Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fVdUIyl4jKuDpxFGP8cEbKeAGd8.roa
File:                     fVdUIyl4jKuDpxFGP8cEbKeAGd8.roa (raw, json)
Hash identifier:          1t2zZSCF+P9A/psNnBE/Pfu8CFsAXomNrW0WZChDmso=
Subject key identifier:   7D:57:54:23:29:78:8C:AB:83:A7:11:46:3F:C7:04:6C:A7:80:19:DF
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424FB4550B110136A612D23685679B3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fVdUIyl4jKuDpxFGP8cEbKeAGd8.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212369
IP address blocks:        193.35.154.0/24 maxlen: 24
                          193.223.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fb:45:50:b1:10:13:6a:61:2d:23:68:56:79:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d57542329788cab83a711463fc7046ca78019df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:48:45:79:52:5f:c8:56:08:d6:4b:3d:4c:82:
                    95:30:3f:eb:ab:8c:d7:2b:73:f0:4c:2c:08:02:7d:
                    e1:cd:1d:5d:7b:63:bf:3d:4b:e2:1f:92:e9:7a:7f:
                    ce:fc:64:2c:e9:d1:d1:3e:03:72:d0:ad:2f:8c:5e:
                    24:17:20:80:a4:55:ee:80:59:f6:8d:c9:52:f9:9e:
                    77:ee:61:c2:da:ca:2e:6a:59:b3:5f:7b:b5:34:62:
                    3f:ea:b0:45:3a:80:93:3c:c4:17:f4:bc:19:09:f0:
                    c9:46:4c:a7:98:46:bd:4d:61:41:8a:dd:ee:60:36:
                    91:67:15:a4:a1:55:93:2f:13:d8:93:50:5b:33:54:
                    8c:2d:a1:13:b7:2f:b4:46:c6:8a:97:ea:e7:07:57:
                    39:f5:98:b1:23:59:0e:ba:dc:dd:e1:3a:03:e3:e1:
                    a0:45:34:90:08:a9:cb:3b:7a:6f:3c:2d:9f:b6:ed:
                    85:7b:6d:ca:c2:5d:7e:7c:3a:5f:78:a1:b1:4f:20:
                    f3:59:36:7d:37:67:1b:14:e5:a0:ff:26:36:de:b9:
                    c2:da:6b:a9:88:8d:e7:fd:59:4a:5d:d7:2d:44:e4:
                    f1:6c:a5:6c:87:01:5a:66:91:7b:94:8b:31:25:99:
                    06:15:98:57:88:26:38:6c:2c:2e:96:f5:bd:a7:7d:
                    21:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:57:54:23:29:78:8C:AB:83:A7:11:46:3F:C7:04:6C:A7:80:19:DF
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fVdUIyl4jKuDpxFGP8cEbKeAGd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.154.0/24
                  193.223.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ae:a3:b6:8b:10:f5:8f:03:2d:a9:ba:21:ad:a0:40:fa:22:
         b3:5e:72:61:b5:ab:5a:17:8c:a1:b7:1f:6f:fd:9a:e8:d3:2b:
         9f:bb:28:b1:f3:b4:bb:d3:c1:48:1e:39:c4:3b:68:80:dd:07:
         d7:c3:aa:2f:b3:d3:ea:e4:05:ac:ec:36:59:68:6a:b8:27:c5:
         5e:98:17:f7:00:a9:7e:b6:c6:e9:75:97:42:61:f5:79:15:36:
         e2:02:84:8b:e6:d2:a3:21:f3:01:a1:9d:e2:02:1b:79:df:95:
         26:ff:9e:84:04:57:d1:98:89:07:d0:17:41:d7:29:3f:c0:86:
         30:a2:4b:01:f1:a5:2b:a2:42:f0:70:1c:38:fa:72:32:e2:16:
         a4:e6:cf:e5:8b:d7:0c:35:2f:3b:10:e7:34:db:1b:c7:ad:22:
         c0:19:7c:86:55:a0:ae:f0:f0:63:f8:90:71:79:35:b3:fa:a9:
         ed:03:95:f1:e9:2e:3c:0c:d2:f7:d1:b5:3e:c6:ef:93:83:e4:
         0b:e3:02:cb:99:c5:d0:f9:7a:1f:03:55:91:21:15:44:ca:21:
         71:f9:18:fe:82:7a:81:ec:ce:8f:9b:7a:df:b7:ff:e8:44:b3:
         a6:7d:d7:ec:7b:fd:97:6e:9e:c6:77:39:32:ef:ee:8d:80:61:
         82:6d:b8:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJPtFULEQE2phLSNoVnmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDU3NTQyMzI5Nzg4Y2FiODNhNzExNDYzZmM3MDQ2Y2E3ODAxOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0hFeVJfyFYI1ks9TIKVMD/rq4zX
K3PwTCwIAn3hzR1de2O/PUviH5Lpen/O/GQs6dHRPgNy0K0vjF4kFyCApFXugFn2
jclS+Z537mHC2soualmzX3u1NGI/6rBFOoCTPMQX9LwZCfDJRkynmEa9TWFBit3u
YDaRZxWkoVWTLxPYk1BbM1SMLaETty+0RsaKl+rnB1c59ZixI1kOutzd4ToD4+Gg
RTSQCKnLO3pvPC2ftu2Fe23Kwl1+fDpfeKGxTyDzWTZ9N2cbFOWg/yY23rnC2mup
iI3n/VlKXdctROTxbKVshwFaZpF7lIsxJZkGFZhXiCY4bCwulvW9p30hgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH1XVCMpeIyrg6cRRj/HBGyngBnfMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZlZkVUl5bDRqS3VEcHhGR1A4Y0ViS2VBR2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSOaAwQA
wd9rMA0GCSqGSIb3DQEBCwUAA4IBAQCUrqO2ixD1jwMtqbohraBA+iKzXnJhtata
F4yhtx9v/Zro0yufuyix87S708FIHjnEO2iA3QfXw6ovs9Pq5AWs7DZZaGq4J8Ve
mBf3AKl+tsbpdZdCYfV5FTbiAoSL5tKjIfMBoZ3iAht535Um/56EBFfRmIkH0BdB
1yk/wIYwoksB8aUrokLwcBw4+nIy4hak5s/li9cMNS87EOc02xvHrSLAGXyGVaCu
8PBj+JBxeTWz+qntA5Xx6S48DNL30bU+xu+Tg+QL4wLLmcXQ+XofA1WRIRVEyiFx
+Rj+gnqB7M6Pm3rft//oRLOmfdfse/2Xbp7Gdzky7+6NgGGCbbjB
-----END CERTIFICATE-----