Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Hs3gigINlyMNsbqmMwaQvmmdSCk.roa
File:                     Hs3gigINlyMNsbqmMwaQvmmdSCk.roa (raw, json)
Hash identifier:          /rw24s8QK1iGSFHs89o4yjcrS3MagdbDH0V6lefikd4=
Subject key identifier:   1E:CD:E0:8A:02:0D:97:23:0D:B1:BA:A6:33:06:90:BE:69:9D:48:29
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F696D7526062FC355EC753091524
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Hs3gigINlyMNsbqmMwaQvmmdSCk.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209604
IP address blocks:        193.35.154.0/24 maxlen: 24
                          193.223.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f6:96:d7:52:60:62:fc:35:5e:c7:53:09:15:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ecde08a020d97230db1baa6330690be699d4829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:04:a5:2f:85:97:b7:b4:fe:04:39:f9:15:5e:
                    29:4c:bb:9f:fc:a2:e3:1c:05:67:22:72:79:f7:88:
                    52:ab:3c:d7:95:c0:04:43:0e:14:64:05:d5:47:d9:
                    3e:6e:c7:82:fc:38:0e:06:66:e7:c4:db:80:21:57:
                    f1:f8:90:0c:d8:ac:de:08:5d:05:fc:e1:14:9c:2d:
                    1b:83:da:17:bd:12:dc:95:75:ed:25:b1:25:5b:49:
                    5b:4a:31:24:24:d0:43:a4:79:92:fb:ae:be:cc:0f:
                    07:ac:44:22:a5:a3:01:15:46:44:c9:d7:e6:e4:5c:
                    48:d2:a4:ff:49:4d:5e:28:6f:22:a3:82:44:bf:6d:
                    ad:d4:f0:7d:19:c7:ae:d5:76:17:21:18:ff:e4:1c:
                    8e:4e:7d:68:bc:4c:fb:26:1e:1c:03:18:33:10:cd:
                    1d:83:9f:19:1a:89:89:9a:2e:2a:6a:63:6e:d9:c1:
                    20:34:27:e2:e9:39:44:96:9f:ab:92:d7:9c:32:43:
                    81:8e:12:ce:b9:20:b9:bd:95:a6:d8:17:b3:6d:62:
                    d3:22:e5:cd:2b:40:fd:2b:08:2c:d5:45:a4:6c:96:
                    06:98:97:a3:6e:73:c0:dd:1b:44:21:7f:7c:ea:82:
                    a2:c1:e4:72:6d:da:dc:10:19:de:bd:92:61:4d:c3:
                    f8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CD:E0:8A:02:0D:97:23:0D:B1:BA:A6:33:06:90:BE:69:9D:48:29
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Hs3gigINlyMNsbqmMwaQvmmdSCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.154.0/24
                  193.223.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:1a:a1:ea:ea:18:e0:05:0b:82:d7:62:bb:c5:00:61:92:4f:
         6b:35:ac:5c:fd:05:4b:65:56:40:0a:be:df:d9:69:7f:af:55:
         ae:12:3d:6f:bd:72:e6:5c:7b:57:42:63:71:77:b0:35:6f:28:
         ce:ba:25:af:1c:96:01:fb:9d:0a:63:60:ae:81:a7:1f:ab:2d:
         b2:ef:46:6a:1f:57:52:29:65:7a:f6:18:b2:e4:7e:38:8f:d3:
         66:60:f1:d3:6d:67:fa:10:a1:02:51:af:b3:4d:db:91:bb:a0:
         f3:33:8a:8a:2c:52:79:5e:c3:51:a4:16:49:e1:6a:9b:51:c0:
         d2:98:8f:f5:09:b1:e7:d4:20:0e:4a:7b:d7:1f:48:81:62:b0:
         41:77:82:04:d4:7f:02:bf:cd:68:8e:0a:2d:8b:14:20:36:4e:
         2a:83:b5:61:b1:e6:50:20:e1:7a:b1:ae:ab:b6:c1:12:90:d2:
         80:4e:35:86:de:38:ca:6f:4f:9a:21:cf:55:d5:10:e5:42:6f:
         a6:2d:29:75:78:de:75:f0:70:1c:71:39:99:d5:c9:a3:ee:7b:
         38:6b:93:30:cd:e8:4d:3f:7f:0b:1e:13:d7:cc:fe:2e:b7:68:
         85:c8:3a:ac:3a:2a:23:89:50:f5:58:2e:eb:81:8e:7a:6a:b7:
         f2:9b:e4:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJPaW11JgYvw1XsdTCRUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNkZTA4YTAyMGQ5NzIzMGRiMWJhYTYzMzA2OTBiZTY5OWQ0ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwSlL4WXt7T+BDn5FV4pTLuf/KLj
HAVnInJ594hSqzzXlcAEQw4UZAXVR9k+bseC/DgOBmbnxNuAIVfx+JAM2KzeCF0F
/OEUnC0bg9oXvRLclXXtJbElW0lbSjEkJNBDpHmS+66+zA8HrEQipaMBFUZEydfm
5FxI0qT/SU1eKG8io4JEv22t1PB9Gceu1XYXIRj/5ByOTn1ovEz7Jh4cAxgzEM0d
g58ZGomJmi4qamNu2cEgNCfi6TlElp+rktecMkOBjhLOuSC5vZWm2BezbWLTIuXN
K0D9Kwgs1UWkbJYGmJejbnPA3RtEIX986oKiweRybdrcEBnevZJhTcP4ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB7N4IoCDZcjDbG6pjMGkL5pnUgpMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvSHMzZ2lnSU5seU1Oc2JxbU13YVF2bW1kU0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSOaAwQA
wd9rMA0GCSqGSIb3DQEBCwUAA4IBAQCwGqHq6hjgBQuC12K7xQBhkk9rNaxc/QVL
ZVZACr7f2Wl/r1WuEj1vvXLmXHtXQmNxd7A1byjOuiWvHJYB+50KY2Cugacfqy2y
70ZqH1dSKWV69hiy5H44j9NmYPHTbWf6EKECUa+zTduRu6DzM4qKLFJ5XsNRpBZJ
4WqbUcDSmI/1CbHn1CAOSnvXH0iBYrBBd4IE1H8Cv81ojgotixQgNk4qg7VhseZQ
IOF6sa6rtsESkNKATjWG3jjKb0+aIc9V1RDlQm+mLSl1eN518HAccTmZ1cmj7ns4
a5MwzehNP38LHhPXzP4ut2iFyDqsOiojiVD1WC7rgY56arfym+SL
-----END CERTIFICATE-----