Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/AROH3stmLy3bZ87mCXvMTzn7vfI.roa
File:                     AROH3stmLy3bZ87mCXvMTzn7vfI.roa (raw, json)
Hash identifier:          PQdyGgnKO8/qDtbnpFDxuegB3KYGJsiThASMC/rJqb4=
Subject key identifier:   01:13:87:DE:CB:66:2F:2D:DB:67:CE:E6:09:7B:CC:4F:39:FB:BD:F2
Certificate issuer:       /CN=a640c751ebfb4807d84622e806cb3d0b9dd81069
Certificate serial:       018CC424EC140EE7789F1C0E564FB378BEDC
Authority key identifier: A6:40:C7:51:EB:FB:48:07:D8:46:22:E8:06:CB:3D:0B:9D:D8:10:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkDHUev7SAfYRiLoBss9C53YEGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/AROH3stmLy3bZ87mCXvMTzn7vfI.roa
Signing time:             Mon 01 Jan 2024 08:30:03 +0000
ROA not before:           Mon 01 Jan 2024 08:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21436
IP address blocks:        193.108.165.0/24 maxlen: 24
                          2001:67c:17b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/pkDHUev7SAfYRiLoBss9C53YEGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/pkDHUev7SAfYRiLoBss9C53YEGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkDHUev7SAfYRiLoBss9C53YEGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ec:14:0e:e7:78:9f:1c:0e:56:4f:b3:78:be:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640c751ebfb4807d84622e806cb3d0b9dd81069
        Validity
            Not Before: Jan  1 08:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=011387decb662f2ddb67cee6097bcc4f39fbbdf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:1f:f5:e7:fe:06:51:56:81:06:a1:8d:c3:75:
                    88:e0:d2:4a:75:21:ae:47:01:c0:20:e8:3e:cd:bc:
                    86:0a:fa:72:6d:57:31:df:ec:20:35:48:e1:e5:d5:
                    32:e5:e2:70:f1:1f:f8:62:79:53:66:8d:4b:79:13:
                    78:d3:f2:e6:34:07:df:f5:3e:0a:d5:7f:4a:05:5c:
                    e9:99:46:87:46:be:e3:29:e7:9f:f0:a5:26:b6:fc:
                    aa:90:2e:dd:8d:75:1e:6c:91:19:6d:c1:7b:bd:2c:
                    b8:01:91:a2:e4:3f:d8:a1:5d:a8:36:14:8c:85:84:
                    ed:d1:90:59:7b:fa:ab:91:e2:ab:8f:96:e6:6d:8e:
                    b3:b0:6d:79:be:f1:39:36:16:db:96:13:b9:9e:ab:
                    5d:3a:a4:4f:11:6c:0b:29:54:8e:50:5f:5e:6f:6e:
                    86:c1:a1:81:25:cc:a7:d5:3a:2e:d8:48:3e:33:e8:
                    0e:11:ba:70:de:00:1a:78:76:5a:56:f5:b9:27:dc:
                    32:1f:b5:d2:b2:43:b3:7f:8a:f7:5a:69:bc:8d:61:
                    93:31:ad:8d:38:1e:ec:16:85:cc:4e:de:54:05:41:
                    2a:96:96:bf:d1:0c:17:c1:cf:13:13:0e:61:c3:89:
                    cb:68:37:21:b4:64:fa:2e:9c:65:05:88:88:24:84:
                    3b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:13:87:DE:CB:66:2F:2D:DB:67:CE:E6:09:7B:CC:4F:39:FB:BD:F2
            X509v3 Authority Key Identifier:
                keyid:A6:40:C7:51:EB:FB:48:07:D8:46:22:E8:06:CB:3D:0B:9D:D8:10:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkDHUev7SAfYRiLoBss9C53YEGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/AROH3stmLy3bZ87mCXvMTzn7vfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8a5a2e-4d33-4a2c-adf3-026b8cf691ba/1/pkDHUev7SAfYRiLoBss9C53YEGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.165.0/24
                IPv6:
                  2001:67c:17b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:ca:53:3e:f6:4a:87:04:43:9e:33:5b:b1:f1:3c:cd:b3:08:
         79:79:e3:50:88:42:c2:8a:ca:21:3c:64:0a:10:57:77:9a:9b:
         a4:e8:f1:08:67:3e:27:00:f5:b9:9a:93:bf:ae:28:fe:3d:5b:
         19:b9:5d:0d:64:50:c8:b0:73:09:f7:0b:62:6c:c1:87:80:46:
         52:d6:6b:0e:10:3b:25:84:55:a1:e2:50:27:66:62:0f:d0:0d:
         f2:a3:ca:d6:e5:32:4b:2e:b9:8d:20:40:6a:37:c7:ee:21:60:
         ea:f0:d5:0c:b2:02:c5:0c:a7:91:3a:7d:81:3b:8a:8c:ab:cb:
         d2:c0:7f:52:05:71:c8:09:e6:62:a6:45:75:d0:0f:96:6c:d2:
         1b:da:09:f1:6e:56:42:23:61:50:fd:a6:8b:85:a1:64:ed:d2:
         77:a0:41:fa:cf:ca:75:15:fe:7b:9f:69:68:48:90:5c:ba:6f:
         e5:eb:a3:b7:3f:03:73:4a:2a:e9:fb:f6:d6:30:23:21:73:63:
         db:f0:ba:c1:82:2d:de:19:35:90:ec:65:82:79:92:db:bb:47:
         01:b0:7b:2e:fb:54:5e:98:36:ed:38:b8:df:91:6f:c9:48:2e:
         8d:8d:1c:ce:46:1c:b7:40:7c:ae:ca:6e:40:2a:75:b8:4a:72:
         18:e6:cb:17
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJOwUDud4nxwOVk+zeL7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NDBjNzUxZWJmYjQ4MDdkODQ2MjJlODA2Y2IzZDBiOWRk
ODEwNjkwHhcNMjQwMTAxMDgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTEzODdkZWNiNjYyZjJkZGI2N2NlZTYwOTdiY2M0ZjM5ZmJiZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhB/15/4GUVaBBqGNw3WI4NJKdSGu
RwHAIOg+zbyGCvpybVcx3+wgNUjh5dUy5eJw8R/4YnlTZo1LeRN40/LmNAff9T4K
1X9KBVzpmUaHRr7jKeef8KUmtvyqkC7djXUebJEZbcF7vSy4AZGi5D/YoV2oNhSM
hYTt0ZBZe/qrkeKrj5bmbY6zsG15vvE5NhbblhO5nqtdOqRPEWwLKVSOUF9eb26G
waGBJcyn1Tou2Eg+M+gOEbpw3gAaeHZaVvW5J9wyH7XSskOzf4r3Wmm8jWGTMa2N
OB7sFoXMTt5UBUEqlpa/0QwXwc8TEw5hw4nLaDchtGT6LpxlBYiIJIQ7VwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAETh97LZi8t22fO5gl7zE85+73yMB8GA1UdIwQY
MBaAFKZAx1Hr+0gH2EYi6AbLPQud2BBpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGtESFVldjdTQWZZUmlMb0JzczlDNTNZRUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84YTVhMmUtNGQzMy00YTJjLWFkZjMt
MDI2YjhjZjY5MWJhLzEvQVJPSDNzdG1MeTNiWjg3bUNYdk1Uem43dmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84YTVhMmUtNGQzMy00YTJjLWFkZjMtMDI2YjhjZjY5MWJh
LzEvcGtESFVldjdTQWZZUmlMb0JzczlDNTNZRUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWylMA8E
AgACMAkDBwAgAQZ8F7AwDQYJKoZIhvcNAQELBQADggEBADvKUz72SocEQ54zW7Hx
PM2zCHl541CIQsKKyiE8ZAoQV3eam6To8QhnPicA9bmak7+uKP49Wxm5XQ1kUMiw
cwn3C2JswYeARlLWaw4QOyWEVaHiUCdmYg/QDfKjytblMksuuY0gQGo3x+4hYOrw
1QyyAsUMp5E6fYE7ioyry9LAf1IFccgJ5mKmRXXQD5Zs0hvaCfFuVkIjYVD9pouF
oWTt0negQfrPynUV/nufaWhIkFy6b+Xro7c/A3NKKun79tYwIyFzY9vwusGCLd4Z
NZDsZYJ5ktu7RwGwey77VF6YNu04uN+Rb8lILo2NHM5GHLdAfK7KbkAqdbhKchjm
yxc=
-----END CERTIFICATE-----