Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/jk40RH9sWjxlk7f7d1TrB4RqBMg.roa
File:                     jk40RH9sWjxlk7f7d1TrB4RqBMg.roa (raw, json)
Hash identifier:          UJvLvuQA6I8jujdpy+fOPQAbeRyNVuPvityCa/rSqkA=
Subject key identifier:   8E:4E:34:44:7F:6C:5A:3C:65:93:B7:FB:77:54:EB:07:84:6A:04:C8
Certificate issuer:       /CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
Certificate serial:       018CC493456D04174730D6A160223A73DCB7
Authority key identifier: EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/jk40RH9sWjxlk7f7d1TrB4RqBMg.roa
Signing time:             Mon 01 Jan 2024 10:30:35 +0000
ROA not before:           Mon 01 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        217.28.163.0/24 maxlen: 24
                          193.32.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:45:6d:04:17:47:30:d6:a1:60:22:3a:73:dc:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
        Validity
            Not Before: Jan  1 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e4e34447f6c5a3c6593b7fb7754eb07846a04c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c4:b2:29:da:bc:d2:d5:40:33:77:66:17:2f:
                    4c:34:ea:b5:0a:32:eb:dc:68:a1:39:79:a8:24:c0:
                    55:ee:c0:46:46:99:a7:bc:47:4c:3c:dc:47:f8:1c:
                    f9:86:ec:a4:ef:6e:6b:ee:32:8b:8e:ed:dd:97:2c:
                    f8:cb:a1:e9:e5:df:4e:e6:b2:3d:b4:0b:b1:d3:12:
                    f0:b5:99:51:00:f4:1b:f8:d9:9b:ad:c0:93:f6:8a:
                    18:7e:cc:aa:84:06:37:e3:2e:9a:07:1c:08:1c:00:
                    ad:6b:f0:94:69:f6:90:01:5b:b1:bf:ac:4f:f5:72:
                    47:2e:f1:43:5f:0a:7e:d6:ca:6e:35:63:96:b0:75:
                    af:72:9e:3b:a2:d2:63:bb:99:0a:e2:ef:4c:c9:93:
                    b2:8a:01:be:df:c2:88:8c:ec:15:ec:fb:1f:b1:7c:
                    c9:0f:64:be:8a:d1:f7:db:65:05:ae:3a:f1:57:7a:
                    a3:e9:c4:20:df:c9:96:9a:90:90:b2:5a:24:c2:fe:
                    d5:d6:53:60:5d:d5:cc:02:47:98:a0:e3:d9:28:2d:
                    9f:a7:2a:ae:fa:58:73:44:d9:c9:52:18:fc:87:b7:
                    79:3f:63:e3:55:d0:0b:64:6a:09:d2:dc:e2:33:be:
                    2e:e9:10:56:1f:e4:29:be:be:99:90:cf:e3:ac:b5:
                    23:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:4E:34:44:7F:6C:5A:3C:65:93:B7:FB:77:54:EB:07:84:6A:04:C8
            X509v3 Authority Key Identifier:
                keyid:EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/jk40RH9sWjxlk7f7d1TrB4RqBMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.244.0/24
                  217.28.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:36:ac:d5:df:7f:dd:dd:d0:b0:50:2a:c7:54:13:5d:dd:38:
         9b:b7:94:f5:3c:d5:13:ce:86:31:bf:61:50:4d:06:24:10:f9:
         3d:27:ea:0c:5a:5b:9d:c3:09:f5:0d:49:09:8c:43:69:7e:3c:
         07:81:53:5c:4b:17:70:37:66:b6:ca:fe:6f:79:2a:20:02:56:
         58:6a:c6:f0:1b:5b:f0:93:cd:18:a6:07:61:3c:db:d7:61:9b:
         78:63:81:dd:e2:cd:b9:62:3b:3d:f9:8a:53:44:a4:cb:99:8b:
         1e:15:a6:e9:b6:ae:44:f4:c8:91:42:80:b3:55:67:46:8a:76:
         66:ad:88:02:f7:c0:0c:fa:9c:34:28:02:47:8c:06:c6:3b:a9:
         54:34:c3:fe:d0:28:4d:96:89:3a:bf:48:42:c9:f7:04:a2:4a:
         2e:bb:23:ac:29:18:03:bc:2f:af:ee:25:3b:ec:6f:7b:64:92:
         48:d2:89:e5:9b:a4:e4:bd:f0:b1:7a:28:80:7a:75:bd:58:8e:
         f3:f3:83:bc:48:b3:f3:87:15:c7:76:51:2f:6a:4d:b3:c2:d8:
         41:0f:d7:3c:28:a5:b9:c5:4f:e4:7c:25:6a:f0:50:68:8d:81:
         c1:e7:9d:d4:4d:49:c0:6d:c1:c0:8c:de:e6:ac:f7:c9:be:68:
         36:66:ab:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk0VtBBdHMNahYCI6c9y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2ZkNWQzMzA2MWE5ZGU5MjBhZjFjMmExMzUxM2Q0NmRk
MjQ2MTIwHhcNMjQwMTAxMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTRlMzQ0NDdmNmM1YTNjNjU5M2I3ZmI3NzU0ZWIwNzg0NmEwNGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8SyKdq80tVAM3dmFy9MNOq1CjLr
3GihOXmoJMBV7sBGRpmnvEdMPNxH+Bz5huyk725r7jKLju3dlyz4y6Hp5d9O5rI9
tAux0xLwtZlRAPQb+NmbrcCT9ooYfsyqhAY34y6aBxwIHACta/CUafaQAVuxv6xP
9XJHLvFDXwp+1spuNWOWsHWvcp47otJju5kK4u9MyZOyigG+38KIjOwV7PsfsXzJ
D2S+itH322UFrjrxV3qj6cQg38mWmpCQslokwv7V1lNgXdXMAkeYoOPZKC2fpyqu
+lhzRNnJUhj8h7d5P2PjVdALZGoJ0tziM74u6RBWH+Qpvr6ZkM/jrLUjPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5ONER/bFo8ZZO3+3dU6weEagTIMB8GA1UdIwQY
MBaAFO9/1dMwYanekgrxwqE1E9Rt0kYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgt
YTEwMmJlMzgyZTUxLzEvams0MFJIOXNXanhsazdmN2QxVHJCNFJxQk1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgtYTEwMmJlMzgyZTUx
LzEvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSD0AwQA
2RyjMA0GCSqGSIb3DQEBCwUAA4IBAQAqNqzV33/d3dCwUCrHVBNd3Tibt5T1PNUT
zoYxv2FQTQYkEPk9J+oMWludwwn1DUkJjENpfjwHgVNcSxdwN2a2yv5veSogAlZY
asbwG1vwk80YpgdhPNvXYZt4Y4Hd4s25Yjs9+YpTRKTLmYseFabptq5E9MiRQoCz
VWdGinZmrYgC98AM+pw0KAJHjAbGO6lUNMP+0ChNlok6v0hCyfcEokouuyOsKRgD
vC+v7iU77G97ZJJI0onlm6TkvfCxeiiAenW9WI7z84O8SLPzhxXHdlEvak2zwthB
D9c8KKW5xU/kfCVq8FBojYHB553UTUnAbcHAjN7mrPfJvmg2Zqto
-----END CERTIFICATE-----