Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/10sLUp0jXjaP8dEHrEFru1Kj5KA.roa
File:                     10sLUp0jXjaP8dEHrEFru1Kj5KA.roa (raw, json)
Hash identifier:          jlA2qHCqYDh3tPg0XQcbwnX8dm19+KTLm2ymd25UOUk=
Subject key identifier:   D7:4B:0B:52:9D:23:5E:36:8F:F1:D1:07:AC:41:6B:BB:52:A3:E4:A0
Certificate issuer:       /CN=1bdba013655b9bb0caa285d75c142c1ee30f8854
Certificate serial:       018CC94E18C7C91C5A540B17DC97CD2CC9BD
Authority key identifier: 1B:DB:A0:13:65:5B:9B:B0:CA:A2:85:D7:5C:14:2C:1E:E3:0F:88:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/10sLUp0jXjaP8dEHrEFru1Kj5KA.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62054
IP address blocks:        193.176.252.0/24 maxlen: 24
                          193.176.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:18:c7:c9:1c:5a:54:0b:17:dc:97:cd:2c:c9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bdba013655b9bb0caa285d75c142c1ee30f8854
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d74b0b529d235e368ff1d107ac416bbb52a3e4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:78:90:ce:4d:94:63:a0:38:fc:82:3a:97:3f:
                    91:e4:0b:f2:a1:29:13:0c:cb:47:4e:31:24:39:0c:
                    bd:45:00:82:e8:3a:5f:e0:19:f8:05:ec:f3:60:79:
                    38:e4:a2:5d:7c:0e:95:ac:9f:f9:03:ba:18:09:ec:
                    fb:50:70:39:c0:14:6e:52:c5:a0:13:98:69:c7:7b:
                    bf:bf:b1:e8:68:ed:c3:97:07:2c:37:7e:0f:e1:dc:
                    af:95:31:3b:9e:43:24:0f:ff:e4:b2:99:5b:63:0f:
                    71:28:6a:ff:96:4c:45:c8:26:bc:44:18:29:e7:a8:
                    95:fb:36:3a:04:1e:45:b3:df:95:62:96:dd:ae:a7:
                    5c:1c:31:db:78:9c:9a:d2:30:66:5c:b4:9c:f0:ff:
                    8a:69:b5:41:4f:96:4e:9b:8f:02:f5:38:6a:b7:59:
                    4b:f6:12:26:de:9b:6a:54:b0:62:c6:e6:b4:09:22:
                    f0:44:53:de:36:e4:8f:73:06:7e:e7:57:e9:b9:e5:
                    71:6c:b0:68:9f:9a:7f:52:b1:eb:97:80:ae:58:ab:
                    5f:b6:ba:db:9c:ac:1f:0d:6a:c0:a3:69:e8:71:cc:
                    c7:90:9f:05:36:2a:dd:45:86:d5:91:42:c9:c0:e3:
                    01:f0:af:a8:07:88:75:4c:ff:73:4a:2a:b0:19:3b:
                    d0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:4B:0B:52:9D:23:5E:36:8F:F1:D1:07:AC:41:6B:BB:52:A3:E4:A0
            X509v3 Authority Key Identifier:
                keyid:1B:DB:A0:13:65:5B:9B:B0:CA:A2:85:D7:5C:14:2C:1E:E3:0F:88:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/10sLUp0jXjaP8dEHrEFru1Kj5KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.252.0/24
                  193.176.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c9:4a:40:26:f2:4d:36:1e:5f:2d:f7:ad:a5:a3:70:4a:ef:
         9b:19:40:9e:e0:c9:27:3c:e2:0d:cc:2c:cd:03:d8:16:ea:84:
         e2:88:07:d5:3c:d8:f2:46:b8:50:08:2c:d2:16:24:70:fc:e0:
         4d:84:88:b0:3f:da:88:5d:e9:48:1f:67:02:1e:f4:7a:92:cc:
         5e:94:33:1d:ce:40:30:3c:71:8a:e8:0b:b4:c3:fd:0b:55:d3:
         35:85:f2:fa:f3:85:5d:76:91:23:9c:99:f1:1f:00:b6:62:e4:
         55:8e:3a:23:84:f2:5f:d9:4d:ae:99:7c:39:37:99:93:76:da:
         5d:6c:09:0c:dd:0c:5e:97:60:08:f5:47:d9:a7:6c:6b:07:ae:
         b2:91:22:c7:43:c4:a8:6f:ca:1b:a9:7b:7e:be:e0:d4:e8:64:
         b0:b7:77:80:5c:16:fc:b2:d5:86:61:b2:ca:ee:be:a7:6c:f3:
         77:d4:f7:65:71:6c:73:dd:d6:5d:4d:ee:44:ac:ec:f0:34:17:
         ad:e6:18:0c:c7:3f:8e:f8:fa:03:2a:0a:43:63:12:4f:9c:8a:
         4d:0a:3f:ec:da:db:c2:89:bb:ca:7c:2f:c1:a6:40:45:94:13:
         95:93:4a:a8:63:1a:f1:0b:c6:d6:61:75:53:61:72:1f:d6:b1:
         2b:bd:c7:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJThjHyRxaVAsX3JfNLMm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZGJhMDEzNjU1YjliYjBjYWEyODVkNzVjMTQyYzFlZTMw
Zjg4NTQwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzRiMGI1MjlkMjM1ZTM2OGZmMWQxMDdhYzQxNmJiYjUyYTNlNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3iQzk2UY6A4/II6lz+R5AvyoSkT
DMtHTjEkOQy9RQCC6Dpf4Bn4BezzYHk45KJdfA6VrJ/5A7oYCez7UHA5wBRuUsWg
E5hpx3u/v7HoaO3DlwcsN34P4dyvlTE7nkMkD//ksplbYw9xKGr/lkxFyCa8RBgp
56iV+zY6BB5Fs9+VYpbdrqdcHDHbeJya0jBmXLSc8P+KabVBT5ZOm48C9Thqt1lL
9hIm3ptqVLBixua0CSLwRFPeNuSPcwZ+51fpueVxbLBon5p/UrHrl4CuWKtftrrb
nKwfDWrAo2nocczHkJ8FNirdRYbVkULJwOMB8K+oB4h1TP9zSiqwGTvQowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNdLC1KdI142j/HRB6xBa7tSo+SgMB8GA1UdIwQY
MBaAFBvboBNlW5uwyqKF11wULB7jD4hUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzl1Z0UyVmJtN0RLb29YWFhCUXNIdU1QaUZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82YTI5NDYtZjBhNC00ZTg1LTkzMGUt
ZDRlZGYxNmUwOTc4LzEvMTBzTFVwMGpYamFQOGRFSHJFRnJ1MUtqNUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82YTI5NDYtZjBhNC00ZTg1LTkzMGUtZDRlZGYxNmUwOTc4
LzEvRzl1Z0UyVmJtN0RLb29YWFhCUXNIdU1QaUZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbD8AwQA
wbD+MA0GCSqGSIb3DQEBCwUAA4IBAQAlyUpAJvJNNh5fLfetpaNwSu+bGUCe4Mkn
POINzCzNA9gW6oTiiAfVPNjyRrhQCCzSFiRw/OBNhIiwP9qIXelIH2cCHvR6ksxe
lDMdzkAwPHGK6Au0w/0LVdM1hfL684VddpEjnJnxHwC2YuRVjjojhPJf2U2umXw5
N5mTdtpdbAkM3Qxel2AI9UfZp2xrB66ykSLHQ8Sob8obqXt+vuDU6GSwt3eAXBb8
stWGYbLK7r6nbPN31PdlcWxz3dZdTe5ErOzwNBet5hgMxz+O+PoDKgpDYxJPnIpN
Cj/s2tvCibvKfC/BpkBFlBOVk0qoYxrxC8bWYXVTYXIf1rErvccM
-----END CERTIFICATE-----