Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/gQqG-NESYatWDizIqN6008kUmAs.roa
File:                     gQqG-NESYatWDizIqN6008kUmAs.roa (raw, json)
Hash identifier:          yEIFvfpp52Inj8+bND8nVvEMLjvd1I435/5mwzWmhrY=
Subject key identifier:   81:0A:86:F8:D1:12:61:AB:56:0E:2C:C8:A8:DE:B4:D3:C9:14:98:0B
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956D3731A60F00C635367D0A715BD4
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/gQqG-NESYatWDizIqN6008kUmAs.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212326
IP address blocks:        193.38.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6d:37:31:a6:0f:00:c6:35:36:7d:0a:71:5b:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=810a86f8d11261ab560e2cc8a8deb4d3c914980b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:ea:50:e1:8c:df:a1:ca:f2:e9:77:88:69:
                    04:2c:50:e9:d1:dc:8d:82:d1:6a:43:2f:fd:4b:25:
                    0d:85:92:74:09:a4:a1:0a:19:a9:b7:98:80:6d:2d:
                    3e:48:2f:08:49:7b:09:c6:97:40:27:9e:73:c8:fc:
                    76:fe:8f:f9:74:73:2c:86:4f:fd:f4:86:24:59:d9:
                    99:9a:d0:f6:ce:95:4c:1d:d1:7c:89:6d:c5:d7:9d:
                    86:d6:15:45:44:3b:7a:f0:ba:cb:12:4e:e2:e9:0b:
                    e5:d7:ed:a8:dc:51:91:7a:46:a7:aa:05:7f:1e:e7:
                    3f:9a:fa:6c:18:d0:a6:c0:4a:fe:14:5b:d3:30:40:
                    ba:f3:1c:e4:05:16:25:05:77:0c:43:26:36:5e:06:
                    27:04:76:95:33:65:1e:3e:fa:9c:a9:54:fe:4d:7c:
                    50:38:6e:3d:19:58:20:f0:85:39:b4:b4:14:81:6b:
                    31:fa:2a:86:a2:51:19:0a:15:99:6f:a5:cb:34:5a:
                    ab:1d:b5:24:16:8b:d9:1e:b1:3c:0e:23:6b:f9:3c:
                    88:31:b8:c8:ea:a0:12:65:b3:65:91:aa:74:ea:d5:
                    f2:e7:f7:06:1b:60:a8:48:c9:f6:3d:c3:a3:d4:5e:
                    9c:41:1c:48:ed:d6:73:68:29:e4:ea:f6:fc:9a:2e:
                    c9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:0A:86:F8:D1:12:61:AB:56:0E:2C:C8:A8:DE:B4:D3:C9:14:98:0B
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/gQqG-NESYatWDizIqN6008kUmAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:fa:ac:7b:52:9b:f7:48:2e:27:6e:22:d1:cc:c2:22:d1:4a:
         37:45:97:3b:86:53:e0:41:5f:9e:d5:d7:95:1b:3c:0d:26:ed:
         8c:ee:4a:73:dd:56:55:1c:d7:b3:49:23:e0:95:fc:0a:04:62:
         0c:97:6c:23:d3:86:43:32:59:b7:af:29:d6:08:e1:15:98:b1:
         2d:0c:b3:3b:81:9c:66:49:ad:37:8c:a5:da:00:4c:4c:a9:ac:
         bf:46:71:19:0c:9f:45:0b:1d:6a:00:52:94:1d:9e:0f:03:53:
         ad:c5:56:92:50:e4:4f:48:51:2a:23:17:e0:b4:6f:ad:db:80:
         e8:ea:e0:1f:c6:4d:51:cb:b1:25:95:95:d2:a8:0c:b6:ec:01:
         11:46:d9:59:6a:1e:3f:d0:f8:cf:a4:c0:f5:0b:f4:e1:3b:43:
         4d:35:83:40:ff:73:cd:a9:36:aa:b5:f1:ed:e7:55:00:a6:a0:
         82:66:7b:3f:ec:d0:32:20:2f:68:ec:b0:92:91:6a:60:eb:74:
         48:71:a3:9c:52:d1:9c:3a:80:76:77:c7:b2:f3:96:79:ca:ba:
         6e:ab:2a:9b:6c:6c:a5:d6:d1:6e:99:bc:12:d2:82:a5:de:37:
         88:c4:a1:83:bf:d9:c8:9e:4c:73:06:da:80:b7:6d:22:f3:ac:
         cd:cd:8b:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlW03MaYPAMY1Nn0KcVvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTBhODZmOGQxMTI2MWFiNTYwZTJjYzhhOGRlYjRkM2M5MTQ5ODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidbqUOGM36HK8ul3iGkELFDp0dyN
gtFqQy/9SyUNhZJ0CaShChmpt5iAbS0+SC8ISXsJxpdAJ55zyPx2/o/5dHMshk/9
9IYkWdmZmtD2zpVMHdF8iW3F152G1hVFRDt68LrLEk7i6Qvl1+2o3FGRekanqgV/
Huc/mvpsGNCmwEr+FFvTMEC68xzkBRYlBXcMQyY2XgYnBHaVM2UePvqcqVT+TXxQ
OG49GVgg8IU5tLQUgWsx+iqGolEZChWZb6XLNFqrHbUkFovZHrE8DiNr+TyIMbjI
6qASZbNlkap06tXy5/cGG2CoSMn2PcOj1F6cQRxI7dZzaCnk6vb8mi7JmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEKhvjREmGrVg4syKjetNPJFJgLMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvZ1FxRy1ORVNZYXRXRGl6SXFONjAwOGtVbUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSb9MA0G
CSqGSIb3DQEBCwUAA4IBAQBo+qx7Upv3SC4nbiLRzMIi0Uo3RZc7hlPgQV+e1deV
GzwNJu2M7kpz3VZVHNezSSPglfwKBGIMl2wj04ZDMlm3rynWCOEVmLEtDLM7gZxm
Sa03jKXaAExMqay/RnEZDJ9FCx1qAFKUHZ4PA1OtxVaSUORPSFEqIxfgtG+t24Do
6uAfxk1Ry7EllZXSqAy27AERRtlZah4/0PjPpMD1C/ThO0NNNYNA/3PNqTaqtfHt
51UApqCCZns/7NAyIC9o7LCSkWpg63RIcaOcUtGcOoB2d8ey85Z5yrpuqyqbbGyl
1tFumbwS0oKl3jeIxKGDv9nInkxzBtqAt20i86zNzYsn
-----END CERTIFICATE-----