Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/T-Mcz0d4_srUi_9SoGE_mEKSW-0.roa
File:                     T-Mcz0d4_srUi_9SoGE_mEKSW-0.roa (raw, json)
Hash identifier:          8a86xSlbyYymgH43OFuIYten4dDDHYZipM/H9OXzpb8=
Subject key identifier:   4F:E3:1C:CF:47:78:FE:CA:D4:8B:FF:52:A0:61:3F:98:42:92:5B:ED
Certificate issuer:       /CN=163bcbd9bc93849a7ffdf7294c2de9dfb1eaf283
Certificate serial:       018CC86F3AD206771D4A751D1D62BBF99799
Authority key identifier: 16:3B:CB:D9:BC:93:84:9A:7F:FD:F7:29:4C:2D:E9:DF:B1:EA:F2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/T-Mcz0d4_srUi_9SoGE_mEKSW-0.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21241
IP address blocks:        193.58.76.0/23 maxlen: 23
                          193.58.72.0/21 maxlen: 21
                          193.58.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3a:d2:06:77:1d:4a:75:1d:1d:62:bb:f9:97:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=163bcbd9bc93849a7ffdf7294c2de9dfb1eaf283
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fe31ccf4778fecad48bff52a0613f9842925bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:ad:1f:09:50:37:70:95:7a:d1:8e:f7:4a:
                    c3:97:e5:63:c0:c4:43:51:9d:03:ba:7f:f4:07:5a:
                    c5:01:f4:9b:b1:77:4e:d0:18:f5:b3:99:8b:1d:b5:
                    a0:35:5a:48:af:3f:3c:de:3e:ea:57:b7:8e:73:01:
                    0a:ad:3a:81:88:d6:e7:76:cd:c8:d6:79:07:05:ec:
                    e2:8f:f1:ff:d5:7e:1f:1b:95:2d:96:5e:1c:3d:2e:
                    a7:f5:5a:24:56:50:39:fa:30:a7:6c:8b:76:bb:8a:
                    40:a9:dd:bd:58:6b:e2:0b:09:15:e1:c6:72:9b:18:
                    9a:51:83:24:a9:fb:4f:8f:fb:1b:48:a1:03:f0:9b:
                    2a:eb:58:9c:a9:ae:74:05:b6:3f:2c:7f:69:c6:e1:
                    42:8e:55:8c:a0:88:78:d2:e2:56:0e:b6:7c:74:f4:
                    01:00:e6:72:1c:19:70:fd:0e:e9:b6:9e:00:c2:a1:
                    b4:a0:9f:23:46:8b:5c:cf:c0:6a:71:61:99:56:0f:
                    a6:d0:62:18:0d:64:bb:4a:e3:90:7a:e9:ce:0c:e5:
                    53:b1:81:f0:24:13:8d:14:9c:7f:14:b1:c4:c9:50:
                    89:3d:aa:ea:eb:af:36:6f:b4:9c:b6:56:53:fc:74:
                    7f:58:df:ed:39:52:86:6b:6a:8a:ec:04:f0:dd:a9:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E3:1C:CF:47:78:FE:CA:D4:8B:FF:52:A0:61:3F:98:42:92:5B:ED
            X509v3 Authority Key Identifier:
                keyid:16:3B:CB:D9:BC:93:84:9A:7F:FD:F7:29:4C:2D:E9:DF:B1:EA:F2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/T-Mcz0d4_srUi_9SoGE_mEKSW-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:21:50:14:7a:1a:ce:60:df:f5:1e:58:ae:5a:04:ff:8b:ac:
         a6:f7:21:95:0c:76:69:14:ec:84:02:b5:48:b1:81:46:fc:e8:
         da:7f:c3:a9:c1:91:0c:d0:b1:4f:f7:14:c0:6a:25:ab:64:b2:
         cc:e9:e8:c5:fe:6d:90:71:15:9d:72:f1:b6:05:e1:f2:be:39:
         6d:8f:0c:e4:76:a4:68:83:b7:6b:3e:bc:0e:9a:5b:34:fa:8f:
         a8:6c:d3:85:1b:68:56:f2:21:69:f6:e4:be:95:3f:ac:aa:68:
         68:85:af:a9:61:62:ba:ec:90:14:28:09:07:95:71:6d:1f:98:
         c0:19:26:78:35:a7:72:6e:03:58:4f:c9:13:34:da:8b:32:cf:
         ec:ea:dc:e9:fa:ff:82:1c:52:94:c9:74:0c:83:35:1b:3f:1b:
         38:6b:b7:98:73:90:07:00:23:9e:9b:2f:ad:2e:09:c3:3a:68:
         cd:ae:64:97:f9:ca:2f:bd:5c:f6:1c:15:93:3d:ca:fb:67:a1:
         0d:32:84:6a:43:39:62:eb:b4:0c:5b:1f:d0:26:5c:e7:82:61:
         47:9a:5d:43:b1:50:05:a8:cc:fe:f4:c4:f9:b7:7b:1b:6b:bd:
         37:2f:cb:7a:87:e0:10:f8:f5:68:a3:50:1e:6a:d3:07:29:a0:
         ce:6f:f7:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzrSBncdSnUdHWK7+ZeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2M2JjYmQ5YmM5Mzg0OWE3ZmZkZjcyOTRjMmRlOWRmYjFl
YWYyODMwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmUzMWNjZjQ3NzhmZWNhZDQ4YmZmNTJhMDYxM2Y5ODQyOTI1YmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli6tHwlQN3CVetGO90rDl+VjwMRD
UZ0Dun/0B1rFAfSbsXdO0Bj1s5mLHbWgNVpIrz883j7qV7eOcwEKrTqBiNbnds3I
1nkHBezij/H/1X4fG5Utll4cPS6n9VokVlA5+jCnbIt2u4pAqd29WGviCwkV4cZy
mxiaUYMkqftPj/sbSKED8Jsq61icqa50BbY/LH9pxuFCjlWMoIh40uJWDrZ8dPQB
AOZyHBlw/Q7ptp4AwqG0oJ8jRotcz8BqcWGZVg+m0GIYDWS7SuOQeunODOVTsYHw
JBONFJx/FLHEyVCJParq6682b7SctlZT/HR/WN/tOVKGa2qK7ATw3amG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/jHM9HeP7K1Iv/UqBhP5hCklvtMB8GA1UdIwQY
MBaAFBY7y9m8k4Saf/33KUwt6d+x6vKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmp2TDJieVRoSnBfX2ZjcFRDM3AzN0hxOG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81NmM3ODItNmU5ZS00ZmM4LWJiOTkt
ZjY0MGFkM2I4Y2Y0LzEvVC1NY3owZDRfc3JVaV85U29HRV9tRUtTVy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81NmM3ODItNmU5ZS00ZmM4LWJiOTktZjY0MGFkM2I4Y2Y0
LzEvRmp2TDJieVRoSnBfX2ZjcFRDM3AzN0hxOG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwTpIMA0G
CSqGSIb3DQEBCwUAA4IBAQBtIVAUehrOYN/1HliuWgT/i6ym9yGVDHZpFOyEArVI
sYFG/Ojaf8OpwZEM0LFP9xTAaiWrZLLM6ejF/m2QcRWdcvG2BeHyvjltjwzkdqRo
g7drPrwOmls0+o+obNOFG2hW8iFp9uS+lT+sqmhoha+pYWK67JAUKAkHlXFtH5jA
GSZ4NadybgNYT8kTNNqLMs/s6tzp+v+CHFKUyXQMgzUbPxs4a7eYc5AHACOemy+t
LgnDOmjNrmSX+covvVz2HBWTPcr7Z6ENMoRqQzli67QMWx/QJlzngmFHml1DsVAF
qMz+9MT5t3sba703L8t6h+AQ+PVoo1AeatMHKaDOb/f8
-----END CERTIFICATE-----