Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/u2MY75RIm8oCk8D0ZbWUvYQ_yh8.roa
File:                     u2MY75RIm8oCk8D0ZbWUvYQ_yh8.roa (raw, json)
Hash identifier:          4TbEsGWmOmumAGsDg9d3jhBNY+uAuKsJVz24NhhvHPg=
Subject key identifier:   BB:63:18:EF:94:48:9B:CA:02:93:C0:F4:65:B5:94:BD:84:3F:CA:1F
Certificate issuer:       /CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
Certificate serial:       018F58197E1C5E18CDCC514999C23E456AD8
Authority key identifier: EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/u2MY75RIm8oCk8D0ZbWUvYQ_yh8.roa
Signing time:             Wed 08 May 2024 12:06:56 +0000
ROA not before:           Wed 08 May 2024 12:06:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147185
IP address blocks:        193.32.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 03:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:19:7e:1c:5e:18:cd:cc:51:49:99:c2:3e:45:6a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
        Validity
            Not Before: May  8 12:06:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb6318ef94489bca0293c0f465b594bd843fca1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:48:54:1c:21:6d:0b:90:bd:b7:91:5f:7c:
                    58:e1:6e:f8:86:7d:c1:86:59:46:70:e3:de:56:27:
                    1b:98:91:d7:f0:18:c8:95:81:e4:f5:c7:55:46:45:
                    28:d0:c9:f2:9d:a5:37:e4:e9:0b:97:ec:35:b5:81:
                    db:80:4b:4d:fb:69:4a:df:05:3f:b1:d4:4a:fe:4d:
                    d3:76:a8:4c:ce:51:31:37:e7:ea:cb:37:ac:a5:0c:
                    3c:13:43:0d:e1:6b:67:7e:f9:3a:e2:ca:a0:66:57:
                    5d:f6:24:b4:49:1d:c9:6d:bd:2c:9c:5a:6d:44:36:
                    b8:ab:d0:f0:8c:70:9a:e8:c5:40:42:12:46:88:df:
                    52:3c:2f:4d:d2:0c:63:c8:a2:d5:b4:dd:b9:9f:8d:
                    4e:ea:37:35:ba:01:83:84:26:38:61:42:31:31:27:
                    17:2d:53:e8:d0:c2:9a:a8:01:97:b7:fb:ea:7b:cd:
                    d5:91:b2:18:05:f8:eb:12:9c:94:ec:35:91:ff:d5:
                    49:1f:f0:a7:87:f0:2f:2d:29:6d:01:b4:d0:9c:a7:
                    58:0c:c4:44:60:9c:ad:3a:b2:43:0d:e6:77:00:d7:
                    57:29:45:6f:fd:bc:66:ef:d2:1a:3f:fe:bd:05:d5:
                    50:65:ed:23:67:2e:87:e0:e2:d9:a4:3a:a3:43:17:
                    98:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:63:18:EF:94:48:9B:CA:02:93:C0:F4:65:B5:94:BD:84:3F:CA:1F
            X509v3 Authority Key Identifier:
                keyid:EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/u2MY75RIm8oCk8D0ZbWUvYQ_yh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c9:3b:cb:1b:dd:9c:5d:9c:10:a2:31:58:85:ee:ae:a3:3e:
         3f:1b:82:14:1c:5a:d4:39:71:99:d6:35:e5:d4:00:13:05:79:
         66:6d:de:da:fa:b7:63:a8:e1:27:66:1c:b0:f3:b0:f3:2c:23:
         a0:80:0e:4b:ce:20:be:fa:2a:6a:b4:a6:e5:80:16:7a:26:cf:
         ef:d7:3f:0e:6a:e9:0f:6e:b8:12:ae:75:86:d1:de:4c:98:a4:
         30:d2:0a:30:69:70:e7:90:cc:bf:52:60:44:6d:51:9b:78:77:
         89:9b:6f:cf:68:ca:8e:18:ba:a8:60:cf:1c:6c:a6:2a:33:12:
         96:23:70:b5:b5:50:07:3a:30:c1:f4:89:c1:63:b1:0e:55:8e:
         32:3e:a7:6f:e0:a6:f4:eb:06:40:b8:92:1a:9c:b9:3d:ba:00:
         94:e7:68:e2:93:9c:43:d9:e2:36:3a:57:64:19:63:4b:cf:66:
         08:e0:d8:52:c9:41:e0:5f:6b:7f:34:8b:5c:d7:5c:90:95:6f:
         aa:23:f3:d9:b3:9e:80:70:f7:8c:1d:a9:fa:a4:06:0a:0a:f4:
         bb:5b:2e:8a:19:10:52:7b:e8:4b:bb:6b:66:ce:74:e8:a0:7e:
         52:37:68:60:0a:a2:3d:82:e6:2b:b7:a3:85:a9:1c:f3:81:13:
         e0:06:d1:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YGX4cXhjNzFFJmcI+RWrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2ZkNWQzMzA2MWE5ZGU5MjBhZjFjMmExMzUxM2Q0NmRk
MjQ2MTIwHhcNMjQwNTA4MTIwNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYzMThlZjk0NDg5YmNhMDI5M2MwZjQ2NWI1OTRiZDg0M2ZjYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJJIVBwhbQuQvbeRX3xY4W74hn3B
hllGcOPeVicbmJHX8BjIlYHk9cdVRkUo0MnynaU35OkLl+w1tYHbgEtN+2lK3wU/
sdRK/k3TdqhMzlExN+fqyzespQw8E0MN4Wtnfvk64sqgZldd9iS0SR3Jbb0snFpt
RDa4q9DwjHCa6MVAQhJGiN9SPC9N0gxjyKLVtN25n41O6jc1ugGDhCY4YUIxMScX
LVPo0MKaqAGXt/vqe83VkbIYBfjrEpyU7DWR/9VJH/Cnh/AvLSltAbTQnKdYDMRE
YJytOrJDDeZ3ANdXKUVv/bxm79IaP/69BdVQZe0jZy6H4OLZpDqjQxeYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtjGO+USJvKApPA9GW1lL2EP8ofMB8GA1UdIwQY
MBaAFO9/1dMwYanekgrxwqE1E9Rt0kYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgt
YTEwMmJlMzgyZTUxLzEvdTJNWTc1UkltOG9DazhEMFpiV1V2WVFfeWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgtYTEwMmJlMzgyZTUx
LzEvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSD2MA0G
CSqGSIb3DQEBCwUAA4IBAQCHyTvLG92cXZwQojFYhe6uoz4/G4IUHFrUOXGZ1jXl
1AATBXlmbd7a+rdjqOEnZhyw87DzLCOggA5LziC++ipqtKblgBZ6Js/v1z8OaukP
brgSrnWG0d5MmKQw0gowaXDnkMy/UmBEbVGbeHeJm2/PaMqOGLqoYM8cbKYqMxKW
I3C1tVAHOjDB9InBY7EOVY4yPqdv4Kb06wZAuJIanLk9ugCU52jik5xD2eI2Oldk
GWNLz2YI4NhSyUHgX2t/NItc11yQlW+qI/PZs56AcPeMHan6pAYKCvS7Wy6KGRBS
e+hLu2tmznTooH5SN2hgCqI9guYrt6OFqRzzgRPgBtGv
-----END CERTIFICATE-----