Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/1-V20zBEi12-2d5HMz8LTEwwNAw8.roa
File:                     1-V20zBEi12-2d5HMz8LTEwwNAw8.roa (raw, json)
Hash identifier:          5w72o6LIcA285HIHGIIrdkYEbmR+pycR/OWA6XOJDE8=
Subject key identifier:   F9:5D:B4:CC:11:22:D7:6F:B6:77:91:CC:CF:C2:D3:13:0C:0D:03:0F
Certificate issuer:       /CN=08269543ca47158b7e777587adeffd7e7c68b061
Certificate serial:       018CC94C0659E23C4A276707E1F5E42573E7
Authority key identifier: 08:26:95:43:CA:47:15:8B:7E:77:75:87:AD:EF:FD:7E:7C:68:B0:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCaVQ8pHFYt-d3WHre_9fnxosGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/1-V20zBEi12-2d5HMz8LTEwwNAw8.roa
Signing time:             Tue 02 Jan 2024 08:30:51 +0000
ROA not before:           Tue 02 Jan 2024 08:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12333
IP address blocks:        193.135.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/CCaVQ8pHFYt-d3WHre_9fnxosGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/CCaVQ8pHFYt-d3WHre_9fnxosGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCaVQ8pHFYt-d3WHre_9fnxosGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:06:59:e2:3c:4a:27:67:07:e1:f5:e4:25:73:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08269543ca47158b7e777587adeffd7e7c68b061
        Validity
            Not Before: Jan  2 08:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f95db4cc1122d76fb67791cccfc2d3130c0d030f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fd:34:e8:f6:2b:7d:8d:ab:09:f3:3f:25:80:
                    39:c0:90:9a:13:b0:6c:81:f9:12:2c:08:a9:ad:a4:
                    5b:97:75:33:88:c0:1b:e5:0c:e7:9b:4b:f0:69:62:
                    0a:57:b5:c5:3e:3d:8a:4a:0e:4e:21:be:2c:ee:5e:
                    f8:a1:9a:2b:1e:fc:99:9d:73:6e:47:7f:ca:df:74:
                    da:7f:dc:94:1c:93:f8:7f:55:9c:b9:e9:a9:43:91:
                    c0:6e:2d:48:76:b0:4f:6e:fe:49:9f:2f:19:71:89:
                    ac:d2:e1:33:83:f6:2a:54:7f:1b:64:8f:58:7c:a2:
                    fb:cf:c3:cc:9e:d5:b3:43:1f:40:c0:8c:d8:e7:ae:
                    75:d1:79:57:92:f2:71:c5:ef:ca:ab:2b:14:11:f9:
                    e9:18:db:c4:f4:97:8d:26:17:41:e7:76:7c:04:9d:
                    82:bd:6e:c8:64:9d:59:15:d2:53:1e:82:f2:61:c1:
                    d1:2d:81:dd:22:d4:9e:1e:e5:f2:ca:68:65:49:fb:
                    9d:63:14:15:71:78:3c:60:5a:71:a6:08:6e:ba:51:
                    2a:18:06:51:89:48:aa:bf:2a:e7:51:eb:30:6a:f1:
                    2a:a7:3e:74:7c:d8:2e:ab:00:ec:bd:82:76:c4:f0:
                    77:d5:d1:f3:4d:38:18:6e:04:92:cb:e6:27:e2:8b:
                    b4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5D:B4:CC:11:22:D7:6F:B6:77:91:CC:CF:C2:D3:13:0C:0D:03:0F
            X509v3 Authority Key Identifier:
                keyid:08:26:95:43:CA:47:15:8B:7E:77:75:87:AD:EF:FD:7E:7C:68:B0:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCaVQ8pHFYt-d3WHre_9fnxosGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/1-V20zBEi12-2d5HMz8LTEwwNAw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7ef6a6-f22b-4216-8618-60ffde0cd7c7/1/CCaVQ8pHFYt-d3WHre_9fnxosGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c5:df:bc:74:6d:5e:68:ca:29:bd:02:6e:15:2c:09:9c:20:dd:
         05:fb:32:5b:59:5e:0e:95:17:fa:9c:09:62:44:b7:e9:3e:1e:
         38:f4:52:33:4e:29:c3:8c:96:ce:3c:4a:8d:21:ac:b2:37:15:
         e1:86:98:95:95:dc:42:43:c9:dd:84:36:68:84:df:6e:fc:83:
         c5:b9:9b:59:35:a0:04:9e:07:73:8a:c8:39:94:bc:1a:26:ad:
         3c:de:10:4a:e8:fa:7d:54:4e:17:37:7a:47:09:c8:40:98:75:
         fd:19:fd:58:f6:2d:42:a3:f8:f5:5e:6b:fe:48:b3:52:3c:2c:
         63:3a:91:aa:d8:c3:d5:25:e1:63:da:2b:f6:7f:31:87:87:aa:
         2b:ce:89:44:3a:dd:27:5e:65:62:c9:81:5e:11:41:2c:53:5e:
         27:e8:b3:57:cf:7b:28:03:7a:d4:3e:56:22:42:19:31:17:dc:
         c7:92:47:59:c6:de:a9:3f:1f:a2:ed:a2:b2:19:08:e4:8f:b9:
         da:c2:c5:e3:8f:46:d2:8c:cb:b8:b0:8b:ca:92:fc:88:a8:87:
         b4:f2:3d:c4:6a:c9:8e:cc:6d:29:36:9b:52:ae:00:14:ff:a9:
         b4:44:ab:f7:dc:19:08:b5:7b:3b:3d:f3:13:35:7b:2a:87:96:
         fa:96:1d:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTAZZ4jxKJ2cH4fXkJXPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MjY5NTQzY2E0NzE1OGI3ZTc3NzU4N2FkZWZmZDdlN2M2
OGIwNjEwHhcNMjQwMTAyMDgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTVkYjRjYzExMjJkNzZmYjY3NzkxY2NjZmMyZDMxMzBjMGQwMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0f006PYrfY2rCfM/JYA5wJCaE7Bs
gfkSLAipraRbl3UziMAb5Qznm0vwaWIKV7XFPj2KSg5OIb4s7l74oZorHvyZnXNu
R3/K33Taf9yUHJP4f1WcuempQ5HAbi1IdrBPbv5Jny8ZcYms0uEzg/YqVH8bZI9Y
fKL7z8PMntWzQx9AwIzY56510XlXkvJxxe/KqysUEfnpGNvE9JeNJhdB53Z8BJ2C
vW7IZJ1ZFdJTHoLyYcHRLYHdItSeHuXyymhlSfudYxQVcXg8YFpxpghuulEqGAZR
iUiqvyrnUeswavEqpz50fNguqwDsvYJ2xPB31dHzTTgYbgSSy+Yn4ou0RwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPldtMwRItdvtneRzM/C0xMMDQMPMB8GA1UdIwQY
MBaAFAgmlUPKRxWLfnd1h63v/X58aLBhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0NhVlE4cEhGWXQtZDNXSHJlXzlmbnhvc0dFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83ZWY2YTYtZjIyYi00MjE2LTg2MTgt
NjBmZmRlMGNkN2M3LzEvMS1WMjB6QkVpMTItMmQ1SE16OExURXd3TkF3OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvN2VmNmE2LWYyMmItNDIxNi04NjE4LTYwZmZkZTBjZDdj
Ny8xL0NDYVZROHBIRll0LWQzV0hyZV85Zm54b3NHRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcGHpjAN
BgkqhkiG9w0BAQsFAAOCAQEAxd+8dG1eaMopvQJuFSwJnCDdBfsyW1leDpUX+pwJ
YkS36T4eOPRSM04pw4yWzjxKjSGssjcV4YaYlZXcQkPJ3YQ2aITfbvyDxbmbWTWg
BJ4Hc4rIOZS8GiatPN4QSuj6fVROFzd6RwnIQJh1/Rn9WPYtQqP49V5r/kizUjws
YzqRqtjD1SXhY9or9n8xh4eqK86JRDrdJ15lYsmBXhFBLFNeJ+izV897KAN61D5W
IkIZMRfcx5JHWcbeqT8fou2ishkI5I+52sLF449G0ozLuLCLypL8iKiHtPI9xGrJ
jsxtKTabUq4AFP+ptESr99wZCLV7Oz3zEzV7KoeW+pYdVA==
-----END CERTIFICATE-----