Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/oqKseJNiM_WhBx3cMC2YR7hpDkY.roa
File:                     oqKseJNiM_WhBx3cMC2YR7hpDkY.roa (raw, json)
Hash identifier:          fE3Mag3TKDtsBVrOh9kMVG0XwXeo4JEcnpQrFuM1EMw=
Subject key identifier:   A2:A2:AC:78:93:62:33:F5:A1:07:1D:DC:30:2D:98:47:B8:69:0E:46
Certificate issuer:       /CN=046ca7b604ec08f6f54b0e748906547dd375674d
Certificate serial:       018CC79451231B30AE51EDC990F08FB548B1
Authority key identifier: 04:6C:A7:B6:04:EC:08:F6:F5:4B:0E:74:89:06:54:7D:D3:75:67:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGyntgTsCPb1Sw50iQZUfdN1Z00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/oqKseJNiM_WhBx3cMC2YR7hpDkY.roa
Signing time:             Tue 02 Jan 2024 00:30:35 +0000
ROA not before:           Tue 02 Jan 2024 00:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39686
IP address blocks:        193.202.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/BGyntgTsCPb1Sw50iQZUfdN1Z00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/BGyntgTsCPb1Sw50iQZUfdN1Z00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGyntgTsCPb1Sw50iQZUfdN1Z00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:51:23:1b:30:ae:51:ed:c9:90:f0:8f:b5:48:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046ca7b604ec08f6f54b0e748906547dd375674d
        Validity
            Not Before: Jan  2 00:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2a2ac78936233f5a1071ddc302d9847b8690e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d6:1a:ea:bd:ae:d8:87:ed:c8:3a:07:79:57:
                    77:be:11:2d:45:68:e2:ce:4a:da:ca:ec:25:74:24:
                    f2:13:a2:ef:18:34:90:d6:86:8d:44:a0:53:bd:73:
                    d5:b7:9c:80:f8:bc:db:20:61:24:d7:84:11:51:3c:
                    fd:37:f9:f1:f5:14:7f:29:f4:39:32:98:24:d5:9b:
                    c3:4e:b9:90:b3:65:c5:48:af:69:46:fa:16:68:a3:
                    5e:e6:d2:f0:ad:7e:8e:34:fa:d9:a0:52:a0:da:d4:
                    e0:ef:11:c4:e4:d4:44:8e:71:de:b2:30:70:a7:33:
                    66:9d:2f:56:05:eb:f9:58:a2:82:8f:09:d9:fc:19:
                    1f:3c:68:34:07:30:9b:84:f6:dd:a3:ad:a8:39:05:
                    70:7b:e6:51:05:f6:ab:5a:b4:4b:ae:01:5c:9f:74:
                    21:f1:a7:e2:f9:5d:9b:15:b9:15:a2:82:13:53:f7:
                    11:44:39:11:22:4f:d8:7e:79:52:21:3e:4d:f3:d9:
                    b9:44:ce:3c:c7:8d:30:0b:33:44:6a:92:65:ff:77:
                    7f:3f:00:56:72:e3:03:1b:e8:2e:0f:94:d8:7e:51:
                    a1:06:9e:40:67:eb:88:23:29:05:43:05:65:53:46:
                    da:07:ca:d1:4a:11:92:4c:31:09:0a:74:73:1d:10:
                    4a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A2:AC:78:93:62:33:F5:A1:07:1D:DC:30:2D:98:47:B8:69:0E:46
            X509v3 Authority Key Identifier:
                keyid:04:6C:A7:B6:04:EC:08:F6:F5:4B:0E:74:89:06:54:7D:D3:75:67:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGyntgTsCPb1Sw50iQZUfdN1Z00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/oqKseJNiM_WhBx3cMC2YR7hpDkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/392ea5-9ca8-4b0f-9388-093961d38c86/1/BGyntgTsCPb1Sw50iQZUfdN1Z00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:b0:38:ec:d8:bc:dd:73:0b:9d:45:57:d9:86:29:00:50:79:
         b7:62:66:87:91:a7:ea:33:e9:5a:da:bd:44:c3:7e:b0:eb:e4:
         09:9c:5f:58:1b:44:e7:b9:8e:95:55:67:bd:1f:a3:c0:e2:85:
         72:06:0c:03:24:9b:88:20:a9:d4:4c:ac:ed:20:31:ef:e8:18:
         3e:54:6c:b2:ff:1a:13:a2:e0:f3:11:8a:43:e9:c0:12:6a:15:
         2f:16:fb:ff:6d:37:ec:bd:53:cf:20:ec:4b:26:f3:4b:4c:3e:
         50:eb:8d:99:c6:67:69:83:4f:e3:92:e0:4c:c8:b0:9c:bd:24:
         c2:cc:32:0c:1f:c4:d0:52:3e:50:ed:90:b1:b5:b0:15:f8:d6:
         8e:9f:b8:02:66:ba:21:e2:b1:f9:81:5e:ab:d8:cf:7b:67:f8:
         e4:79:1e:36:e5:90:63:ce:5d:20:8c:ab:a5:4f:ef:79:d5:ac:
         98:38:a8:22:50:e2:75:fb:e6:0b:11:bb:5c:3a:97:fc:9e:a4:
         8c:88:a6:91:c4:dc:80:be:b7:a6:b5:4f:fb:46:29:01:8e:77:
         b4:4d:f9:6e:27:44:5e:21:51:6d:4b:57:8f:31:32:c2:45:04:
         ce:b9:ff:4f:c1:3a:a6:c6:c6:96:c9:17:8d:5f:fb:91:50:cc:
         60:3d:b4:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFEjGzCuUe3JkPCPtUixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NmNhN2I2MDRlYzA4ZjZmNTRiMGU3NDg5MDY1NDdkZDM3
NTY3NGQwHhcNMjQwMTAyMDAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmEyYWM3ODkzNjIzM2Y1YTEwNzFkZGMzMDJkOTg0N2I4NjkwZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNYa6r2u2IftyDoHeVd3vhEtRWji
zkrayuwldCTyE6LvGDSQ1oaNRKBTvXPVt5yA+LzbIGEk14QRUTz9N/nx9RR/KfQ5
Mpgk1ZvDTrmQs2XFSK9pRvoWaKNe5tLwrX6ONPrZoFKg2tTg7xHE5NREjnHesjBw
pzNmnS9WBev5WKKCjwnZ/BkfPGg0BzCbhPbdo62oOQVwe+ZRBfarWrRLrgFcn3Qh
8afi+V2bFbkVooITU/cRRDkRIk/YfnlSIT5N89m5RM48x40wCzNEapJl/3d/PwBW
cuMDG+guD5TYflGhBp5AZ+uIIykFQwVlU0baB8rRShGSTDEJCnRzHRBK0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKirHiTYjP1oQcd3DAtmEe4aQ5GMB8GA1UdIwQY
MBaAFARsp7YE7Aj29UsOdIkGVH3TdWdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkd5bnRnVHNDUGIxU3c1MGlRWlVmZE4xWjAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zOTJlYTUtOWNhOC00YjBmLTkzODgt
MDkzOTYxZDM4Yzg2LzEvb3FLc2VKTmlNX1doQngzY01DMllSN2hwRGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zOTJlYTUtOWNhOC00YjBmLTkzODgtMDkzOTYxZDM4Yzg2
LzEvQkd5bnRnVHNDUGIxU3c1MGlRWlVmZE4xWjAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwcpgMA0G
CSqGSIb3DQEBCwUAA4IBAQBisDjs2LzdcwudRVfZhikAUHm3YmaHkafqM+la2r1E
w36w6+QJnF9YG0TnuY6VVWe9H6PA4oVyBgwDJJuIIKnUTKztIDHv6Bg+VGyy/xoT
ouDzEYpD6cASahUvFvv/bTfsvVPPIOxLJvNLTD5Q642Zxmdpg0/jkuBMyLCcvSTC
zDIMH8TQUj5Q7ZCxtbAV+NaOn7gCZroh4rH5gV6r2M97Z/jkeR425ZBjzl0gjKul
T+951ayYOKgiUOJ1++YLEbtcOpf8nqSMiKaRxNyAvremtU/7RikBjne0TfluJ0Re
IVFtS1ePMTLCRQTOuf9PwTqmxsaWyReNX/uRUMxgPbTM
-----END CERTIFICATE-----