Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/aeK7Il1MVcv58Z3X2s6SvylDQVQ.roa
File:                     aeK7Il1MVcv58Z3X2s6SvylDQVQ.roa (raw, json)
Hash identifier:          zNFmFNYs0mUJNc04x7rcRU5ZReBaab+GP5L0WMdNphY=
Subject key identifier:   69:E2:BB:22:5D:4C:55:CB:F9:F1:9D:D7:DA:CE:92:BF:29:43:41:54
Certificate issuer:       /CN=d59d3b8b044f1d35ff27190b7575f30806b11327
Certificate serial:       018CC500A0E3527907FFA420178DE4CA2715
Authority key identifier: D5:9D:3B:8B:04:4F:1D:35:FF:27:19:0B:75:75:F3:08:06:B1:13:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Z07iwRPHTX_JxkLdXXzCAaxEyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/aeK7Il1MVcv58Z3X2s6SvylDQVQ.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57821
IP address blocks:        193.160.39.0/24 maxlen: 24
                          2001:67c:26f4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/1Z07iwRPHTX_JxkLdXXzCAaxEyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/1Z07iwRPHTX_JxkLdXXzCAaxEyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Z07iwRPHTX_JxkLdXXzCAaxEyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 06:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a0:e3:52:79:07:ff:a4:20:17:8d:e4:ca:27:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d59d3b8b044f1d35ff27190b7575f30806b11327
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69e2bb225d4c55cbf9f19dd7dace92bf29434154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9f:88:2a:c6:13:b2:0d:87:91:db:a7:de:24:
                    b2:84:69:8c:54:f3:b3:7f:c9:b4:48:10:c8:4b:eb:
                    77:dd:fc:16:95:f4:85:cf:1b:b2:ff:80:8f:d4:0d:
                    aa:1b:0b:30:f7:cf:08:ec:86:f5:eb:cf:f6:78:69:
                    22:a1:92:6d:7f:68:29:29:e5:25:0a:e4:2a:05:98:
                    8d:0f:06:f8:a3:62:da:80:2b:48:09:2e:20:dc:a2:
                    5f:02:2a:13:3b:f4:43:e6:76:7b:ec:f2:4a:56:45:
                    a2:73:03:59:66:0c:67:5b:38:81:de:b0:ab:c1:1e:
                    33:3d:a8:38:71:57:9e:80:a5:96:cd:22:53:23:97:
                    98:c3:26:e9:a7:c9:88:37:db:c3:84:c8:04:78:d9:
                    32:ea:e2:11:19:db:3a:15:e9:41:e6:52:1d:49:36:
                    4d:df:4f:b5:42:35:4c:e1:1c:e9:f3:ce:ab:1a:a3:
                    0c:28:ce:64:72:e9:35:b7:db:e4:ba:b9:57:d2:c6:
                    1e:1b:c0:8e:27:42:bb:6c:50:45:f7:b1:27:23:1a:
                    ce:8e:10:9d:68:41:a6:56:51:c8:c3:f2:c3:3f:41:
                    23:4a:03:95:89:26:dd:08:e4:43:70:24:60:46:c3:
                    98:56:7c:72:6f:84:bc:63:25:7b:16:3e:d0:c3:da:
                    89:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E2:BB:22:5D:4C:55:CB:F9:F1:9D:D7:DA:CE:92:BF:29:43:41:54
            X509v3 Authority Key Identifier:
                keyid:D5:9D:3B:8B:04:4F:1D:35:FF:27:19:0B:75:75:F3:08:06:B1:13:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Z07iwRPHTX_JxkLdXXzCAaxEyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/aeK7Il1MVcv58Z3X2s6SvylDQVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f943e9-e03b-4d7b-8c89-5b3732f48081/1/1Z07iwRPHTX_JxkLdXXzCAaxEyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.39.0/24
                IPv6:
                  2001:67c:26f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:eb:b5:d3:2a:aa:e4:34:42:9d:cb:5c:c6:94:dc:07:aa:b3:
         d1:6b:c5:5c:bb:03:ce:46:44:eb:b1:ed:c8:1c:ee:a8:cd:35:
         1a:bf:53:f0:16:64:44:25:ae:76:85:7f:f6:68:67:cc:cb:f3:
         20:4a:da:30:ca:61:3f:0f:3a:71:1e:53:7a:56:d3:b6:b0:8c:
         4e:e7:6a:90:78:a7:c8:96:3b:1c:a4:9b:00:fa:e7:42:f8:9c:
         ea:15:cc:d0:e9:1c:b8:19:68:ae:b1:45:ce:2f:a9:de:87:d8:
         c7:bf:45:b7:44:2c:74:62:88:b6:41:8d:de:81:4a:59:a3:34:
         4c:ac:e9:88:f7:1f:d5:f5:7c:01:66:f3:03:0e:ee:2f:dc:a5:
         53:fd:eb:e5:67:b0:b8:e4:92:1f:aa:00:4e:0b:53:5d:1f:f7:
         4f:32:e9:69:e8:8a:03:61:8b:3f:f2:42:bc:41:20:a0:ff:1a:
         e8:ac:80:f0:83:8c:cf:fe:55:95:8b:61:98:a4:53:01:62:a1:
         8d:97:5c:a0:d3:1a:ca:f0:42:db:a1:e0:d1:4f:73:05:b0:de:
         cc:dd:27:7b:a9:83:f5:4f:86:0a:19:17:73:23:51:88:13:9e:
         bb:5a:1b:b8:86:5a:5f:b2:37:c0:1b:c2:4f:42:3f:a1:64:fd:
         81:42:d3:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFAKDjUnkH/6QgF43kyicVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1OWQzYjhiMDQ0ZjFkMzVmZjI3MTkwYjc1NzVmMzA4MDZi
MTEzMjcwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWUyYmIyMjVkNGM1NWNiZjlmMTlkZDdkYWNlOTJiZjI5NDM0MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ+IKsYTsg2Hkdun3iSyhGmMVPOz
f8m0SBDIS+t33fwWlfSFzxuy/4CP1A2qGwsw988I7Ib168/2eGkioZJtf2gpKeUl
CuQqBZiNDwb4o2LagCtICS4g3KJfAioTO/RD5nZ77PJKVkWicwNZZgxnWziB3rCr
wR4zPag4cVeegKWWzSJTI5eYwybpp8mIN9vDhMgEeNky6uIRGds6FelB5lIdSTZN
30+1QjVM4Rzp886rGqMMKM5kcuk1t9vkurlX0sYeG8COJ0K7bFBF97EnIxrOjhCd
aEGmVlHIw/LDP0EjSgOViSbdCORDcCRgRsOYVnxyb4S8YyV7Fj7Qw9qJ6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGniuyJdTFXL+fGd19rOkr8pQ0FUMB8GA1UdIwQY
MBaAFNWdO4sETx01/ycZC3V18wgGsRMnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVowN2l3UlBIVFhfSnhrTGRYWHpDQWF4RXljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mOTQzZTktZTAzYi00ZDdiLThjODkt
NWIzNzMyZjQ4MDgxLzEvYWVLN0lsMU1WY3Y1OFozWDJzNlN2eWxEUVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mOTQzZTktZTAzYi00ZDdiLThjODktNWIzNzMyZjQ4MDgx
LzEvMVowN2l3UlBIVFhfSnhrTGRYWHpDQWF4RXljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwaAnMA8E
AgACMAkDBwAgAQZ8JvQwDQYJKoZIhvcNAQELBQADggEBAA3rtdMqquQ0Qp3LXMaU
3Aeqs9FrxVy7A85GROux7cgc7qjNNRq/U/AWZEQlrnaFf/ZoZ8zL8yBK2jDKYT8P
OnEeU3pW07awjE7napB4p8iWOxykmwD650L4nOoVzNDpHLgZaK6xRc4vqd6H2Me/
RbdELHRiiLZBjd6BSlmjNEys6Yj3H9X1fAFm8wMO7i/cpVP96+VnsLjkkh+qAE4L
U10f908y6WnoigNhiz/yQrxBIKD/GuisgPCDjM/+VZWLYZikUwFioY2XXKDTGsrw
Qtuh4NFPcwWw3szdJ3upg/VPhgoZF3MjUYgTnrtaG7iGWl+yN8Abwk9CP6Fk/YFC
0w0=
-----END CERTIFICATE-----