Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/P4xo3G1SxSGSFzE0w7n-bFETBu8.roa
File:                     P4xo3G1SxSGSFzE0w7n-bFETBu8.roa (raw, json)
Hash identifier:          DYRObucHtQjjMk7cPaDPN6dylgKxMEpFSJoZxj5u1Zc=
Subject key identifier:   3F:8C:68:DC:6D:52:C5:21:92:17:31:34:C3:B9:FE:6C:51:13:06:EF
Certificate issuer:       /CN=893a58124ce9cc43783955255e7f583905cdb14e
Certificate serial:       018CC56E004189C8BACB3FBE3270E668D3AA
Authority key identifier: 89:3A:58:12:4C:E9:CC:43:78:39:55:25:5E:7F:58:39:05:CD:B1:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTpYEkzpzEN4OVUlXn9YOQXNsU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/P4xo3G1SxSGSFzE0w7n-bFETBu8.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41743
IP address blocks:        193.187.156.0/22 maxlen: 22
                          2a09:c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/iTpYEkzpzEN4OVUlXn9YOQXNsU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/iTpYEkzpzEN4OVUlXn9YOQXNsU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTpYEkzpzEN4OVUlXn9YOQXNsU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:00:41:89:c8:ba:cb:3f:be:32:70:e6:68:d3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893a58124ce9cc43783955255e7f583905cdb14e
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8c68dc6d52c52192173134c3b9fe6c511306ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:11:b7:ee:8a:20:14:34:3b:8c:88:b7:b9:89:
                    17:64:2e:99:59:12:27:f7:11:45:91:ba:4f:77:f6:
                    d5:45:9b:af:31:ed:69:89:f8:b2:3a:28:de:ab:4e:
                    56:f5:45:1b:51:c0:20:d5:09:81:f6:00:34:34:52:
                    7a:91:d7:ac:b6:96:e0:2b:a6:a6:48:ca:cc:5e:28:
                    fa:95:7e:39:57:c0:79:55:60:a4:a2:e4:43:11:bf:
                    b3:2c:c3:d4:83:b9:52:f9:2b:1a:60:e1:49:11:ee:
                    cc:56:ac:14:2b:e4:63:b3:31:3d:80:ef:75:01:c0:
                    be:49:69:62:0e:ff:6e:d6:c4:c0:f6:55:66:b8:87:
                    17:c0:81:53:da:1e:6a:e0:a9:92:8e:c8:b9:1e:5f:
                    7e:e1:70:d0:a8:ad:9d:90:b3:34:16:6e:e3:28:c9:
                    cd:cd:b9:68:66:ac:e9:ff:61:9f:67:82:f2:aa:85:
                    f1:76:2b:fe:02:0d:9b:3f:80:57:c7:90:b3:ba:01:
                    28:98:f4:86:4f:4f:ca:bf:bf:5d:cf:92:00:1b:73:
                    82:94:ac:2c:45:7e:ae:81:db:c5:86:b1:cf:35:26:
                    b8:d1:ce:8e:81:c1:8f:13:e5:b8:22:18:1d:b0:08:
                    e3:24:f8:d6:7a:6e:c1:72:9c:e4:52:96:3f:81:cd:
                    3b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8C:68:DC:6D:52:C5:21:92:17:31:34:C3:B9:FE:6C:51:13:06:EF
            X509v3 Authority Key Identifier:
                keyid:89:3A:58:12:4C:E9:CC:43:78:39:55:25:5E:7F:58:39:05:CD:B1:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTpYEkzpzEN4OVUlXn9YOQXNsU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/P4xo3G1SxSGSFzE0w7n-bFETBu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a352ba-c228-4a15-9168-303b8bc28bfa/1/iTpYEkzpzEN4OVUlXn9YOQXNsU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.187.156.0/22
                IPv6:
                  2a09:c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:69:41:fc:d2:54:f4:e2:46:fc:9a:b2:f2:f4:ab:b7:01:c3:
         79:bd:bf:80:a5:61:a8:b0:57:b2:76:84:fd:94:f0:77:09:d2:
         49:b8:c7:6b:29:a8:d8:6a:6f:f7:b0:42:bf:f9:0d:6e:2f:64:
         6a:5f:c3:de:5d:1c:15:57:67:6f:56:45:0e:6b:36:9b:e4:ae:
         60:86:72:3c:42:88:df:df:95:7b:7e:15:dc:6e:c4:81:6b:5f:
         78:09:18:24:92:30:b7:f7:71:11:9e:e4:65:15:33:4b:67:32:
         6d:7b:a2:8d:bf:39:7e:a9:41:72:14:0f:17:8a:96:fd:c3:5f:
         70:d8:f5:39:8e:cb:a8:44:3e:e9:45:92:50:ee:67:6d:01:c7:
         53:c0:ab:9c:53:18:84:b3:0a:17:47:d4:2c:38:ca:d9:41:f6:
         d4:32:4a:f2:01:39:63:93:d9:98:d9:93:4a:33:0f:8e:04:83:
         d8:48:99:f8:4c:7f:26:b7:7c:47:34:b0:cb:e3:a9:3c:10:50:
         be:75:75:bd:83:da:67:40:62:a1:9d:c2:ff:23:5c:5d:e2:d0:
         7e:97:66:ca:c6:4e:83:4a:be:38:63:8d:3c:b8:c1:e1:e2:1f:
         56:32:1c:2b:ed:57:21:92:b1:a1:15:cc:95:60:72:d0:8e:10:
         81:42:9e:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbgBBici6yz++MnDmaNOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2E1ODEyNGNlOWNjNDM3ODM5NTUyNTVlN2Y1ODM5MDVj
ZGIxNGUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhjNjhkYzZkNTJjNTIxOTIxNzMxMzRjM2I5ZmU2YzUxMTMwNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRG37oogFDQ7jIi3uYkXZC6ZWRIn
9xFFkbpPd/bVRZuvMe1pifiyOijeq05W9UUbUcAg1QmB9gA0NFJ6kdestpbgK6am
SMrMXij6lX45V8B5VWCkouRDEb+zLMPUg7lS+SsaYOFJEe7MVqwUK+RjszE9gO91
AcC+SWliDv9u1sTA9lVmuIcXwIFT2h5q4KmSjsi5Hl9+4XDQqK2dkLM0Fm7jKMnN
zbloZqzp/2GfZ4LyqoXxdiv+Ag2bP4BXx5CzugEomPSGT0/Kv79dz5IAG3OClKws
RX6ugdvFhrHPNSa40c6OgcGPE+W4IhgdsAjjJPjWem7BcpzkUpY/gc07cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD+MaNxtUsUhkhcxNMO5/mxREwbvMB8GA1UdIwQY
MBaAFIk6WBJM6cxDeDlVJV5/WDkFzbFOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRwWUVrenB6RU40T1ZVbFhuOVlPUVhOc1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hMzUyYmEtYzIyOC00YTE1LTkxNjgt
MzAzYjhiYzI4YmZhLzEvUDR4bzNHMVN4U0dTRnpFMHc3bi1iRkVUQnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hMzUyYmEtYzIyOC00YTE1LTkxNjgtMzAzYjhiYzI4YmZh
LzEvaVRwWUVrenB6RU40T1ZVbFhuOVlPUVhOc1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwbucMA0E
AgACMAcDBQMqCQyAMA0GCSqGSIb3DQEBCwUAA4IBAQB9aUH80lT04kb8mrLy9Ku3
AcN5vb+ApWGosFeydoT9lPB3CdJJuMdrKajYam/3sEK/+Q1uL2RqX8PeXRwVV2dv
VkUOazab5K5ghnI8Qojf35V7fhXcbsSBa194CRgkkjC393ERnuRlFTNLZzJte6KN
vzl+qUFyFA8Xipb9w19w2PU5jsuoRD7pRZJQ7mdtAcdTwKucUxiEswoXR9QsOMrZ
QfbUMkryATljk9mY2ZNKMw+OBIPYSJn4TH8mt3xHNLDL46k8EFC+dXW9g9pnQGKh
ncL/I1xd4tB+l2bKxk6DSr44Y408uMHh4h9WMhwr7VchkrGhFcyVYHLQjhCBQp7n
-----END CERTIFICATE-----