Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/DmXD3tMyr2oKZP2fuOlovEtepcA.roa
File:                     DmXD3tMyr2oKZP2fuOlovEtepcA.roa (raw, json)
Hash identifier:          MPmQ297/YRzbHgWzJH0hExcNns4Fu0hjy2rC/+qAlAo=
Subject key identifier:   0E:65:C3:DE:D3:32:AF:6A:0A:64:FD:9F:B8:E9:68:BC:4B:5E:A5:C0
Certificate issuer:       /CN=4be0953a7b303d6a1e9a0287160c2f460f07f226
Certificate serial:       018CC7932ACA3063D1139702C099340493D9
Authority key identifier: 4B:E0:95:3A:7B:30:3D:6A:1E:9A:02:87:16:0C:2F:46:0F:07:F2:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-CVOnswPWoemgKHFgwvRg8H8iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/DmXD3tMyr2oKZP2fuOlovEtepcA.roa
Signing time:             Tue 02 Jan 2024 00:29:19 +0000
ROA not before:           Tue 02 Jan 2024 00:29:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197742
IP address blocks:        193.105.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/S-CVOnswPWoemgKHFgwvRg8H8iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/S-CVOnswPWoemgKHFgwvRg8H8iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-CVOnswPWoemgKHFgwvRg8H8iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2a:ca:30:63:d1:13:97:02:c0:99:34:04:93:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be0953a7b303d6a1e9a0287160c2f460f07f226
        Validity
            Not Before: Jan  2 00:29:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e65c3ded332af6a0a64fd9fb8e968bc4b5ea5c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e5:c9:08:85:83:5b:5a:4a:6d:76:38:b5:e4:
                    e0:7e:56:b4:29:6b:4c:5b:47:4c:23:2d:ee:cd:e9:
                    b6:a6:a9:0a:29:0d:76:29:8f:df:97:b4:d1:77:c6:
                    eb:d2:62:45:54:8d:8f:33:f6:4e:bc:0f:8d:3b:32:
                    07:d6:87:0d:d2:d7:e9:ed:cf:f9:36:b0:bb:f1:7a:
                    d9:d7:de:be:ef:49:f4:89:dc:0f:f2:41:e5:b9:8b:
                    32:87:92:c5:fe:84:ff:2e:c9:fd:80:4f:8c:5c:c8:
                    91:48:fd:94:9b:80:e7:cd:59:b3:75:95:b4:bb:3c:
                    c0:61:5b:a4:ca:f7:3e:3d:96:f5:c5:49:3a:6d:ae:
                    a0:3f:c2:ba:86:8d:98:f3:35:d7:4d:ae:7a:b0:8a:
                    30:47:9e:c6:7d:00:0b:48:a7:e4:67:f5:74:73:c9:
                    21:e4:ec:6a:66:f8:98:df:da:03:2f:d0:48:e1:34:
                    51:7e:73:c1:fe:bc:65:9d:37:cd:f0:10:ca:10:df:
                    07:c0:be:e8:c9:09:c3:cd:31:41:3a:c2:c0:cb:4a:
                    c6:37:3d:93:46:41:b1:bc:78:3f:4a:16:6d:78:fe:
                    2c:26:88:68:8b:f7:cf:c6:b6:b2:8b:58:95:fe:9e:
                    08:f8:a2:de:d1:09:79:0d:25:c4:e6:e6:5f:08:71:
                    00:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:65:C3:DE:D3:32:AF:6A:0A:64:FD:9F:B8:E9:68:BC:4B:5E:A5:C0
            X509v3 Authority Key Identifier:
                keyid:4B:E0:95:3A:7B:30:3D:6A:1E:9A:02:87:16:0C:2F:46:0F:07:F2:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-CVOnswPWoemgKHFgwvRg8H8iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/DmXD3tMyr2oKZP2fuOlovEtepcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/e45c52-171f-4c5c-abe8-ee96d0df0003/1/S-CVOnswPWoemgKHFgwvRg8H8iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:2e:63:21:d9:9f:2a:62:0e:c8:8a:75:a4:95:6d:0d:d2:cf:
         68:89:12:73:7e:4a:1b:31:73:6b:5b:b9:79:41:52:70:32:08:
         6f:60:84:b9:47:4f:3b:1e:19:dd:fa:3b:81:cb:9f:65:1b:f1:
         5a:87:ed:b1:4d:f3:c2:c0:dc:a5:9b:07:87:96:87:41:96:ee:
         66:62:96:12:2c:03:85:ca:ff:c3:d7:4f:79:db:ab:24:51:8f:
         f3:a7:80:29:9b:e3:d6:03:94:63:43:ce:f1:f4:09:76:15:da:
         13:41:bc:ee:3b:30:62:7f:4e:82:94:92:27:31:a1:20:30:ad:
         64:1b:51:8d:56:5d:05:29:28:60:dc:6b:1e:be:71:43:62:a2:
         c9:7e:6f:50:6c:f0:59:99:d1:57:56:97:76:46:32:d6:cf:e6:
         53:bf:b0:d1:b4:21:d2:54:ba:bc:f9:51:d8:18:12:69:d6:cb:
         76:34:c2:f7:0d:73:39:6f:d5:d8:f2:e8:bd:14:58:b8:84:5d:
         f5:ac:b8:49:a6:4b:a6:c5:1e:a2:a4:bf:38:05:8c:dc:9a:7e:
         92:31:7b:c0:28:50:16:d7:7c:e3:71:67:c5:b2:5e:69:5b:3c:
         22:6e:51:d6:97:33:84:4e:9c:c7:e0:50:2a:01:1c:f0:7d:40:
         20:fe:4a:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkyrKMGPRE5cCwJk0BJPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTA5NTNhN2IzMDNkNmExZTlhMDI4NzE2MGMyZjQ2MGYw
N2YyMjYwHhcNMjQwMTAyMDAyOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTY1YzNkZWQzMzJhZjZhMGE2NGZkOWZiOGU5NjhiYzRiNWVhNWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheXJCIWDW1pKbXY4teTgfla0KWtM
W0dMIy3uzem2pqkKKQ12KY/fl7TRd8br0mJFVI2PM/ZOvA+NOzIH1ocN0tfp7c/5
NrC78XrZ196+70n0idwP8kHluYsyh5LF/oT/Lsn9gE+MXMiRSP2Um4DnzVmzdZW0
uzzAYVukyvc+PZb1xUk6ba6gP8K6ho2Y8zXXTa56sIowR57GfQALSKfkZ/V0c8kh
5OxqZviY39oDL9BI4TRRfnPB/rxlnTfN8BDKEN8HwL7oyQnDzTFBOsLAy0rGNz2T
RkGxvHg/ShZteP4sJohoi/fPxrayi1iV/p4I+KLe0Ql5DSXE5uZfCHEAAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5lw97TMq9qCmT9n7jpaLxLXqXAMB8GA1UdIwQY
MBaAFEvglTp7MD1qHpoChxYML0YPB/ImMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1DVk9uc3dQV29lbWdLSEZnd3ZSZzhIOGlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lNDVjNTItMTcxZi00YzVjLWFiZTgt
ZWU5NmQwZGYwMDAzLzEvRG1YRDN0TXlyMm9LWlAyZnVPbG92RXRlcGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lNDVjNTItMTcxZi00YzVjLWFiZTgtZWU5NmQwZGYwMDAz
LzEvUy1DVk9uc3dQV29lbWdLSEZnd3ZSZzhIOGlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkJMA0G
CSqGSIb3DQEBCwUAA4IBAQA3LmMh2Z8qYg7IinWklW0N0s9oiRJzfkobMXNrW7l5
QVJwMghvYIS5R087Hhnd+juBy59lG/Fah+2xTfPCwNylmweHlodBlu5mYpYSLAOF
yv/D109526skUY/zp4Apm+PWA5RjQ87x9Al2FdoTQbzuOzBif06ClJInMaEgMK1k
G1GNVl0FKShg3GsevnFDYqLJfm9QbPBZmdFXVpd2RjLWz+ZTv7DRtCHSVLq8+VHY
GBJp1st2NML3DXM5b9XY8ui9FFi4hF31rLhJpkumxR6ipL84BYzcmn6SMXvAKFAW
13zjcWfFsl5pWzwiblHWlzOETpzH4FAqARzwfUAg/koJ
-----END CERTIFICATE-----