Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/l76XLJnoUqF842XI0LSbS0Jl44k.roa
File:                     l76XLJnoUqF842XI0LSbS0Jl44k.roa (raw, json)
Hash identifier:          ZviRaofd93fuxRlCDyod58ahFbRPk+lAJvoXe1IYbvk=
Subject key identifier:   97:BE:97:2C:99:E8:52:A1:7C:E3:65:C8:D0:B4:9B:4B:42:65:E3:89
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018DBDE9A2B0C2C86D6699A00CF2FCAE8DD4
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/l76XLJnoUqF842XI0LSbS0Jl44k.roa
Signing time:             Sun 18 Feb 2024 20:30:21 +0000
ROA not before:           Sun 18 Feb 2024 20:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        188.209.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bd:e9:a2:b0:c2:c8:6d:66:99:a0:0c:f2:fc:ae:8d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Feb 18 20:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97be972c99e852a17ce365c8d0b49b4b4265e389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a0:fd:b7:3a:41:31:7f:4b:9e:66:64:4b:8d:
                    25:e4:6a:93:20:e8:3c:3c:08:fb:7d:01:cc:bc:87:
                    53:a6:de:83:7f:10:c3:01:20:32:32:1e:89:9c:1d:
                    39:e9:e0:e6:a3:9a:bf:79:d4:bc:1e:aa:03:1b:f0:
                    d5:de:4b:4e:90:cf:b1:86:b7:b2:1a:53:5e:28:ec:
                    3d:51:16:e4:d3:b2:cb:46:20:fb:e4:0d:68:59:6a:
                    65:b9:1a:b6:9d:81:35:e6:60:3e:28:3f:c3:29:9d:
                    78:dd:6a:2c:5a:f0:77:51:c1:05:7f:60:90:24:fb:
                    da:ae:a8:db:27:ff:f8:73:61:3e:4d:6c:c4:c3:05:
                    33:dc:48:4d:ac:13:14:19:77:c0:f0:72:fa:fa:98:
                    b8:4f:20:8f:4f:c0:b9:b5:4d:c9:f4:d5:be:a4:8c:
                    c3:85:d1:c8:b3:60:a1:d3:ca:18:30:3f:bd:e4:68:
                    a1:18:f1:4a:48:b4:e2:83:0f:0d:b5:92:7d:18:47:
                    60:75:74:12:79:ed:8d:4f:c2:3b:f1:f1:b5:da:bd:
                    ec:5f:fa:2c:fb:b6:7c:b0:6d:61:ec:7d:30:e5:60:
                    73:c1:24:5e:48:9f:f4:c7:49:01:c7:ec:df:64:c8:
                    5e:ed:27:59:d2:05:62:aa:3d:2c:c5:8c:10:a3:d8:
                    0e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:BE:97:2C:99:E8:52:A1:7C:E3:65:C8:D0:B4:9B:4B:42:65:E3:89
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/l76XLJnoUqF842XI0LSbS0Jl44k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:e3:a9:6e:1b:69:16:e9:db:9d:25:57:5a:3b:8e:79:ea:dd:
         21:c4:af:8b:f4:3f:23:1d:9e:a1:f9:92:75:0f:84:aa:dd:7c:
         0f:11:48:28:1e:14:48:2e:1c:e8:cb:92:bc:cc:1f:66:96:8d:
         f6:e7:c3:cc:10:c8:6c:a8:53:a1:a2:b7:b3:de:11:b8:b7:47:
         74:44:ee:88:bf:bd:15:0a:d8:f2:f7:5b:97:76:6c:97:8f:9b:
         4b:a1:0c:bc:e6:58:76:30:df:2c:83:7b:1e:72:4c:01:4a:3c:
         8b:8e:e3:97:28:97:ff:4f:dc:90:66:bb:90:fb:8a:e7:41:a2:
         b3:cc:40:6a:3a:49:13:b7:b5:b5:df:a9:b6:17:fd:b5:94:99:
         3e:af:07:4c:b6:48:15:e8:89:0b:3b:ee:a5:2d:11:bd:08:3a:
         88:49:af:46:16:92:ad:9a:a6:e1:e4:da:55:a8:98:0e:77:47:
         93:35:5c:92:ea:c9:6e:01:be:5e:d2:0c:b0:da:29:dc:d8:b9:
         b6:5b:2b:26:21:b3:31:05:c0:a6:2e:14:a8:8e:d8:11:bd:bb:
         53:2f:c1:6b:74:98:fd:f0:4d:e5:59:b9:58:00:6e:87:c4:ec:
         40:73:c4:54:81:5b:93:ae:94:0d:51:81:b1:66:ce:de:c0:70:
         41:d6:d9:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY296aKwwshtZpmgDPL8ro3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMjE4MjAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2JlOTcyYzk5ZTg1MmExN2NlMzY1YzhkMGI0OWI0YjQyNjVlMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaD9tzpBMX9LnmZkS40l5GqTIOg8
PAj7fQHMvIdTpt6DfxDDASAyMh6JnB056eDmo5q/edS8HqoDG/DV3ktOkM+xhrey
GlNeKOw9URbk07LLRiD75A1oWWpluRq2nYE15mA+KD/DKZ143WosWvB3UcEFf2CQ
JPvarqjbJ//4c2E+TWzEwwUz3EhNrBMUGXfA8HL6+pi4TyCPT8C5tU3J9NW+pIzD
hdHIs2Ch08oYMD+95GihGPFKSLTigw8NtZJ9GEdgdXQSee2NT8I78fG12r3sX/os
+7Z8sG1h7H0w5WBzwSReSJ/0x0kBx+zfZMhe7SdZ0gViqj0sxYwQo9gOcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJe+lyyZ6FKhfONlyNC0m0tCZeOJMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvbDc2WExKbm9VcUY4NDJYSTBMU2JTMEpsNDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNGMMA0G
CSqGSIb3DQEBCwUAA4IBAQCT46luG2kW6dudJVdaO4556t0hxK+L9D8jHZ6h+ZJ1
D4Sq3XwPEUgoHhRILhzoy5K8zB9mlo3258PMEMhsqFOhorez3hG4t0d0RO6Iv70V
Ctjy91uXdmyXj5tLoQy85lh2MN8sg3seckwBSjyLjuOXKJf/T9yQZruQ+4rnQaKz
zEBqOkkTt7W136m2F/21lJk+rwdMtkgV6IkLO+6lLRG9CDqISa9GFpKtmqbh5NpV
qJgOd0eTNVyS6sluAb5e0gyw2inc2Lm2WysmIbMxBcCmLhSojtgRvbtTL8FrdJj9
8E3lWblYAG6HxOxAc8RUgVuTrpQNUYGxZs7ewHBB1tnr
-----END CERTIFICATE-----