Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/tbd-lpy00oL8NpZ3C9EguT16CPE.roa
File:                     tbd-lpy00oL8NpZ3C9EguT16CPE.roa (raw, json)
Hash identifier:          NKTQulr3DQXF27o/Wdl1ug0xh1cVbRTrapuzvj8bi0E=
Subject key identifier:   B5:B7:7E:96:9C:B4:D2:82:FC:36:96:77:0B:D1:20:B9:3D:7A:08:F1
Certificate issuer:       /CN=dce670a6ed4c78fdd77686792f7e087598906f73
Certificate serial:       018CC64B1FE43D88D5A5B9BC301375940415
Authority key identifier: DC:E6:70:A6:ED:4C:78:FD:D7:76:86:79:2F:7E:08:75:98:90:6F:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OZwpu1MeP3XdoZ5L34IdZiQb3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/tbd-lpy00oL8NpZ3C9EguT16CPE.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        193.39.182.0/24 maxlen: 24
                          193.39.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/3OZwpu1MeP3XdoZ5L34IdZiQb3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/3OZwpu1MeP3XdoZ5L34IdZiQb3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OZwpu1MeP3XdoZ5L34IdZiQb3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1f:e4:3d:88:d5:a5:b9:bc:30:13:75:94:04:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce670a6ed4c78fdd77686792f7e087598906f73
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5b77e969cb4d282fc3696770bd120b93d7a08f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cd:1c:5e:39:39:9e:3d:35:51:32:93:66:30:
                    7a:45:26:c7:87:80:1e:ef:59:b2:c3:4e:0a:b9:53:
                    43:5d:61:68:57:fe:14:c7:d4:a0:36:6c:ea:6b:5e:
                    f3:9f:b6:72:1a:51:f3:cf:b8:16:79:65:5d:e5:18:
                    5a:ee:2c:27:a8:2c:b1:65:7b:0e:76:bb:26:64:75:
                    b1:c4:1c:d9:0c:68:93:85:18:d5:11:42:56:d0:52:
                    a6:05:08:8e:d0:d6:23:e2:39:7e:33:b4:2d:e1:ed:
                    66:43:35:45:d8:c8:e4:2e:b2:c4:6f:ec:9a:79:07:
                    22:37:54:ed:69:10:61:1b:14:fc:80:d7:1a:b1:a1:
                    84:56:5a:65:79:ca:a3:bf:ab:bf:0c:7a:95:d5:08:
                    74:13:71:92:88:bd:42:df:47:21:c4:87:6d:b4:b4:
                    7f:ac:d8:a1:c1:c5:c6:10:4b:ae:07:59:4b:01:07:
                    7f:ce:50:54:e2:b5:3e:a7:05:1b:f0:f1:65:ce:76:
                    50:26:eb:c2:b2:ca:4d:f4:4c:b0:90:98:dd:76:fe:
                    6e:61:2e:16:90:da:cb:da:66:59:a2:6a:bb:4f:52:
                    55:73:d3:d1:89:c7:92:9a:a2:dd:a3:42:c6:74:b2:
                    70:46:3f:ce:3c:6d:f8:5a:e0:db:8f:65:8d:d5:14:
                    b3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B7:7E:96:9C:B4:D2:82:FC:36:96:77:0B:D1:20:B9:3D:7A:08:F1
            X509v3 Authority Key Identifier:
                keyid:DC:E6:70:A6:ED:4C:78:FD:D7:76:86:79:2F:7E:08:75:98:90:6F:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OZwpu1MeP3XdoZ5L34IdZiQb3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/tbd-lpy00oL8NpZ3C9EguT16CPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e31804-6270-4246-9100-f06e23432273/1/3OZwpu1MeP3XdoZ5L34IdZiQb3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:ae:8a:fa:01:81:90:e6:ba:1c:ed:ce:5c:ad:eb:ee:68:18:
         4b:f4:9b:0e:3c:5f:7a:af:c8:d1:08:f0:de:99:65:9b:b5:07:
         5f:af:a6:fa:cf:f2:02:e1:97:78:17:2c:ee:09:01:28:bf:de:
         68:86:2e:1f:1b:15:0b:88:46:5a:f3:eb:ca:99:b9:28:a9:a1:
         6c:8c:93:3d:05:04:d5:b7:69:7e:22:ac:f6:0b:5e:94:e4:9e:
         e5:4f:4d:ca:5d:5c:28:5c:de:38:7f:d0:59:ab:83:3d:a6:81:
         66:69:20:5a:d3:c4:1e:e6:f7:56:ec:f7:00:12:97:8a:3e:5e:
         dd:d3:4b:a8:e3:12:fb:4f:02:0f:58:9d:fa:c8:b9:0c:71:4a:
         00:38:e0:e6:c8:ad:c9:39:04:bf:ff:3b:2b:78:36:cd:f5:31:
         ba:0d:4f:2c:3f:11:3c:c5:19:e5:c5:d6:3f:a1:6a:aa:68:14:
         e7:e9:46:b1:59:9b:4d:3c:c0:a1:68:7c:2d:02:b5:7d:50:5e:
         1f:84:5d:21:68:fd:e7:97:32:4e:68:4d:48:52:3b:e3:73:3a:
         40:21:9f:9a:3f:91:5b:42:89:1d:77:0b:2e:aa:ab:4f:32:c1:
         ae:5a:2d:dc:8b:57:2b:8e:a6:f2:ce:13:dd:71:ac:e8:ae:ed:
         fc:56:aa:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx/kPYjVpbm8MBN1lAQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTY3MGE2ZWQ0Yzc4ZmRkNzc2ODY3OTJmN2UwODc1OTg5
MDZmNzMwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI3N2U5NjljYjRkMjgyZmMzNjk2NzcwYmQxMjBiOTNkN2EwOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns0cXjk5nj01UTKTZjB6RSbHh4Ae
71myw04KuVNDXWFoV/4Ux9SgNmzqa17zn7ZyGlHzz7gWeWVd5Rha7iwnqCyxZXsO
drsmZHWxxBzZDGiThRjVEUJW0FKmBQiO0NYj4jl+M7Qt4e1mQzVF2MjkLrLEb+ya
eQciN1TtaRBhGxT8gNcasaGEVlplecqjv6u/DHqV1Qh0E3GSiL1C30chxIdttLR/
rNihwcXGEEuuB1lLAQd/zlBU4rU+pwUb8PFlznZQJuvCsspN9EywkJjddv5uYS4W
kNrL2mZZomq7T1JVc9PRiceSmqLdo0LGdLJwRj/OPG34WuDbj2WN1RSzzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW3fpactNKC/DaWdwvRILk9egjxMB8GA1UdIwQY
MBaAFNzmcKbtTHj913aGeS9+CHWYkG9zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09ad3B1MU1lUDNYZG9aNUwzNElkWmlRYjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9lMzE4MDQtNjI3MC00MjQ2LTkxMDAt
ZjA2ZTIzNDMyMjczLzEvdGJkLWxweTAwb0w4TnBaM0M5RWd1VDE2Q1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9lMzE4MDQtNjI3MC00MjQ2LTkxMDAtZjA2ZTIzNDMyMjcz
LzEvM09ad3B1MU1lUDNYZG9aNUwzNElkWmlRYjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSe2MA0G
CSqGSIb3DQEBCwUAA4IBAQBuror6AYGQ5roc7c5crevuaBhL9JsOPF96r8jRCPDe
mWWbtQdfr6b6z/IC4Zd4FyzuCQEov95ohi4fGxULiEZa8+vKmbkoqaFsjJM9BQTV
t2l+Iqz2C16U5J7lT03KXVwoXN44f9BZq4M9poFmaSBa08Qe5vdW7PcAEpeKPl7d
00uo4xL7TwIPWJ36yLkMcUoAOODmyK3JOQS//zsreDbN9TG6DU8sPxE8xRnlxdY/
oWqqaBTn6UaxWZtNPMChaHwtArV9UF4fhF0haP3nlzJOaE1IUjvjczpAIZ+aP5Fb
QokddwsuqqtPMsGuWi3ci1crjqbyzhPdcazoru38Vqpn
-----END CERTIFICATE-----