Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/47J98OVgrhjlqvz7m1EJzmRPUI8.roa
File:                     47J98OVgrhjlqvz7m1EJzmRPUI8.roa (raw, json)
Hash identifier:          vYjCFJ4A78mF1lp17aMjPC5TnvoagTp4rjgTtRHZn0w=
Subject key identifier:   E3:B2:7D:F0:E5:60:AE:18:E5:AA:FC:FB:9B:51:09:CE:64:4F:50:8F
Certificate issuer:       /CN=ac328756dece8f29f97f41b81a087db524e159b7
Certificate serial:       018CC4254D9844E6BBB9DE7B8A78121EA72C
Authority key identifier: AC:32:87:56:DE:CE:8F:29:F9:7F:41:B8:1A:08:7D:B5:24:E1:59:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/47J98OVgrhjlqvz7m1EJzmRPUI8.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212130
IP address blocks:        193.163.149.0/24 maxlen: 24
                          2a10:af80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4d:98:44:e6:bb:b9:de:7b:8a:78:12:1e:a7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac328756dece8f29f97f41b81a087db524e159b7
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b27df0e560ae18e5aafcfb9b5109ce644f508f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e1:ae:56:4a:81:1b:d2:fa:61:ac:66:1a:7a:
                    19:ca:60:16:6a:a2:33:fa:d0:69:45:3e:1c:54:2f:
                    e7:1e:fa:4e:f3:92:b4:b1:bc:1f:25:02:63:9e:56:
                    3a:24:da:5c:33:1c:83:af:98:ba:93:83:4c:38:f9:
                    87:5b:b0:c8:ee:17:a7:73:90:6c:d9:a4:de:e9:56:
                    3a:5d:bc:2b:40:50:ea:58:45:45:08:80:97:7c:1d:
                    34:db:d9:24:5d:ff:82:1d:72:c7:21:c6:61:3c:38:
                    e8:f3:6d:11:1e:93:52:f4:79:f8:e7:a0:c4:6c:3c:
                    45:91:3b:72:18:53:9d:d9:b1:d9:a6:ee:3f:eb:a0:
                    a4:88:ee:d6:67:20:75:7b:ca:04:6e:c1:4c:54:76:
                    18:2d:21:ac:db:64:f7:7f:a4:68:3b:1f:ba:61:e1:
                    93:a4:2e:fb:06:80:40:cf:dd:51:18:04:47:9d:ec:
                    4d:c6:5f:fe:40:29:3b:bb:47:5c:70:26:b6:fc:6b:
                    9d:5b:c5:18:20:37:f4:c5:eb:a1:af:33:1d:0e:53:
                    4c:c5:9a:60:31:24:95:f5:6b:2c:29:7f:c2:e9:06:
                    e0:e3:36:b9:86:a6:52:6e:ce:c2:8e:02:f1:b3:a4:
                    69:b6:85:18:33:3b:de:cd:fa:8d:8f:70:c1:eb:49:
                    7a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B2:7D:F0:E5:60:AE:18:E5:AA:FC:FB:9B:51:09:CE:64:4F:50:8F
            X509v3 Authority Key Identifier:
                keyid:AC:32:87:56:DE:CE:8F:29:F9:7F:41:B8:1A:08:7D:B5:24:E1:59:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/47J98OVgrhjlqvz7m1EJzmRPUI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/fb78ad-918e-44c2-9501-024ad4fb3708/1/rDKHVt7Ojyn5f0G4Ggh9tSThWbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.149.0/24
                IPv6:
                  2a10:af80::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:a1:a1:95:ba:57:90:07:07:2a:7a:3c:33:30:09:14:cb:d2:
         58:f6:f1:df:d2:f4:01:17:9e:2d:2b:ad:67:2a:9f:73:e9:d7:
         ee:35:66:33:ae:88:98:91:ad:f0:a7:e1:86:9a:ed:c5:6d:6c:
         6c:f8:6d:8c:2e:c6:00:22:a1:aa:cb:08:7e:33:91:bd:f2:42:
         45:88:2c:4c:07:67:be:08:ce:a4:14:06:35:9c:fe:f4:b1:87:
         cb:d5:b0:ef:0a:9e:0c:ba:82:2d:c6:fa:8b:66:97:23:c3:27:
         18:04:0d:87:12:19:21:60:7e:a0:64:be:83:32:ad:40:2e:b9:
         f5:9e:42:61:d1:d7:7f:6c:cc:93:0e:cb:23:b4:a0:de:22:61:
         62:ae:34:d7:3f:01:f3:50:23:ec:2d:a1:ce:da:44:a2:16:87:
         68:b8:ac:eb:3d:25:f7:e3:77:9a:25:30:1a:ff:ec:60:db:0c:
         da:8c:03:fd:88:d6:25:8f:82:d1:9f:d5:fa:f1:15:51:74:82:
         ea:f1:ee:92:37:60:1d:3c:fc:3a:9c:d6:6b:11:80:9b:38:4c:
         0a:e8:cd:2a:ce:a1:5d:fd:65:98:d6:ab:fa:94:bf:64:b0:ae:
         7d:ea:f2:80:28:a1:73:18:68:7d:86:70:7e:c3:8f:de:0f:c8:
         73:bd:1b:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJU2YROa7ud57ingSHqcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMzI4NzU2ZGVjZThmMjlmOTdmNDFiODFhMDg3ZGI1MjRl
MTU5YjcwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IyN2RmMGU1NjBhZTE4ZTVhYWZjZmI5YjUxMDljZTY0NGY1MDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+GuVkqBG9L6YaxmGnoZymAWaqIz
+tBpRT4cVC/nHvpO85K0sbwfJQJjnlY6JNpcMxyDr5i6k4NMOPmHW7DI7henc5Bs
2aTe6VY6XbwrQFDqWEVFCICXfB0029kkXf+CHXLHIcZhPDjo820RHpNS9Hn456DE
bDxFkTtyGFOd2bHZpu4/66CkiO7WZyB1e8oEbsFMVHYYLSGs22T3f6RoOx+6YeGT
pC77BoBAz91RGARHnexNxl/+QCk7u0dccCa2/GudW8UYIDf0xeuhrzMdDlNMxZpg
MSSV9WssKX/C6Qbg4za5hqZSbs7CjgLxs6RptoUYMzvezfqNj3DB60l6eQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOOyffDlYK4Y5ar8+5tRCc5kT1CPMB8GA1UdIwQY
MBaAFKwyh1bezo8p+X9BuBoIfbUk4Vm3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckRLSFZ0N09qeW41ZjBHNEdnaDl0U1RoV2JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mYjc4YWQtOTE4ZS00NGMyLTk1MDEt
MDI0YWQ0ZmIzNzA4LzEvNDdKOThPVmdyaGpscXZ6N20xRUp6bVJQVUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mYjc4YWQtOTE4ZS00NGMyLTk1MDEtMDI0YWQ0ZmIzNzA4
LzEvckRLSFZ0N09qeW41ZjBHNEdnaDl0U1RoV2JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaOVMA0E
AgACMAcDBQAqEK+AMA0GCSqGSIb3DQEBCwUAA4IBAQAsoaGVuleQBwcqejwzMAkU
y9JY9vHf0vQBF54tK61nKp9z6dfuNWYzroiYka3wp+GGmu3FbWxs+G2MLsYAIqGq
ywh+M5G98kJFiCxMB2e+CM6kFAY1nP70sYfL1bDvCp4MuoItxvqLZpcjwycYBA2H
EhkhYH6gZL6DMq1ALrn1nkJh0dd/bMyTDssjtKDeImFirjTXPwHzUCPsLaHO2kSi
FodouKzrPSX343eaJTAa/+xg2wzajAP9iNYlj4LRn9X68RVRdILq8e6SN2AdPPw6
nNZrEYCbOEwK6M0qzqFd/WWY1qv6lL9ksK596vKAKKFzGGh9hnB+w4/eD8hzvRvD
-----END CERTIFICATE-----