Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/ZY3v_9VpOiARH-VHMhu44phhDkk.roa
File:                     ZY3v_9VpOiARH-VHMhu44phhDkk.roa (raw, json)
Hash identifier:          DVRyiLmx3HGhcEZ4Vvz8TjFLdWgmcmL4P1NWK8eLzSo=
Subject key identifier:   65:8D:EF:FF:D5:69:3A:20:11:1F:E5:47:32:1B:B8:E2:98:61:0E:49
Certificate issuer:       /CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
Certificate serial:       018CC6B836EF10478ECBEB71EBBCB8AC4231
Authority key identifier: 24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/ZY3v_9VpOiARH-VHMhu44phhDkk.roa
Signing time:             Mon 01 Jan 2024 20:30:10 +0000
ROA not before:           Mon 01 Jan 2024 20:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39679
IP address blocks:        193.188.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:36:ef:10:47:8e:cb:eb:71:eb:bc:b8:ac:42:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
        Validity
            Not Before: Jan  1 20:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=658defffd5693a20111fe547321bb8e298610e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:25:01:2d:09:75:d5:0a:c7:85:6b:32:ff:d5:
                    33:c6:93:9a:44:dd:c2:98:0a:7d:e1:82:07:c1:06:
                    3e:31:92:16:ac:5b:2e:45:dd:db:26:37:fc:12:e3:
                    89:e8:b9:45:c3:d9:18:b6:de:e0:3c:b8:c2:96:3e:
                    25:5a:4e:30:a7:96:51:1c:b5:17:15:d4:55:b1:fa:
                    d2:81:7e:da:01:47:53:3b:b4:5a:8f:fb:e0:89:2a:
                    62:72:88:57:af:33:ee:a8:17:94:97:04:03:78:13:
                    64:8e:88:4d:97:1d:5c:77:73:a2:c4:ac:13:aa:d8:
                    1e:7d:6e:9b:bb:85:9e:23:2a:31:11:7e:c1:2a:04:
                    b7:a9:09:92:ec:1f:24:9e:df:69:d8:0c:b2:c3:72:
                    62:ef:34:c8:28:c7:e9:48:77:ff:49:ee:ba:c8:bf:
                    b8:af:da:b3:59:2d:1e:51:2e:92:f1:f2:47:57:c1:
                    3f:47:60:14:69:62:65:46:03:88:01:af:3e:5c:5c:
                    ef:b8:f7:97:41:9e:e6:04:8a:83:f2:e5:c4:b8:05:
                    26:cb:7e:e9:eb:d4:c1:f3:cf:cd:a6:9d:5f:48:16:
                    08:42:a3:87:e6:af:2a:0e:7c:8e:21:bc:f6:ca:47:
                    a2:35:07:f4:cb:a8:64:e7:30:48:79:03:45:fe:4f:
                    6f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8D:EF:FF:D5:69:3A:20:11:1F:E5:47:32:1B:B8:E2:98:61:0E:49
            X509v3 Authority Key Identifier:
                keyid:24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/ZY3v_9VpOiARH-VHMhu44phhDkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:d8:14:f3:23:18:34:4a:5f:73:0c:0d:30:71:d1:36:b6:7b:
         b3:ed:d7:f6:ea:c6:9f:e1:de:17:94:55:81:d6:6b:f8:1a:ec:
         28:7c:68:04:b5:03:e9:53:97:0f:1c:e5:33:1e:c8:a6:b3:25:
         b6:94:7c:c0:44:d1:9e:53:d8:ac:a6:4f:f9:e1:52:e9:ed:78:
         33:a4:33:06:43:c4:a7:4b:15:01:dd:3b:ad:a3:cf:1f:19:53:
         66:9c:12:2e:76:6f:8e:ab:46:31:4a:9d:a5:7e:64:4c:58:9f:
         62:e5:47:fa:57:e8:00:00:75:fa:18:49:b9:ab:9b:74:55:38:
         32:99:4b:5f:e9:7f:cf:be:4d:35:e0:35:54:d2:a7:cb:02:17:
         5d:b6:85:e2:ae:4e:76:b8:e5:00:a3:2e:7d:30:27:69:b3:7f:
         7c:e4:60:f7:5d:ba:fe:f1:3b:70:1d:e6:84:e6:b9:d2:1b:d2:
         a5:4e:ff:34:e5:c2:2b:07:57:f4:33:3d:64:2a:ae:57:41:4c:
         b5:8a:47:3c:73:c0:62:24:3a:a3:20:74:ca:1b:29:ca:06:d5:
         dd:c0:f4:58:7d:dd:bd:de:f4:08:55:03:e9:a2:b2:73:80:40:
         7f:2e:75:8a:c4:f1:44:7b:83:ff:df:72:5b:4e:65:b8:47:0a:
         44:c3:90:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuDbvEEeOy+tx67y4rEIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0OGY1ZTI2ZjFjMDhmNDQ4NmM5OTExYzhiNjA5ZWFlOGI2
Y2I3NGQwHhcNMjQwMTAxMjAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThkZWZmZmQ1NjkzYTIwMTExZmU1NDczMjFiYjhlMjk4NjEwZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yUBLQl11QrHhWsy/9UzxpOaRN3C
mAp94YIHwQY+MZIWrFsuRd3bJjf8EuOJ6LlFw9kYtt7gPLjClj4lWk4wp5ZRHLUX
FdRVsfrSgX7aAUdTO7Raj/vgiSpicohXrzPuqBeUlwQDeBNkjohNlx1cd3OixKwT
qtgefW6bu4WeIyoxEX7BKgS3qQmS7B8knt9p2Ayyw3Ji7zTIKMfpSHf/Se66yL+4
r9qzWS0eUS6S8fJHV8E/R2AUaWJlRgOIAa8+XFzvuPeXQZ7mBIqD8uXEuAUmy37p
69TB88/Npp1fSBYIQqOH5q8qDnyOIbz2ykeiNQf0y6hk5zBIeQNF/k9vbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWN7//VaTogER/lRzIbuOKYYQ5JMB8GA1UdIwQY
MBaAFCSPXibxwI9EhsmRHItgnq6LbLdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYt
MDEzN2IxZjc1ZDAyLzEvWlkzdl85VnBPaUFSSC1WSE1odTQ0cGhoRGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYtMDEzN2IxZjc1ZDAy
LzEvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbzAMA0G
CSqGSIb3DQEBCwUAA4IBAQBU2BTzIxg0Sl9zDA0wcdE2tnuz7df26saf4d4XlFWB
1mv4GuwofGgEtQPpU5cPHOUzHsimsyW2lHzARNGeU9ispk/54VLp7XgzpDMGQ8Sn
SxUB3Tuto88fGVNmnBIudm+Oq0YxSp2lfmRMWJ9i5Uf6V+gAAHX6GEm5q5t0VTgy
mUtf6X/Pvk014DVU0qfLAhddtoXirk52uOUAoy59MCdps3985GD3Xbr+8TtwHeaE
5rnSG9KlTv805cIrB1f0Mz1kKq5XQUy1ikc8c8BiJDqjIHTKGynKBtXdwPRYfd29
3vQIVQPporJzgEB/LnWKxPFEe4P/33JbTmW4RwpEw5DL
-----END CERTIFICATE-----