Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dzWxGJGThDM42PY49Eg6Z8Y5_SA.roa
File:                     dzWxGJGThDM42PY49Eg6Z8Y5_SA.roa (raw, json)
Hash identifier:          UbNcmC2i8uLuqCDYkBSktpIqgu6uGqYnB0NIQ04QQjs=
Subject key identifier:   77:35:B1:18:91:93:84:33:38:D8:F6:38:F4:48:3A:67:C6:39:FD:20
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64ADBD1DF612F214919022C065A5C08
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dzWxGJGThDM42PY49Eg6Z8Y5_SA.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12442
IP address blocks:        193.230.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:db:d1:df:61:2f:21:49:19:02:2c:06:5a:5c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7735b1189193843338d8f638f4483a67c639fd20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c9:bf:7b:2a:ef:4e:53:ef:c1:cb:e0:99:2a:
                    ee:c3:c2:07:44:a2:fe:31:48:7d:06:8a:a4:05:42:
                    83:ca:c4:98:2d:72:bc:04:25:20:a2:7b:79:dd:90:
                    a6:a4:50:2a:50:24:24:cb:8c:a7:6a:6f:9a:83:34:
                    22:a6:1b:2f:a3:64:ff:e0:fc:a2:69:f5:06:ff:5a:
                    17:09:8d:5c:b3:ca:72:dd:27:fa:12:ec:d5:15:75:
                    9a:3e:b2:5e:0f:03:61:a0:98:47:e3:bf:0b:09:64:
                    f9:68:f2:cc:13:c1:a5:96:28:f7:fb:ce:84:a7:30:
                    b9:70:38:f3:ee:d2:4e:c7:63:94:1b:94:f2:33:31:
                    d8:ee:eb:e6:d0:44:bc:ad:1d:6e:7b:61:d7:96:7a:
                    6d:86:6d:ed:d7:2e:50:f8:1a:10:b6:5c:5b:09:be:
                    81:35:3f:d6:b0:15:01:3b:48:f0:d9:4a:29:d9:63:
                    d3:67:28:e5:b7:9b:bf:d3:62:f2:89:0b:13:5a:7d:
                    a1:78:07:5b:2f:bb:3d:4d:30:d0:d5:90:ba:32:cf:
                    32:ca:0b:b0:73:fe:74:15:84:f1:c3:c8:82:52:d1:
                    51:cf:df:2e:66:1a:dd:a4:04:af:c3:a5:07:e8:59:
                    55:0c:35:dc:06:e9:3a:3f:14:e7:02:c9:0a:01:12:
                    77:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:35:B1:18:91:93:84:33:38:D8:F6:38:F4:48:3A:67:C6:39:FD:20
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dzWxGJGThDM42PY49Eg6Z8Y5_SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:3c:c0:05:c2:26:f6:c5:6d:ca:26:b4:17:43:92:50:89:37:
         39:cb:68:c1:20:71:7f:4f:1a:2d:ad:17:34:51:81:0f:99:40:
         b2:69:bf:f0:da:3d:64:10:4a:d8:bf:58:7d:18:23:40:8f:84:
         62:b0:34:22:5a:91:6f:82:a9:e5:67:9f:8c:bb:46:d1:a9:45:
         be:78:70:a8:e6:a8:5f:d9:b2:83:fe:80:d1:6a:e1:9e:01:d8:
         b5:2a:37:73:a8:21:13:43:9c:5a:3b:e6:ab:1f:b1:25:ea:89:
         66:60:01:cd:bc:d5:21:48:5c:5f:ac:a6:4d:be:cc:26:da:00:
         9f:e2:d7:76:ea:1b:2f:d5:77:57:26:78:42:a3:80:28:6c:e6:
         31:0b:92:6e:7b:98:f5:fd:a5:05:88:f4:63:25:b1:cd:c0:84:
         6f:57:a1:0e:31:c0:44:67:57:64:88:bb:79:37:26:7d:76:be:
         3d:3f:12:70:40:df:91:20:8c:d4:84:88:93:2c:cf:9a:22:f7:
         c7:bb:29:f6:2b:ee:b2:11:c6:58:40:cb:f6:b2:84:85:51:22:
         19:a0:41:63:29:53:4a:49:ed:5a:6a:da:4a:60:96:68:48:05:
         11:a4:62:ab:c7:7f:9b:48:7f:7c:27:f4:bb:9d:d1:16:77:21:
         a9:39:62:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStvR32EvIUkZAiwGWlwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzM1YjExODkxOTM4NDMzMzhkOGY2MzhmNDQ4M2E2N2M2MzlmZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicm/eyrvTlPvwcvgmSruw8IHRKL+
MUh9BoqkBUKDysSYLXK8BCUgont53ZCmpFAqUCQky4ynam+agzQiphsvo2T/4Pyi
afUG/1oXCY1cs8py3Sf6EuzVFXWaPrJeDwNhoJhH478LCWT5aPLME8Gllij3+86E
pzC5cDjz7tJOx2OUG5TyMzHY7uvm0ES8rR1ue2HXlnpthm3t1y5Q+BoQtlxbCb6B
NT/WsBUBO0jw2Uop2WPTZyjlt5u/02LyiQsTWn2heAdbL7s9TTDQ1ZC6Ms8yyguw
c/50FYTxw8iCUtFRz98uZhrdpASvw6UH6FlVDDXcBuk6PxTnAskKARJ3YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc1sRiRk4QzONj2OPRIOmfGOf0gMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvZHpXeEdKR1RoRE00MlBZNDlFZzZaOFk1X1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwebjMA0G
CSqGSIb3DQEBCwUAA4IBAQB3PMAFwib2xW3KJrQXQ5JQiTc5y2jBIHF/TxotrRc0
UYEPmUCyab/w2j1kEErYv1h9GCNAj4RisDQiWpFvgqnlZ5+Mu0bRqUW+eHCo5qhf
2bKD/oDRauGeAdi1KjdzqCETQ5xaO+arH7El6olmYAHNvNUhSFxfrKZNvswm2gCf
4td26hsv1XdXJnhCo4AobOYxC5Jue5j1/aUFiPRjJbHNwIRvV6EOMcBEZ1dkiLt5
NyZ9dr49PxJwQN+RIIzUhIiTLM+aIvfHuyn2K+6yEcZYQMv2soSFUSIZoEFjKVNK
Se1aatpKYJZoSAURpGKrx3+bSH98J/S7ndEWdyGpOWLX
-----END CERTIFICATE-----