Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/mRi-YhAcH0z28dRXXa_8lR0wdxY.roa
File:                     mRi-YhAcH0z28dRXXa_8lR0wdxY.roa (raw, json)
Hash identifier:          UC/KtaIHSCSYlleDeJwQcT7+xELbLlVL66h4Cya4Je8=
Subject key identifier:   99:18:BE:62:10:1C:1F:4C:F6:F1:D4:57:5D:AF:FC:95:1D:30:77:16
Certificate issuer:       /CN=b3b6b6d7e5dd0c328f6ceaf7e9e9c0d1cb8c1d22
Certificate serial:       018E3784AC35A5EB9D3A8821D75B769CC7F1
Authority key identifier: B3:B6:B6:D7:E5:DD:0C:32:8F:6C:EA:F7:E9:E9:C0:D1:CB:8C:1D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7a21-XdDDKPbOr36enA0cuMHSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/mRi-YhAcH0z28dRXXa_8lR0wdxY.roa
Signing time:             Wed 13 Mar 2024 11:13:45 +0000
ROA not before:           Wed 13 Mar 2024 11:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61423
IP address blocks:        193.109.52.0/24 maxlen: 24
                          193.109.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/s7a21-XdDDKPbOr36enA0cuMHSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/s7a21-XdDDKPbOr36enA0cuMHSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7a21-XdDDKPbOr36enA0cuMHSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:84:ac:35:a5:eb:9d:3a:88:21:d7:5b:76:9c:c7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b6b6d7e5dd0c328f6ceaf7e9e9c0d1cb8c1d22
        Validity
            Not Before: Mar 13 11:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9918be62101c1f4cf6f1d4575daffc951d307716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ea:c5:86:2f:7c:7b:96:0e:8d:63:18:e5:b9:
                    4c:88:c5:0a:c0:d5:a9:6a:32:35:26:92:02:6a:66:
                    94:e5:cb:a7:66:06:db:44:e3:87:7e:c4:60:71:58:
                    46:14:b6:cf:36:64:a7:74:1a:5d:de:61:97:d4:1c:
                    48:69:18:d9:7c:a1:2a:14:27:c7:b6:f4:17:d9:9e:
                    c0:66:03:7b:b9:ea:df:9f:58:15:3a:85:bf:3e:bf:
                    23:47:7c:8e:33:2f:74:db:e5:77:e7:62:00:68:3f:
                    5b:be:21:52:0c:f2:f1:aa:72:d2:ec:83:5f:b8:5f:
                    3b:82:66:0c:78:c8:d5:a4:a1:fd:ed:a7:7e:ba:e0:
                    bf:04:63:5e:4b:3f:35:2d:c4:df:34:ba:73:a8:00:
                    ea:76:08:cf:f2:c6:6a:28:cb:75:17:04:47:2e:36:
                    54:99:79:0c:b7:ad:54:d1:fc:86:f1:44:45:3c:8a:
                    fa:d6:e1:5c:61:58:13:c3:16:eb:fe:c7:83:8f:46:
                    71:50:6a:fc:ed:7b:e9:8b:d8:ad:1d:13:9c:58:aa:
                    d3:79:9a:43:c2:c9:c0:47:cf:f6:85:f2:44:16:1b:
                    1c:32:f6:20:20:dd:e1:d3:f6:a0:b3:23:c6:ea:2f:
                    51:cd:03:a7:c5:5f:89:88:66:a0:8d:19:ad:36:64:
                    de:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:18:BE:62:10:1C:1F:4C:F6:F1:D4:57:5D:AF:FC:95:1D:30:77:16
            X509v3 Authority Key Identifier:
                keyid:B3:B6:B6:D7:E5:DD:0C:32:8F:6C:EA:F7:E9:E9:C0:D1:CB:8C:1D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7a21-XdDDKPbOr36enA0cuMHSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/mRi-YhAcH0z28dRXXa_8lR0wdxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2d7946-db8b-4a57-a70b-2071546b70f9/1/s7a21-XdDDKPbOr36enA0cuMHSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:e7:3a:3d:39:0b:be:48:3f:13:1e:f7:b7:d2:3f:41:9b:31:
         c5:1f:ea:fa:c8:3b:dc:9f:43:30:b4:27:ce:af:cf:85:1c:ca:
         84:95:d0:63:7b:94:ba:73:da:80:12:a3:74:c2:6a:b4:a8:d1:
         50:51:56:79:93:4b:22:5e:e0:9d:de:8e:f8:6d:2b:bc:44:fe:
         e6:85:21:20:86:73:58:fd:fd:4f:32:7e:5c:8f:b8:4e:28:c5:
         d3:bb:8f:0b:9d:5d:a3:95:e0:26:c5:a9:72:87:90:49:06:3e:
         3c:fc:7c:26:c9:db:e9:86:15:88:ff:c0:6b:89:81:a0:a1:80:
         37:8d:f9:8b:0f:5c:d5:08:90:59:ee:df:e4:aa:b3:e3:91:78:
         af:d5:54:f5:d1:10:2e:a2:08:dd:47:4f:fb:89:af:22:06:0e:
         38:04:6b:ab:5a:9b:e2:a6:7f:a9:9e:09:bc:6b:bf:cb:ac:6c:
         6d:32:b5:4b:cb:e3:1b:8f:de:65:f4:1b:8e:72:50:96:91:49:
         ff:30:c5:dc:d5:6f:2b:7f:7d:97:4e:08:b2:4c:5a:9b:75:17:
         d7:f2:eb:2f:fd:87:40:e4:96:b5:fb:18:b1:1d:0a:e0:c8:be:
         b9:d5:d0:17:16:70:62:24:6e:13:2b:0b:28:49:66:0a:71:de:
         e7:5f:47:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY43hKw1peudOogh11t2nMfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZiNmQ3ZTVkZDBjMzI4ZjZjZWFmN2U5ZTljMGQxY2I4
YzFkMjIwHhcNMjQwMzEzMTExMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE4YmU2MjEwMWMxZjRjZjZmMWQ0NTc1ZGFmZmM5NTFkMzA3NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlurFhi98e5YOjWMY5blMiMUKwNWp
ajI1JpICamaU5cunZgbbROOHfsRgcVhGFLbPNmSndBpd3mGX1BxIaRjZfKEqFCfH
tvQX2Z7AZgN7uerfn1gVOoW/Pr8jR3yOMy902+V352IAaD9bviFSDPLxqnLS7INf
uF87gmYMeMjVpKH97ad+uuC/BGNeSz81LcTfNLpzqADqdgjP8sZqKMt1FwRHLjZU
mXkMt61U0fyG8URFPIr61uFcYVgTwxbr/seDj0ZxUGr87Xvpi9itHROcWKrTeZpD
wsnAR8/2hfJEFhscMvYgIN3h0/agsyPG6i9RzQOnxV+JiGagjRmtNmTewwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkYvmIQHB9M9vHUV12v/JUdMHcWMB8GA1UdIwQY
MBaAFLO2ttfl3Qwyj2zq9+npwNHLjB0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdhMjEtWGREREtQYk9yMzZlbkEwY3VNSFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yZDc5NDYtZGI4Yi00YTU3LWE3MGIt
MjA3MTU0NmI3MGY5LzEvbVJpLVloQWNIMHoyOGRSWFhhXzhsUjB3ZHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yZDc5NDYtZGI4Yi00YTU3LWE3MGItMjA3MTU0NmI3MGY5
LzEvczdhMjEtWGREREtQYk9yMzZlbkEwY3VNSFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW00MA0G
CSqGSIb3DQEBCwUAA4IBAQB15zo9OQu+SD8THve30j9BmzHFH+r6yDvcn0MwtCfO
r8+FHMqEldBje5S6c9qAEqN0wmq0qNFQUVZ5k0siXuCd3o74bSu8RP7mhSEghnNY
/f1PMn5cj7hOKMXTu48LnV2jleAmxalyh5BJBj48/HwmydvphhWI/8BriYGgoYA3
jfmLD1zVCJBZ7t/kqrPjkXiv1VT10RAuogjdR0/7ia8iBg44BGurWpvipn+pngm8
a7/LrGxtMrVLy+Mbj95l9BuOclCWkUn/MMXc1W8rf32XTgiyTFqbdRfX8usv/YdA
5Ja1+xixHQrgyL651dAXFnBiJG4TKwsoSWYKcd7nX0f7
-----END CERTIFICATE-----