Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/V3pFGwYOpkuPkFPZjputgvZ1AiE.roa
File:                     V3pFGwYOpkuPkFPZjputgvZ1AiE.roa (raw, json)
Hash identifier:          WHTURTrTKg5wbHwcDr0BavUkDwLvDIXWbInCJeaWKls=
Subject key identifier:   57:7A:45:1B:06:0E:A6:4B:8F:90:53:D9:8E:9B:AD:82:F6:75:02:21
Certificate issuer:       /CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
Certificate serial:       018CCA99008A5067A603595B56DC8ADDDD9D
Authority key identifier: 0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/V3pFGwYOpkuPkFPZjputgvZ1AiE.roa
Signing time:             Tue 02 Jan 2024 14:34:33 +0000
ROA not before:           Tue 02 Jan 2024 14:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15422
IP address blocks:        193.104.231.0/24 maxlen: 24
                          195.24.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:00:8a:50:67:a6:03:59:5b:56:dc:8a:dd:dd:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
        Validity
            Not Before: Jan  2 14:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=577a451b060ea64b8f9053d98e9bad82f6750221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:76:5c:c0:36:15:93:9c:8d:7f:2a:26:cb:11:
                    79:47:ef:24:f6:56:9a:03:0f:a0:7b:f1:d3:c0:17:
                    5a:a3:23:71:cd:ee:0d:5d:7c:75:04:49:cb:a4:a1:
                    cd:1e:23:3e:60:11:de:ba:cc:e3:d6:81:cc:bd:85:
                    77:fd:3f:22:cb:eb:cf:47:85:81:01:f4:47:9a:50:
                    d7:47:2e:b6:f3:77:13:e0:21:5d:8d:eb:f2:96:8f:
                    e4:63:0e:4c:be:9a:7b:3d:56:64:e0:ba:a5:95:98:
                    36:ca:51:bc:c2:04:37:6b:7d:e9:fc:0f:81:f3:20:
                    f3:7a:41:ed:72:f0:a8:31:d5:ee:10:94:d1:3a:44:
                    59:51:e4:36:83:26:77:76:3b:a9:f6:34:2e:7e:30:
                    b4:62:a3:d2:21:61:09:84:f6:d1:71:77:9a:26:a2:
                    e3:d9:06:d9:d8:22:91:94:1d:90:28:c4:b4:24:5c:
                    42:b0:a7:9d:51:dd:af:ad:de:ae:95:3f:80:4b:4c:
                    05:68:e0:13:e2:9c:f8:22:a2:cb:95:54:de:2d:74:
                    6d:f6:f5:9f:73:01:13:67:92:ae:dd:40:39:b9:b6:
                    92:32:28:b1:0f:b7:04:04:2a:e0:11:5b:4a:32:ef:
                    c7:c9:65:21:fe:75:e5:8f:24:5b:dc:f4:36:e7:80:
                    db:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:7A:45:1B:06:0E:A6:4B:8F:90:53:D9:8E:9B:AD:82:F6:75:02:21
            X509v3 Authority Key Identifier:
                keyid:0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/V3pFGwYOpkuPkFPZjputgvZ1AiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.231.0/24
                  195.24.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:cc:01:c1:11:44:75:3c:ef:71:86:91:78:30:5c:34:da:96:
         3d:73:db:d3:a3:79:c9:e1:3e:d3:e8:08:0c:8e:ab:39:4a:3a:
         16:a4:97:5b:d3:0d:17:1d:aa:67:8c:fd:b4:4d:2e:12:2e:7e:
         03:0b:25:9d:21:69:70:f1:a6:16:f4:af:84:1d:29:fd:e3:c1:
         be:30:d4:66:c0:f5:32:cf:78:5e:ec:01:86:0d:3d:53:7b:9e:
         00:b8:71:0a:db:65:68:10:5d:75:b8:a4:78:d7:e0:f5:8f:d7:
         45:11:f8:2c:36:ba:01:d9:fb:10:af:1f:04:96:c7:da:38:f7:
         3c:4d:e1:fb:ff:54:48:5d:57:cb:b6:c3:3d:85:ee:8d:8d:f1:
         07:16:5f:e6:4f:15:0f:0b:bd:0b:54:35:dc:55:ad:3a:02:fe:
         b2:a0:45:ea:5a:81:db:80:83:71:29:06:78:12:fb:84:71:19:
         8f:b5:67:8e:16:30:2a:04:ef:d4:7e:30:63:04:d5:4d:fc:4f:
         25:82:10:b5:1b:41:69:f6:bd:6a:59:5b:b9:77:1d:da:3a:b9:
         31:f7:c4:9e:a6:0a:11:3a:2a:2e:3d:44:b5:19:7d:1c:46:15:
         1b:63:36:3f:f8:69:ba:0a:56:47:06:2c:d1:42:0b:51:f0:ca:
         5b:a1:d1:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmQCKUGemA1lbVtyK3d2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzkwMWM0MzBhZTM5ZmNiMDViZWI1YjM0MjY3ZjUyMjRm
MDRmNjEwHhcNMjQwMTAyMTQzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzdhNDUxYjA2MGVhNjRiOGY5MDUzZDk4ZTliYWQ4MmY2NzUwMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHZcwDYVk5yNfyomyxF5R+8k9laa
Aw+ge/HTwBdaoyNxze4NXXx1BEnLpKHNHiM+YBHeuszj1oHMvYV3/T8iy+vPR4WB
AfRHmlDXRy6283cT4CFdjevylo/kYw5Mvpp7PVZk4LqllZg2ylG8wgQ3a33p/A+B
8yDzekHtcvCoMdXuEJTROkRZUeQ2gyZ3djup9jQufjC0YqPSIWEJhPbRcXeaJqLj
2QbZ2CKRlB2QKMS0JFxCsKedUd2vrd6ulT+AS0wFaOAT4pz4IqLLlVTeLXRt9vWf
cwETZ5Ku3UA5ubaSMiixD7cEBCrgEVtKMu/HyWUh/nXljyRb3PQ254Db5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFd6RRsGDqZLj5BT2Y6brYL2dQIhMB8GA1UdIwQY
MBaAFA15AcQwrjn8sFvrWzQmf1Ik8E9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUt
MTcxZDlmMmNjZTNkLzEvVjNwRkd3WU9wa3VQa0ZQWmpwdXRndloxQWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUtMTcxZDlmMmNjZTNk
LzEvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWjnAwQB
wxj2MA0GCSqGSIb3DQEBCwUAA4IBAQAUzAHBEUR1PO9xhpF4MFw02pY9c9vTo3nJ
4T7T6AgMjqs5SjoWpJdb0w0XHapnjP20TS4SLn4DCyWdIWlw8aYW9K+EHSn948G+
MNRmwPUyz3he7AGGDT1Te54AuHEK22VoEF11uKR41+D1j9dFEfgsNroB2fsQrx8E
lsfaOPc8TeH7/1RIXVfLtsM9he6NjfEHFl/mTxUPC70LVDXcVa06Av6yoEXqWoHb
gINxKQZ4EvuEcRmPtWeOFjAqBO/UfjBjBNVN/E8lghC1G0Fp9r1qWVu5dx3aOrkx
98SepgoROiouPUS1GX0cRhUbYzY/+Gm6ClZHBizRQgtR8MpbodFt
-----END CERTIFICATE-----