Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/vXDfnyilqq5ycpZ8m9FXbWqGmU0.roa
File:                     vXDfnyilqq5ycpZ8m9FXbWqGmU0.roa (raw, json)
Hash identifier:          uzX2/QIdG+6nsaJKvLe012Gz8QZBHxCLr4EhLW70pOk=
Subject key identifier:   BD:70:DF:9F:28:A5:AA:AE:72:72:96:7C:9B:D1:57:6D:6A:86:99:4D
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018CC348CBB8AE3629E68BDA5072608703A0
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/vXDfnyilqq5ycpZ8m9FXbWqGmU0.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        193.57.95.0/24 maxlen: 24
                          193.57.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cb:b8:ae:36:29:e6:8b:da:50:72:60:87:03:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd70df9f28a5aaae7272967c9bd1576d6a86994d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:00:9a:59:69:a6:49:20:fc:77:90:1b:16:d2:
                    d2:c0:33:66:23:12:82:94:ab:c2:0e:26:b8:84:37:
                    33:ef:02:46:08:52:18:00:9d:5a:60:ee:aa:e4:12:
                    d1:fb:24:2c:78:49:9b:b0:e3:16:d8:83:21:01:8d:
                    a7:d1:ab:25:91:38:00:9d:3f:53:a6:b3:02:56:96:
                    33:51:ca:37:3e:af:8f:21:a8:94:d6:e3:87:58:cb:
                    bc:2e:9e:b4:f7:f0:8b:81:ac:bd:ea:19:58:47:5a:
                    52:db:a5:05:5c:33:77:bf:4e:be:b4:68:fa:4a:25:
                    19:f1:7c:ee:7b:50:7c:3e:99:4e:c6:a3:58:29:7f:
                    d8:3a:03:1d:09:07:bf:26:68:20:f5:7b:9f:c5:bc:
                    f0:c9:ce:7e:b5:9f:52:8f:5f:e0:95:64:c9:16:78:
                    d6:ea:42:d1:d5:96:28:e6:b6:9a:1a:74:7b:43:03:
                    57:f0:7b:0f:df:03:76:58:c4:73:25:3d:1f:9c:fa:
                    76:f9:57:e3:d4:91:3b:53:f0:3e:0d:f4:e3:b3:c4:
                    75:7f:55:80:f6:3e:ad:52:00:54:75:69:95:ea:6e:
                    2e:38:7b:88:d8:66:6d:3f:c0:5f:53:82:0a:9c:78:
                    ea:6e:ee:d6:dd:6f:cc:5f:4a:6e:ac:05:0d:f2:02:
                    90:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:70:DF:9F:28:A5:AA:AE:72:72:96:7C:9B:D1:57:6D:6A:86:99:4D
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/vXDfnyilqq5ycpZ8m9FXbWqGmU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:2c:6b:76:05:b7:bd:bd:6e:e9:f5:bb:6a:51:c5:36:c6:e4:
         b5:cb:fc:29:86:56:51:d3:ed:3c:6c:8a:9d:e2:90:ba:40:78:
         e4:64:c4:a5:bf:74:7e:8c:40:d7:e7:3f:31:c0:9a:27:89:de:
         2f:95:e9:c8:d5:cc:03:01:00:55:42:11:d9:1c:6b:ec:cd:fe:
         2f:d2:89:6d:86:0e:ee:13:b9:d3:50:4c:ac:85:1c:48:84:17:
         72:2b:38:4d:1d:6d:7c:b2:ca:aa:28:b7:c7:17:49:9c:79:64:
         75:f2:7f:11:5a:3c:8e:05:ce:bb:e5:e9:b5:43:3d:47:d4:ac:
         a2:2b:63:bd:b1:b8:44:91:4c:63:90:d8:af:43:44:2c:b6:43:
         1d:48:56:4e:ca:04:16:9f:1d:83:e2:ab:49:14:41:c7:dd:e0:
         eb:f6:9b:ac:f8:63:36:28:a8:a0:bb:84:36:cd:b8:1c:ec:f4:
         f9:d7:ca:e9:72:1c:a0:5b:27:fd:a0:23:80:3c:f0:cd:f6:ad:
         c1:3b:51:52:9c:71:f0:83:e7:e7:2e:41:b4:15:b2:e7:11:6a:
         1c:a4:98:bc:4a:1c:f8:d0:f3:89:05:49:a4:0d:4c:0e:1b:e4:
         4f:13:47:37:02:58:33:e5:b7:9a:a6:b9:bb:d3:c5:c8:74:cf:
         7a:5c:e3:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMu4rjYp5ovaUHJghwOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDcwZGY5ZjI4YTVhYWFlNzI3Mjk2N2M5YmQxNTc2ZDZhODY5OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwCaWWmmSSD8d5AbFtLSwDNmIxKC
lKvCDia4hDcz7wJGCFIYAJ1aYO6q5BLR+yQseEmbsOMW2IMhAY2n0aslkTgAnT9T
prMCVpYzUco3Pq+PIaiU1uOHWMu8Lp609/CLgay96hlYR1pS26UFXDN3v06+tGj6
SiUZ8Xzue1B8PplOxqNYKX/YOgMdCQe/Jmgg9Xufxbzwyc5+tZ9Sj1/glWTJFnjW
6kLR1ZYo5raaGnR7QwNX8HsP3wN2WMRzJT0fnPp2+Vfj1JE7U/A+DfTjs8R1f1WA
9j6tUgBUdWmV6m4uOHuI2GZtP8BfU4IKnHjqbu7W3W/MX0purAUN8gKQPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1w358opaqucnKWfJvRV21qhplNMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvdlhEZm55aWxxcTV5Y3BaOG05RlhiV3FHbVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTleMA0G
CSqGSIb3DQEBCwUAA4IBAQBELGt2Bbe9vW7p9btqUcU2xuS1y/wphlZR0+08bIqd
4pC6QHjkZMSlv3R+jEDX5z8xwJonid4vlenI1cwDAQBVQhHZHGvszf4v0olthg7u
E7nTUEyshRxIhBdyKzhNHW18ssqqKLfHF0mceWR18n8RWjyOBc675em1Qz1H1Kyi
K2O9sbhEkUxjkNivQ0QstkMdSFZOygQWnx2D4qtJFEHH3eDr9pus+GM2KKigu4Q2
zbgc7PT518rpchygWyf9oCOAPPDN9q3BO1FSnHHwg+fnLkG0FbLnEWocpJi8Shz4
0POJBUmkDUwOG+RPE0c3Algz5beaprm708XIdM96XOMA
-----END CERTIFICATE-----