Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/R4YSHGhuzK_G5U8vSF_xzDsMtVI.roa
File:                     R4YSHGhuzK_G5U8vSF_xzDsMtVI.roa (raw, json)
Hash identifier:          AnhHOVIDxFyIXKMl6BMFlx7acWVvzuJU2zAHMzV5/bE=
Subject key identifier:   47:86:12:1C:68:6E:CC:AF:C6:E5:4F:2F:48:5F:F1:CC:3B:0C:B5:52
Certificate issuer:       /CN=dfc2603437ef74117fa12272ec42c2527da800c7
Certificate serial:       018CC4938D2B7F5D02743AAC4ED8F60A6AF2
Authority key identifier: DF:C2:60:34:37:EF:74:11:7F:A1:22:72:EC:42:C2:52:7D:A8:00:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/R4YSHGhuzK_G5U8vSF_xzDsMtVI.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198175
IP address blocks:        193.134.8.0/21 maxlen: 21
                          2a10:8240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:03:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8d:2b:7f:5d:02:74:3a:ac:4e:d8:f6:0a:6a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfc2603437ef74117fa12272ec42c2527da800c7
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4786121c686eccafc6e54f2f485ff1cc3b0cb552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e6:71:17:68:90:9c:9f:87:76:42:8a:f8:08:
                    a6:81:53:30:ec:6a:7e:59:a2:3a:c0:74:a0:79:b5:
                    46:63:be:54:0c:c9:12:92:e6:20:74:5c:46:78:67:
                    47:66:cd:9e:8a:87:81:3c:0d:c5:11:aa:bd:00:3d:
                    f4:ff:9c:8b:5d:76:a4:c5:30:e4:c0:be:32:41:eb:
                    f7:82:3b:4b:a3:34:f5:af:ac:c7:d5:66:f1:85:c3:
                    a6:a4:90:df:02:3d:1f:92:30:0b:1f:38:3d:fb:78:
                    50:eb:1d:d0:55:e1:08:e9:c7:f0:d3:04:af:62:83:
                    13:ce:65:4c:1a:c5:2c:cb:9d:ae:e4:ec:7e:ba:1c:
                    fc:6b:25:4f:3e:24:b3:bd:a7:56:5e:58:04:0a:18:
                    ca:15:49:a4:9e:aa:50:9f:cd:1d:07:b4:e3:46:d6:
                    05:7a:3c:ab:9d:b8:8b:f2:d3:d2:de:71:ef:23:f6:
                    98:49:ee:ea:41:5b:42:60:f5:e3:75:bc:a7:21:d3:
                    e2:47:1d:1d:b4:dd:d1:eb:80:ad:72:83:be:65:f3:
                    4b:94:ed:08:b9:2b:32:6e:3a:22:27:71:b7:b8:9a:
                    1a:7d:78:9c:20:ca:ee:0f:9d:64:38:04:8d:1d:28:
                    46:4f:3e:f4:d7:2c:a4:04:1b:88:41:93:4f:db:d3:
                    16:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:86:12:1C:68:6E:CC:AF:C6:E5:4F:2F:48:5F:F1:CC:3B:0C:B5:52
            X509v3 Authority Key Identifier:
                keyid:DF:C2:60:34:37:EF:74:11:7F:A1:22:72:EC:42:C2:52:7D:A8:00:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/R4YSHGhuzK_G5U8vSF_xzDsMtVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.8.0/21
                IPv6:
                  2a10:8240::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:2c:a2:d0:0a:84:bd:67:b5:42:a4:a9:09:48:74:c1:8e:72:
         f3:6c:fe:57:7a:4c:1c:0f:ac:78:20:7c:34:25:4e:9c:bc:20:
         92:8f:f2:05:7d:70:0e:ba:d7:5b:ff:95:d1:da:64:e3:c1:09:
         2d:2b:b6:af:3d:2c:fd:9e:53:7b:d9:f5:e2:3a:77:40:ce:60:
         1a:d8:02:d7:46:74:20:a0:87:d0:0f:93:28:80:40:3f:12:5b:
         68:a8:ab:20:1d:9c:11:ea:3b:79:af:60:6e:32:71:14:9a:49:
         4c:a9:98:bb:ad:94:97:ee:4b:e0:2b:0d:c6:72:f5:0d:bd:01:
         a6:a7:69:a4:4b:20:65:b2:b7:f3:64:4c:75:a9:0d:5d:4b:76:
         f9:41:9d:a7:0b:04:ca:c3:43:09:7b:6b:47:c1:9f:08:31:63:
         9e:1c:78:15:61:99:0d:90:d4:6a:5b:58:0d:27:f7:28:c1:28:
         5a:ce:43:6e:70:43:c6:5e:9d:e7:e7:73:08:40:d3:7d:64:1d:
         a8:19:81:f3:f9:c4:03:6a:90:26:5c:a3:f7:7a:67:51:05:54:
         43:e1:31:5e:8c:e8:30:a7:9d:fa:a1:2d:80:ba:b9:5c:4d:75:
         ba:a4:ac:90:cd:70:72:ab:fa:9e:ae:40:29:b8:36:1c:5b:fd:
         b0:37:3f:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk40rf10CdDqsTtj2CmryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYzI2MDM0MzdlZjc0MTE3ZmExMjI3MmVjNDJjMjUyN2Rh
ODAwYzcwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzg2MTIxYzY4NmVjY2FmYzZlNTRmMmY0ODVmZjFjYzNiMGNiNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluZxF2iQnJ+HdkKK+AimgVMw7Gp+
WaI6wHSgebVGY75UDMkSkuYgdFxGeGdHZs2eioeBPA3FEaq9AD30/5yLXXakxTDk
wL4yQev3gjtLozT1r6zH1WbxhcOmpJDfAj0fkjALHzg9+3hQ6x3QVeEI6cfw0wSv
YoMTzmVMGsUsy52u5Ox+uhz8ayVPPiSzvadWXlgEChjKFUmknqpQn80dB7TjRtYF
ejyrnbiL8tPS3nHvI/aYSe7qQVtCYPXjdbynIdPiRx0dtN3R64CtcoO+ZfNLlO0I
uSsybjoiJ3G3uJoafXicIMruD51kOASNHShGTz701yykBBuIQZNP29MWUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEeGEhxobsyvxuVPL0hf8cw7DLVSMB8GA1UdIwQY
MBaAFN/CYDQ373QRf6EicuxCwlJ9qADHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzhKZ05EZnZkQkZfb1NKeTdFTENVbjJvQU1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iNTVlNDAtZDhiZS00OGQ5LWJkNTUt
YzgzMDA3MzI3NDQ5LzEvUjRZU0hHaHV6S19HNVU4dlNGX3h6RHNNdFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iNTVlNDAtZDhiZS00OGQ5LWJkNTUtYzgzMDA3MzI3NDQ5
LzEvMzhKZ05EZnZkQkZfb1NKeTdFTENVbjJvQU1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDwYYIMA0E
AgACMAcDBQAqEIJAMA0GCSqGSIb3DQEBCwUAA4IBAQC+LKLQCoS9Z7VCpKkJSHTB
jnLzbP5XekwcD6x4IHw0JU6cvCCSj/IFfXAOutdb/5XR2mTjwQktK7avPSz9nlN7
2fXiOndAzmAa2ALXRnQgoIfQD5MogEA/EltoqKsgHZwR6jt5r2BuMnEUmklMqZi7
rZSX7kvgKw3GcvUNvQGmp2mkSyBlsrfzZEx1qQ1dS3b5QZ2nCwTKw0MJe2tHwZ8I
MWOeHHgVYZkNkNRqW1gNJ/cowShazkNucEPGXp3n53MIQNN9ZB2oGYHz+cQDapAm
XKP3emdRBVRD4TFejOgwp536oS2AurlcTXW6pKyQzXByq/qerkApuDYcW/2wNz9z
-----END CERTIFICATE-----