Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/mZfusqn72nvh7ikmIXZ5RDZ2FiQ.roa
File:                     mZfusqn72nvh7ikmIXZ5RDZ2FiQ.roa (raw, json)
Hash identifier:          YmRW/zQP8eF3tsuP3iodhIsuBaih56jecbnNp19nP9k=
Subject key identifier:   99:97:EE:B2:A9:FB:DA:7B:E1:EE:29:26:21:76:79:44:36:76:16:24
Certificate issuer:       /CN=513bdfec55b048b0d2f03b43bf66e3e67e86553f
Certificate serial:       018CC4246567A18355847A86DC33D3EFB27D
Authority key identifier: 51:3B:DF:EC:55:B0:48:B0:D2:F0:3B:43:BF:66:E3:E6:7E:86:55:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTvf7FWwSLDS8DtDv2bj5n6GVT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/mZfusqn72nvh7ikmIXZ5RDZ2FiQ.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41768
IP address blocks:        193.37.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/UTvf7FWwSLDS8DtDv2bj5n6GVT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/UTvf7FWwSLDS8DtDv2bj5n6GVT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTvf7FWwSLDS8DtDv2bj5n6GVT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:67:a1:83:55:84:7a:86:dc:33:d3:ef:b2:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=513bdfec55b048b0d2f03b43bf66e3e67e86553f
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9997eeb2a9fbda7be1ee29262176794436761624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:39:aa:06:10:ca:8d:48:62:60:e8:63:ee:
                    0f:d9:6b:4b:43:a3:8c:27:11:9e:c1:10:f2:fa:aa:
                    94:0a:c1:15:89:f1:25:d6:0e:d0:20:2f:f3:6b:b9:
                    8a:89:fc:fc:89:5d:a1:2a:cb:37:e9:e9:64:5b:02:
                    20:34:d1:2b:56:32:62:6e:7e:d3:29:fb:01:59:3a:
                    7f:f3:e7:ca:39:ee:bd:fb:16:26:74:f4:4c:2f:e0:
                    0f:1a:6a:10:77:5f:55:34:a4:99:18:bd:f2:19:4f:
                    4d:5c:c4:0d:ba:1a:b6:00:33:8e:f3:37:b5:0e:a6:
                    d8:96:2f:8b:c2:29:ed:c3:51:53:af:93:db:16:09:
                    0d:ad:3b:dd:5b:c8:26:03:ae:e7:49:f9:6f:6e:b0:
                    27:1a:ab:d5:5f:e6:22:3f:7f:8b:0f:e7:ee:c2:63:
                    2b:4e:d0:ce:e1:f8:66:45:5a:bd:c4:b2:4d:6a:7c:
                    d0:eb:44:eb:74:20:99:ea:c7:52:05:5b:9c:47:02:
                    a5:f6:dc:97:14:3b:c0:6a:c2:fe:7c:e9:f3:10:85:
                    3e:8e:f8:ff:3c:ba:08:dc:f7:9f:dd:5c:1c:ec:a8:
                    7f:43:75:5d:f3:65:39:fc:5f:86:6e:22:3d:fb:71:
                    02:a1:cc:45:ab:ef:0c:73:b8:73:f6:05:8e:7d:47:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:97:EE:B2:A9:FB:DA:7B:E1:EE:29:26:21:76:79:44:36:76:16:24
            X509v3 Authority Key Identifier:
                keyid:51:3B:DF:EC:55:B0:48:B0:D2:F0:3B:43:BF:66:E3:E6:7E:86:55:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTvf7FWwSLDS8DtDv2bj5n6GVT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/mZfusqn72nvh7ikmIXZ5RDZ2FiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/cbe695-d2d9-4d6f-87e2-a1cce6f80ca3/1/UTvf7FWwSLDS8DtDv2bj5n6GVT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:96:d6:73:3b:db:16:8f:91:b6:d7:bb:61:c7:7f:2b:d8:3c:
         60:49:a7:68:3e:91:dd:ba:91:f3:d4:7e:c4:48:55:cf:3b:ea:
         02:2c:a8:51:e1:92:60:22:87:85:df:6c:83:ea:59:9a:fd:d8:
         97:65:ce:b3:aa:32:b8:36:05:04:10:88:73:db:54:c0:51:fc:
         1a:23:4f:88:58:60:6f:83:63:d1:12:87:35:bb:c8:99:87:36:
         ed:e3:49:a1:9b:18:85:53:a6:fc:ee:9a:fa:42:b6:70:8f:e2:
         81:1e:b3:ae:ce:e4:79:e6:40:45:02:40:6d:64:60:25:4c:51:
         b4:15:1a:71:fc:5d:df:68:a0:5c:b9:9f:f2:07:8c:12:4f:fa:
         55:1f:ec:13:fc:bf:2c:e2:d1:ea:29:2f:98:02:4a:ae:32:c6:
         6d:82:c5:9b:97:2c:97:5f:4c:46:67:ea:bf:5f:f0:a9:b3:50:
         8e:9b:71:35:be:83:54:f4:8e:c6:55:7d:e3:b3:ab:de:b4:42:
         0d:10:89:7a:b1:9e:e2:44:50:99:c6:29:f3:bc:26:16:17:30:
         b3:13:22:f1:11:bc:1a:19:ce:83:aa:a4:e4:ff:50:a8:1d:17:
         8c:10:bf:bf:d3:97:94:cc:9c:3f:2a:d7:14:cb:55:d8:ad:e6:
         39:8c:92:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGVnoYNVhHqG3DPT77J9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxM2JkZmVjNTViMDQ4YjBkMmYwM2I0M2JmNjZlM2U2N2U4
NjU1M2YwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTk3ZWViMmE5ZmJkYTdiZTFlZTI5MjYyMTc2Nzk0NDM2NzYxNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGI5qgYQyo1IYmDoY+4P2WtLQ6OM
JxGewRDy+qqUCsEVifEl1g7QIC/za7mKifz8iV2hKss36elkWwIgNNErVjJibn7T
KfsBWTp/8+fKOe69+xYmdPRML+APGmoQd19VNKSZGL3yGU9NXMQNuhq2ADOO8ze1
DqbYli+Lwintw1FTr5PbFgkNrTvdW8gmA67nSflvbrAnGqvVX+YiP3+LD+fuwmMr
TtDO4fhmRVq9xLJNanzQ60TrdCCZ6sdSBVucRwKl9tyXFDvAasL+fOnzEIU+jvj/
PLoI3Pef3Vwc7Kh/Q3Vd82U5/F+GbiI9+3ECocxFq+8Mc7hz9gWOfUcZ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmX7rKp+9p74e4pJiF2eUQ2dhYkMB8GA1UdIwQY
MBaAFFE73+xVsEiw0vA7Q79m4+Z+hlU/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVR2ZjdGV3dTTERTOER0RHYyYmo1bjZHVlQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jYmU2OTUtZDJkOS00ZDZmLTg3ZTIt
YTFjY2U2ZjgwY2EzLzEvbVpmdXNxbjcybnZoN2lrbUlYWjVSRFoyRmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jYmU2OTUtZDJkOS00ZDZmLTg3ZTItYTFjY2U2ZjgwY2Ez
LzEvVVR2ZjdGV3dTTERTOER0RHYyYmo1bjZHVlQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWfMA0G
CSqGSIb3DQEBCwUAA4IBAQAHltZzO9sWj5G217thx38r2DxgSadoPpHdupHz1H7E
SFXPO+oCLKhR4ZJgIoeF32yD6lma/diXZc6zqjK4NgUEEIhz21TAUfwaI0+IWGBv
g2PREoc1u8iZhzbt40mhmxiFU6b87pr6QrZwj+KBHrOuzuR55kBFAkBtZGAlTFG0
FRpx/F3faKBcuZ/yB4wST/pVH+wT/L8s4tHqKS+YAkquMsZtgsWblyyXX0xGZ+q/
X/Cps1COm3E1voNU9I7GVX3js6vetEINEIl6sZ7iRFCZxinzvCYWFzCzEyLxEbwa
Gc6DqqTk/1CoHReMEL+/05eUzJw/KtcUy1XYreY5jJIg
-----END CERTIFICATE-----