Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/N0Y2UmVgh5axNxZ2uBHz8ZzPncM.roa
File:                     N0Y2UmVgh5axNxZ2uBHz8ZzPncM.roa (raw, json)
Hash identifier:          1jG0mZsL0y7MFYXD/4PhpEQGXVkreaNMhbs2T4mVgbs=
Subject key identifier:   37:46:36:52:65:60:87:96:B1:37:16:76:B8:11:F3:F1:9C:CF:9D:C3
Certificate issuer:       /CN=8e63704d5501ed75a6e20966ebf07a36555b1ab6
Certificate serial:       018CC8DEE58BA548B105D2298593F1ABCF60
Authority key identifier: 8E:63:70:4D:55:01:ED:75:A6:E2:09:66:EB:F0:7A:36:55:5B:1A:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmNwTVUB7XWm4glm6_B6NlVbGrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/N0Y2UmVgh5axNxZ2uBHz8ZzPncM.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.247.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/jmNwTVUB7XWm4glm6_B6NlVbGrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/jmNwTVUB7XWm4glm6_B6NlVbGrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmNwTVUB7XWm4glm6_B6NlVbGrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e5:8b:a5:48:b1:05:d2:29:85:93:f1:ab:cf:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e63704d5501ed75a6e20966ebf07a36555b1ab6
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3746365265608796b1371676b811f3f19ccf9dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4a:08:5e:8c:d9:be:88:37:56:cb:8f:61:89:
                    99:b4:ca:bd:a4:63:c2:53:ee:d4:ae:d2:c4:b5:0b:
                    e5:05:05:a9:2a:45:eb:6f:1f:56:23:d2:12:fd:df:
                    1b:06:30:8c:cf:b2:a4:13:6b:43:0f:7b:4d:23:db:
                    4e:0a:07:35:04:71:24:ef:f3:f7:64:64:cb:ab:e1:
                    2f:78:36:bd:73:33:5a:af:ef:5f:58:cf:4b:8a:f7:
                    05:b0:e3:bd:21:7a:b8:f1:93:ea:a5:42:76:79:0e:
                    a1:80:07:f2:b2:05:43:78:9f:ff:87:f0:eb:46:bf:
                    6e:0a:72:06:d7:ce:7c:24:bf:4c:4a:c5:88:ee:64:
                    8a:97:62:ac:e1:5b:a3:b7:ba:0b:6f:e1:dd:0d:76:
                    6f:46:c2:9e:56:14:83:85:32:06:a4:5e:65:3e:6e:
                    aa:48:a1:0d:a9:b3:9d:a8:9e:9c:04:ca:8e:5d:30:
                    99:ec:d7:c5:f3:6d:7f:cd:fe:dd:12:d3:50:d1:43:
                    43:ef:2f:90:4e:0c:c3:64:d8:32:39:1f:60:44:18:
                    00:59:39:e6:97:ea:3b:14:58:55:11:44:04:30:d0:
                    00:f9:df:a6:bd:4d:ac:98:e0:dd:41:62:99:78:ce:
                    ac:6d:92:bd:fc:74:42:4c:4a:71:ec:2a:1d:36:e5:
                    6b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:46:36:52:65:60:87:96:B1:37:16:76:B8:11:F3:F1:9C:CF:9D:C3
            X509v3 Authority Key Identifier:
                keyid:8E:63:70:4D:55:01:ED:75:A6:E2:09:66:EB:F0:7A:36:55:5B:1A:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmNwTVUB7XWm4glm6_B6NlVbGrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/N0Y2UmVgh5axNxZ2uBHz8ZzPncM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/79721f-f40b-41d2-ac0e-c947e16c2c61/1/jmNwTVUB7XWm4glm6_B6NlVbGrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:40:cb:54:7c:5f:6b:29:75:33:f6:90:a6:4d:d6:1e:56:3d:
         8b:ad:34:74:14:3f:a8:73:5e:30:e0:f9:d0:5e:66:17:4a:30:
         40:8a:4e:e2:e8:6d:e7:31:0e:72:c6:24:7b:d3:08:74:74:30:
         7c:e3:24:a9:28:b3:da:10:19:1e:4a:92:eb:6a:e8:d6:06:ac:
         ce:32:c5:1c:fe:b7:4b:15:f0:31:b5:5c:1f:97:a8:9b:0b:d9:
         6e:21:c9:0c:91:18:20:71:4a:34:91:3e:89:1b:21:0d:e4:d1:
         40:eb:89:91:c7:07:ea:ac:10:fe:05:f8:93:f8:aa:45:06:a9:
         90:e8:ac:44:e2:3a:49:49:6e:da:0a:f2:fa:01:11:b3:2e:af:
         18:19:05:10:94:c4:37:a7:1b:25:8c:d2:44:33:1f:eb:ef:c0:
         29:a8:97:e5:33:ba:e4:6a:9f:39:77:51:dd:34:cc:c3:99:06:
         51:a2:f8:64:a8:65:51:91:40:6b:1d:d0:74:48:5c:d6:b7:e1:
         42:0f:1f:d6:e5:4e:ed:6b:29:a6:47:ae:b0:0e:bf:ca:15:75:
         55:62:ad:95:11:da:51:7b:b8:ae:91:e7:c1:1c:5a:63:dc:7a:
         cd:15:c0:9f:fe:a5:6c:f5:02:e9:5c:a7:3e:e5:e3:e0:fb:ce:
         81:c2:53:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uWLpUixBdIphZPxq89gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjM3MDRkNTUwMWVkNzVhNmUyMDk2NmViZjA3YTM2NTU1
YjFhYjYwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ2MzY1MjY1NjA4Nzk2YjEzNzE2NzZiODExZjNmMTljY2Y5ZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUoIXozZvog3VsuPYYmZtMq9pGPC
U+7UrtLEtQvlBQWpKkXrbx9WI9IS/d8bBjCMz7KkE2tDD3tNI9tOCgc1BHEk7/P3
ZGTLq+EveDa9czNar+9fWM9LivcFsOO9IXq48ZPqpUJ2eQ6hgAfysgVDeJ//h/Dr
Rr9uCnIG1858JL9MSsWI7mSKl2Ks4Vujt7oLb+HdDXZvRsKeVhSDhTIGpF5lPm6q
SKENqbOdqJ6cBMqOXTCZ7NfF821/zf7dEtNQ0UND7y+QTgzDZNgyOR9gRBgAWTnm
l+o7FFhVEUQEMNAA+d+mvU2smODdQWKZeM6sbZK9/HRCTEpx7CodNuVrdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdGNlJlYIeWsTcWdrgR8/Gcz53DMB8GA1UdIwQY
MBaAFI5jcE1VAe11puIJZuvwejZVWxq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Od1RWVUI3WFdtNGdsbTZfQjZObFZiR3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC83OTcyMWYtZjQwYi00MWQyLWFjMGUt
Yzk0N2UxNmMyYzYxLzEvTjBZMlVtVmdoNWF4TnhaMnVCSHo4WnpQbmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC83OTcyMWYtZjQwYi00MWQyLWFjMGUtYzk0N2UxNmMyYzYx
LzEvam1Od1RWVUI3WFdtNGdsbTZfQjZObFZiR3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfd8MA0G
CSqGSIb3DQEBCwUAA4IBAQAOQMtUfF9rKXUz9pCmTdYeVj2LrTR0FD+oc14w4PnQ
XmYXSjBAik7i6G3nMQ5yxiR70wh0dDB84ySpKLPaEBkeSpLraujWBqzOMsUc/rdL
FfAxtVwfl6ibC9luIckMkRggcUo0kT6JGyEN5NFA64mRxwfqrBD+BfiT+KpFBqmQ
6KxE4jpJSW7aCvL6ARGzLq8YGQUQlMQ3pxsljNJEMx/r78ApqJflM7rkap85d1Hd
NMzDmQZRovhkqGVRkUBrHdB0SFzWt+FCDx/W5U7taymmR66wDr/KFXVVYq2VEdpR
e7iukefBHFpj3HrNFcCf/qVs9QLpXKc+5ePg+86BwlNa
-----END CERTIFICATE-----