Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/vIsquNuPLGKwTWPMwS17QjxN2jo.roa
File:                     vIsquNuPLGKwTWPMwS17QjxN2jo.roa (raw, json)
Hash identifier:          4DbuJKQJhre73k3ylB4/pU62Xo2WWYNWYsVj7h+yaek=
Subject key identifier:   BC:8B:2A:B8:DB:8F:2C:62:B0:4D:63:CC:C1:2D:7B:42:3C:4D:DA:3A
Certificate issuer:       /CN=e4a714ffc598b15647bbafe2c6460a87eafbcf97
Certificate serial:       018CC8030936D86D7D37334EB6CBF03E921A
Authority key identifier: E4:A7:14:FF:C5:98:B1:56:47:BB:AF:E2:C6:46:0A:87:EA:FB:CF:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/vIsquNuPLGKwTWPMwS17QjxN2jo.roa
Signing time:             Tue 02 Jan 2024 02:31:31 +0000
ROA not before:           Tue 02 Jan 2024 02:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.30.161.0/24 maxlen: 24
                          193.17.68.0/24 maxlen: 24
                          193.200.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:09:36:d8:6d:7d:37:33:4e:b6:cb:f0:3e:92:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a714ffc598b15647bbafe2c6460a87eafbcf97
        Validity
            Not Before: Jan  2 02:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc8b2ab8db8f2c62b04d63ccc12d7b423c4dda3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:89:10:1e:51:e0:80:63:00:7d:f3:25:1b:64:
                    63:a1:84:97:44:f1:cb:f3:6c:bb:c2:b0:a2:c6:66:
                    af:42:ab:95:12:1a:de:a4:f3:ac:16:83:1d:08:54:
                    99:9a:0d:48:7b:25:0c:27:f2:f4:93:eb:df:1d:d3:
                    4b:91:9e:d1:72:dd:4d:66:d6:9a:b3:15:cb:57:cf:
                    64:9a:ea:a0:5e:65:fc:e9:bc:0a:98:89:a9:c2:87:
                    4d:db:c2:be:9d:3c:1e:4b:ef:30:d0:8e:29:29:a0:
                    8b:d4:86:c8:bd:62:6a:8e:be:98:1b:89:72:b7:92:
                    d9:9c:8a:ae:e3:1d:21:e9:da:f7:d3:d5:a7:ef:13:
                    bc:87:48:fd:b4:d1:2c:d3:5f:0f:37:fd:88:d7:98:
                    27:db:27:37:d4:f3:c8:f8:07:d6:b7:f4:0d:21:99:
                    cb:cd:a2:55:43:4e:8b:04:e2:2c:8e:ff:84:2d:01:
                    97:28:a0:9c:bc:43:68:98:3d:41:6b:aa:16:1f:48:
                    1c:53:06:3b:a3:38:4a:b8:41:44:bc:b3:04:78:4f:
                    08:b3:b6:a8:53:ac:dd:5a:f5:3b:f7:eb:b6:ac:3a:
                    aa:d8:a7:18:26:2c:3b:b5:10:03:48:fc:df:f6:0e:
                    64:75:b9:84:ea:3e:d8:00:45:60:9d:0e:1b:3a:5e:
                    59:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8B:2A:B8:DB:8F:2C:62:B0:4D:63:CC:C1:2D:7B:42:3C:4D:DA:3A
            X509v3 Authority Key Identifier:
                keyid:E4:A7:14:FF:C5:98:B1:56:47:BB:AF:E2:C6:46:0A:87:EA:FB:CF:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/vIsquNuPLGKwTWPMwS17QjxN2jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.68.0/24
                  193.30.161.0/24
                  193.200.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:78:f6:cd:e4:b5:0c:7c:f7:eb:f3:92:e7:00:8a:67:ef:ab:
         af:d8:39:a3:86:6f:2d:3c:a7:25:04:3a:50:96:70:7b:9b:73:
         d2:55:75:d7:53:2a:56:d3:14:c6:c1:c1:36:7f:fd:fb:93:ae:
         19:0a:1a:a0:96:27:a6:e2:b8:5c:78:1f:40:94:72:83:9d:33:
         4c:73:1a:8c:5c:74:b1:59:78:2f:49:c5:b4:73:1f:eb:9a:f5:
         e5:6c:19:c3:d6:24:2f:ef:c2:e5:d8:87:f7:ea:14:9c:f1:a2:
         6e:d8:94:83:7a:a0:24:b3:b5:50:5d:95:6f:6c:0a:6c:73:d3:
         79:27:db:bc:fb:47:95:29:6a:57:60:43:09:7e:86:11:40:a8:
         dc:06:13:0c:b2:b9:67:6d:33:72:40:ba:c3:92:bf:77:ec:8b:
         cd:18:bc:0b:3f:82:c4:98:7a:5a:80:76:d0:41:f3:6b:d9:5e:
         38:f9:95:85:1d:f6:ae:a6:d9:20:77:2f:da:b8:7c:72:3c:cb:
         73:20:43:61:d8:f8:c2:c6:52:2c:57:04:33:3f:5f:70:99:ad:
         7e:12:be:b5:1b:3e:cc:ad:cb:f0:52:f0:e0:86:62:19:0b:d8:
         e2:f7:92:05:34:d0:a1:76:7a:cb:18:07:38:ea:d3:b2:48:35:
         09:14:36:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAwk22G19NzNOtsvwPpIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTcxNGZmYzU5OGIxNTY0N2JiYWZlMmM2NDYwYTg3ZWFm
YmNmOTcwHhcNMjQwMTAyMDIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhiMmFiOGRiOGYyYzYyYjA0ZDYzY2NjMTJkN2I0MjNjNGRkYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArokQHlHggGMAffMlG2RjoYSXRPHL
82y7wrCixmavQquVEhrepPOsFoMdCFSZmg1IeyUMJ/L0k+vfHdNLkZ7Rct1NZtaa
sxXLV89kmuqgXmX86bwKmImpwodN28K+nTweS+8w0I4pKaCL1IbIvWJqjr6YG4ly
t5LZnIqu4x0h6dr309Wn7xO8h0j9tNEs018PN/2I15gn2yc31PPI+AfWt/QNIZnL
zaJVQ06LBOIsjv+ELQGXKKCcvENomD1Ba6oWH0gcUwY7ozhKuEFEvLMEeE8Is7ao
U6zdWvU79+u2rDqq2KcYJiw7tRADSPzf9g5kdbmE6j7YAEVgnQ4bOl5ZfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLyLKrjbjyxisE1jzMEte0I8Tdo6MB8GA1UdIwQY
MBaAFOSnFP/FmLFWR7uv4sZGCofq+8+XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtjVV84V1lzVlpIdTZfaXhrWUtoLXI3ejVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kOTZkYTYtMTJiMi00NDZlLThkOTkt
N2NiMzQ1ZTg1NDFhLzEvdklzcXVOdVBMR0t3VFdQTXdTMTdRanhOMmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kOTZkYTYtMTJiMi00NDZlLThkOTktN2NiMzQ1ZTg1NDFh
LzEvNUtjVV84V1lzVlpIdTZfaXhrWUtoLXI3ejVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwRFEAwQA
wR6hAwQAwcgeMA0GCSqGSIb3DQEBCwUAA4IBAQCWePbN5LUMfPfr85LnAIpn76uv
2Dmjhm8tPKclBDpQlnB7m3PSVXXXUypW0xTGwcE2f/37k64ZChqgliem4rhceB9A
lHKDnTNMcxqMXHSxWXgvScW0cx/rmvXlbBnD1iQv78Ll2If36hSc8aJu2JSDeqAk
s7VQXZVvbApsc9N5J9u8+0eVKWpXYEMJfoYRQKjcBhMMsrlnbTNyQLrDkr937IvN
GLwLP4LEmHpagHbQQfNr2V44+ZWFHfauptkgdy/auHxyPMtzIENh2PjCxlIsVwQz
P19wma1+Er61Gz7MrcvwUvDghmIZC9ji95IFNNChdnrLGAc46tOySDUJFDYj
-----END CERTIFICATE-----