Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/gQG46p8nYtEudAmhe3DES-DhPdM.roa
File:                     gQG46p8nYtEudAmhe3DES-DhPdM.roa (raw, json)
Hash identifier:          l90E08lurLB+Ekw63NipiI8jMUDW9mOr3NMlAnR5uw0=
Subject key identifier:   81:01:B8:EA:9F:27:62:D1:2E:74:09:A1:7B:70:C4:4B:E0:E1:3D:D3
Certificate issuer:       /CN=93758f92a7fd7359ba2848125a84dfcc42d14b6c
Certificate serial:       018CC49335E9C3A4CF177657D1A45A0E1F2A
Authority key identifier: 93:75:8F:92:A7:FD:73:59:BA:28:48:12:5A:84:DF:CC:42:D1:4B:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3WPkqf9c1m6KEgSWoTfzELRS2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/gQG46p8nYtEudAmhe3DES-DhPdM.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52080
IP address blocks:        193.105.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/k3WPkqf9c1m6KEgSWoTfzELRS2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/k3WPkqf9c1m6KEgSWoTfzELRS2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3WPkqf9c1m6KEgSWoTfzELRS2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:35:e9:c3:a4:cf:17:76:57:d1:a4:5a:0e:1f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93758f92a7fd7359ba2848125a84dfcc42d14b6c
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8101b8ea9f2762d12e7409a17b70c44be0e13dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:d2:b9:51:c9:10:f2:d8:b5:aa:bf:cb:51:
                    c3:ae:7b:a9:47:0f:83:dd:bd:aa:c8:05:59:e3:82:
                    87:99:b6:be:2a:6b:bf:c7:51:3e:8c:fd:da:c2:da:
                    49:69:ea:e1:61:87:5a:2d:90:27:c5:92:89:6c:d6:
                    ff:f0:49:a4:94:f7:89:8a:c0:4d:df:00:86:3b:a0:
                    55:43:03:e3:11:48:44:83:9f:91:a5:b4:68:49:1c:
                    7b:83:4a:f4:e3:c2:03:8b:4d:bd:68:2f:2e:d3:20:
                    7f:ab:ad:fb:df:de:80:b6:e6:a1:ba:ac:34:77:0d:
                    da:cf:60:f5:8f:fd:8c:b5:60:98:02:73:02:2b:ac:
                    2f:79:14:32:f1:0b:0b:2a:f6:3a:2b:53:14:89:dc:
                    0e:e1:40:c2:94:e8:fa:14:5b:bc:2d:19:89:1f:fd:
                    c2:6c:d0:91:af:42:62:19:b4:68:63:7f:cc:8e:7b:
                    80:0a:a0:4f:5e:84:e7:c0:bb:fb:01:25:33:0a:a7:
                    aa:e9:f9:04:45:1c:29:e7:1c:cb:22:3c:b0:bb:43:
                    f0:49:77:0f:57:51:9b:8e:7d:aa:02:34:b3:46:d7:
                    7c:39:77:c2:0b:c2:d0:58:10:53:19:b2:49:10:52:
                    96:4a:e0:13:17:ff:6a:3f:53:1d:c0:70:da:51:ec:
                    f6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:01:B8:EA:9F:27:62:D1:2E:74:09:A1:7B:70:C4:4B:E0:E1:3D:D3
            X509v3 Authority Key Identifier:
                keyid:93:75:8F:92:A7:FD:73:59:BA:28:48:12:5A:84:DF:CC:42:D1:4B:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3WPkqf9c1m6KEgSWoTfzELRS2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/gQG46p8nYtEudAmhe3DES-DhPdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0f6d4a-1166-4d2d-a921-e143faaa0b82/1/k3WPkqf9c1m6KEgSWoTfzELRS2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:36:86:98:62:a8:0a:84:1f:a2:ea:16:75:c1:be:e5:a0:78:
         da:f4:cd:5c:e3:f7:39:73:8e:6a:81:05:8a:a0:82:1a:e1:fc:
         ce:6b:ce:57:9e:bf:02:d8:a7:a6:bc:7e:80:88:4f:3e:16:b4:
         65:10:78:53:75:63:1d:fc:6f:e9:29:9d:3f:71:7b:03:b4:c1:
         3b:72:a3:70:68:17:41:64:49:27:ac:2c:1e:31:25:88:7d:b3:
         ca:a4:8b:6e:a0:91:7a:57:0f:a3:ac:c6:04:1a:9f:bd:f9:7b:
         fd:6a:fb:34:87:63:d1:d6:ca:a2:df:02:0a:db:54:0f:88:84:
         08:23:43:ee:7e:70:da:85:ba:f9:06:53:f7:82:98:33:a6:a8:
         3c:72:e4:1e:db:1b:78:ca:2f:df:f5:58:3a:6d:c3:8a:40:50:
         bf:50:e8:c0:c6:4d:e1:b0:b8:11:92:ff:6b:dc:27:71:dd:51:
         e5:dd:30:17:30:dc:4a:1b:7b:9e:22:7a:ae:d1:fc:c2:7f:cb:
         80:dd:5d:ec:e1:4f:d8:13:46:ac:2d:3e:eb:99:29:7f:8e:96:
         ee:de:58:c2:14:f8:18:5e:fb:30:fd:a8:9a:10:a4:97:01:15:
         1a:04:4d:68:ba:57:0d:7a:93:7e:3b:12:a0:7b:43:ca:dc:4a:
         6c:d1:1c:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzXpw6TPF3ZX0aRaDh8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzU4ZjkyYTdmZDczNTliYTI4NDgxMjVhODRkZmNjNDJk
MTRiNmMwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTAxYjhlYTlmMjc2MmQxMmU3NDA5YTE3YjcwYzQ0YmUwZTEzZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6DSuVHJEPLYtaq/y1HDrnupRw+D
3b2qyAVZ44KHmba+Kmu/x1E+jP3awtpJaerhYYdaLZAnxZKJbNb/8EmklPeJisBN
3wCGO6BVQwPjEUhEg5+RpbRoSRx7g0r048IDi029aC8u0yB/q637396Atuahuqw0
dw3az2D1j/2MtWCYAnMCK6wveRQy8QsLKvY6K1MUidwO4UDClOj6FFu8LRmJH/3C
bNCRr0JiGbRoY3/MjnuACqBPXoTnwLv7ASUzCqeq6fkERRwp5xzLIjywu0PwSXcP
V1Gbjn2qAjSzRtd8OXfCC8LQWBBTGbJJEFKWSuATF/9qP1MdwHDaUez28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEBuOqfJ2LRLnQJoXtwxEvg4T3TMB8GA1UdIwQY
MBaAFJN1j5Kn/XNZuihIElqE38xC0UtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNXUGtxZjljMW02S0VnU1dvVGZ6RUxSUzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZjZkNGEtMTE2Ni00ZDJkLWE5MjEt
ZTE0M2ZhYWEwYjgyLzEvZ1FHNDZwOG5ZdEV1ZEFtaGUzREVTLURoUGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZjZkNGEtMTE2Ni00ZDJkLWE5MjEtZTE0M2ZhYWEwYjgy
LzEvazNXUGtxZjljMW02S0VnU1dvVGZ6RUxSUzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWluMA0G
CSqGSIb3DQEBCwUAA4IBAQBWNoaYYqgKhB+i6hZ1wb7loHja9M1c4/c5c45qgQWK
oIIa4fzOa85Xnr8C2KemvH6AiE8+FrRlEHhTdWMd/G/pKZ0/cXsDtME7cqNwaBdB
ZEknrCweMSWIfbPKpItuoJF6Vw+jrMYEGp+9+Xv9avs0h2PR1sqi3wIK21QPiIQI
I0PufnDahbr5BlP3gpgzpqg8cuQe2xt4yi/f9Vg6bcOKQFC/UOjAxk3hsLgRkv9r
3Cdx3VHl3TAXMNxKG3ueInqu0fzCf8uA3V3s4U/YE0asLT7rmSl/jpbu3ljCFPgY
Xvsw/aiaEKSXARUaBE1oulcNepN+OxKge0PK3Eps0RyA
-----END CERTIFICATE-----