Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dm8Y4uw3IcFf0yJ4fp-urvEgVSs.roa
File:                     Dm8Y4uw3IcFf0yJ4fp-urvEgVSs.roa (raw, json)
Hash identifier:          juoYi9ezRGk9CzePUvuEjDbLiGnKlORgw19aAb2mVvs=
Subject key identifier:   0E:6F:18:E2:EC:37:21:C1:5F:D3:22:78:7E:9F:AE:AE:F1:20:55:2B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AD68FD2CF77BD7BB5EA7D5C6B878D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dm8Y4uw3IcFf0yJ4fp-urvEgVSs.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3333
IP address blocks:        193.230.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d6:8f:d2:cf:77:bd:7b:b5:ea:7d:5c:6b:87:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e6f18e2ec3721c15fd322787e9faeaef120552b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:05:bc:5f:2a:a2:10:b2:d5:4a:fe:c0:1b:1b:
                    31:c1:a3:64:32:26:91:3f:a9:6e:d5:f2:b1:74:88:
                    a6:5a:c0:f3:c5:af:4a:fb:fa:3a:84:dc:3a:0f:e6:
                    78:5d:08:df:27:43:bc:a2:2f:a8:f5:e7:81:fd:1d:
                    5b:7b:80:13:9a:19:ad:99:c6:5b:b4:db:f1:33:8f:
                    ed:d2:ad:c8:d5:fd:18:18:52:1f:fc:40:59:c0:2d:
                    67:5f:ff:af:65:63:68:ce:6a:57:12:61:13:88:f7:
                    05:4b:3b:e2:0e:54:aa:24:45:61:a3:06:04:59:4e:
                    25:94:44:b7:f1:4e:08:2b:98:c1:28:6e:9e:43:27:
                    02:b6:d8:55:08:d1:d4:ca:2c:d0:89:0a:ef:29:e9:
                    f9:f4:fe:a7:27:07:dc:62:b3:b8:05:82:34:94:0c:
                    3e:f3:53:c2:29:6b:ce:39:da:df:48:82:2d:85:f6:
                    4b:5e:70:74:33:8f:df:84:d8:7f:39:a3:62:7c:0d:
                    b0:a8:b3:14:a2:40:19:c0:1c:31:68:a9:47:9c:d7:
                    37:09:22:54:0e:66:4e:aa:f2:ee:3b:bc:c4:f2:ab:
                    f7:45:29:7b:fa:1e:25:25:22:73:84:77:4b:30:20:
                    71:e6:b8:83:63:7b:f0:79:9d:9a:99:a9:57:4b:66:
                    41:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6F:18:E2:EC:37:21:C1:5F:D3:22:78:7E:9F:AE:AE:F1:20:55:2B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dm8Y4uw3IcFf0yJ4fp-urvEgVSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:a4:24:74:d1:3a:f7:7b:b1:b2:2c:ca:26:c4:0e:b5:16:b4:
         53:e3:84:95:0a:91:a3:4f:f2:02:0e:9d:7c:59:81:10:05:e8:
         50:c3:d9:90:93:2e:37:02:d9:3e:5c:23:3e:c7:3f:4c:60:ac:
         9f:36:d8:5c:e7:a3:0a:f6:6c:43:8f:7e:3a:3d:1e:ca:2c:58:
         a1:a6:68:40:41:4a:9c:59:4e:cb:94:70:06:2a:ba:71:ba:dd:
         14:38:83:e3:3d:9a:b1:9d:26:de:ab:10:5f:9c:bd:f2:40:69:
         02:49:eb:4e:bd:53:56:0b:86:e5:8b:25:a0:39:7d:2f:ff:12:
         6c:b1:13:27:dd:14:9a:00:57:c8:03:22:e2:0c:92:73:53:d0:
         0a:74:4c:e7:9d:0c:94:da:e8:49:1f:56:44:b3:50:62:21:6f:
         68:c4:29:bb:40:f0:91:18:1e:8d:9f:34:35:63:fb:22:e3:bb:
         a8:5e:22:4b:83:0c:e0:a9:7d:f5:86:54:7e:3c:2a:17:43:a2:
         63:17:ae:81:26:d4:19:81:e9:78:a6:17:22:a9:8c:63:21:14:
         9e:00:c1:f1:b6:c7:3a:6a:d4:a4:8d:0f:e5:3f:a1:9e:17:39:
         3e:b3:97:84:0b:0e:d1:72:a2:0a:d0:b2:6a:7b:00:42:31:aa:
         40:0c:e7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStaP0s93vXu16n1ca4eNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZmMThlMmVjMzcyMWMxNWZkMzIyNzg3ZTlmYWVhZWYxMjA1NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAW8XyqiELLVSv7AGxsxwaNkMiaR
P6lu1fKxdIimWsDzxa9K+/o6hNw6D+Z4XQjfJ0O8oi+o9eeB/R1be4ATmhmtmcZb
tNvxM4/t0q3I1f0YGFIf/EBZwC1nX/+vZWNozmpXEmETiPcFSzviDlSqJEVhowYE
WU4llES38U4IK5jBKG6eQycCtthVCNHUyizQiQrvKen59P6nJwfcYrO4BYI0lAw+
81PCKWvOOdrfSIIthfZLXnB0M4/fhNh/OaNifA2wqLMUokAZwBwxaKlHnNc3CSJU
DmZOqvLuO7zE8qv3RSl7+h4lJSJzhHdLMCBx5riDY3vweZ2amalXS2ZBPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5vGOLsNyHBX9MieH6frq7xIFUrMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRG04WTR1dzNJY0ZmMHlKNGZwLXVydkVnVlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwebCMA0G
CSqGSIb3DQEBCwUAA4IBAQAHpCR00Tr3e7GyLMomxA61FrRT44SVCpGjT/ICDp18
WYEQBehQw9mQky43Atk+XCM+xz9MYKyfNthc56MK9mxDj346PR7KLFihpmhAQUqc
WU7LlHAGKrpxut0UOIPjPZqxnSbeqxBfnL3yQGkCSetOvVNWC4bliyWgOX0v/xJs
sRMn3RSaAFfIAyLiDJJzU9AKdEznnQyU2uhJH1ZEs1BiIW9oxCm7QPCRGB6NnzQ1
Y/si47uoXiJLgwzgqX31hlR+PCoXQ6JjF66BJtQZgel4phciqYxjIRSeAMHxtsc6
atSkjQ/lP6GeFzk+s5eECw7RcqIK0LJqewBCMapADOcl
-----END CERTIFICATE-----