Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CniHQMgyNhyae_kfVbRZgdgTm5k.roa
File:                     CniHQMgyNhyae_kfVbRZgdgTm5k.roa (raw, json)
Hash identifier:          kD+nvrsAYUO+RAY6Ap/7dRQNF0ZJF2bKlS9lx/aqfqI=
Subject key identifier:   0A:78:87:40:C8:32:36:1C:9A:7B:F9:1F:55:B4:59:81:D8:13:9B:99
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7951EFB20AA8670B7FC0701F1B70521
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CniHQMgyNhyae_kfVbRZgdgTm5k.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        193.233.108.0/23 maxlen: 24
                          193.233.110.0/23 maxlen: 24
                          193.233.118.0/23 maxlen: 24
                          193.233.116.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1e:fb:20:aa:86:70:b7:fc:07:01:f1:b7:05:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a788740c832361c9a7bf91f55b45981d8139b99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9c:9b:ce:bb:62:5a:e5:37:ae:09:75:a9:89:
                    19:c2:ac:bd:ef:bf:99:69:0d:97:5a:45:6a:ca:58:
                    5e:e3:5f:08:f9:88:bf:90:0c:bb:b8:17:93:3b:de:
                    b0:9b:c3:f0:f7:67:10:4e:14:5a:31:68:d4:a8:8d:
                    e7:e4:19:a6:12:18:64:b8:b9:d0:f2:45:d4:c9:b6:
                    08:ab:66:50:70:4d:d7:f0:81:4a:d5:a6:06:b6:79:
                    13:a5:49:49:b2:17:0a:cd:b4:57:74:14:c2:0f:64:
                    5c:4a:84:3d:da:44:4a:eb:88:27:1e:bd:bc:c5:6f:
                    5e:35:7f:f8:c0:72:7a:a2:96:c1:da:32:38:5b:80:
                    cb:af:02:72:f6:37:49:60:1c:f4:6b:63:be:5b:43:
                    f9:ba:9e:26:b1:38:4f:17:8f:fd:66:42:ca:6a:e9:
                    ba:2d:ab:06:f5:8a:3a:dc:af:76:ca:d1:b9:4c:e7:
                    26:08:4c:1e:3e:46:56:5c:37:b2:35:e4:de:63:fd:
                    f7:ba:33:65:d5:90:ec:1f:77:6a:30:7f:67:be:35:
                    ee:00:f0:55:54:7e:39:5c:78:c6:03:6d:87:9e:09:
                    e5:b6:91:c2:0c:96:0f:73:5e:a1:a9:6f:1a:65:95:
                    a5:c4:8c:97:60:18:04:cc:96:07:91:4a:18:fc:07:
                    95:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:78:87:40:C8:32:36:1C:9A:7B:F9:1F:55:B4:59:81:D8:13:9B:99
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CniHQMgyNhyae_kfVbRZgdgTm5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.108.0/22
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:8c:fe:8f:98:7b:66:2d:ba:8c:96:bf:3f:49:fa:df:f3:e9:
         74:49:63:ce:5a:01:2f:de:52:5b:6e:b9:f4:05:10:e0:36:6f:
         30:87:1f:ca:6c:85:74:f2:72:8a:20:69:08:66:db:12:66:ed:
         47:53:88:e1:8f:e0:6b:e1:f8:0e:75:30:31:d8:d0:bf:d7:d6:
         e1:10:7d:b2:bd:41:90:fd:1d:c9:e6:76:24:c5:67:1c:b6:2b:
         a5:ec:36:5d:69:40:62:9c:e2:bb:2a:0b:59:a1:38:37:ac:25:
         57:2a:b4:f9:ea:75:7a:53:c7:fa:63:0e:a4:e8:56:d2:17:da:
         c2:82:8a:8c:cd:2d:ae:77:e3:8c:35:78:c0:7d:d5:19:4d:8d:
         d0:8d:17:10:63:cf:5a:90:9b:a9:35:84:c5:f5:f7:2a:51:6e:
         f7:79:bb:5b:70:e0:8d:1f:94:4d:1c:92:93:68:c3:ed:d5:58:
         ca:1b:89:74:f6:c6:57:ef:a0:c3:f6:90:d5:73:f4:c4:f5:27:
         1a:ec:65:4f:ff:20:6a:70:3a:3b:c4:cd:20:fc:c7:0b:c4:27:
         4b:63:da:0f:1d:f7:fd:44:b4:b0:2f:83:69:f3:fb:dc:42:8f:
         c5:90:6a:86:eb:01:de:56:68:ea:48:7b:12:21:32:18:dd:a5:
         e8:c7:61:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlR77IKqGcLf8BwHxtwUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc4ODc0MGM4MzIzNjFjOWE3YmY5MWY1NWI0NTk4MWQ4MTM5Yjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZybzrtiWuU3rgl1qYkZwqy977+Z
aQ2XWkVqylhe418I+Yi/kAy7uBeTO96wm8Pw92cQThRaMWjUqI3n5BmmEhhkuLnQ
8kXUybYIq2ZQcE3X8IFK1aYGtnkTpUlJshcKzbRXdBTCD2RcSoQ92kRK64gnHr28
xW9eNX/4wHJ6opbB2jI4W4DLrwJy9jdJYBz0a2O+W0P5up4msThPF4/9ZkLKaum6
LasG9Yo63K92ytG5TOcmCEwePkZWXDeyNeTeY/33ujNl1ZDsH3dqMH9nvjXuAPBV
VH45XHjGA22HngnltpHCDJYPc16hqW8aZZWlxIyXYBgEzJYHkUoY/AeVtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAp4h0DIMjYcmnv5H1W0WYHYE5uZMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQ25pSFFNZ3lOaHlhZV9rZlZiUlpnZGdUbTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwelsAwQC
wel0MA0GCSqGSIb3DQEBCwUAA4IBAQAvjP6PmHtmLbqMlr8/Sfrf8+l0SWPOWgEv
3lJbbrn0BRDgNm8whx/KbIV08nKKIGkIZtsSZu1HU4jhj+Br4fgOdTAx2NC/19bh
EH2yvUGQ/R3J5nYkxWcctiul7DZdaUBinOK7KgtZoTg3rCVXKrT56nV6U8f6Yw6k
6FbSF9rCgoqMzS2ud+OMNXjAfdUZTY3QjRcQY89akJupNYTF9fcqUW73ebtbcOCN
H5RNHJKTaMPt1VjKG4l09sZX76DD9pDVc/TE9Sca7GVP/yBqcDo7xM0g/McLxCdL
Y9oPHff9RLSwL4Np8/vcQo/FkGqG6wHeVmjqSHsSITIY3aXox2FE
-----END CERTIFICATE-----