Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/RF1gPcwUDH2wECZQ9VZf9zt6vo4.roa
File:                     RF1gPcwUDH2wECZQ9VZf9zt6vo4.roa (raw, json)
Hash identifier:          dCkSgubUd3h/5bZOdLkco7+QQCzxm22HXyop7SC9JTA=
Subject key identifier:   44:5D:60:3D:CC:14:0C:7D:B0:10:26:50:F5:56:5F:F7:3B:7A:BE:8E
Certificate issuer:       /CN=17a6fa80b2d1c43ec9ea824e7e8395f79294e38a
Certificate serial:       018CC56EE0F1A5E77BF6CCA64DAB16CAA2FB
Authority key identifier: 17:A6:FA:80:B2:D1:C4:3E:C9:EA:82:4E:7E:83:95:F7:92:94:E3:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/RF1gPcwUDH2wECZQ9VZf9zt6vo4.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3326
IP address blocks:        193.111.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e0:f1:a5:e7:7b:f6:cc:a6:4d:ab:16:ca:a2:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17a6fa80b2d1c43ec9ea824e7e8395f79294e38a
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=445d603dcc140c7db0102650f5565ff73b7abe8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:73:75:65:01:af:3e:8c:3f:92:f0:32:eb:eb:
                    c8:c3:bb:fa:b8:85:e1:13:7f:5f:8f:25:46:88:54:
                    7d:cb:e9:4d:ab:41:45:21:87:63:33:24:ef:e7:fd:
                    b9:21:f0:e5:e2:a4:54:96:fe:23:fe:c9:26:86:ef:
                    39:ed:12:ce:19:a5:d4:f5:8a:5e:5b:32:06:20:80:
                    c0:bd:9e:5c:d6:48:aa:ec:61:b1:6a:d0:d7:21:d5:
                    7c:58:d3:73:b8:73:a6:34:a8:a6:d9:29:85:7e:38:
                    94:da:58:6d:21:4f:12:6f:d8:86:15:6e:fd:e9:da:
                    dc:64:bf:2e:fc:d3:10:84:33:ae:f7:55:93:67:5a:
                    11:9f:cd:78:80:b4:e3:45:08:2c:a4:b7:fc:d1:73:
                    f9:90:98:15:d4:6b:45:48:3b:23:e3:81:e4:93:c5:
                    3b:1d:24:65:46:f7:1b:5b:08:9f:6b:57:98:ff:86:
                    86:69:13:bf:c6:90:30:45:e0:4d:1e:b3:fa:c0:77:
                    d1:f6:7d:cd:a4:dc:35:a9:10:d6:15:5e:fe:da:e7:
                    17:e3:30:02:3b:d1:a9:39:81:25:fe:13:e3:49:fa:
                    f9:cf:2c:ee:73:e1:01:1b:1f:3f:1e:23:63:ca:59:
                    5b:c4:41:66:0c:c0:37:44:b7:0f:d3:95:ee:93:e3:
                    f4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:5D:60:3D:CC:14:0C:7D:B0:10:26:50:F5:56:5F:F7:3B:7A:BE:8E
            X509v3 Authority Key Identifier:
                keyid:17:A6:FA:80:B2:D1:C4:3E:C9:EA:82:4E:7E:83:95:F7:92:94:E3:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/RF1gPcwUDH2wECZQ9VZf9zt6vo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b6:7f:6e:2e:f7:0d:7d:b5:ec:ad:78:75:ff:78:e4:2e:32:
         19:34:ce:39:8b:80:98:a2:dc:9b:67:31:bb:f1:0a:41:92:95:
         fc:db:b5:25:f9:a3:1b:58:12:b6:dd:22:b2:aa:79:58:7a:c4:
         f5:ff:2a:1f:ff:6f:5b:70:9c:27:d4:61:c8:b9:98:b6:4a:40:
         3c:c6:7a:eb:a8:43:f6:28:d5:92:e3:4d:08:4d:73:bf:c0:42:
         14:7e:bc:72:8f:fe:8f:b5:a9:92:24:98:78:e9:6a:36:9f:15:
         d9:89:da:c2:1d:ef:9a:76:5e:78:d9:eb:77:df:56:a0:61:aa:
         cb:bb:7e:98:47:5e:d4:49:6c:32:9d:fe:f9:2b:68:9e:98:9c:
         4d:1d:14:9b:93:a2:02:27:38:34:31:8c:55:3f:50:68:42:e8:
         5e:ba:e3:d0:50:74:d8:42:0e:05:38:8c:16:3f:2a:8d:02:1b:
         c6:d9:f2:ea:34:0d:41:8a:34:de:80:98:ee:9e:32:e0:31:18:
         0b:a5:cf:53:f4:08:30:62:2d:af:8f:16:6f:20:ca:6e:88:27:
         4a:0f:a2:52:2c:5a:bc:ed:9d:cc:25:38:d5:f8:c4:7c:bf:94:
         b2:b2:fd:f9:b9:92:de:b1:3c:7b:5f:a9:61:67:33:3c:fa:07:
         2d:42:03:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuDxped79symTasWyqL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YTZmYTgwYjJkMWM0M2VjOWVhODI0ZTdlODM5NWY3OTI5
NGUzOGEwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDVkNjAzZGNjMTQwYzdkYjAxMDI2NTBmNTU2NWZmNzNiN2FiZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXN1ZQGvPow/kvAy6+vIw7v6uIXh
E39fjyVGiFR9y+lNq0FFIYdjMyTv5/25IfDl4qRUlv4j/skmhu857RLOGaXU9Ype
WzIGIIDAvZ5c1kiq7GGxatDXIdV8WNNzuHOmNKim2SmFfjiU2lhtIU8Sb9iGFW79
6drcZL8u/NMQhDOu91WTZ1oRn814gLTjRQgspLf80XP5kJgV1GtFSDsj44Hkk8U7
HSRlRvcbWwifa1eY/4aGaRO/xpAwReBNHrP6wHfR9n3NpNw1qRDWFV7+2ucX4zAC
O9GpOYEl/hPjSfr5zyzuc+EBGx8/HiNjyllbxEFmDMA3RLcP05Xuk+P0/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERdYD3MFAx9sBAmUPVWX/c7er6OMB8GA1UdIwQY
MBaAFBem+oCy0cQ+yeqCTn6DlfeSlOOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjZiNmdMTFJ4RDdKNm9KT2ZvT1Y5NUtVNDRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iYmZlNDgtZjE0ZC00MGQxLTlmMWEt
Y2I5ZTQ1YmIwYzYzLzEvUkYxZ1Bjd1VESDJ3RUNaUTlWWmY5enQ2dm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iYmZlNDgtZjE0ZC00MGQxLTlmMWEtY2I5ZTQ1YmIwYzYz
LzEvRjZiNmdMTFJ4RDdKNm9KT2ZvT1Y5NUtVNDRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW+tMA0G
CSqGSIb3DQEBCwUAA4IBAQB3tn9uLvcNfbXsrXh1/3jkLjIZNM45i4CYotybZzG7
8QpBkpX827Ul+aMbWBK23SKyqnlYesT1/yof/29bcJwn1GHIuZi2SkA8xnrrqEP2
KNWS400ITXO/wEIUfrxyj/6PtamSJJh46Wo2nxXZidrCHe+adl542et331agYarL
u36YR17USWwynf75K2iemJxNHRSbk6ICJzg0MYxVP1BoQuheuuPQUHTYQg4FOIwW
PyqNAhvG2fLqNA1BijTegJjunjLgMRgLpc9T9AgwYi2vjxZvIMpuiCdKD6JSLFq8
7Z3MJTjV+MR8v5Sysv35uZLesTx7X6lhZzM8+gctQgP6
-----END CERTIFICATE-----