Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/c0qhsqxIIVXMC2JfMCsS6U5GtlY.roa
File:                     c0qhsqxIIVXMC2JfMCsS6U5GtlY.roa (raw, json)
Hash identifier:          noIMiSXhmuWCNw2x3e1Va4TM7PiX5JAVWJbvg3cY0Mo=
Subject key identifier:   73:4A:A1:B2:AC:48:21:55:CC:0B:62:5F:30:2B:12:E9:4E:46:B6:56
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB3BE82009340AF3B701802B785B5
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/c0qhsqxIIVXMC2JfMCsS6U5GtlY.roa
Signing time:             Tue 02 Jan 2024 10:32:50 +0000
ROA not before:           Tue 02 Jan 2024 10:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35616
IP address blocks:        193.23.29.0/24 maxlen: 24
                          2a04:9ac1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b3:be:82:00:93:40:af:3b:70:18:02:b7:85:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=734aa1b2ac482155cc0b625f302b12e94e46b656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:bc:57:ec:b9:62:14:cd:47:27:03:73:c1:
                    02:b2:a6:e3:26:26:b9:d4:15:6b:05:cd:ee:4d:bc:
                    df:f0:bf:e3:8e:fe:16:cd:d4:73:6d:72:94:80:7e:
                    9e:7d:9c:47:fb:7a:d9:55:fe:d5:04:cd:b5:12:94:
                    15:82:fd:05:3b:63:3c:fc:9d:9e:d6:95:17:de:82:
                    99:25:af:1b:87:46:05:e1:84:67:9f:54:6c:bb:1b:
                    09:eb:d5:00:4d:90:c1:df:2f:c9:cb:06:d0:ec:d0:
                    29:8d:5c:56:82:e9:b4:1c:fd:1b:d5:ca:3b:78:2b:
                    e7:3f:14:6e:67:34:fe:81:b8:41:41:1e:a7:e5:dd:
                    0f:b7:3a:ca:f1:38:1a:72:a4:21:51:eb:32:73:ed:
                    85:71:59:af:38:38:18:bb:81:a3:57:25:86:b3:7d:
                    98:15:fc:ad:41:a4:9a:5f:e5:9c:c5:fb:dc:06:24:
                    4e:cc:a4:9a:60:80:7a:74:cc:20:20:8a:92:50:d0:
                    5e:12:4c:f8:04:4f:1a:2b:5b:91:bd:3b:5d:e9:b1:
                    74:5b:72:51:9a:ce:ab:f1:23:51:eb:7a:65:02:90:
                    32:79:8b:2f:d3:62:40:24:08:95:99:44:f4:1e:7e:
                    63:14:8a:9f:75:cb:c0:62:a2:53:37:66:b3:82:de:
                    ec:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4A:A1:B2:AC:48:21:55:CC:0B:62:5F:30:2B:12:E9:4E:46:B6:56
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/c0qhsqxIIVXMC2JfMCsS6U5GtlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.29.0/24
                IPv6:
                  2a04:9ac1::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:6c:58:c3:50:0f:f0:35:d6:74:7d:b0:7b:66:9d:17:38:cb:
         e3:97:30:cd:f5:c7:fc:4b:df:70:74:b4:cd:43:af:93:5b:16:
         0e:a4:a4:ad:6a:08:0b:b4:cc:6a:f1:1d:cf:a5:f5:32:0f:d6:
         d5:95:f3:92:1b:b7:af:e0:6f:ba:18:e6:a0:af:66:c4:c7:d8:
         c9:dd:73:84:b3:a4:cd:15:b3:f7:95:3d:65:9b:19:64:a4:11:
         b2:1c:ae:f4:4f:e5:f6:a5:35:69:b5:cb:20:6c:88:d8:46:93:
         15:36:a8:00:1f:ff:e8:22:cc:81:b1:3e:40:7f:0c:54:a8:fc:
         b7:29:25:4d:29:b4:31:20:41:8b:6c:98:8b:79:e3:15:0b:73:
         b0:d5:08:ea:b9:b8:fe:be:1b:af:70:03:a0:ed:d7:52:09:a0:
         01:80:67:0f:bb:f8:25:04:6e:4b:e5:ea:59:3d:4a:48:a3:ac:
         54:8f:80:9c:fa:e2:c0:48:6a:2e:c1:19:60:d2:85:c7:7a:18:
         2f:fd:15:c5:06:bc:cc:53:30:28:15:29:be:c4:dd:4c:ae:bb:
         61:d4:fb:c8:9f:06:21:c6:39:75:3a:31:c2:69:aa:63:fa:23:
         66:29:36:f9:19:8e:cf:41:92:e2:d3:22:f2:cb:1b:51:b6:15:
         c6:50:e8:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu7O+ggCTQK87cBgCt4W1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRhYTFiMmFjNDgyMTU1Y2MwYjYyNWYzMDJiMTJlOTRlNDZiNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP68V+y5YhTNRycDc8ECsqbjJia5
1BVrBc3uTbzf8L/jjv4WzdRzbXKUgH6efZxH+3rZVf7VBM21EpQVgv0FO2M8/J2e
1pUX3oKZJa8bh0YF4YRnn1RsuxsJ69UATZDB3y/JywbQ7NApjVxWgum0HP0b1co7
eCvnPxRuZzT+gbhBQR6n5d0PtzrK8TgacqQhUesyc+2FcVmvODgYu4GjVyWGs32Y
FfytQaSaX+WcxfvcBiROzKSaYIB6dMwgIIqSUNBeEkz4BE8aK1uRvTtd6bF0W3JR
ms6r8SNR63plApAyeYsv02JAJAiVmUT0Hn5jFIqfdcvAYqJTN2azgt7sVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHNKobKsSCFVzAtiXzArEulORrZWMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvYzBxaHNxeElJVlhNQzJKZk1Dc1M2VTVHdGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRcdMA0E
AgACMAcDBQAqBJrBMA0GCSqGSIb3DQEBCwUAA4IBAQALbFjDUA/wNdZ0fbB7Zp0X
OMvjlzDN9cf8S99wdLTNQ6+TWxYOpKStaggLtMxq8R3PpfUyD9bVlfOSG7ev4G+6
GOagr2bEx9jJ3XOEs6TNFbP3lT1lmxlkpBGyHK70T+X2pTVptcsgbIjYRpMVNqgA
H//oIsyBsT5AfwxUqPy3KSVNKbQxIEGLbJiLeeMVC3Ow1Qjqubj+vhuvcAOg7ddS
CaABgGcPu/glBG5L5epZPUpIo6xUj4Cc+uLASGouwRlg0oXHehgv/RXFBrzMUzAo
FSm+xN1Mrrth1PvInwYhxjl1OjHCaapj+iNmKTb5GY7PQZLi0yLyyxtRthXGUOj5
-----END CERTIFICATE-----