Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/jrDINB4aHPzkYR_max4ADKPh9fU.roa
File:                     jrDINB4aHPzkYR_max4ADKPh9fU.roa (raw, json)
Hash identifier:          fR24q285Wc9aUKou3WQM35aeEZUlbuMA1h0wTi72Oqw=
Subject key identifier:   8E:B0:C8:34:1E:1A:1C:FC:E4:61:1F:E6:6B:1E:00:0C:A3:E1:F5:F5
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC45EB791FC8C00C7C88FDD2E01ECA
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/jrDINB4aHPzkYR_max4ADKPh9fU.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45029
IP address blocks:        193.232.166.0/24 maxlen: 24
                          2a0c:a9c7:166::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:45:eb:79:1f:c8:c0:0c:7c:88:fd:d2:e0:1e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eb0c8341e1a1cfce4611fe66b1e000ca3e1f5f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:db:f4:5e:cd:2a:5f:fc:da:9d:3a:07:42:7d:
                    e9:53:1e:69:f3:ea:7d:0e:a5:36:d3:94:e9:f9:0c:
                    39:c8:33:5a:45:c6:c9:83:d1:2c:4b:02:5e:a1:18:
                    d7:dc:82:74:22:91:9a:f3:4b:08:7c:0c:2d:f4:f9:
                    4e:0f:cf:92:c4:e3:cd:69:ef:19:96:81:b2:3f:6f:
                    96:b1:41:25:3e:27:55:59:ce:75:94:80:f6:d6:17:
                    21:65:93:89:89:e9:ce:63:30:72:9b:70:45:49:ff:
                    d7:81:a0:cc:5f:6b:cd:6f:0e:85:ea:ad:40:05:a7:
                    a3:b5:53:d1:21:56:4f:4c:dc:c0:84:cb:03:30:5b:
                    ff:8f:0b:b4:ce:7f:ba:23:3c:df:21:3a:31:e4:c9:
                    08:15:19:a6:35:ca:6c:f6:6e:f8:70:76:61:8f:c5:
                    29:91:fd:3d:25:b6:65:0b:28:86:b5:99:0a:83:a8:
                    48:57:8c:32:12:68:19:7e:c6:2e:b7:7a:d5:c6:f3:
                    bd:ba:62:09:7d:f5:ff:a9:03:45:bb:f1:7a:64:0f:
                    e1:48:05:a1:ff:0e:fc:bf:ce:41:0c:ec:47:9d:05:
                    2e:e9:ac:df:f5:46:a4:6b:61:56:e4:df:84:ef:70:
                    b4:af:4a:6f:7c:cb:2a:49:4f:8c:8e:d2:22:40:20:
                    c0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B0:C8:34:1E:1A:1C:FC:E4:61:1F:E6:6B:1E:00:0C:A3:E1:F5:F5
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/jrDINB4aHPzkYR_max4ADKPh9fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.166.0/24
                IPv6:
                  2a0c:a9c7:166::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:76:38:9b:96:92:70:fe:2c:76:6a:60:7e:bf:15:30:76:31:
         ff:a9:c4:49:dd:bc:05:66:79:49:f9:f8:b0:93:9a:45:5e:e5:
         06:37:3f:e6:a0:0a:d8:fe:56:0f:54:78:6c:e0:1d:2e:3e:f0:
         eb:3f:85:4c:75:c2:cf:d5:d0:b4:82:a9:d7:1e:62:a6:29:4a:
         f2:e6:a0:5c:0a:69:15:af:0a:e4:5f:6c:c4:51:5b:36:3e:c0:
         6b:f7:d8:32:8c:ff:2e:19:2a:a8:fb:95:79:78:5e:ed:ec:4b:
         19:be:aa:4d:3d:e1:74:be:11:e4:a9:61:98:5f:1a:c6:8a:06:
         7f:28:bd:d9:f1:ef:a5:df:b2:03:5b:e4:b4:39:85:46:8d:a3:
         53:3a:3e:73:52:30:c8:98:e6:ab:59:90:6e:3e:38:e9:88:30:
         90:3a:a5:b7:2f:a6:47:b0:29:fa:62:98:c6:56:8e:55:2c:2e:
         70:e2:41:60:ed:52:6a:f0:df:9f:b6:1b:54:60:e8:33:a8:5d:
         31:63:d1:68:b1:ab:ed:63:e9:c9:cc:24:5c:28:75:31:86:0c:
         8b:11:fe:a7:27:0c:2e:06:45:23:9e:b0:53:ae:c6:3d:85:57:
         fe:b5:a5:7c:4d:e5:2a:9c:fe:1a:5d:7f:81:8e:1f:c1:05:87:
         65:b2:55:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3EXreR/IwAx8iP3S4B7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWIwYzgzNDFlMWExY2ZjZTQ2MTFmZTY2YjFlMDAwY2EzZTFmNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNv0Xs0qX/zanToHQn3pUx5p8+p9
DqU205Tp+Qw5yDNaRcbJg9EsSwJeoRjX3IJ0IpGa80sIfAwt9PlOD8+SxOPNae8Z
loGyP2+WsUElPidVWc51lID21hchZZOJienOYzBym3BFSf/XgaDMX2vNbw6F6q1A
BaejtVPRIVZPTNzAhMsDMFv/jwu0zn+6IzzfITox5MkIFRmmNcps9m74cHZhj8Up
kf09JbZlCyiGtZkKg6hIV4wyEmgZfsYut3rVxvO9umIJffX/qQNFu/F6ZA/hSAWh
/w78v85BDOxHnQUu6azf9Uaka2FW5N+E73C0r0pvfMsqSU+MjtIiQCDAdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI6wyDQeGhz85GEf5mseAAyj4fX1MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvanJESU5CNGFIUHprWVJfbWF4NEFES1BoOWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweimMA8E
AgACMAkDBwAqDKnHAWYwDQYJKoZIhvcNAQELBQADggEBAIB2OJuWknD+LHZqYH6/
FTB2Mf+pxEndvAVmeUn5+LCTmkVe5QY3P+agCtj+Vg9UeGzgHS4+8Os/hUx1ws/V
0LSCqdceYqYpSvLmoFwKaRWvCuRfbMRRWzY+wGv32DKM/y4ZKqj7lXl4Xu3sSxm+
qk094XS+EeSpYZhfGsaKBn8ovdnx76XfsgNb5LQ5hUaNo1M6PnNSMMiY5qtZkG4+
OOmIMJA6pbcvpkewKfpimMZWjlUsLnDiQWDtUmrw35+2G1Rg6DOoXTFj0Wixq+1j
6cnMJFwodTGGDIsR/qcnDC4GRSOesFOuxj2FV/61pXxN5Sqc/hpdf4GOH8EFh2Wy
VeU=
-----END CERTIFICATE-----