Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/chKAQjKLdtlq9kL4h4y1g19hli8.roa
File:                     chKAQjKLdtlq9kL4h4y1g19hli8.roa (raw, json)
Hash identifier:          JFsKC8DTcP+1OSi0Nk84Jd7DSTYq+TGa+xIJCw3f8wY=
Subject key identifier:   72:12:80:42:32:8B:76:D9:6A:F6:42:F8:87:8C:B5:83:5F:61:96:2F
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       018CC500B84C64645C6BA47719E86A3D9569
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/chKAQjKLdtlq9kL4h4y1g19hli8.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41826
IP address blocks:        193.34.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b8:4c:64:64:5c:6b:a4:77:19:e8:6a:3d:95:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72128042328b76d96af642f8878cb5835f61962f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4a:9d:68:e6:fe:34:38:06:e1:cb:48:23:3c:
                    8c:c7:a8:ad:25:b2:d3:91:1b:e2:55:f3:b6:0d:ac:
                    b9:04:60:f4:a3:1e:1b:b9:eb:c4:34:7d:5e:96:b7:
                    53:cd:d8:be:74:b8:07:65:bc:e3:c5:44:1b:f4:d1:
                    0b:45:80:e3:b9:52:cb:b6:f0:13:17:89:49:05:ee:
                    bb:2b:3e:c7:93:c8:d2:e8:49:6c:0c:83:08:0b:4d:
                    49:59:35:85:8c:ae:86:83:d1:e1:8c:bc:30:6e:b3:
                    59:3b:6e:d5:73:7f:a7:15:7a:17:db:ef:30:b9:9f:
                    a1:d5:2a:ce:a6:6a:86:1d:28:39:8f:23:1f:ad:a5:
                    9c:30:88:31:d4:1e:3b:8e:83:16:36:7f:8c:b8:51:
                    37:59:f5:cb:17:d8:45:6d:08:65:38:4e:7b:2f:bc:
                    b6:1a:11:af:3f:d2:c1:ea:f8:e1:43:d1:8f:35:ce:
                    fa:a7:02:90:67:32:74:f8:f6:38:5a:a1:ae:f2:3f:
                    f7:b5:98:3c:da:5e:ac:2c:58:e6:95:30:8a:54:0c:
                    04:c8:f5:f1:0f:1a:48:9b:33:d8:f2:67:e5:0c:8b:
                    b6:e6:fa:fa:2c:47:be:32:65:5f:a4:9d:ef:a7:4a:
                    ad:8c:51:c6:b2:da:3c:45:8d:20:53:77:b5:32:ed:
                    02:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:12:80:42:32:8B:76:D9:6A:F6:42:F8:87:8C:B5:83:5F:61:96:2F
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/chKAQjKLdtlq9kL4h4y1g19hli8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:00:58:c9:19:50:5e:e7:3c:2c:13:91:6c:d7:6c:45:52:ca:
         2f:80:52:5f:51:ac:52:4c:05:36:ee:18:b2:38:ca:ea:c0:21:
         75:81:97:51:0f:fe:fc:32:81:3b:00:93:0e:55:8f:21:29:ed:
         a0:a0:6f:3d:d1:7e:75:b0:b1:ca:60:ec:b1:8c:9e:9d:7a:a4:
         d0:86:56:e8:9b:05:28:39:a3:fb:e7:d7:87:57:b5:ca:dd:c9:
         77:86:c4:a7:8a:1b:c5:ea:f3:11:8b:b4:24:c0:c2:c9:c7:ea:
         5b:9b:ac:0c:cf:e3:0f:4e:ad:0b:45:06:bb:b4:87:ed:1e:21:
         28:9e:5f:e6:58:05:6a:c3:fd:89:be:8c:04:05:34:52:54:b4:
         09:9e:49:1c:bb:3e:53:d6:43:d5:1e:4f:21:d9:45:83:68:51:
         c8:15:81:18:e3:c1:c6:13:7e:d7:98:4f:ba:b1:c7:92:bb:34:
         58:1c:92:54:ae:3c:b9:f4:84:ad:2c:11:22:5f:e4:b2:50:5c:
         f1:45:5f:f8:3f:ab:73:fd:28:6b:b7:c9:49:40:51:9d:1f:e8:
         9c:b8:1f:a2:30:71:80:19:c0:3b:64:15:3d:4b:1e:49:11:3e:
         e5:2c:02:c1:ec:6b:f7:76:d1:55:7b:eb:27:eb:03:8b:17:5a:
         52:1e:96:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALhMZGRca6R3GehqPZVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjEyODA0MjMyOGI3NmQ5NmFmNjQyZjg4NzhjYjU4MzVmNjE5NjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUqdaOb+NDgG4ctIIzyMx6itJbLT
kRviVfO2Day5BGD0ox4buevENH1elrdTzdi+dLgHZbzjxUQb9NELRYDjuVLLtvAT
F4lJBe67Kz7Hk8jS6ElsDIMIC01JWTWFjK6Gg9HhjLwwbrNZO27Vc3+nFXoX2+8w
uZ+h1SrOpmqGHSg5jyMfraWcMIgx1B47joMWNn+MuFE3WfXLF9hFbQhlOE57L7y2
GhGvP9LB6vjhQ9GPNc76pwKQZzJ0+PY4WqGu8j/3tZg82l6sLFjmlTCKVAwEyPXx
DxpImzPY8mflDIu25vr6LEe+MmVfpJ3vp0qtjFHGsto8RY0gU3e1Mu0CQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHISgEIyi3bZavZC+IeMtYNfYZYvMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvY2hLQVFqS0xkdGxxOWtMNGg0eTFnMTlobGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSKkMA0G
CSqGSIb3DQEBCwUAA4IBAQAFAFjJGVBe5zwsE5Fs12xFUsovgFJfUaxSTAU27hiy
OMrqwCF1gZdRD/78MoE7AJMOVY8hKe2goG890X51sLHKYOyxjJ6deqTQhlbomwUo
OaP759eHV7XK3cl3hsSnihvF6vMRi7QkwMLJx+pbm6wMz+MPTq0LRQa7tIftHiEo
nl/mWAVqw/2JvowEBTRSVLQJnkkcuz5T1kPVHk8h2UWDaFHIFYEY48HGE37XmE+6
sceSuzRYHJJUrjy59IStLBEiX+SyUFzxRV/4P6tz/Shrt8lJQFGdH+icuB+iMHGA
GcA7ZBU9Sx5JET7lLALB7Gv3dtFVe+sn6wOLF1pSHpaq
-----END CERTIFICATE-----