Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QeLpqnA_tFQr0_SJ4Pvs007LmWo.roa
File:                     QeLpqnA_tFQr0_SJ4Pvs007LmWo.roa (raw, json)
Hash identifier:          rHnSyGmqwaatntrBZrKwv2DtIr2G853vPMoPyNUotXI=
Subject key identifier:   41:E2:E9:AA:70:3F:B4:54:2B:D3:F4:89:E0:FB:EC:D3:4E:CB:99:6A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79530AD80D795771004F2631B0659AE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QeLpqnA_tFQr0_SJ4Pvs007LmWo.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203163
IP address blocks:        193.233.155.0/24 maxlen: 24
                          193.233.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:30:ad:80:d7:95:77:10:04:f2:63:1b:06:59:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41e2e9aa703fb4542bd3f489e0fbecd34ecb996a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:48:77:37:69:ee:f5:cb:ec:35:01:a0:2f:65:
                    56:57:9f:bf:28:1d:11:5d:bb:05:82:84:3c:20:28:
                    a1:8c:3f:4d:81:a6:2a:37:9d:f7:17:e1:94:f9:b8:
                    f7:75:52:9b:ab:a7:70:d5:bd:d5:10:6f:89:9b:96:
                    5e:fb:8b:37:ca:76:54:f1:44:7e:97:02:b7:e5:2b:
                    56:66:9f:b3:1c:9c:a6:56:a4:9d:49:f1:e6:11:a1:
                    c3:b0:f5:8b:b7:c8:00:a4:b0:40:72:62:1c:4e:0a:
                    b6:89:57:55:b1:ac:7c:4b:29:50:2d:0f:43:28:e4:
                    dd:db:e3:43:ba:e6:fc:26:15:82:69:7c:df:c2:9b:
                    07:95:86:85:1e:93:b9:60:de:60:3d:30:9a:c3:fe:
                    54:fa:aa:fc:68:5e:90:21:7f:11:e7:b2:2d:98:cc:
                    82:43:c6:7e:1f:a8:87:18:62:dc:da:fb:43:0f:39:
                    ea:12:d8:2d:86:a8:ae:83:a1:52:ce:f0:6b:f9:e6:
                    2d:8e:33:45:b4:1f:28:d3:9d:0c:2d:9c:a5:e5:52:
                    83:a3:67:c5:5a:87:f4:c3:13:34:6d:d4:89:94:ee:
                    1c:08:a8:c9:71:a2:d2:46:97:67:0d:dc:8e:b2:05:
                    20:c6:8e:89:91:64:0d:ea:23:e2:69:da:4d:83:79:
                    24:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E2:E9:AA:70:3F:B4:54:2B:D3:F4:89:E0:FB:EC:D3:4E:CB:99:6A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QeLpqnA_tFQr0_SJ4Pvs007LmWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.155.0-193.233.156.255

    Signature Algorithm: sha256WithRSAEncryption
         61:5a:9c:ec:40:86:db:f3:6c:f3:6e:8e:a5:f1:fe:d5:8a:1e:
         fb:af:e7:e2:f1:12:99:98:34:b7:25:4a:77:cf:a1:e3:71:15:
         fd:2b:ec:36:f7:b5:2a:27:72:30:50:2c:c3:28:c0:3f:a5:0c:
         a3:e0:11:ee:3d:1f:2f:f9:62:ad:4c:bf:66:14:d3:85:aa:a1:
         f5:a2:29:ed:aa:28:d4:b0:ec:98:24:f4:d5:3a:c8:d5:d1:e0:
         7c:2f:2b:9d:93:80:47:79:b4:8e:16:43:9c:fe:d1:ce:07:b6:
         72:9b:f0:10:a3:e3:b4:f1:f8:09:b2:0f:29:71:35:33:4f:4f:
         bf:d8:53:3b:a9:8c:9e:16:b6:f3:a8:59:5f:a5:0a:1d:a5:3b:
         37:ce:6d:78:c1:14:52:bf:dd:71:d4:1f:e7:65:c6:c1:81:1d:
         d7:3e:b2:95:54:c6:25:ea:f3:87:2b:4e:42:d4:6f:bf:7a:97:
         50:b8:8c:a0:e5:1d:03:70:60:d8:08:b8:97:8f:8a:06:e0:dc:
         08:14:bb:8e:a6:11:f6:98:8d:1a:f5:12:db:9c:0e:c5:ed:8d:
         b8:b6:6c:d7:90:39:eb:64:95:9e:fd:f7:76:2c:f2:2c:b9:4b:
         93:32:48:45:bb:3b:c0:6a:99:f2:a8:3a:dc:e3:f9:d5:c3:8c:
         dc:62:d1:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlTCtgNeVdxAE8mMbBlmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUyZTlhYTcwM2ZiNDU0MmJkM2Y0ODllMGZiZWNkMzRlY2I5OTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEh3N2nu9cvsNQGgL2VWV5+/KB0R
XbsFgoQ8ICihjD9NgaYqN533F+GU+bj3dVKbq6dw1b3VEG+Jm5Ze+4s3ynZU8UR+
lwK35StWZp+zHJymVqSdSfHmEaHDsPWLt8gApLBAcmIcTgq2iVdVsax8SylQLQ9D
KOTd2+NDuub8JhWCaXzfwpsHlYaFHpO5YN5gPTCaw/5U+qr8aF6QIX8R57ItmMyC
Q8Z+H6iHGGLc2vtDDznqEtgthqiug6FSzvBr+eYtjjNFtB8o050MLZyl5VKDo2fF
Wof0wxM0bdSJlO4cCKjJcaLSRpdnDdyOsgUgxo6JkWQN6iPiadpNg3kkUQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEHi6apwP7RUK9P0ieD77NNOy5lqMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUWVMcHFuQV90RlFyMF9TSjRQdnMwMDdMbVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADB6ZsD
BADB6ZwwDQYJKoZIhvcNAQELBQADggEBAGFanOxAhtvzbPNujqXx/tWKHvuv5+Lx
EpmYNLclSnfPoeNxFf0r7Db3tSoncjBQLMMowD+lDKPgEe49Hy/5Yq1Mv2YU04Wq
ofWiKe2qKNSw7Jgk9NU6yNXR4HwvK52TgEd5tI4WQ5z+0c4HtnKb8BCj47Tx+Amy
DylxNTNPT7/YUzupjJ4WtvOoWV+lCh2lOzfObXjBFFK/3XHUH+dlxsGBHdc+spVU
xiXq84crTkLUb796l1C4jKDlHQNwYNgIuJePigbg3AgUu46mEfaYjRr1EtucDsXt
jbi2bNeQOetklZ7993Ys8iy5S5MySEW7O8BqmfKoOtzj+dXDjNxi0XM=
-----END CERTIFICATE-----