Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/kmmuI_oO1owx7Qtx163l-3CW-Go.roa
File:                     kmmuI_oO1owx7Qtx163l-3CW-Go.roa (raw, json)
Hash identifier:          Z32UkMcOXZnxIS+z84tVYJ2oNKaYCDEacSmkJICgNDk=
Subject key identifier:   92:69:AE:23:FA:0E:D6:8C:31:ED:0B:71:D7:AD:E5:FB:70:96:F8:6A
Certificate issuer:       /CN=73d0a3ab299a6598d32bc75450021888795b3d2b
Certificate serial:       018E2E233D2269421FC67CE8B276FE47BDCC
Authority key identifier: 73:D0:A3:AB:29:9A:65:98:D3:2B:C7:54:50:02:18:88:79:5B:3D:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c9CjqymaZZjTK8dUUAIYiHlbPSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/kmmuI_oO1owx7Qtx163l-3CW-Go.roa
Signing time:             Mon 11 Mar 2024 15:30:44 +0000
ROA not before:           Mon 11 Mar 2024 15:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49468
IP address blocks:        193.33.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/c9CjqymaZZjTK8dUUAIYiHlbPSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/c9CjqymaZZjTK8dUUAIYiHlbPSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c9CjqymaZZjTK8dUUAIYiHlbPSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2e:23:3d:22:69:42:1f:c6:7c:e8:b2:76:fe:47:bd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73d0a3ab299a6598d32bc75450021888795b3d2b
        Validity
            Not Before: Mar 11 15:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9269ae23fa0ed68c31ed0b71d7ade5fb7096f86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:16:b2:9d:66:0c:53:4f:b7:e1:b3:ed:4f:15:
                    fa:77:3a:73:ea:7c:18:a1:25:27:49:fb:16:ed:81:
                    6a:07:67:e8:c5:7e:76:23:56:c1:8c:34:ad:cb:59:
                    c1:f2:36:f3:2e:eb:c9:57:1c:51:79:f6:e6:c5:24:
                    ec:64:d2:4e:f5:13:7b:a4:ed:3c:35:c2:11:fa:a0:
                    65:a7:5b:87:da:c1:39:93:10:c1:26:c9:3e:01:d4:
                    7c:7a:cb:5c:42:cc:c5:80:8c:6a:13:f0:af:ab:99:
                    28:ec:0a:2d:c9:f6:07:2c:56:ba:fd:14:3f:c1:03:
                    70:b6:fc:19:68:f1:b3:ab:cb:8d:32:84:9f:7b:b0:
                    65:66:c7:1e:c6:2f:b8:a8:1c:22:28:1c:09:f5:15:
                    5f:0b:1b:6a:59:d0:0d:28:af:d1:47:5b:0c:4d:64:
                    56:e9:00:7b:69:d8:b8:e9:40:58:2d:83:81:e3:29:
                    3d:d7:2e:53:51:af:c4:54:41:d0:f4:36:19:f5:47:
                    ae:5d:a6:f7:f8:76:58:0f:55:df:4f:a2:7e:c2:65:
                    2b:b9:55:75:bb:63:b1:3c:c9:ad:77:e5:c9:da:6b:
                    4d:ea:14:e1:45:5c:1e:98:fa:19:61:ab:70:55:f5:
                    e2:03:d3:c0:33:84:fa:93:ef:9f:5b:51:22:00:91:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:69:AE:23:FA:0E:D6:8C:31:ED:0B:71:D7:AD:E5:FB:70:96:F8:6A
            X509v3 Authority Key Identifier:
                keyid:73:D0:A3:AB:29:9A:65:98:D3:2B:C7:54:50:02:18:88:79:5B:3D:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9CjqymaZZjTK8dUUAIYiHlbPSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/kmmuI_oO1owx7Qtx163l-3CW-Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/c9CjqymaZZjTK8dUUAIYiHlbPSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:88:a0:19:60:72:91:0b:f5:57:3a:72:13:1e:65:fa:69:85:
         fb:5c:1f:d8:9d:bf:04:8f:2e:a6:51:05:ae:be:7f:4f:c8:c4:
         15:8b:c0:e6:34:b2:dd:63:64:6f:01:94:55:34:72:59:d8:2f:
         3f:89:c6:86:f3:aa:ac:6b:13:b1:97:3e:53:0d:21:7a:b7:ad:
         bf:8b:bf:ce:f9:00:95:55:27:a2:7f:2e:12:c5:38:fe:a9:ed:
         ab:b0:d5:e1:dd:4c:c6:32:8a:e4:37:15:b6:8e:1c:7a:c7:16:
         7d:21:24:a9:da:30:9f:45:16:07:13:fa:8d:01:2a:1f:88:1d:
         50:29:c5:3f:3d:51:ba:2c:f6:2f:7e:ff:ce:ec:ea:67:bb:64:
         33:f8:95:b5:93:5a:60:62:33:2a:cf:cf:90:09:cb:fa:e4:b7:
         3e:5a:c5:78:7e:7e:36:05:bc:fd:ac:9e:a8:c8:ba:64:40:30:
         b2:9f:de:4d:25:52:56:43:9b:05:4f:35:11:20:2f:44:09:fd:
         49:4e:37:0e:14:b0:46:ab:60:d5:9e:fc:be:d9:df:d1:5c:e8:
         1c:29:a3:c9:1f:0c:af:65:9f:24:aa:b7:51:fb:cb:fb:ca:09:
         ba:35:e1:de:41:73:30:9d:b3:d4:94:20:61:f4:f6:e0:27:e3:
         a7:c4:41:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4uIz0iaUIfxnzosnb+R73MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZDBhM2FiMjk5YTY1OThkMzJiYzc1NDUwMDIxODg4Nzk1
YjNkMmIwHhcNMjQwMzExMTUzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY5YWUyM2ZhMGVkNjhjMzFlZDBiNzFkN2FkZTVmYjcwOTZmODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBaynWYMU0+34bPtTxX6dzpz6nwY
oSUnSfsW7YFqB2foxX52I1bBjDSty1nB8jbzLuvJVxxRefbmxSTsZNJO9RN7pO08
NcIR+qBlp1uH2sE5kxDBJsk+AdR8estcQszFgIxqE/Cvq5ko7AotyfYHLFa6/RQ/
wQNwtvwZaPGzq8uNMoSfe7BlZscexi+4qBwiKBwJ9RVfCxtqWdANKK/RR1sMTWRW
6QB7adi46UBYLYOB4yk91y5TUa/EVEHQ9DYZ9UeuXab3+HZYD1XfT6J+wmUruVV1
u2OxPMmtd+XJ2mtN6hThRVwemPoZYatwVfXiA9PAM4T6k++fW1EiAJHY9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJpriP6DtaMMe0Lcdet5ftwlvhqMB8GA1UdIwQY
MBaAFHPQo6spmmWY0yvHVFACGIh5Wz0rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzlDanF5bWFaWmpUSzhkVVVBSVlpSGxiUFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yYmU3YmItYWI5OC00ZWQzLWI1ZWUt
MTBjZjY1OTQ4YTU2LzEva21tdUlfb08xb3d4N1F0eDE2M2wtM0NXLUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yYmU3YmItYWI5OC00ZWQzLWI1ZWUtMTBjZjY1OTQ4YTU2
LzEvYzlDanF5bWFaWmpUSzhkVVVBSVlpSGxiUFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSGdMA0G
CSqGSIb3DQEBCwUAA4IBAQDMiKAZYHKRC/VXOnITHmX6aYX7XB/Ynb8Ejy6mUQWu
vn9PyMQVi8DmNLLdY2RvAZRVNHJZ2C8/icaG86qsaxOxlz5TDSF6t62/i7/O+QCV
VSeify4SxTj+qe2rsNXh3UzGMorkNxW2jhx6xxZ9ISSp2jCfRRYHE/qNASofiB1Q
KcU/PVG6LPYvfv/O7Opnu2Qz+JW1k1pgYjMqz8+QCcv65Lc+WsV4fn42Bbz9rJ6o
yLpkQDCyn95NJVJWQ5sFTzURIC9ECf1JTjcOFLBGq2DVnvy+2d/RXOgcKaPJHwyv
ZZ8kqrdR+8v7ygm6NeHeQXMwnbPUlCBh9PbgJ+OnxEFI
-----END CERTIFICATE-----