Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/jOc0ecsXOziuXjVhUqQk5KKH83I.roa
File:                     jOc0ecsXOziuXjVhUqQk5KKH83I.roa (raw, json)
Hash identifier:          Fwzx+oDsgbY27k3YfWy7qu2SIlgEGEi9ln2JbJ0VSXI=
Subject key identifier:   8C:E7:34:79:CB:17:3B:38:AE:5E:35:61:52:A4:24:E4:A2:87:F3:72
Certificate issuer:       /CN=4ff86cf33e15ea4089da29e2a7881d746df826ef
Certificate serial:       018CC26D38AAF940EC8CFAFCC7A5CFBF8ABE
Authority key identifier: 4F:F8:6C:F3:3E:15:EA:40:89:DA:29:E2:A7:88:1D:74:6D:F8:26:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T_hs8z4V6kCJ2inip4gddG34Ju8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/jOc0ecsXOziuXjVhUqQk5KKH83I.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        193.29.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/T_hs8z4V6kCJ2inip4gddG34Ju8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/T_hs8z4V6kCJ2inip4gddG34Ju8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T_hs8z4V6kCJ2inip4gddG34Ju8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:38:aa:f9:40:ec:8c:fa:fc:c7:a5:cf:bf:8a:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ff86cf33e15ea4089da29e2a7881d746df826ef
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ce73479cb173b38ae5e356152a424e4a287f372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3c:9d:d3:e9:f5:be:76:38:6e:2b:98:50:56:
                    24:bb:78:f9:31:be:13:44:3a:69:18:af:3e:d5:ef:
                    87:95:36:7a:82:94:c2:52:0b:0b:a4:b5:96:ad:fa:
                    31:e8:b1:ba:a6:59:d5:b3:f5:aa:fe:db:ae:7a:ea:
                    70:63:6e:25:60:6c:b4:7b:2b:a2:a0:16:d7:ee:9f:
                    47:50:3f:d7:1b:0a:38:50:68:ea:c0:2f:6b:22:ef:
                    9a:dc:fc:13:0c:a8:d8:57:b5:e4:cd:9e:c4:85:9c:
                    ba:80:a0:9d:08:5c:38:f6:a7:b6:c0:89:09:9b:f1:
                    01:eb:b3:80:a1:4a:94:60:ab:86:03:52:7f:36:15:
                    8a:df:8c:da:ca:45:7b:b4:4b:4a:5b:4d:4a:46:6c:
                    b5:01:2d:b2:59:98:76:d2:a3:bf:5d:f9:8a:22:03:
                    a9:a4:b5:4e:19:ed:a2:a6:cb:8a:a2:20:d9:1d:1c:
                    d8:32:6b:f7:0b:8a:2c:91:46:4b:18:b6:f8:c4:10:
                    82:3e:38:be:c1:5a:52:53:a0:d1:15:3e:d0:e2:3b:
                    64:91:6e:4f:e2:3a:f7:40:b8:ce:8f:58:84:73:51:
                    94:c7:5d:15:c6:5b:95:5a:2a:5c:62:28:85:95:d5:
                    8f:b1:8f:ba:e4:53:3b:ec:97:c4:9b:37:f0:08:8d:
                    ce:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E7:34:79:CB:17:3B:38:AE:5E:35:61:52:A4:24:E4:A2:87:F3:72
            X509v3 Authority Key Identifier:
                keyid:4F:F8:6C:F3:3E:15:EA:40:89:DA:29:E2:A7:88:1D:74:6D:F8:26:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T_hs8z4V6kCJ2inip4gddG34Ju8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/jOc0ecsXOziuXjVhUqQk5KKH83I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c991ee-bd41-4ad1-b88d-6fc5fca09629/1/T_hs8z4V6kCJ2inip4gddG34Ju8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:c5:4f:1d:1c:2e:34:f3:b3:e5:dd:1e:82:bc:4f:ec:79:d2:
         24:44:9f:9b:e0:1a:79:11:6d:3e:47:f6:a3:78:9f:a3:41:24:
         8b:28:e0:12:ba:65:92:4e:f7:54:ff:42:7b:65:ba:a6:d3:fe:
         8f:33:30:7d:bf:d7:f5:39:c6:21:28:ff:30:1e:02:83:89:8c:
         70:80:0e:56:f2:3f:82:74:00:ff:9f:f6:ba:87:72:4e:f7:e0:
         8f:e8:db:1a:34:a5:0c:e6:a6:c0:e3:24:64:3d:c7:ab:2c:a9:
         8f:cf:eb:ab:0c:ed:46:f2:ec:55:9b:82:b8:4b:b4:d3:55:2a:
         64:9d:e4:1a:0f:ba:88:9a:90:3f:e8:44:eb:eb:cc:6d:7c:a5:
         c8:4d:f5:d6:ab:f2:51:67:9f:92:5c:82:30:84:15:b2:54:ea:
         90:8e:b1:51:4f:54:25:c1:08:ed:ca:cb:d0:6c:76:45:f4:27:
         0e:c5:0c:da:d1:d4:69:0d:fb:aa:3b:8e:b2:84:ef:89:67:2f:
         29:4e:63:72:2c:97:66:43:a2:ce:66:26:84:79:ac:33:11:28:
         4c:ba:62:95:18:a3:69:e0:08:04:75:3a:8e:5c:72:5d:82:ba:
         9f:a9:1b:57:fd:95:86:97:89:ab:c6:3d:fa:15:31:e3:95:24:
         09:a7:a9:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTiq+UDsjPr8x6XPv4q+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZjg2Y2YzM2UxNWVhNDA4OWRhMjllMmE3ODgxZDc0NmRm
ODI2ZWYwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2U3MzQ3OWNiMTczYjM4YWU1ZTM1NjE1MmE0MjRlNGEyODdmMzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jyd0+n1vnY4biuYUFYku3j5Mb4T
RDppGK8+1e+HlTZ6gpTCUgsLpLWWrfox6LG6plnVs/Wq/tuueupwY24lYGy0eyui
oBbX7p9HUD/XGwo4UGjqwC9rIu+a3PwTDKjYV7XkzZ7EhZy6gKCdCFw49qe2wIkJ
m/EB67OAoUqUYKuGA1J/NhWK34zaykV7tEtKW01KRmy1AS2yWZh20qO/XfmKIgOp
pLVOGe2ipsuKoiDZHRzYMmv3C4oskUZLGLb4xBCCPji+wVpSU6DRFT7Q4jtkkW5P
4jr3QLjOj1iEc1GUx10VxluVWipcYiiFldWPsY+65FM77JfEmzfwCI3OfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIznNHnLFzs4rl41YVKkJOSih/NyMB8GA1UdIwQY
MBaAFE/4bPM+FepAidop4qeIHXRt+CbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVF9oczh6NFY2a0NKMmluaXA0Z2RkRzM0SnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jOTkxZWUtYmQ0MS00YWQxLWI4OGQt
NmZjNWZjYTA5NjI5LzEvak9jMGVjc1hPeml1WGpWaFVxUWs1S0tIODNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jOTkxZWUtYmQ0MS00YWQxLWI4OGQtNmZjNWZjYTA5NjI5
LzEvVF9oczh6NFY2a0NKMmluaXA0Z2RkRzM0SnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwR04MA0G
CSqGSIb3DQEBCwUAA4IBAQAWxU8dHC4087Pl3R6CvE/sedIkRJ+b4Bp5EW0+R/aj
eJ+jQSSLKOASumWSTvdU/0J7Zbqm0/6PMzB9v9f1OcYhKP8wHgKDiYxwgA5W8j+C
dAD/n/a6h3JO9+CP6NsaNKUM5qbA4yRkPcerLKmPz+urDO1G8uxVm4K4S7TTVSpk
neQaD7qImpA/6ETr68xtfKXITfXWq/JRZ5+SXIIwhBWyVOqQjrFRT1QlwQjtysvQ
bHZF9CcOxQza0dRpDfuqO46yhO+JZy8pTmNyLJdmQ6LOZiaEeawzEShMumKVGKNp
4AgEdTqOXHJdgrqfqRtX/ZWGl4mrxj36FTHjlSQJp6mC
-----END CERTIFICATE-----