Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/9Rltt9XgOImZch_SdNWkh1a-y3M.roa
File:                     9Rltt9XgOImZch_SdNWkh1a-y3M.roa (raw, json)
Hash identifier:          jClHBohqiJC7gN+lCFwklXpNhL28fkejfvC91vrtkxs=
Subject key identifier:   F5:19:6D:B7:D5:E0:38:89:99:72:1F:D2:74:D5:A4:87:56:BE:CB:73
Certificate issuer:       /CN=3ec7d2bfc3fa78e7100a1b8935905aff7a496bc9
Certificate serial:       018CCA2A6B82BDCF185F8D7C153BEC3EFB31
Authority key identifier: 3E:C7:D2:BF:C3:FA:78:E7:10:0A:1B:89:35:90:5A:FF:7A:49:6B:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/9Rltt9XgOImZch_SdNWkh1a-y3M.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47774
IP address blocks:        193.111.16.0/23 maxlen: 24
                          194.117.55.128/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6b:82:bd:cf:18:5f:8d:7c:15:3b:ec:3e:fb:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec7d2bfc3fa78e7100a1b8935905aff7a496bc9
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5196db7d5e0388999721fd274d5a48756becb73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c3:15:c1:2b:86:5a:15:c3:c1:bb:b2:eb:f6:
                    42:83:74:b5:1d:e8:bc:52:4b:6d:69:15:d5:a0:2b:
                    13:57:bd:d0:61:48:91:7b:fd:da:8d:d1:48:16:75:
                    74:a4:74:d4:27:92:d3:ea:22:df:6e:3d:1c:46:61:
                    a6:71:26:80:e2:c7:42:6b:2a:b8:49:03:6c:31:04:
                    44:f5:e6:49:dc:0d:7c:aa:23:8a:52:eb:36:ef:98:
                    d0:b2:ed:08:13:48:a7:45:4f:a9:8d:4d:9c:89:25:
                    a9:e9:2b:a1:40:77:16:e8:ef:89:55:54:11:65:b7:
                    f5:b5:1b:f7:e7:68:02:b5:93:26:89:2f:a6:2b:fe:
                    55:ac:0d:84:e5:55:e9:97:27:81:72:32:10:cb:0d:
                    2e:01:52:3c:8b:8c:b4:75:f9:d1:2c:b1:75:76:78:
                    f5:c5:51:5a:7a:1d:b6:c4:43:3d:05:36:a0:a3:4a:
                    8a:4e:ee:88:b9:fa:ce:74:62:65:09:30:0e:d1:3b:
                    7f:3a:af:4a:f1:3b:95:da:bb:a6:7d:49:ed:ce:93:
                    5f:fb:a3:4c:a0:9e:30:93:69:2d:71:01:8d:c4:ee:
                    1d:69:d6:a7:44:26:4e:41:a0:ce:01:89:0f:cf:20:
                    6b:fb:d8:ac:b6:fe:9d:d4:34:ca:ae:9e:56:b7:39:
                    aa:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:19:6D:B7:D5:E0:38:89:99:72:1F:D2:74:D5:A4:87:56:BE:CB:73
            X509v3 Authority Key Identifier:
                keyid:3E:C7:D2:BF:C3:FA:78:E7:10:0A:1B:89:35:90:5A:FF:7A:49:6B:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/9Rltt9XgOImZch_SdNWkh1a-y3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.16.0/23
                  194.117.55.128/25

    Signature Algorithm: sha256WithRSAEncryption
         2c:40:b9:9d:10:1d:92:b1:89:b5:37:a0:f7:b5:b9:59:2a:55:
         2d:e0:96:58:65:cb:bd:a7:1f:eb:7b:e0:40:da:d0:f6:a0:97:
         58:ce:d4:54:48:83:70:0c:cd:dc:56:74:d7:95:3d:26:67:b0:
         da:df:c2:17:b7:e1:01:a6:53:13:5a:69:cc:26:1c:09:94:d6:
         0d:02:62:ae:59:0d:00:17:c1:a1:f0:4f:4e:c8:97:0f:6f:81:
         b6:6f:0c:0f:4a:21:21:99:76:0f:ba:26:ae:6d:90:47:07:b7:
         7d:ce:9c:24:80:ce:cb:22:89:22:c2:ec:b4:4c:66:ff:f2:25:
         20:1d:f5:6a:b4:b4:56:58:55:83:49:19:5f:a6:44:3e:7e:94:
         40:b5:b6:80:80:45:94:6f:61:bf:1d:9d:df:c2:27:cc:cd:2e:
         2b:81:f3:10:7f:54:56:47:57:67:b7:f1:33:6d:bb:0d:66:c1:
         94:74:af:a8:a7:ed:b8:2c:58:46:05:18:c7:e7:12:fa:05:de:
         74:c2:4e:7b:05:b5:bd:56:95:81:e2:00:e3:3f:7f:16:93:fb:
         c3:ae:45:19:18:2e:f8:4a:98:40:fe:a1:b8:58:8b:b2:78:13:
         18:32:93:7b:f9:6d:7d:cf:b0:9b:8a:6c:8e:11:d1:ad:2b:50:
         94:15:3e:e9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzKKmuCvc8YX418FTvsPvsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzdkMmJmYzNmYTc4ZTcxMDBhMWI4OTM1OTA1YWZmN2E0
OTZiYzkwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE5NmRiN2Q1ZTAzODg5OTk3MjFmZDI3NGQ1YTQ4NzU2YmVjYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MMVwSuGWhXDwbuy6/ZCg3S1Hei8
UkttaRXVoCsTV73QYUiRe/3ajdFIFnV0pHTUJ5LT6iLfbj0cRmGmcSaA4sdCayq4
SQNsMQRE9eZJ3A18qiOKUus275jQsu0IE0inRU+pjU2ciSWp6SuhQHcW6O+JVVQR
Zbf1tRv352gCtZMmiS+mK/5VrA2E5VXplyeBcjIQyw0uAVI8i4y0dfnRLLF1dnj1
xVFaeh22xEM9BTago0qKTu6IufrOdGJlCTAO0Tt/Oq9K8TuV2rumfUntzpNf+6NM
oJ4wk2ktcQGNxO4dadanRCZOQaDOAYkPzyBr+9istv6d1DTKrp5Wtzmq8QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPUZbbfV4DiJmXIf0nTVpIdWvstzMB8GA1UdIwQY
MBaAFD7H0r/D+njnEAobiTWQWv96SWvJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNmU3Y4UDZlT2NRQ2h1Sk5aQmFfM3BKYThrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8zOWJiNzItZjZhZi00YTY3LTljNDQt
YmE4ODExMjJjYTYzLzEvOVJsdHQ5WGdPSW1aY2hfU2ROV2toMWEteTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8zOWJiNzItZjZhZi00YTY3LTljNDQtYmE4ODExMjJjYTYz
LzEvUHNmU3Y4UDZlT2NRQ2h1Sk5aQmFfM3BKYThrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwQBwW8QAwUH
wnU3gDANBgkqhkiG9w0BAQsFAAOCAQEALEC5nRAdkrGJtTeg97W5WSpVLeCWWGXL
vacf63vgQNrQ9qCXWM7UVEiDcAzN3FZ015U9Jmew2t/CF7fhAaZTE1ppzCYcCZTW
DQJirlkNABfBofBPTsiXD2+Btm8MD0ohIZl2D7omrm2QRwe3fc6cJIDOyyKJIsLs
tExm//IlIB31arS0VlhVg0kZX6ZEPn6UQLW2gIBFlG9hvx2d38InzM0uK4HzEH9U
VkdXZ7fxM227DWbBlHSvqKftuCxYRgUYx+cS+gXedMJOewW1vVaVgeIA4z9/FpP7
w65FGRgu+EqYQP6huFiLsngTGDKTe/ltfc+wm4psjhHRrStQlBU+6Q==
-----END CERTIFICATE-----