Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/zST73UVMK8qbVN32zGpvksisvRA.roa
File:                     zST73UVMK8qbVN32zGpvksisvRA.roa (raw, json)
Hash identifier:          6JcZcaAUOEHbE46wpUNJdsI7Mq2PcUfctkREnhLUapU=
Subject key identifier:   CD:24:FB:DD:45:4C:2B:CA:9B:54:DD:F6:CC:6A:6F:92:C8:AC:BD:10
Certificate issuer:       /CN=a4abaf1d37f0a141a814ca02fc01e3d9621c73d9
Certificate serial:       018CC8DEB6A4493090F39D119C2BC202C3BB
Authority key identifier: A4:AB:AF:1D:37:F0:A1:41:A8:14:CA:02:FC:01:E3:D9:62:1C:73:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKuvHTfwoUGoFMoC_AHj2WIcc9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/zST73UVMK8qbVN32zGpvksisvRA.roa
Signing time:             Tue 02 Jan 2024 06:31:28 +0000
ROA not before:           Tue 02 Jan 2024 06:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        195.242.98.0/23 maxlen: 23
                          193.242.108.0/24 maxlen: 24
                          193.43.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/pKuvHTfwoUGoFMoC_AHj2WIcc9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/pKuvHTfwoUGoFMoC_AHj2WIcc9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKuvHTfwoUGoFMoC_AHj2WIcc9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b6:a4:49:30:90:f3:9d:11:9c:2b:c2:02:c3:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4abaf1d37f0a141a814ca02fc01e3d9621c73d9
        Validity
            Not Before: Jan  2 06:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd24fbdd454c2bca9b54ddf6cc6a6f92c8acbd10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:08:80:7e:45:5e:60:62:93:c6:ac:d5:de:01:
                    06:d9:bf:76:f5:1d:03:38:df:6e:3b:e3:4a:fe:2d:
                    eb:2d:05:40:54:7e:fe:11:b0:8b:a7:66:98:63:64:
                    40:ec:46:92:51:7b:2c:62:0d:8e:12:07:91:81:42:
                    6a:2c:a1:6f:31:b1:67:0c:9e:a1:46:53:1a:61:08:
                    e2:d8:3e:c5:62:a3:8e:73:1f:37:0d:b1:11:c4:71:
                    b2:0f:a2:8d:dc:6b:3f:91:60:45:37:05:f8:f0:59:
                    51:d6:eb:ec:02:81:1b:5d:9d:d7:62:96:ff:f3:0f:
                    12:25:b3:2b:c7:29:b2:8e:55:d5:f2:2d:f3:86:5c:
                    79:05:2b:e5:ed:a3:cd:e9:c2:6d:b8:59:58:75:fa:
                    c1:9e:5d:ae:56:a3:7b:2b:0c:25:5a:a1:75:d9:df:
                    43:b1:7f:10:8f:bc:7e:19:9d:d3:c5:90:d9:f7:48:
                    ee:e1:04:32:c5:0f:4f:36:58:c9:47:0d:8c:40:ab:
                    76:7c:59:05:78:6c:00:dc:57:93:a1:3e:f3:a3:a2:
                    9f:6c:ec:4d:a3:09:b4:f2:7c:f0:a0:99:4d:38:14:
                    7d:a0:fa:1a:c8:8b:df:66:b1:77:58:81:7f:6b:74:
                    43:0e:ac:d0:dc:0a:76:95:e8:ef:26:58:a5:7f:c1:
                    e4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:24:FB:DD:45:4C:2B:CA:9B:54:DD:F6:CC:6A:6F:92:C8:AC:BD:10
            X509v3 Authority Key Identifier:
                keyid:A4:AB:AF:1D:37:F0:A1:41:A8:14:CA:02:FC:01:E3:D9:62:1C:73:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKuvHTfwoUGoFMoC_AHj2WIcc9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/zST73UVMK8qbVN32zGpvksisvRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/155bdc-b574-47f9-b348-93cf64f88990/1/pKuvHTfwoUGoFMoC_AHj2WIcc9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.92.0/24
                  193.242.108.0/24
                  195.242.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:6a:d8:6c:20:33:39:5e:b7:1f:a3:b0:30:04:50:a5:40:0b:
         68:1e:c9:b9:aa:22:2f:dc:91:94:3b:34:69:7e:8a:a6:21:92:
         4a:85:d8:32:ad:e3:34:ec:6d:43:03:0a:f0:00:bb:6e:32:1e:
         b7:ab:13:de:c4:36:48:cd:58:58:01:81:34:58:0d:3f:69:b0:
         ef:8f:79:e8:1a:66:92:90:dd:3a:fb:ab:9d:8d:b5:32:d6:e8:
         cc:d6:16:28:89:bd:01:e2:94:3d:7b:41:67:a6:12:25:88:be:
         9e:99:3e:cb:b3:c3:37:d8:5c:1c:72:9f:16:b3:15:a8:bd:0a:
         fc:16:7d:d5:35:35:eb:69:e4:c2:ef:b2:44:be:fe:ad:cc:f7:
         92:c8:e3:ec:5e:b4:03:4e:0c:5e:6e:0a:ce:68:9b:c7:d7:21:
         34:2d:1a:7c:32:4c:14:1e:03:78:fb:67:6a:39:75:0e:0a:05:
         c8:12:00:ac:d9:a7:8b:60:fb:88:7a:aa:3f:3f:3e:8c:53:e0:
         33:f3:ba:6c:8b:aa:73:4f:01:0a:9e:95:40:b4:1b:75:17:4c:
         8c:41:c2:23:29:ac:90:ac:3e:d1:4b:6c:e2:c0:30:36:01:eb:
         95:98:60:c8:3f:55:4d:97:0b:fb:ee:db:56:c5:2d:19:fb:3d:
         a5:e0:4d:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3rakSTCQ850RnCvCAsO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YWJhZjFkMzdmMGExNDFhODE0Y2EwMmZjMDFlM2Q5NjIx
YzczZDkwHhcNMjQwMTAyMDYzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDI0ZmJkZDQ1NGMyYmNhOWI1NGRkZjZjYzZhNmY5MmM4YWNiZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngiAfkVeYGKTxqzV3gEG2b929R0D
ON9uO+NK/i3rLQVAVH7+EbCLp2aYY2RA7EaSUXssYg2OEgeRgUJqLKFvMbFnDJ6h
RlMaYQji2D7FYqOOcx83DbERxHGyD6KN3Gs/kWBFNwX48FlR1uvsAoEbXZ3XYpb/
8w8SJbMrxymyjlXV8i3zhlx5BSvl7aPN6cJtuFlYdfrBnl2uVqN7KwwlWqF12d9D
sX8Qj7x+GZ3TxZDZ90ju4QQyxQ9PNljJRw2MQKt2fFkFeGwA3FeToT7zo6KfbOxN
owm08nzwoJlNOBR9oPoayIvfZrF3WIF/a3RDDqzQ3Ap2lejvJlilf8HkdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM0k+91FTCvKm1Td9sxqb5LIrL0QMB8GA1UdIwQY
MBaAFKSrrx038KFBqBTKAvwB49liHHPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEt1dkhUZndvVUdvRk1vQ19BSGoyV0ljYzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNTViZGMtYjU3NC00N2Y5LWIzNDgt
OTNjZjY0Zjg4OTkwLzEvelNUNzNVVk1LOHFiVk4zMnpHcHZrc2lzdlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNTViZGMtYjU3NC00N2Y5LWIzNDgtOTNjZjY0Zjg4OTkw
LzEvcEt1dkhUZndvVUdvRk1vQ19BSGoyV0ljYzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwStcAwQA
wfJsAwQBw/JiMA0GCSqGSIb3DQEBCwUAA4IBAQALathsIDM5Xrcfo7AwBFClQAto
Hsm5qiIv3JGUOzRpfoqmIZJKhdgyreM07G1DAwrwALtuMh63qxPexDZIzVhYAYE0
WA0/abDvj3noGmaSkN06+6udjbUy1ujM1hYoib0B4pQ9e0FnphIliL6emT7Ls8M3
2Fwccp8WsxWovQr8Fn3VNTXraeTC77JEvv6tzPeSyOPsXrQDTgxebgrOaJvH1yE0
LRp8MkwUHgN4+2dqOXUOCgXIEgCs2aeLYPuIeqo/Pz6MU+Az87psi6pzTwEKnpVA
tBt1F0yMQcIjKayQrD7RS2ziwDA2AeuVmGDIP1VNlwv77ttWxS0Z+z2l4E0p
-----END CERTIFICATE-----