Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/OfxRPh-Gj9Dw6X4_wlWlCenzz8w.roa
File:                     OfxRPh-Gj9Dw6X4_wlWlCenzz8w.roa (raw, json)
Hash identifier:          2MDGFAJ0v4x2N7btSIG5hb92aR31KwsRq1wdxmtodz0=
Subject key identifier:   39:FC:51:3E:1F:86:8F:D0:F0:E9:7E:3F:C2:55:A5:09:E9:F3:CF:CC
Certificate issuer:       /CN=fa692fda019687d58d71bf32c0908d12e46b4ca5
Certificate serial:       018CC3490371DA1CF666C7D2F3F0303BCFEE
Authority key identifier: FA:69:2F:DA:01:96:87:D5:8D:71:BF:32:C0:90:8D:12:E4:6B:4C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/OfxRPh-Gj9Dw6X4_wlWlCenzz8w.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203574
IP address blocks:        193.34.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 02:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:03:71:da:1c:f6:66:c7:d2:f3:f0:30:3b:cf:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa692fda019687d58d71bf32c0908d12e46b4ca5
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39fc513e1f868fd0f0e97e3fc255a509e9f3cfcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:dc:87:ac:20:d1:a0:50:e0:a8:95:e9:27:b4:
                    e7:a2:3d:47:7f:6e:33:e8:62:5f:64:18:b9:11:0e:
                    09:eb:46:b7:6f:9d:40:ef:97:d2:d4:06:0a:49:eb:
                    18:5d:42:d1:fe:c1:3f:3b:55:2b:af:3e:6c:95:f2:
                    d1:a4:87:59:2d:65:ed:96:e6:a0:b7:86:33:8c:bb:
                    51:08:47:d7:58:f9:e0:90:c0:c9:95:ea:f0:3f:35:
                    23:e0:0f:50:95:1f:44:cc:22:c7:02:e7:9c:15:f1:
                    7c:92:87:56:b9:d3:5d:16:af:58:89:51:12:9f:bc:
                    1c:6c:06:e4:5e:04:7a:50:6f:3f:2b:a7:93:27:47:
                    95:3e:7d:3e:bf:d6:d6:0b:23:fd:ee:b1:37:27:a1:
                    c5:b0:66:67:6f:95:16:69:49:20:74:10:29:09:43:
                    31:0d:b9:43:ce:0b:a9:4e:a3:83:6d:04:0b:47:a4:
                    e0:18:c2:d0:0b:8c:6a:89:ae:7d:c6:f8:ef:c8:05:
                    9c:12:d7:61:cd:cc:87:41:56:f7:c2:ec:36:28:59:
                    fb:91:50:c7:42:93:f8:da:55:e8:3c:7a:95:80:cc:
                    6e:5e:da:7d:88:58:33:aa:94:97:d7:1e:55:c4:5b:
                    5d:66:5f:c9:1f:2b:b5:d3:a3:21:0b:e7:79:93:8f:
                    1e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FC:51:3E:1F:86:8F:D0:F0:E9:7E:3F:C2:55:A5:09:E9:F3:CF:CC
            X509v3 Authority Key Identifier:
                keyid:FA:69:2F:DA:01:96:87:D5:8D:71:BF:32:C0:90:8D:12:E4:6B:4C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/OfxRPh-Gj9Dw6X4_wlWlCenzz8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8bfec4-bd6f-4650-a4d8-ad1c30c11e5a/1/1-mkv2gGWh9WNcb8ywJCNEuRrTKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:cb:91:62:ee:89:ee:8f:03:cd:17:ec:16:a2:96:9f:65:74:
         24:a8:1c:33:38:63:69:5f:c9:9a:4b:5b:13:b3:2e:a3:3d:ba:
         e9:47:8e:60:38:58:74:84:30:2f:ff:cb:78:c1:54:94:af:65:
         2d:3c:91:31:42:b5:c1:21:ba:8c:00:d0:76:9b:30:54:d1:66:
         07:dd:32:f6:17:e6:57:1e:4b:6a:c1:5c:80:93:c7:c9:ba:41:
         dc:6f:d0:fc:22:f0:e9:d8:ea:40:b5:91:80:2a:93:ab:1e:2f:
         a3:32:8e:16:0e:ae:af:d7:ba:85:f9:f8:25:a0:90:67:10:de:
         7c:d5:a0:21:c5:b2:7a:ca:5a:63:67:18:b7:83:b6:8b:ad:bb:
         51:bf:98:b8:df:10:f9:54:d2:0c:59:51:ef:cf:31:84:08:96:
         0e:de:e7:0d:e7:f9:90:75:dc:cf:14:fb:57:f9:7c:5f:c5:3c:
         5e:c6:f6:57:53:d1:33:37:98:6a:5e:f2:63:d9:24:f7:b7:9f:
         d5:8b:ac:54:e6:8d:3c:c8:fa:5b:32:c1:65:9a:bd:ad:d4:70:
         5f:9c:b1:d5:30:4f:71:67:34:a8:44:e9:35:28:fe:b5:42:7e:
         b1:33:b6:22:12:07:6c:38:de:51:48:70:0c:07:cf:c4:db:10:
         be:8b:a8:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSQNx2hz2ZsfS8/AwO8/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNjkyZmRhMDE5Njg3ZDU4ZDcxYmYzMmMwOTA4ZDEyZTQ2
YjRjYTUwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZjNTEzZTFmODY4ZmQwZjBlOTdlM2ZjMjU1YTUwOWU5ZjNjZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NyHrCDRoFDgqJXpJ7Tnoj1Hf24z
6GJfZBi5EQ4J60a3b51A75fS1AYKSesYXULR/sE/O1Urrz5slfLRpIdZLWXtluag
t4YzjLtRCEfXWPngkMDJlerwPzUj4A9QlR9EzCLHAuecFfF8kodWudNdFq9YiVES
n7wcbAbkXgR6UG8/K6eTJ0eVPn0+v9bWCyP97rE3J6HFsGZnb5UWaUkgdBApCUMx
DblDzgupTqODbQQLR6TgGMLQC4xqia59xvjvyAWcEtdhzcyHQVb3wuw2KFn7kVDH
QpP42lXoPHqVgMxuXtp9iFgzqpSX1x5VxFtdZl/JHyu106MhC+d5k48eYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDn8UT4fho/Q8Ol+P8JVpQnp88/MMB8GA1UdIwQY
MBaAFPppL9oBlofVjXG/MsCQjRLka0ylMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ta3YyZ0dXaDlXTmNiOHl3SkNORXVSclRLVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTEvOGJmZWM0LWJkNmYtNDY1MC1hNGQ4
LWFkMWMzMGMxMWU1YS8xL09meFJQaC1HajlEdzZYNF93bFdsQ2Vueno4dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvOGJmZWM0LWJkNmYtNDY1MC1hNGQ4LWFkMWMzMGMxMWU1
YS8xLzEtbWt2MmdHV2g5V05jYjh5d0pDTkV1UnJUS1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHBIq4w
DQYJKoZIhvcNAQELBQADggEBAFfLkWLuie6PA80X7Bailp9ldCSoHDM4Y2lfyZpL
WxOzLqM9uulHjmA4WHSEMC//y3jBVJSvZS08kTFCtcEhuowA0HabMFTRZgfdMvYX
5lceS2rBXICTx8m6Qdxv0Pwi8OnY6kC1kYAqk6seL6MyjhYOrq/XuoX5+CWgkGcQ
3nzVoCHFsnrKWmNnGLeDtoutu1G/mLjfEPlU0gxZUe/PMYQIlg7e5w3n+ZB13M8U
+1f5fF/FPF7G9ldT0TM3mGpe8mPZJPe3n9WLrFTmjTzI+lsywWWava3UcF+csdUw
T3FnNKhE6TUo/rVCfrEztiISB2w43lFIcAwHz8TbEL6LqIg=
-----END CERTIFICATE-----