Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/9ESaw7LkRjIbURl0qyIUVrwp478.roa
File:                     9ESaw7LkRjIbURl0qyIUVrwp478.roa (raw, json)
Hash identifier:          ocJL1bjZy6iPqR0CNskAtJrOJU+qfs00mexAINUiElQ=
Subject key identifier:   F4:44:9A:C3:B2:E4:46:32:1B:51:19:74:AB:22:14:56:BC:29:E3:BF
Certificate issuer:       /CN=03f3f8259b30ec03722f942035a94e209f882861
Certificate serial:       018CC2DB24D9A5362AC72DAB5F74ED976245
Authority key identifier: 03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/9ESaw7LkRjIbURl0qyIUVrwp478.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43341
IP address blocks:        193.46.36.0/22 maxlen: 22
                          2a0c:d240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:24:d9:a5:36:2a:c7:2d:ab:5f:74:ed:97:62:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f3f8259b30ec03722f942035a94e209f882861
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4449ac3b2e446321b511974ab221456bc29e3bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:96:30:90:50:87:cf:ff:57:67:7b:28:92:0d:
                    ab:ee:68:d9:7d:ff:9f:59:41:95:ba:e5:6a:de:5e:
                    7e:11:ae:84:b4:89:a5:aa:95:2a:8e:7c:d8:ea:b4:
                    0b:33:bc:d5:b8:70:76:9b:72:66:2f:eb:12:9f:55:
                    a3:36:1e:7b:85:2d:16:41:31:a1:05:62:dd:ce:98:
                    70:de:6d:aa:4a:a8:b2:97:50:88:1d:b1:a3:dd:e3:
                    f8:59:8a:dd:b3:8e:d4:9b:ec:ea:11:d4:13:c9:8c:
                    cd:ff:1c:68:b2:9f:52:9c:7a:d7:2e:95:93:54:f9:
                    89:75:4f:dc:5e:9f:fb:3d:c9:c9:5a:c3:5e:66:2c:
                    b5:00:02:38:1f:7d:8f:c2:1a:21:93:e5:97:b6:82:
                    25:6f:97:d6:37:66:6e:71:e5:87:44:1f:ae:03:28:
                    a9:7b:71:19:9f:2d:f5:8c:a0:ab:3d:41:bb:a0:bc:
                    c9:a9:a5:2f:02:8e:22:cd:2d:d2:1b:49:1f:4b:8c:
                    e0:59:55:b1:d0:33:36:38:4d:a0:e2:4f:ea:74:8e:
                    cf:5b:57:cb:30:83:84:5d:4f:74:c9:6a:87:8a:1b:
                    31:4f:dc:ef:18:f4:eb:90:76:d4:7b:19:4a:71:93:
                    15:ff:60:d6:48:54:61:a4:3c:2d:a9:e5:09:38:4a:
                    14:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:44:9A:C3:B2:E4:46:32:1B:51:19:74:AB:22:14:56:BC:29:E3:BF
            X509v3 Authority Key Identifier:
                keyid:03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/9ESaw7LkRjIbURl0qyIUVrwp478.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.36.0/22
                IPv6:
                  2a0c:d240::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:5f:c5:60:89:da:6e:76:3f:52:8e:e8:d6:f6:1c:c6:51:05:
         29:5b:27:96:94:21:64:0b:f2:57:4c:c8:69:9a:c0:e6:82:f1:
         02:fe:af:bf:43:c8:0c:c4:20:93:db:41:81:9b:6d:34:c4:b0:
         db:a1:8f:12:26:f8:a3:06:bb:fb:6e:0d:be:a2:e6:fa:71:4c:
         cb:8e:11:4e:96:eb:a4:01:0c:a0:9b:a8:bc:a2:53:e5:41:e1:
         1e:91:c4:4f:52:fb:a7:33:12:8c:24:49:fd:c6:8f:05:27:c5:
         a3:ad:5d:e0:dd:09:38:48:d3:f5:f7:21:6a:99:6c:a6:00:9d:
         a3:73:b7:1a:f5:01:8a:0c:50:87:0c:cc:29:83:1b:38:ee:7e:
         98:21:91:15:a1:66:f9:ac:6c:fd:3b:df:5d:cb:20:3e:1c:62:
         d5:94:6c:2b:f6:3c:50:b3:5c:ba:db:5e:a5:9a:db:55:33:80:
         fd:1f:c4:26:11:99:02:5c:37:c9:db:d5:68:78:cc:b0:01:ee:
         8b:29:5d:8d:6b:10:a3:bf:ab:45:cb:9e:c4:31:da:8e:a0:6d:
         ad:f9:d6:9a:02:60:99:8d:9b:88:c1:ce:69:96:b4:82:d9:62:
         f5:53:a4:e6:19:e2:d1:e1:5c:d6:44:7f:19:18:5a:a8:9c:5f:
         5d:b5:12:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2yTZpTYqxy2rX3Ttl2JFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjNmODI1OWIzMGVjMDM3MjJmOTQyMDM1YTk0ZTIwOWY4
ODI4NjEwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDQ0OWFjM2IyZTQ0NjMyMWI1MTE5NzRhYjIyMTQ1NmJjMjllM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpYwkFCHz/9XZ3sokg2r7mjZff+f
WUGVuuVq3l5+Ea6EtImlqpUqjnzY6rQLM7zVuHB2m3JmL+sSn1WjNh57hS0WQTGh
BWLdzphw3m2qSqiyl1CIHbGj3eP4WYrds47Um+zqEdQTyYzN/xxosp9SnHrXLpWT
VPmJdU/cXp/7PcnJWsNeZiy1AAI4H32Pwhohk+WXtoIlb5fWN2ZuceWHRB+uAyip
e3EZny31jKCrPUG7oLzJqaUvAo4izS3SG0kfS4zgWVWx0DM2OE2g4k/qdI7PW1fL
MIOEXU90yWqHihsxT9zvGPTrkHbUexlKcZMV/2DWSFRhpDwtqeUJOEoUlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPREmsOy5EYyG1EZdKsiFFa8KeO/MB8GA1UdIwQY
MBaAFAPz+CWbMOwDci+UIDWpTiCfiChhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQt
YWIxMzM1NmU1ZmVjLzEvOUVTYXc3TGtSakliVVJsMHF5SVVWcndwNDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQtYWIxMzM1NmU1ZmVj
LzEvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwS4kMA0E
AgACMAcDBQMqDNJAMA0GCSqGSIb3DQEBCwUAA4IBAQBwX8Vgidpudj9SjujW9hzG
UQUpWyeWlCFkC/JXTMhpmsDmgvEC/q+/Q8gMxCCT20GBm200xLDboY8SJvijBrv7
bg2+oub6cUzLjhFOluukAQygm6i8olPlQeEekcRPUvunMxKMJEn9xo8FJ8WjrV3g
3Qk4SNP19yFqmWymAJ2jc7ca9QGKDFCHDMwpgxs47n6YIZEVoWb5rGz9O99dyyA+
HGLVlGwr9jxQs1y6216lmttVM4D9H8QmEZkCXDfJ29VoeMywAe6LKV2NaxCjv6tF
y57EMdqOoG2t+daaAmCZjZuIwc5plrSC2WL1U6TmGeLR4VzWRH8ZGFqonF9dtRIO
-----END CERTIFICATE-----