Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/RSkJ7TuNI-xqEk5q0cSchzfZmqs.roa
File:                     RSkJ7TuNI-xqEk5q0cSchzfZmqs.roa (raw, json)
Hash identifier:          IHXLl7HQmI5Syk2vngfxH3aTiNyIwvlPwyNudgBb5mo=
Subject key identifier:   45:29:09:ED:3B:8D:23:EC:6A:12:4E:6A:D1:C4:9C:87:37:D9:9A:AB
Certificate issuer:       /CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
Certificate serial:       0191D09DB6FE40C66A1276B2EAFAB655B463
Authority key identifier: F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/RSkJ7TuNI-xqEk5q0cSchzfZmqs.roa
Signing time:             Sun 08 Sep 2024 07:51:22 +0000
ROA not before:           Sun 08 Sep 2024 07:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        193.30.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:9d:b6:fe:40:c6:6a:12:76:b2:ea:fa:b6:55:b4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
        Validity
            Not Before: Sep  8 07:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=452909ed3b8d23ec6a124e6ad1c49c8737d99aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:44:da:1d:49:5c:25:97:72:a3:2d:f3:41:98:
                    f7:76:fd:d3:fc:ee:92:42:b9:4a:c5:58:86:b6:3b:
                    ca:af:d9:55:12:81:b1:59:40:b1:98:a6:e2:27:47:
                    99:19:95:0c:b1:92:97:1a:0d:14:a2:68:54:b2:da:
                    cf:16:40:84:18:c3:b2:01:81:96:5d:a5:8a:ca:22:
                    68:08:1b:16:80:2a:43:b8:9e:0d:8a:ba:0f:9d:e0:
                    08:0c:dc:1e:3d:19:85:3e:c0:79:30:7e:f0:12:bb:
                    4b:2a:4e:c2:b8:f3:4a:01:df:76:d7:34:35:3e:e2:
                    1b:a0:7d:a3:af:cd:eb:6d:82:f6:a1:20:f0:93:25:
                    1d:99:43:82:12:ef:bc:37:cc:b5:a6:29:dd:c6:c1:
                    6d:a5:9a:9c:1f:12:07:a0:79:79:2c:c6:d6:92:8e:
                    9a:88:c3:0a:bf:e8:d1:b2:ac:ee:78:ec:44:df:0b:
                    bb:44:ef:a9:35:b6:b1:0a:d9:19:c2:5d:79:d8:d1:
                    41:99:29:05:86:fd:98:3d:1e:76:18:95:6f:72:23:
                    d3:81:30:0d:21:c1:05:ac:fe:14:b2:db:7e:7d:68:
                    b8:73:2c:a2:30:bc:18:17:56:19:2b:91:fb:8e:e0:
                    14:78:38:91:21:b2:c9:5b:93:a7:37:a0:a2:a9:d5:
                    f0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:29:09:ED:3B:8D:23:EC:6A:12:4E:6A:D1:C4:9C:87:37:D9:9A:AB
            X509v3 Authority Key Identifier:
                keyid:F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/RSkJ7TuNI-xqEk5q0cSchzfZmqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4b:e8:90:cf:d9:48:58:6c:59:d4:d1:84:6a:ff:d6:8a:74:
         45:c1:00:26:b9:a1:c2:2b:31:2d:85:a7:29:04:60:63:5d:5d:
         1c:ca:24:90:9c:8a:55:f3:a4:2c:6c:52:03:ae:cb:be:c0:c8:
         56:b4:a5:6f:8d:23:b2:5a:58:d1:b5:71:98:c3:9a:96:ab:c8:
         eb:d0:b1:79:69:74:99:fe:c3:51:a1:40:0f:fd:ee:fe:e5:ac:
         98:66:5f:96:bb:9f:f4:0e:f2:8b:70:76:4a:b8:ff:37:fe:92:
         88:4a:50:05:5c:be:d5:83:2c:37:60:47:e4:d0:a9:1d:44:ac:
         ad:88:54:1c:c2:19:7d:7b:40:1a:ac:5b:8e:5d:cf:41:ce:31:
         49:8c:01:1a:9f:9c:fc:bf:e1:1b:12:be:cb:23:b3:d6:84:9b:
         49:12:2a:a5:a6:1e:35:8f:33:fd:46:5a:63:5a:7c:65:3c:d9:
         69:67:e7:98:65:4d:31:c3:70:00:98:2d:4e:4f:6a:13:52:c1:
         ad:f5:fe:c9:7f:c3:37:fc:73:51:62:d1:b5:f0:35:33:3a:d2:
         a7:ba:f5:35:21:51:a7:dc:ff:52:56:c2:bb:19:14:27:4c:bd:
         af:45:98:1e:c6:10:09:89:0c:c5:79:61:d0:bb:80:13:55:f8:
         1e:e1:c2:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHQnbb+QMZqEnay6vq2VbRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTFkYzk4NzVlMzVlYzU4MGM1NzFmZDA0MTZmNGQ1ZjVk
NDE1OGEwHhcNMjQwOTA4MDc1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTI5MDllZDNiOGQyM2VjNmExMjRlNmFkMWM0OWM4NzM3ZDk5YWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskTaHUlcJZdyoy3zQZj3dv3T/O6S
QrlKxViGtjvKr9lVEoGxWUCxmKbiJ0eZGZUMsZKXGg0UomhUstrPFkCEGMOyAYGW
XaWKyiJoCBsWgCpDuJ4NiroPneAIDNwePRmFPsB5MH7wErtLKk7CuPNKAd921zQ1
PuIboH2jr83rbYL2oSDwkyUdmUOCEu+8N8y1pindxsFtpZqcHxIHoHl5LMbWko6a
iMMKv+jRsqzueOxE3wu7RO+pNbaxCtkZwl152NFBmSkFhv2YPR52GJVvciPTgTAN
IcEFrP4Ustt+fWi4cyyiMLwYF1YZK5H7juAUeDiRIbLJW5OnN6CiqdXw2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUpCe07jSPsahJOatHEnIc32ZqrMB8GA1UdIwQY
MBaAFPZR3Jh1417FgMVx/QQW9NX11BWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUt
MDc1MTAzODE0MjBhLzEvUlNrSjdUdU5JLXhxRWs1cTBjU2NoemZabXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUtMDc1MTAzODE0MjBh
LzEvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5lMA0G
CSqGSIb3DQEBCwUAA4IBAQBlS+iQz9lIWGxZ1NGEav/WinRFwQAmuaHCKzEthacp
BGBjXV0cyiSQnIpV86QsbFIDrsu+wMhWtKVvjSOyWljRtXGYw5qWq8jr0LF5aXSZ
/sNRoUAP/e7+5ayYZl+Wu5/0DvKLcHZKuP83/pKISlAFXL7Vgyw3YEfk0KkdRKyt
iFQcwhl9e0AarFuOXc9BzjFJjAEan5z8v+EbEr7LI7PWhJtJEiqlph41jzP9Rlpj
WnxlPNlpZ+eYZU0xw3AAmC1OT2oTUsGt9f7Jf8M3/HNRYtG18DUzOtKnuvU1IVGn
3P9SVsK7GRQnTL2vRZgexhAJiQzFeWHQu4ATVfge4cIG
-----END CERTIFICATE-----