Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/g0VDF22EfLFXopEQTAJQttSztkg.roa
File:                     g0VDF22EfLFXopEQTAJQttSztkg.roa (raw, json)
Hash identifier:          LKXkY/yH3o98KgY5c4kmYTLTNkRgi2s8EnYBmKgfNaM=
Subject key identifier:   83:45:43:17:6D:84:7C:B1:57:A2:91:10:4C:02:50:B6:D4:B3:B6:48
Certificate issuer:       /CN=3d897bd8c6df1cb71410fe194bed739a2f8a6773
Certificate serial:       018CC9BC34B179103EA61F2164BDC9D86A52
Authority key identifier: 3D:89:7B:D8:C6:DF:1C:B7:14:10:FE:19:4B:ED:73:9A:2F:8A:67:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/g0VDF22EfLFXopEQTAJQttSztkg.roa
Signing time:             Tue 02 Jan 2024 10:33:23 +0000
ROA not before:           Tue 02 Jan 2024 10:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15497
IP address blocks:        193.41.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:34:b1:79:10:3e:a6:1f:21:64:bd:c9:d8:6a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d897bd8c6df1cb71410fe194bed739a2f8a6773
        Validity
            Not Before: Jan  2 10:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=834543176d847cb157a291104c0250b6d4b3b648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d6:e2:3e:b5:5a:cb:75:1e:53:30:44:c5:6b:
                    92:aa:03:41:11:e5:28:a4:99:e7:ea:67:45:31:39:
                    53:30:21:ff:77:42:9d:d7:88:0b:58:1d:b6:cf:45:
                    50:e8:8e:5c:80:55:0f:b0:d2:98:86:15:e7:69:54:
                    2c:da:9c:af:5e:d3:21:3c:40:04:5d:ca:e6:f1:46:
                    57:53:17:f7:29:ed:9c:59:c7:dd:f6:c2:ba:3a:b1:
                    ac:95:74:66:f0:be:eb:21:27:4c:0b:33:87:0e:e8:
                    2f:b9:62:7b:14:db:2f:fe:3b:2e:28:b5:98:f0:b6:
                    5a:b2:91:b5:4d:0a:44:17:c2:9a:bb:04:c5:18:9b:
                    e2:f9:79:28:a7:6b:ba:f3:68:c3:c3:3c:f7:3e:79:
                    dc:37:d5:d4:f1:8e:0c:6f:21:19:9d:ba:81:ec:4d:
                    27:ca:fc:a8:76:e7:62:46:13:c4:64:d5:a4:1a:80:
                    03:96:5c:f0:3c:bc:40:00:4b:fc:8f:c4:a1:f0:4e:
                    48:39:6a:2c:09:bb:a7:7d:a8:bf:6d:dd:27:15:a3:
                    38:63:b6:2b:76:e1:94:05:93:15:c0:09:c6:7c:92:
                    7f:b6:a9:92:2e:17:20:bb:ba:0c:7c:00:05:ef:ee:
                    94:a8:f9:43:bb:e8:14:76:27:fa:c9:21:cd:cf:48:
                    4c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:45:43:17:6D:84:7C:B1:57:A2:91:10:4C:02:50:B6:D4:B3:B6:48
            X509v3 Authority Key Identifier:
                keyid:3D:89:7B:D8:C6:DF:1C:B7:14:10:FE:19:4B:ED:73:9A:2F:8A:67:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/g0VDF22EfLFXopEQTAJQttSztkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:5b:69:3d:bf:1b:d4:11:fc:79:ff:d6:ea:13:0e:3e:ab:0e:
         d5:77:61:1b:81:d6:76:20:a7:7c:3f:1a:d0:09:20:c2:26:07:
         4d:30:c5:72:ff:67:8d:11:d6:cc:30:52:80:f5:43:e0:b9:23:
         c2:b3:20:dd:f5:fb:d9:70:92:ad:a7:20:06:b0:81:6f:eb:38:
         d6:bc:b6:e6:ad:98:fa:53:14:84:bc:a4:09:a5:e2:a3:ff:d5:
         7c:0a:44:f0:25:38:2c:ce:80:4c:a7:77:d3:ec:35:ea:69:f3:
         6f:e8:de:ea:c9:80:6f:fb:69:84:7a:af:3c:aa:e1:8b:2a:bb:
         af:3d:fb:52:ce:51:77:8b:7c:5b:91:28:e2:eb:0a:5b:e0:76:
         6c:28:0b:b5:02:3f:ce:e8:13:ee:9a:77:a4:a7:fa:55:a9:fc:
         72:58:3b:bd:a3:20:f0:2e:9a:11:46:d4:3b:50:ba:2c:89:db:
         eb:a6:46:80:a5:04:f8:d4:e3:d9:d2:0f:90:11:2e:7a:c3:9e:
         52:cc:21:fe:e7:f7:54:af:18:2c:3b:51:06:a2:ae:d6:60:17:
         74:15:f3:7b:ff:ec:0b:2d:d6:3f:fa:61:9b:f5:fc:51:32:57:
         26:1d:10:15:3d:6b:cf:01:16:01:6b:d6:3c:a3:a4:cb:39:c5:
         5c:6e:2c:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDSxeRA+ph8hZL3J2GpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkODk3YmQ4YzZkZjFjYjcxNDEwZmUxOTRiZWQ3MzlhMmY4
YTY3NzMwHhcNMjQwMTAyMTAzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ1NDMxNzZkODQ3Y2IxNTdhMjkxMTA0YzAyNTBiNmQ0YjNiNjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNbiPrVay3UeUzBExWuSqgNBEeUo
pJnn6mdFMTlTMCH/d0Kd14gLWB22z0VQ6I5cgFUPsNKYhhXnaVQs2pyvXtMhPEAE
Xcrm8UZXUxf3Ke2cWcfd9sK6OrGslXRm8L7rISdMCzOHDugvuWJ7FNsv/jsuKLWY
8LZaspG1TQpEF8KauwTFGJvi+Xkop2u682jDwzz3PnncN9XU8Y4MbyEZnbqB7E0n
yvyodudiRhPEZNWkGoADllzwPLxAAEv8j8Sh8E5IOWosCbunfai/bd0nFaM4Y7Yr
duGUBZMVwAnGfJJ/tqmSLhcgu7oMfAAF7+6UqPlDu+gUdif6ySHNz0hMEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINFQxdthHyxV6KREEwCULbUs7ZIMB8GA1UdIwQY
MBaAFD2Je9jG3xy3FBD+GUvtc5ovimdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlsNzJNYmZITGNVRVA0WlMtMXptaS1LWjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81NDcxZjgtYzkzOC00MGNjLWIxMzkt
ZjlmOTIxNTBjZDM5LzEvZzBWREYyMkVmTEZYb3BFUVRBSlF0dFN6dGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81NDcxZjgtYzkzOC00MGNjLWIxMzktZjlmOTIxNTBjZDM5
LzEvUFlsNzJNYmZITGNVRVA0WlMtMXptaS1LWjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnvMA0G
CSqGSIb3DQEBCwUAA4IBAQCgW2k9vxvUEfx5/9bqEw4+qw7Vd2EbgdZ2IKd8PxrQ
CSDCJgdNMMVy/2eNEdbMMFKA9UPguSPCsyDd9fvZcJKtpyAGsIFv6zjWvLbmrZj6
UxSEvKQJpeKj/9V8CkTwJTgszoBMp3fT7DXqafNv6N7qyYBv+2mEeq88quGLKruv
PftSzlF3i3xbkSji6wpb4HZsKAu1Aj/O6BPumnekp/pVqfxyWDu9oyDwLpoRRtQ7
ULosidvrpkaApQT41OPZ0g+QES56w55SzCH+5/dUrxgsO1EGoq7WYBd0FfN7/+wL
LdY/+mGb9fxRMlcmHRAVPWvPARYBa9Y8o6TLOcVcbizw
-----END CERTIFICATE-----