Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/o9Wow6kC1jQPUQ45bI2bbxLFrlY.roa
File:                     o9Wow6kC1jQPUQ45bI2bbxLFrlY.roa (raw, json)
Hash identifier:          duJSB3HlrJUcSu+CCQ0txCqS1lnv2uSTuUMJl+oCDD4=
Subject key identifier:   A3:D5:A8:C3:A9:02:D6:34:0F:51:0E:39:6C:8D:9B:6F:12:C5:AE:56
Certificate issuer:       /CN=19aed7327289167009b96c40e3880ade66800a3f
Certificate serial:       018CC94E3E446B89D319520499F718F55F17
Authority key identifier: 19:AE:D7:32:72:89:16:70:09:B9:6C:40:E3:88:0A:DE:66:80:0A:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ga7XMnKJFnAJuWxA44gK3maACj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/o9Wow6kC1jQPUQ45bI2bbxLFrlY.roa
Signing time:             Tue 02 Jan 2024 08:33:17 +0000
ROA not before:           Tue 02 Jan 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42404
IP address blocks:        193.33.90.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/Ga7XMnKJFnAJuWxA44gK3maACj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/Ga7XMnKJFnAJuWxA44gK3maACj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ga7XMnKJFnAJuWxA44gK3maACj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3e:44:6b:89:d3:19:52:04:99:f7:18:f5:5f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19aed7327289167009b96c40e3880ade66800a3f
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3d5a8c3a902d6340f510e396c8d9b6f12c5ae56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:91:0b:f8:cd:da:05:0d:ce:b2:07:bc:8e:88:
                    17:9f:ec:42:07:02:c8:51:7b:d8:6a:3d:c5:b6:3d:
                    8a:5b:80:07:84:38:ec:e7:1b:d2:1e:4b:8f:db:65:
                    8b:5c:c7:d3:ac:5b:f4:e0:f5:6e:3d:6b:a0:a0:1e:
                    3f:af:41:5c:f8:b8:a1:6b:f5:00:a3:61:28:52:69:
                    34:49:26:00:c5:0a:dd:b8:0d:eb:3c:f0:6d:7e:c4:
                    7c:f1:c4:68:e3:9b:2a:c6:04:d8:f4:89:15:d7:e5:
                    5d:47:5e:db:fa:e8:8a:93:71:48:53:b4:52:ec:cc:
                    6f:8d:65:f0:91:26:e8:df:a9:37:34:54:1a:fe:7c:
                    1e:78:33:48:a4:d0:30:1d:c7:9a:b7:ab:92:fa:42:
                    d5:68:a6:62:e8:35:8d:f5:83:fe:58:3a:b8:6e:d2:
                    fb:db:3f:ee:5e:32:06:96:1f:0c:fb:63:02:f5:6a:
                    72:16:da:31:ff:60:cf:25:58:a7:e1:f6:23:32:44:
                    5c:8e:c5:44:70:28:ac:02:0b:4a:f1:90:ff:2d:9f:
                    44:52:ae:34:c5:76:d3:f6:dd:3b:01:3f:1f:ba:4c:
                    15:0d:4b:ad:60:70:63:78:8f:fe:3f:f4:2c:08:81:
                    88:eb:e6:5a:6d:e2:5c:a5:4d:52:7e:be:7d:27:23:
                    06:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D5:A8:C3:A9:02:D6:34:0F:51:0E:39:6C:8D:9B:6F:12:C5:AE:56
            X509v3 Authority Key Identifier:
                keyid:19:AE:D7:32:72:89:16:70:09:B9:6C:40:E3:88:0A:DE:66:80:0A:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ga7XMnKJFnAJuWxA44gK3maACj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/o9Wow6kC1jQPUQ45bI2bbxLFrlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/349616-e10e-41d7-9898-09aef8043b35/1/Ga7XMnKJFnAJuWxA44gK3maACj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:81:a1:5c:fa:bd:65:d4:5d:a1:41:d0:e6:37:a9:46:89:90:
         f7:a5:51:f7:d9:a2:01:b2:f6:b4:70:3d:fc:41:f0:1d:d3:cc:
         2b:54:17:b5:e8:a2:d8:e8:10:de:fd:30:17:32:d4:e8:e1:a7:
         b7:f1:ab:b6:24:12:91:43:46:f3:14:e9:05:ff:44:fb:31:a6:
         00:e3:b7:d8:2e:4d:50:57:a8:10:80:36:c2:45:11:46:54:a1:
         24:9d:ae:4b:e5:aa:72:a1:a4:27:9d:6a:b9:62:07:19:78:23:
         fc:10:56:54:2d:19:6c:2e:15:8b:e4:7b:e6:85:0d:ad:c5:17:
         f9:06:78:e3:bc:59:6c:8f:39:c8:3a:d5:f2:a8:22:f3:b9:3c:
         bf:a1:6b:e8:f3:6d:e9:52:65:0e:34:fa:5f:a6:22:51:be:ef:
         f3:c2:ec:a2:00:21:6f:de:ac:f9:87:b9:5a:c6:6c:de:44:c2:
         37:c2:98:9b:b1:fd:d8:14:67:16:8b:51:cb:de:6b:a1:cf:f2:
         7b:58:56:a8:30:aa:25:60:a6:30:82:89:42:1e:23:51:84:76:
         83:f1:71:68:ab:c5:a6:6e:0c:69:46:07:56:c3:c5:65:4b:a3:
         ee:d7:ee:8d:43:ce:a7:c3:56:88:a7:8a:c3:41:7c:69:ba:db:
         d2:8a:4c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTj5Ea4nTGVIEmfcY9V8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YWVkNzMyNzI4OTE2NzAwOWI5NmM0MGUzODgwYWRlNjY4
MDBhM2YwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q1YThjM2E5MDJkNjM0MGY1MTBlMzk2YzhkOWI2ZjEyYzVhZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZEL+M3aBQ3Osge8jogXn+xCBwLI
UXvYaj3Ftj2KW4AHhDjs5xvSHkuP22WLXMfTrFv04PVuPWugoB4/r0Fc+Liha/UA
o2EoUmk0SSYAxQrduA3rPPBtfsR88cRo45sqxgTY9IkV1+VdR17b+uiKk3FIU7RS
7MxvjWXwkSbo36k3NFQa/nweeDNIpNAwHceat6uS+kLVaKZi6DWN9YP+WDq4btL7
2z/uXjIGlh8M+2MC9WpyFtox/2DPJVin4fYjMkRcjsVEcCisAgtK8ZD/LZ9EUq40
xXbT9t07AT8fukwVDUutYHBjeI/+P/QsCIGI6+ZabeJcpU1Sfr59JyMGtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPVqMOpAtY0D1EOOWyNm28Sxa5WMB8GA1UdIwQY
MBaAFBmu1zJyiRZwCblsQOOICt5mgAo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2E3WE1uS0pGbkFKdVd4QTQ0Z0szbWFBQ2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNDk2MTYtZTEwZS00MWQ3LTk4OTgt
MDlhZWY4MDQzYjM1LzEvbzlXb3c2a0MxalFQVVE0NWJJMmJieExGcmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNDk2MTYtZTEwZS00MWQ3LTk4OTgtMDlhZWY4MDQzYjM1
LzEvR2E3WE1uS0pGbkFKdVd4QTQ0Z0szbWFBQ2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSFaMA0G
CSqGSIb3DQEBCwUAA4IBAQBxgaFc+r1l1F2hQdDmN6lGiZD3pVH32aIBsva0cD38
QfAd08wrVBe16KLY6BDe/TAXMtTo4ae38au2JBKRQ0bzFOkF/0T7MaYA47fYLk1Q
V6gQgDbCRRFGVKEkna5L5apyoaQnnWq5YgcZeCP8EFZULRlsLhWL5HvmhQ2txRf5
BnjjvFlsjznIOtXyqCLzuTy/oWvo823pUmUONPpfpiJRvu/zwuyiACFv3qz5h7la
xmzeRMI3wpibsf3YFGcWi1HL3muhz/J7WFaoMKolYKYwgolCHiNRhHaD8XFoq8Wm
bgxpRgdWw8VlS6Pu1+6NQ86nw1aIp4rDQXxputvSikyL
-----END CERTIFICATE-----