Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/a4Cvk8m5Of05Lnw_FjbrV1DF6N4.roa
File:                     a4Cvk8m5Of05Lnw_FjbrV1DF6N4.roa (raw, json)
Hash identifier:          t4i57XsL/0kO+4my8jHeLqY3fRzlKEbIG7+t4CzEj9Q=
Subject key identifier:   6B:80:AF:93:C9:B9:39:FD:39:2E:7C:3F:16:36:EB:57:50:C5:E8:DE
Certificate issuer:       /CN=c2e24a6e3b375e827ebd6e288d9e5532b3a1b684
Certificate serial:       018CC26D112507DAB0F36D586EC5100F0F1B
Authority key identifier: C2:E2:4A:6E:3B:37:5E:82:7E:BD:6E:28:8D:9E:55:32:B3:A1:B6:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/a4Cvk8m5Of05Lnw_FjbrV1DF6N4.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        193.176.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:11:25:07:da:b0:f3:6d:58:6e:c5:10:0f:0f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2e24a6e3b375e827ebd6e288d9e5532b3a1b684
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b80af93c9b939fd392e7c3f1636eb5750c5e8de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b1:75:29:72:a8:5c:f3:eb:af:28:21:ce:be:
                    2b:1d:9c:4f:7a:fc:1a:cc:dd:48:de:fa:43:f9:2a:
                    fa:ee:52:f9:1f:81:d9:13:fa:05:51:06:c0:ea:c5:
                    64:e3:da:cc:ff:7d:3f:f7:64:09:2c:ac:4e:27:a3:
                    2f:50:97:af:3a:52:7a:18:f3:f0:68:04:d8:16:91:
                    c9:61:5a:08:0d:74:53:61:7f:61:79:02:c5:29:cf:
                    fd:f2:a2:78:82:dd:04:a0:01:c8:54:9c:a0:6b:1b:
                    e4:de:c6:40:f6:10:6a:54:12:ea:79:9a:fb:67:ba:
                    21:8e:99:08:28:8d:01:3f:ed:24:e5:8c:33:4e:6f:
                    b9:14:d8:01:cc:d3:cc:e0:fb:b6:5a:c5:62:68:1a:
                    8e:2f:69:aa:66:df:03:90:16:23:d3:0c:fe:ac:e2:
                    f7:04:5b:06:98:28:ce:3d:d0:37:b2:c4:b3:1a:85:
                    3f:2a:00:53:4f:97:63:a5:ec:31:9b:4d:de:29:07:
                    83:47:f3:ff:5d:76:78:71:60:2c:08:c7:45:c0:4d:
                    f1:b5:db:f5:6a:cf:00:4f:7a:67:fa:a2:99:5e:7d:
                    39:3b:47:d3:da:28:58:08:71:06:e2:86:a4:a8:14:
                    3c:57:57:b9:a0:95:6e:4e:b9:c3:9f:5a:15:8f:7c:
                    6e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:80:AF:93:C9:B9:39:FD:39:2E:7C:3F:16:36:EB:57:50:C5:E8:DE
            X509v3 Authority Key Identifier:
                keyid:C2:E2:4A:6E:3B:37:5E:82:7E:BD:6E:28:8D:9E:55:32:B3:A1:B6:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/a4Cvk8m5Of05Lnw_FjbrV1DF6N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/f916bc-29b1-4f09-83de-d544ac062d1f/1/wuJKbjs3XoJ-vW4ojZ5VMrOhtoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:00:c1:f4:e8:cf:e1:43:40:79:23:fa:58:98:4c:2c:ba:bc:
         cf:10:42:0f:ca:c6:6c:25:9f:d0:3e:00:ae:c2:d5:41:27:c1:
         89:56:13:6d:21:39:57:76:d4:84:31:06:47:6e:36:b9:23:be:
         c2:bf:ce:3f:9c:e9:f7:36:8a:1a:ee:3c:eb:db:65:ae:bb:2e:
         6f:95:17:6d:c3:08:58:14:5b:53:bd:42:fb:89:9e:56:59:1c:
         e5:5a:dd:01:23:ce:48:39:b7:f8:42:fb:5d:f8:37:16:d6:61:
         bf:79:a0:d8:54:9d:73:51:c9:f5:46:ef:8f:e7:b0:95:42:a7:
         13:d5:81:05:c3:cc:4a:f6:4b:e7:da:c7:39:ff:d2:5c:8a:5a:
         20:cd:72:21:fa:cf:db:28:65:4c:bd:2f:2e:b3:e6:23:f1:cf:
         01:37:db:a0:9c:5e:06:69:ea:79:62:13:a1:20:53:c3:7b:62:
         f6:a0:a5:5b:6e:db:90:41:0c:76:55:11:34:85:ec:bb:e8:76:
         37:88:17:7c:3c:57:81:31:79:e9:8f:3d:66:c6:7d:d7:b2:be:
         76:a9:49:eb:59:b8:2d:9b:ec:e5:07:e1:17:7a:16:49:7b:40:
         63:5e:66:4c:be:47:70:6a:ee:c1:2d:51:31:ef:ac:bd:6f:0d:
         26:37:04:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRElB9qw821YbsUQDw8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZTI0YTZlM2IzNzVlODI3ZWJkNmUyODhkOWU1NTMyYjNh
MWI2ODQwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjgwYWY5M2M5YjkzOWZkMzkyZTdjM2YxNjM2ZWI1NzUwYzVlOGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbF1KXKoXPPrryghzr4rHZxPevwa
zN1I3vpD+Sr67lL5H4HZE/oFUQbA6sVk49rM/30/92QJLKxOJ6MvUJevOlJ6GPPw
aATYFpHJYVoIDXRTYX9heQLFKc/98qJ4gt0EoAHIVJygaxvk3sZA9hBqVBLqeZr7
Z7ohjpkIKI0BP+0k5YwzTm+5FNgBzNPM4Pu2WsViaBqOL2mqZt8DkBYj0wz+rOL3
BFsGmCjOPdA3ssSzGoU/KgBTT5djpewxm03eKQeDR/P/XXZ4cWAsCMdFwE3xtdv1
as8AT3pn+qKZXn05O0fT2ihYCHEG4oakqBQ8V1e5oJVuTrnDn1oVj3xuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuAr5PJuTn9OS58PxY261dQxejeMB8GA1UdIwQY
MBaAFMLiSm47N16Cfr1uKI2eVTKzobaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3VKS2JqczNYb0otdlc0b2paNVZNck9odG9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9mOTE2YmMtMjliMS00ZjA5LTgzZGUt
ZDU0NGFjMDYyZDFmLzEvYTRDdms4bTVPZjA1TG53X0ZqYnJWMURGNk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9mOTE2YmMtMjliMS00ZjA5LTgzZGUtZDU0NGFjMDYyZDFm
LzEvd3VKS2JqczNYb0otdlc0b2paNVZNck9odG9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbC/MA0G
CSqGSIb3DQEBCwUAA4IBAQCVAMH06M/hQ0B5I/pYmEwsurzPEEIPysZsJZ/QPgCu
wtVBJ8GJVhNtITlXdtSEMQZHbja5I77Cv84/nOn3Nooa7jzr22Wuuy5vlRdtwwhY
FFtTvUL7iZ5WWRzlWt0BI85IObf4Qvtd+DcW1mG/eaDYVJ1zUcn1Ru+P57CVQqcT
1YEFw8xK9kvn2sc5/9JcilogzXIh+s/bKGVMvS8us+Yj8c8BN9ugnF4Gaep5YhOh
IFPDe2L2oKVbbtuQQQx2VRE0hey76HY3iBd8PFeBMXnpjz1mxn3Xsr52qUnrWbgt
m+zlB+EXehZJe0BjXmZMvkdwau7BLVEx76y9bw0mNwS9
-----END CERTIFICATE-----