Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/nEchU6k7kvcU-FZR4aYSthSxaAg.roa
File:                     nEchU6k7kvcU-FZR4aYSthSxaAg.roa (raw, json)
Hash identifier:          9rlnMA5bH/R5zCHWoh6xDCX2QAmAz6mRB2BGxo9C9XE=
Subject key identifier:   9C:47:21:53:A9:3B:92:F7:14:F8:56:51:E1:A6:12:B6:14:B1:68:08
Certificate issuer:       /CN=c2f3266e0612d8314f4e9f92a3db8bcb253edabc
Certificate serial:       018CC26D13F76112D316CA9E3663ACAC7433
Authority key identifier: C2:F3:26:6E:06:12:D8:31:4F:4E:9F:92:A3:DB:8B:CB:25:3E:DA:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wvMmbgYS2DFPTp-So9uLyyU-2rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/nEchU6k7kvcU-FZR4aYSthSxaAg.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198941
IP address blocks:        193.35.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/wvMmbgYS2DFPTp-So9uLyyU-2rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/wvMmbgYS2DFPTp-So9uLyyU-2rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wvMmbgYS2DFPTp-So9uLyyU-2rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:13:f7:61:12:d3:16:ca:9e:36:63:ac:ac:74:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2f3266e0612d8314f4e9f92a3db8bcb253edabc
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c472153a93b92f714f85651e1a612b614b16808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:be:23:eb:45:27:9f:46:35:d9:f8:09:f9:
                    b8:88:41:a1:1e:fc:6b:44:dd:02:7a:0b:dc:bc:77:
                    f3:1e:c8:af:26:bf:cf:1a:80:74:13:e6:7b:28:ba:
                    3f:e4:61:c4:ac:b9:01:50:68:d0:8a:77:52:80:4b:
                    b7:7d:6f:d6:e2:86:cf:e1:37:5a:22:1e:e4:71:68:
                    09:82:c4:4e:c3:2e:71:5c:c7:aa:3e:4e:2a:fa:7b:
                    0a:12:ad:40:b3:a4:78:c5:4c:24:a0:fb:86:b3:20:
                    14:ce:f4:d1:9f:51:e5:bd:71:0a:fe:51:91:04:29:
                    39:3a:1c:42:ea:46:a5:43:74:eb:e0:47:04:8f:a7:
                    76:95:ef:44:34:23:62:ac:3a:7d:e8:6d:e4:de:d5:
                    a7:41:67:c9:fb:aa:b6:2b:3b:14:84:c1:3c:7f:80:
                    50:48:f0:49:2e:37:ab:15:d5:72:98:19:0d:40:f5:
                    62:a6:1e:52:89:0b:c6:2c:c4:1c:78:8b:07:7d:42:
                    81:7e:68:a9:90:52:73:f8:b6:dc:52:36:4a:97:8e:
                    b4:3a:6e:d6:9c:12:ef:16:93:51:c4:06:81:80:86:
                    64:69:1f:7a:3e:1c:2c:64:8c:b9:3c:ad:82:89:91:
                    86:48:17:87:ee:52:37:bc:fd:79:88:df:35:6d:65:
                    63:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:47:21:53:A9:3B:92:F7:14:F8:56:51:E1:A6:12:B6:14:B1:68:08
            X509v3 Authority Key Identifier:
                keyid:C2:F3:26:6E:06:12:D8:31:4F:4E:9F:92:A3:DB:8B:CB:25:3E:DA:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wvMmbgYS2DFPTp-So9uLyyU-2rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/nEchU6k7kvcU-FZR4aYSthSxaAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dceacf-dae2-4763-b399-2fb99fe5e477/1/wvMmbgYS2DFPTp-So9uLyyU-2rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:96:3a:db:eb:2c:02:05:ad:5f:cc:25:39:ac:42:48:59:20:
         98:2c:2a:0d:e5:0e:f3:3e:b2:0f:50:77:39:45:a9:a2:92:c0:
         37:07:ed:9a:78:ae:2e:f7:a2:53:72:a6:b8:1f:db:39:c1:d3:
         07:32:3a:6a:1e:e3:fa:04:0c:45:5b:40:28:af:b0:d7:06:53:
         52:78:5a:75:15:cd:7b:1b:3a:ae:2e:39:cd:5f:df:b8:91:03:
         d8:c6:8b:d8:8c:a5:22:eb:5d:cb:d9:15:f7:9b:6c:70:49:31:
         d2:34:70:ac:4d:65:f3:f2:a2:73:68:c9:47:0d:d6:79:45:6e:
         9a:19:8b:9f:d2:83:8c:76:bb:31:b7:9e:3f:7a:5e:46:29:b6:
         91:57:80:1b:fa:73:d0:04:7e:8b:82:a5:22:01:18:2b:a1:44:
         72:05:85:2f:5e:9a:83:75:99:07:e6:e5:e1:43:56:2e:e5:95:
         90:6c:c6:ae:ac:3c:74:52:77:1c:28:c8:76:bf:28:2d:98:d2:
         20:fc:72:cf:d1:9a:15:30:4d:8f:29:ce:6f:87:57:c9:51:db:
         45:58:2f:6a:e6:22:f2:4f:39:0d:94:b7:27:a7:3f:a3:67:fb:
         cc:72:7c:bf:5b:ba:a8:51:be:f0:66:f7:1d:a9:11:98:7d:2d:
         6c:d3:87:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRP3YRLTFsqeNmOsrHQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZjMyNjZlMDYxMmQ4MzE0ZjRlOWY5MmEzZGI4YmNiMjUz
ZWRhYmMwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQ3MjE1M2E5M2I5MmY3MTRmODU2NTFlMWE2MTJiNjE0YjE2ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk72+I+tFJ59GNdn4Cfm4iEGhHvxr
RN0CegvcvHfzHsivJr/PGoB0E+Z7KLo/5GHErLkBUGjQindSgEu3fW/W4obP4Tda
Ih7kcWgJgsROwy5xXMeqPk4q+nsKEq1As6R4xUwkoPuGsyAUzvTRn1HlvXEK/lGR
BCk5OhxC6kalQ3Tr4EcEj6d2le9ENCNirDp96G3k3tWnQWfJ+6q2KzsUhME8f4BQ
SPBJLjerFdVymBkNQPViph5SiQvGLMQceIsHfUKBfmipkFJz+LbcUjZKl460Om7W
nBLvFpNRxAaBgIZkaR96PhwsZIy5PK2CiZGGSBeH7lI3vP15iN81bWVjyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxHIVOpO5L3FPhWUeGmErYUsWgIMB8GA1UdIwQY
MBaAFMLzJm4GEtgxT06fkqPbi8slPtq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3ZNbWJnWVMyREZQVHAtU285dUx5eVUtMnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kY2VhY2YtZGFlMi00NzYzLWIzOTkt
MmZiOTlmZTVlNDc3LzEvbkVjaFU2azdrdmNVLUZaUjRhWVN0aFN4YUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kY2VhY2YtZGFlMi00NzYzLWIzOTktMmZiOTlmZTVlNDc3
LzEvd3ZNbWJnWVMyREZQVHAtU285dUx5eVUtMnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSMuMA0G
CSqGSIb3DQEBCwUAA4IBAQCDljrb6ywCBa1fzCU5rEJIWSCYLCoN5Q7zPrIPUHc5
RamiksA3B+2aeK4u96JTcqa4H9s5wdMHMjpqHuP6BAxFW0Aor7DXBlNSeFp1Fc17
GzquLjnNX9+4kQPYxovYjKUi613L2RX3m2xwSTHSNHCsTWXz8qJzaMlHDdZ5RW6a
GYuf0oOMdrsxt54/el5GKbaRV4Ab+nPQBH6LgqUiARgroURyBYUvXpqDdZkH5uXh
Q1Yu5ZWQbMaurDx0UnccKMh2vygtmNIg/HLP0ZoVME2PKc5vh1fJUdtFWC9q5iLy
TzkNlLcnpz+jZ/vMcny/W7qoUb7wZvcdqRGYfS1s04ex
-----END CERTIFICATE-----