Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/dCRwXV9KYbBd55PFMx9J0f0aXvg.roa
File:                     dCRwXV9KYbBd55PFMx9J0f0aXvg.roa (raw, json)
Hash identifier:          b0TAHND+C4QcOnge6KLYfSUfcP5ghoRQGn04vJ9pD9o=
Subject key identifier:   74:24:70:5D:5F:4A:61:B0:5D:E7:93:C5:33:1F:49:D1:FD:1A:5E:F8
Certificate issuer:       /CN=c15ee2d909c9b75c6d2084e3379bf03274b776f4
Certificate serial:       018CC8018FE92E97061CC623603F31EC9884
Authority key identifier: C1:5E:E2:D9:09:C9:B7:5C:6D:20:84:E3:37:9B:F0:32:74:B7:76:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/dCRwXV9KYbBd55PFMx9J0f0aXvg.roa
Signing time:             Tue 02 Jan 2024 02:29:54 +0000
ROA not before:           Tue 02 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.135.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8f:e9:2e:97:06:1c:c6:23:60:3f:31:ec:98:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15ee2d909c9b75c6d2084e3379bf03274b776f4
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7424705d5f4a61b05de793c5331f49d1fd1a5ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5a:91:26:7f:18:0c:8a:0f:86:97:af:e8:0e:
                    06:7e:02:72:24:12:5f:76:c7:ed:27:5d:7f:0b:c7:
                    c2:e3:e8:72:36:31:aa:a2:e9:d9:43:43:26:a8:9e:
                    6f:2b:79:54:32:22:bf:4e:d2:c4:6d:70:24:ac:93:
                    c8:6a:fa:f6:33:ca:38:73:f3:02:70:ea:5d:2b:ec:
                    3e:dc:83:b8:8d:22:73:51:cd:32:d2:5c:d4:5d:e3:
                    c6:18:4d:51:e3:ac:75:b6:d7:d1:cb:b3:e6:15:07:
                    0e:ff:d7:37:17:14:9d:15:38:5d:d1:8b:e9:49:d8:
                    b7:93:03:a0:96:46:89:1e:59:7b:bd:e7:ec:a6:53:
                    50:3e:1e:5e:d7:2a:1d:32:17:ed:5b:88:bf:f5:43:
                    f8:2c:8b:cd:cb:b1:a5:00:6b:a8:08:aa:1a:59:a6:
                    0e:c2:88:4e:4e:f9:6c:13:09:a9:2d:ea:be:c3:da:
                    e3:34:ed:6e:7a:d6:a6:f2:b5:42:ac:22:48:64:b4:
                    71:6c:2a:93:d5:57:82:72:d7:83:12:1b:99:27:ed:
                    3c:96:64:66:5f:24:0a:ab:90:f8:78:bc:07:d3:98:
                    c1:91:8f:ab:2d:5f:9d:6f:f2:24:35:ca:50:dd:68:
                    41:be:b8:0f:76:ba:a7:a4:a8:43:08:06:de:53:d3:
                    df:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:24:70:5D:5F:4A:61:B0:5D:E7:93:C5:33:1F:49:D1:FD:1A:5E:F8
            X509v3 Authority Key Identifier:
                keyid:C1:5E:E2:D9:09:C9:B7:5C:6D:20:84:E3:37:9B:F0:32:74:B7:76:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/dCRwXV9KYbBd55PFMx9J0f0aXvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:7b:36:f8:5d:59:22:70:59:89:30:1f:78:77:08:74:7f:72:
         1e:b5:40:9a:f8:34:d0:d5:84:a2:76:51:12:d7:f9:98:37:07:
         9b:d8:cc:48:ad:f0:12:a3:20:1f:01:5b:56:a7:8b:f7:dc:11:
         90:8e:15:02:73:c2:2c:60:68:d4:d3:3c:3d:af:1e:ca:c9:f6:
         85:95:6a:68:a8:f8:5c:c3:ba:e5:15:10:09:05:d2:93:22:25:
         ab:ae:aa:41:d2:bf:f9:72:b5:5d:8e:c5:9a:bd:f3:fc:71:75:
         86:e6:c9:cf:55:3a:36:7b:05:68:e4:65:d6:d0:b9:1b:50:91:
         2b:f7:97:7a:e8:f5:e3:2a:81:1b:4e:c4:9a:90:26:a4:77:84:
         cb:f9:f5:0c:87:de:9a:c6:24:30:98:26:61:70:00:92:bb:23:
         96:5b:80:84:bf:54:2b:25:2f:38:02:e4:e4:fe:ea:60:f2:59:
         c6:f0:79:5f:fd:12:ce:ff:fc:08:90:35:d3:70:9b:07:a2:0e:
         0b:a3:b5:db:3a:d9:03:6f:16:ff:f9:19:39:f2:6a:0d:b9:89:
         97:f3:92:76:0a:ea:7f:46:76:77:4e:66:f5:99:5b:96:98:70:
         b5:c7:d2:14:7e:6b:bb:47:c6:a9:0f:f6:13:06:81:09:9a:51:
         61:15:55:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAY/pLpcGHMYjYD8x7JiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWVlMmQ5MDljOWI3NWM2ZDIwODRlMzM3OWJmMDMyNzRi
Nzc2ZjQwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDI0NzA1ZDVmNGE2MWIwNWRlNzkzYzUzMzFmNDlkMWZkMWE1ZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFqRJn8YDIoPhpev6A4GfgJyJBJf
dsftJ11/C8fC4+hyNjGqounZQ0MmqJ5vK3lUMiK/TtLEbXAkrJPIavr2M8o4c/MC
cOpdK+w+3IO4jSJzUc0y0lzUXePGGE1R46x1ttfRy7PmFQcO/9c3FxSdFThd0Yvp
Sdi3kwOglkaJHll7vefsplNQPh5e1yodMhftW4i/9UP4LIvNy7GlAGuoCKoaWaYO
wohOTvlsEwmpLeq+w9rjNO1uetam8rVCrCJIZLRxbCqT1VeCcteDEhuZJ+08lmRm
XyQKq5D4eLwH05jBkY+rLV+db/IkNcpQ3WhBvrgPdrqnpKhDCAbeU9PfaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQkcF1fSmGwXeeTxTMfSdH9Gl74MB8GA1UdIwQY
MBaAFMFe4tkJybdcbSCE4zeb8DJ0t3b0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y3aTJRbkp0MXh0SUlUak41dndNblMzZHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hNzY1ZGEtNGFhMS00N2EyLThiNWQt
ZWJlNDM5MDVlYjgxLzEvZENSd1hWOUtZYkJkNTVQRk14OUowZjBhWHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hNzY1ZGEtNGFhMS00N2EyLThiNWQtZWJlNDM5MDVlYjgx
LzEvd1Y3aTJRbkp0MXh0SUlUak41dndNblMzZHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwYfYMA0G
CSqGSIb3DQEBCwUAA4IBAQBFezb4XVkicFmJMB94dwh0f3IetUCa+DTQ1YSidlES
1/mYNweb2MxIrfASoyAfAVtWp4v33BGQjhUCc8IsYGjU0zw9rx7KyfaFlWpoqPhc
w7rlFRAJBdKTIiWrrqpB0r/5crVdjsWavfP8cXWG5snPVTo2ewVo5GXW0LkbUJEr
95d66PXjKoEbTsSakCakd4TL+fUMh96axiQwmCZhcACSuyOWW4CEv1QrJS84AuTk
/upg8lnG8Hlf/RLO//wIkDXTcJsHog4Lo7XbOtkDbxb/+Rk58moNuYmX85J2Cup/
RnZ3Tmb1mVuWmHC1x9IUfmu7R8apD/YTBoEJmlFhFVWu
-----END CERTIFICATE-----