Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/dGhbZhRYpGgZU3lKXYyBi8GOt9Y.roa
File:                     dGhbZhRYpGgZU3lKXYyBi8GOt9Y.roa (raw, json)
Hash identifier:          pDrp53JEt67GFJ8hEo43iCRgCUtt1FEigGzlUKtOYh8=
Subject key identifier:   74:68:5B:66:14:58:A4:68:19:53:79:4A:5D:8C:81:8B:C1:8E:B7:D6
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       018DD161425ED43DFCBBBE21E8079361AB3A
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/dGhbZhRYpGgZU3lKXYyBi8GOt9Y.roa
Signing time:             Thu 22 Feb 2024 15:13:48 +0000
ROA not before:           Thu 22 Feb 2024 15:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.8.236.0/23 maxlen: 23
                          193.8.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:61:42:5e:d4:3d:fc:bb:be:21:e8:07:93:61:ab:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Feb 22 15:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74685b661458a4681953794a5d8c818bc18eb7d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ed:9d:fa:a2:2f:7b:62:c2:fc:b4:f6:d9:a2:
                    c0:5a:75:31:e2:76:35:ca:9e:b8:2f:e5:9c:41:ff:
                    61:b9:39:5b:53:c5:59:60:61:1d:b0:0e:d0:c4:a4:
                    67:26:f7:c5:90:1b:63:92:2a:89:41:4e:3d:81:a0:
                    e6:25:b8:db:1c:c5:52:75:2c:af:de:47:d4:c9:97:
                    1a:5d:0c:ba:7c:16:8e:36:41:ec:a4:8c:fc:c7:df:
                    2f:69:0e:f1:8c:6a:67:6e:2b:79:75:e9:5a:8b:60:
                    ab:bc:5f:90:ea:da:15:72:a4:71:e2:c6:00:70:86:
                    22:42:46:52:3c:aa:e1:32:b5:9b:92:f2:de:7a:b0:
                    00:cf:37:b0:d7:20:ce:a1:74:1d:d4:29:be:2b:39:
                    f6:68:24:a9:d7:a3:14:a1:fe:26:65:0c:02:a8:8f:
                    fa:08:ba:c0:1d:e6:a3:cd:f3:90:2a:e4:65:f3:de:
                    54:20:31:8f:4e:a7:33:cb:89:32:01:7f:31:bd:a8:
                    30:c5:9c:45:90:38:4a:e8:c8:50:28:fe:e1:7a:3d:
                    4d:98:ff:df:70:44:77:62:a3:37:db:70:ab:78:0e:
                    26:c4:ae:47:36:3e:c6:ba:fc:67:3b:8f:79:35:32:
                    11:ee:d9:5e:ee:27:a0:64:8a:62:5c:57:59:48:87:
                    13:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:68:5B:66:14:58:A4:68:19:53:79:4A:5D:8C:81:8B:C1:8E:B7:D6
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/dGhbZhRYpGgZU3lKXYyBi8GOt9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:0c:79:a1:74:61:56:ef:c8:3b:73:cb:36:16:7c:9f:67:6d:
         4d:95:2d:ea:32:24:8d:8a:2b:71:ee:7e:e5:02:88:44:c8:63:
         d5:46:5a:b5:66:08:77:3e:e5:b6:2c:34:18:5b:44:c5:8d:3c:
         20:60:8d:40:b1:f6:df:cc:7a:46:b9:71:6c:38:34:c5:8a:cc:
         5f:c3:f4:30:96:4e:7d:d3:4c:a2:00:c8:8b:9f:02:19:16:22:
         fb:65:b3:8e:b3:97:0d:d8:06:68:25:96:cb:5f:52:83:cc:6b:
         57:b3:66:ad:75:86:10:c2:13:c3:e0:e3:4f:a4:70:d5:77:01:
         fa:0c:70:67:ff:e6:ab:75:cd:08:7a:a3:3e:0e:f3:b2:7f:74:
         1c:90:eb:ba:09:d9:c1:cf:09:bd:ee:c1:9b:21:39:b8:87:b6:
         d0:e6:24:74:c8:48:fa:4f:4b:f9:e8:06:07:d8:48:0d:cd:d7:
         f4:42:57:92:e5:f4:60:cb:ce:c5:cf:da:d6:8f:97:64:35:4c:
         8a:dc:9e:5d:98:b9:e0:43:10:44:fa:e7:ff:c3:64:64:6e:ea:
         e6:07:19:96:9a:38:83:8f:7f:5d:4b:57:ff:d2:bc:65:ef:50:
         7b:ad:d1:d1:67:af:72:55:2f:3d:5e:44:20:c2:cd:7a:88:ea:
         cf:0f:7b:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3RYUJe1D38u74h6AeTYas6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjQwMjIyMTUxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDY4NWI2NjE0NThhNDY4MTk1Mzc5NGE1ZDhjODE4YmMxOGViN2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve2d+qIve2LC/LT22aLAWnUx4nY1
yp64L+WcQf9huTlbU8VZYGEdsA7QxKRnJvfFkBtjkiqJQU49gaDmJbjbHMVSdSyv
3kfUyZcaXQy6fBaONkHspIz8x98vaQ7xjGpnbit5delai2CrvF+Q6toVcqRx4sYA
cIYiQkZSPKrhMrWbkvLeerAAzzew1yDOoXQd1Cm+Kzn2aCSp16MUof4mZQwCqI/6
CLrAHeajzfOQKuRl895UIDGPTqczy4kyAX8xvagwxZxFkDhK6MhQKP7hej1NmP/f
cER3YqM323CreA4mxK5HNj7GuvxnO495NTIR7tle7iegZIpiXFdZSIcTWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRoW2YUWKRoGVN5Sl2MgYvBjrfWMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvZEdoYlpoUllwR2daVTNsS1hZeUJpOEdPdDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQjsMA0G
CSqGSIb3DQEBCwUAA4IBAQCzDHmhdGFW78g7c8s2FnyfZ21NlS3qMiSNiitx7n7l
AohEyGPVRlq1Zgh3PuW2LDQYW0TFjTwgYI1AsfbfzHpGuXFsODTFisxfw/Qwlk59
00yiAMiLnwIZFiL7ZbOOs5cN2AZoJZbLX1KDzGtXs2atdYYQwhPD4ONPpHDVdwH6
DHBn/+ardc0IeqM+DvOyf3QckOu6CdnBzwm97sGbITm4h7bQ5iR0yEj6T0v56AYH
2EgNzdf0QleS5fRgy87Fz9rWj5dkNUyK3J5dmLngQxBE+uf/w2RkburmBxmWmjiD
j39dS1f/0rxl71B7rdHRZ69yVS89XkQgws16iOrPD3tQ
-----END CERTIFICATE-----