Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4_uPiLGoI9wE3DtrLpy5W1y-mTc.roa
File:                     4_uPiLGoI9wE3DtrLpy5W1y-mTc.roa (raw, json)
Hash identifier:          Uu1n35X8f5Pz6pE9w/ieEOBAVboMQ3Fw93d0tzZ5lYg=
Subject key identifier:   E3:FB:8F:88:B1:A8:23:DC:04:DC:3B:6B:2E:9C:B9:5B:5C:BE:99:37
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD4B9AC1D1C198DB4E3F539EB6A6F
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4_uPiLGoI9wE3DtrLpy5W1y-mTc.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42372
IP address blocks:        193.33.64.0/23 maxlen: 23
                          62.205.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d4:b9:ac:1d:1c:19:8d:b4:e3:f5:39:eb:6a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3fb8f88b1a823dc04dc3b6b2e9cb95b5cbe9937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:52:2c:46:a7:be:37:a6:27:95:21:66:63:28:
                    97:91:c7:44:a9:ca:29:f2:55:c8:28:32:3f:e2:aa:
                    60:b0:91:96:3e:98:e2:c9:93:ea:68:c3:41:b7:fb:
                    7b:5f:cd:a8:f4:dc:be:ea:a6:c0:5b:22:6d:0a:b7:
                    54:45:d4:98:ea:55:89:dc:00:a0:94:3e:4e:b7:16:
                    36:a6:ac:ee:94:53:d7:45:56:ab:ac:fd:2d:3f:78:
                    ae:3a:8d:cb:26:fc:a1:0f:97:78:14:74:97:15:62:
                    02:6a:a0:ac:ee:f5:89:eb:5e:ae:4c:03:38:10:d1:
                    10:f8:d3:11:54:65:f5:d2:56:42:b1:41:96:1a:bb:
                    d6:77:6a:e8:1e:f4:1b:de:f1:9c:8a:32:9e:92:1e:
                    c8:ef:d0:df:55:e5:e6:83:4a:13:c3:81:8c:48:eb:
                    e7:b3:bd:9f:dc:a6:82:40:55:df:a4:a2:41:c1:08:
                    f8:13:ac:98:49:11:52:25:0f:64:8e:7e:8d:b1:78:
                    76:6a:a1:ef:91:2a:09:2e:02:c0:35:74:9c:a5:9c:
                    25:c8:9a:1f:26:f6:62:07:18:49:6c:b1:8a:60:e8:
                    8f:f5:cb:f0:eb:92:e2:65:39:0c:62:e0:e4:a1:8a:
                    2b:70:d6:61:c6:d9:5e:5d:ab:3c:69:c5:c7:42:11:
                    dc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:FB:8F:88:B1:A8:23:DC:04:DC:3B:6B:2E:9C:B9:5B:5C:BE:99:37
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4_uPiLGoI9wE3DtrLpy5W1y-mTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.205.133.0/24
                  193.33.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:e0:c6:25:aa:79:04:19:87:29:46:e0:1b:f4:d7:48:5d:3e:
         54:61:a2:70:58:67:8b:ab:e7:f4:32:24:d2:82:a6:c9:49:7f:
         d4:b3:52:f9:d2:4b:80:b0:43:c2:04:e0:8c:3d:7e:62:b1:b7:
         f1:12:7b:66:ff:a4:5e:ff:51:94:69:c8:f2:52:a7:8f:22:8e:
         14:34:82:59:59:4d:51:69:d3:76:1a:71:6d:44:15:85:04:8a:
         85:16:9d:f4:7e:92:a3:86:b0:26:aa:ed:f1:2b:49:9d:b9:eb:
         e6:29:36:ee:39:6c:17:75:72:05:20:21:b6:4d:40:30:6e:f3:
         7b:6b:1b:3f:eb:b4:05:d3:8b:b5:df:08:19:f0:7a:57:5c:2b:
         a3:dd:cb:ae:9d:7c:ec:58:d8:ba:f0:d0:44:65:c3:37:88:eb:
         25:dd:f6:8a:14:8f:72:fd:3c:6e:dc:05:c6:d3:81:41:a5:b0:
         a9:15:cf:2e:72:5f:81:93:64:93:54:b6:bf:f1:ae:e4:89:65:
         96:b5:94:d9:3b:cd:a0:a2:0d:80:c2:c8:c8:8c:c8:6f:7a:79:
         e7:b2:ad:9f:1f:55:47:74:c0:87:a9:37:ce:0f:13:7b:17:71:
         ff:79:6c:91:34:fd:ca:56:2b:29:c5:05:f0:d5:ed:3f:95:2d:
         b2:43:a7:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGStS5rB0cGY204/U562pvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2ZiOGY4OGIxYTgyM2RjMDRkYzNiNmIyZTljYjk1YjVjYmU5OTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlIsRqe+N6YnlSFmYyiXkcdEqcop
8lXIKDI/4qpgsJGWPpjiyZPqaMNBt/t7X82o9Ny+6qbAWyJtCrdURdSY6lWJ3ACg
lD5OtxY2pqzulFPXRVarrP0tP3iuOo3LJvyhD5d4FHSXFWICaqCs7vWJ616uTAM4
ENEQ+NMRVGX10lZCsUGWGrvWd2roHvQb3vGcijKekh7I79DfVeXmg0oTw4GMSOvn
s72f3KaCQFXfpKJBwQj4E6yYSRFSJQ9kjn6NsXh2aqHvkSoJLgLANXScpZwlyJof
JvZiBxhJbLGKYOiP9cvw65LiZTkMYuDkoYorcNZhxtleXas8acXHQhHcLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOP7j4ixqCPcBNw7ay6cuVtcvpk3MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvNF91UGlMR29JOXdFM0R0ckxweTVXMXktbVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPs2FAwQB
wSFAMA0GCSqGSIb3DQEBCwUAA4IBAQBT4MYlqnkEGYcpRuAb9NdIXT5UYaJwWGeL
q+f0MiTSgqbJSX/Us1L50kuAsEPCBOCMPX5isbfxEntm/6Re/1GUacjyUqePIo4U
NIJZWU1RadN2GnFtRBWFBIqFFp30fpKjhrAmqu3xK0mduevmKTbuOWwXdXIFICG2
TUAwbvN7axs/67QF04u13wgZ8HpXXCuj3cuunXzsWNi68NBEZcM3iOsl3faKFI9y
/Txu3AXG04FBpbCpFc8ucl+Bk2STVLa/8a7kiWWWtZTZO82gog2AwsjIjMhvennn
sq2fH1VHdMCHqTfODxN7F3H/eWyRNP3KVispxQXw1e0/lS2yQ6ci
-----END CERTIFICATE-----