04:1d:1a:b2:b2:59:b3:ee:e4:cd:9f:ca:b1:
                    8c:68:3a:b2:7f:f1:7e:c0:38:dd:18:65:79:71:76:
                    09:b1:2a:4c:52:38:07:28:e3:fc:41:54:57:b8:d0:
                    10:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CB:88:98:93:BF:A3:8A:11:D4:EE:AE:51:03:B1:91:25:73:B9:FC
            X509v3 Authority Key Identifier:
                keyid:F0:2E:32:24:E3:E3:29:28:19:26:28:D2:64:87:D5:00:F2:70:77:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/msuImJO_o4oR1O6uUQOxkSVzufw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:fc:54:11:34:b5:8d:e7:6f:a9:09:3a:14:f5:ad:00:df:bf:
         c4:63:6f:b4:9f:99:da:71:2e:8e:19:33:9a:92:91:1c:f9:bf:
         c6:0a:a0:6a:8d:15:4d:30:ed:a9:bb:17:b8:91:a7:91:96:ac:
         85:7a:7a:0d:e6:56:cb:a5:1a:d9:7c:42:de:3a:9d:88:f5:de:
         45:26:7b:ab:6c:81:88:5b:f4:04:34:d9:8a:af:f3:02:eb:4b:
         13:a9:c4:ba:3e:23:03:66:5c:42:0e:84:ab:40:da:cf:37:66:
         b8:e1:cd:2f:89:03:ac:cd:ee:85:99:54:b4:bd:c7:fd:48:cd:
         4f:6a:4b:82:0b:51:5e:b8:22:79:41:60:74:60:de:d2:c6:9f:
         6c:9f:09:3d:b7:5d:b6:c0:a8:c3:ec:68:cf:3e:f7:c9:fc:b1:
         1e:63:24:c1:a5:52:91:20:aa:7a:3a:72:f8:dd:c2:78:41:cd:
         43:c8:2b:ef:58:92:20:5e:dc:ec:8e:57:14:40:da:f6:f4:9f:
         a9:3a:84:19:60:38:1d:4f:19:13:8d:b3:3d:bf:fe:36:08:0e:
         94:95:3d:31:7c:25:68:e7:78:ea:c8:e5:0c:52:b0:87:32:cc:
         0d:20:94:63:54:93:7e:b0:44:59:b2:8e:2f:76:f7:8f:e2:06:
         7d:d1:0a:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrs4KTNNUohML2U6OoO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmUzMjI0ZTNlMzI5MjgxOTI2MjhkMjY0ODdkNTAwZjI3
MDc3NjUwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNiODg5ODkzYmZhMzhhMTFkNGVlYWU1MTAzYjE5MTI1NzNiOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk1ZvMba+rDj8swY6c2H4Xs9aI/w
+8QgrDKjijoY6EXAkR72OAY1MbGJZVPdtoksVYovrLHkHfsJuYgnOY/1xPHBaE7c
ROBzQvZxFf+cJD3CxQ6pGxFX6v3RbE/mS3ucffIa0JQQT7oPLIUEhxGhc854A9NL
elFSMi2FtukO89j4npIHiV+zaVtrnGnFwejUJH3gdqIOSiGaSj18Wd+gxnRz4sX8
jXUSDe+nuW9Y0bFI5uB/Ae8Me7FAa7zuF9fkg5aGTWvTHByuHD7irPp5RMkJ/gQd
GrKyWbPu5M2fyrGMaDqyf/F+wDjdGGV5cXYJsSpMUjgHKOP8QVRXuNAQzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrLiJiTv6OKEdTurlEDsZElc7n8MB8GA1UdIwQY
MBaAFPAuMiTj4ykoGSYo0mSH1QDycHdlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEM0eUpPUGpLU2daSmlqU1pJZlZBUEp3ZDJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yNjg4OTAtZDUwOS00NTFlLWI5ZWUt
ZmI5OTUzYzA3ZjE1LzEvbXN1SW1KT19vNG9SMU82dVVRT3hrU1Z6dWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yNjg4OTAtZDUwOS00NTFlLWI5ZWUtZmI5OTUzYzA3ZjE1
LzEvOEM0eUpPUGpLU2daSmlqU1pJZlZBUEp3ZDJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwctgMA0G
CSqGSIb3DQEBCwUAA4IBAQAk/FQRNLWN52+pCToU9a0A37/EY2+0n5nacS6OGTOa
kpEc+b/GCqBqjRVNMO2puxe4kaeRlqyFenoN5lbLpRrZfELeOp2I9d5FJnurbIGI
W/QENNmKr/MC60sTqcS6PiMDZlxCDoSrQNrPN2a44c0viQOsze6FmVS0vcf9SM1P
akuCC1FeuCJ5QWB0YN7Sxp9snwk9t122wKjD7GjPPvfJ/LEeYyTBpVKRIKp6OnL4
3cJ4Qc1DyCvvWJIgXtzsjlcUQNr29J+pOoQZYDgdTxkTjbM9v/42CA6UlT0xfCVo
53jqyOUMUrCHMswNIJRjVJN+sERZso4vdveP4gZ90QoU
-----END CERTIFICATE-----