Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/rK33Pni_BAxR2lGtXf6fR8dTgXE.roa
File:                     rK33Pni_BAxR2lGtXf6fR8dTgXE.roa (raw, json)
Hash identifier:          62d0mmPBKBlsMhRk0wNTQ9R+AM/MQJFJzB1tFNBgu0k=
Subject key identifier:   AC:AD:F7:3E:78:BF:04:0C:51:DA:51:AD:5D:FE:9F:47:C7:53:81:71
Certificate issuer:       /CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
Certificate serial:       018EBD4188C731BFDC6C27553D76EDA04254
Authority key identifier: D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/rK33Pni_BAxR2lGtXf6fR8dTgXE.roa
Signing time:             Mon 08 Apr 2024 10:29:32 +0000
ROA not before:           Mon 08 Apr 2024 10:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199760
IP address blocks:        193.104.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:41:88:c7:31:bf:dc:6c:27:55:3d:76:ed:a0:42:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
        Validity
            Not Before: Apr  8 10:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acadf73e78bf040c51da51ad5dfe9f47c7538171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cb:ed:9c:39:73:74:2c:40:f4:ee:09:eb:df:
                    ed:a1:3d:f0:ae:03:1b:cf:45:a9:f6:51:0c:24:ae:
                    a9:18:97:6f:d3:85:b5:56:d9:a0:42:c9:23:90:49:
                    73:84:10:ae:02:68:c3:2b:36:0f:b2:73:e4:bf:1c:
                    b4:25:1c:40:8c:13:95:d6:1c:ab:94:ca:79:d2:81:
                    99:32:16:56:ca:de:83:70:22:b3:40:9f:4f:aa:4d:
                    23:be:79:e1:8b:92:3c:8f:32:85:02:e9:e7:c9:e2:
                    08:fd:2c:9a:45:e9:f8:aa:c5:64:02:39:a9:9f:a1:
                    69:25:1e:91:88:08:22:9b:0d:e6:64:bb:a1:fc:c6:
                    74:3c:57:44:6b:45:e6:aa:06:12:2c:4b:31:20:a7:
                    a2:dc:9a:0d:db:54:6e:51:1b:58:62:af:e2:06:e3:
                    71:28:16:91:90:22:d0:a1:d7:0b:b5:04:92:f5:2c:
                    2a:3b:fc:3e:7a:32:f2:54:c3:1c:95:e8:cb:52:76:
                    0e:1f:07:16:74:9c:16:6f:78:9b:76:ae:04:f6:30:
                    cf:0b:b9:a0:6f:bb:87:59:53:63:b3:ad:8c:4f:83:
                    45:e6:5c:b6:84:6b:f2:dd:a8:db:4d:81:63:3a:cd:
                    6e:d0:4b:a9:35:e8:bc:68:2d:83:64:f3:72:d8:4a:
                    4e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AD:F7:3E:78:BF:04:0C:51:DA:51:AD:5D:FE:9F:47:C7:53:81:71
            X509v3 Authority Key Identifier:
                keyid:D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/rK33Pni_BAxR2lGtXf6fR8dTgXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:20:bc:58:0e:8a:50:98:94:58:a1:26:26:5c:11:5b:ac:64:
         ab:a3:22:8b:89:3e:9a:9f:55:f5:5c:01:8e:8f:1e:e5:7b:fb:
         52:a8:c0:11:1a:41:16:63:ae:05:7e:75:64:86:36:b0:ad:ea:
         84:40:e1:e4:6d:5e:fe:c7:81:eb:b0:4e:53:52:dd:04:02:37:
         fb:0e:22:94:7c:2a:45:19:b0:d6:97:69:ca:c5:4c:a1:f5:db:
         38:8c:06:73:b0:77:38:4b:d7:99:82:ef:63:61:f5:28:ee:8e:
         f0:02:0f:d1:0d:cc:fb:8e:7d:52:73:7c:64:a8:d4:c0:01:67:
         c8:64:31:ea:dd:b8:5b:43:cd:4a:49:43:01:09:66:44:1d:02:
         a9:09:20:b7:f4:36:fa:6c:34:6f:35:1e:1d:9d:b4:2b:7b:52:
         35:4d:0a:05:34:38:fa:26:53:81:e7:3c:33:55:c8:da:1e:e5:
         7d:ec:5c:6a:62:50:8a:ef:5e:38:b9:f4:f3:96:91:58:a5:ee:
         dd:6b:aa:5f:d8:65:13:c3:ba:72:64:bc:5d:06:08:21:00:bb:
         c8:fe:29:9b:7e:83:de:f2:1e:4e:1a:44:56:ed:2a:12:74:90:
         38:b4:db:bd:e3:9f:3c:a6:7f:da:1a:9e:3d:4a:fe:25:3b:fa:
         5d:4a:4e:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69QYjHMb/cbCdVPXbtoEJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2E2NzYxMDI4NmFiNzM4Zjg2Y2U5MzVmZGY1ZWQ2MjBm
MDJkOTYwHhcNMjQwNDA4MTAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FkZjczZTc4YmYwNDBjNTFkYTUxYWQ1ZGZlOWY0N2M3NTM4MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsvtnDlzdCxA9O4J69/toT3wrgMb
z0Wp9lEMJK6pGJdv04W1VtmgQskjkElzhBCuAmjDKzYPsnPkvxy0JRxAjBOV1hyr
lMp50oGZMhZWyt6DcCKzQJ9Pqk0jvnnhi5I8jzKFAunnyeII/SyaRen4qsVkAjmp
n6FpJR6RiAgimw3mZLuh/MZ0PFdEa0XmqgYSLEsxIKei3JoN21RuURtYYq/iBuNx
KBaRkCLQodcLtQSS9SwqO/w+ejLyVMMclejLUnYOHwcWdJwWb3ibdq4E9jDPC7mg
b7uHWVNjs62MT4NF5ly2hGvy3ajbTYFjOs1u0EupNei8aC2DZPNy2EpONwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyt9z54vwQMUdpRrV3+n0fHU4FxMB8GA1UdIwQY
MBaAFNHKZ2EChqtzj4bOk1/fXtYg8C2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUt
MzViZmY5NmRhNGM1LzEvckszM1BuaV9CQXhSMmxHdFhmNmZSOGRUZ1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUtMzViZmY5NmRhNGM1
LzEvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWghMA0G
CSqGSIb3DQEBCwUAA4IBAQCCILxYDopQmJRYoSYmXBFbrGSroyKLiT6an1X1XAGO
jx7le/tSqMARGkEWY64FfnVkhjawreqEQOHkbV7+x4HrsE5TUt0EAjf7DiKUfCpF
GbDWl2nKxUyh9ds4jAZzsHc4S9eZgu9jYfUo7o7wAg/RDcz7jn1Sc3xkqNTAAWfI
ZDHq3bhbQ81KSUMBCWZEHQKpCSC39Db6bDRvNR4dnbQre1I1TQoFNDj6JlOB5zwz
VcjaHuV97FxqYlCK7144ufTzlpFYpe7da6pf2GUTw7pyZLxdBgghALvI/imbfoPe
8h5OGkRW7SoSdJA4tNu94588pn/aGp49Sv4lO/pdSk6/
-----END CERTIFICATE-----