Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/4s8LLubVkmZcT8BoF2sqo2g1lYU.roa
File:                     4s8LLubVkmZcT8BoF2sqo2g1lYU.roa (raw, json)
Hash identifier:          yZE0LcMwf8oc/A2/oYfeGJfcYPSgVvoV3CpeCK/vojI=
Subject key identifier:   E2:CF:0B:2E:E6:D5:92:66:5C:4F:C0:68:17:6B:2A:A3:68:35:95:85
Certificate issuer:       /CN=33533d9eef5a8128dc435d02f2233280348dc2b6
Certificate serial:       018CC726B8B5750BEB877383172D96D02F42
Authority key identifier: 33:53:3D:9E:EF:5A:81:28:DC:43:5D:02:F2:23:32:80:34:8D:C2:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M1M9nu9agSjcQ10C8iMygDSNwrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/4s8LLubVkmZcT8BoF2sqo2g1lYU.roa
Signing time:             Mon 01 Jan 2024 22:30:52 +0000
ROA not before:           Mon 01 Jan 2024 22:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16313
IP address blocks:        193.31.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/M1M9nu9agSjcQ10C8iMygDSNwrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/M1M9nu9agSjcQ10C8iMygDSNwrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M1M9nu9agSjcQ10C8iMygDSNwrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:b8:b5:75:0b:eb:87:73:83:17:2d:96:d0:2f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33533d9eef5a8128dc435d02f2233280348dc2b6
        Validity
            Not Before: Jan  1 22:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2cf0b2ee6d592665c4fc068176b2aa368359585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f4:1c:86:3b:05:76:80:79:bb:e6:e6:94:a7:
                    44:c1:e4:2d:b3:c2:06:5e:85:de:49:70:ac:5d:d4:
                    c7:d6:ee:b0:d5:7a:85:6d:cd:6b:17:de:70:96:57:
                    10:a5:49:af:8b:ed:a8:2c:be:c6:21:91:33:8b:b0:
                    29:07:e9:a7:21:69:24:da:13:21:c9:43:b4:e1:69:
                    4a:ec:1d:dc:26:c1:39:58:bf:91:67:09:0d:6b:32:
                    c6:dd:d6:69:ca:16:32:1c:cc:1d:6a:28:5c:3e:9e:
                    27:fb:49:c0:5b:f4:f4:48:b4:3c:50:c5:9c:94:16:
                    23:0b:8b:eb:d5:62:3d:6a:aa:7c:b7:62:f2:65:2e:
                    fc:4a:96:c7:16:65:75:0a:e5:83:24:0e:ee:13:4b:
                    c5:82:d1:09:df:51:a0:cd:dd:5f:f2:a6:6d:cd:03:
                    a3:77:97:f2:2b:99:d0:6c:75:04:3c:1f:bb:f4:54:
                    29:d2:7d:6a:6e:7f:64:42:ce:f7:b2:e7:14:3b:93:
                    1b:4a:4c:ae:ba:e1:c4:19:16:50:11:88:cd:e7:9d:
                    34:6b:0c:75:de:95:26:c6:18:05:76:fe:f3:a7:0c:
                    c2:55:35:96:2e:6f:ea:93:ba:04:33:2d:0b:92:63:
                    97:26:1f:be:c0:3e:2e:9b:3a:47:6b:3e:76:2a:c2:
                    8e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:CF:0B:2E:E6:D5:92:66:5C:4F:C0:68:17:6B:2A:A3:68:35:95:85
            X509v3 Authority Key Identifier:
                keyid:33:53:3D:9E:EF:5A:81:28:DC:43:5D:02:F2:23:32:80:34:8D:C2:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1M9nu9agSjcQ10C8iMygDSNwrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/4s8LLubVkmZcT8BoF2sqo2g1lYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/a3bcad-1d98-48b4-afaf-d2c3b4c09ea1/1/M1M9nu9agSjcQ10C8iMygDSNwrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         57:e9:8f:b6:e6:96:9d:69:54:0c:74:05:72:e7:71:d7:f5:49:
         ed:8a:b1:7d:a5:c9:7f:c2:cd:71:b1:66:e0:3e:2f:69:4f:76:
         b4:a9:e1:51:f0:c3:9f:e4:94:e6:a2:b2:13:28:9d:f1:d9:a7:
         08:84:62:63:5d:83:fc:5d:28:1a:99:6f:db:b8:72:8d:fc:63:
         41:98:86:c2:15:ac:6a:8d:3d:0f:e7:76:7a:fc:3d:ad:b8:f9:
         bf:c3:9b:44:6d:48:00:54:8a:58:9a:54:ea:14:c7:0b:f0:b1:
         b9:f1:1d:a9:41:ae:43:74:d2:b1:74:c2:0a:90:69:83:1d:06:
         a1:ca:0a:cc:86:06:93:5c:a6:e8:f1:a3:ea:92:a9:dc:76:17:
         3c:8b:ff:a2:24:93:4b:e1:2d:9e:02:e2:7a:75:33:4b:e7:db:
         82:08:9c:46:5c:bc:02:b3:98:90:3e:74:70:04:b5:51:fc:24:
         85:df:00:ad:68:a0:bc:4c:d8:53:13:88:97:83:ed:48:83:7a:
         cc:44:47:f8:5f:03:76:c4:b1:a8:57:52:8f:62:9a:64:3f:fa:
         5e:16:ca:94:48:26:f3:f5:e6:dc:52:fe:b9:35:cb:b8:af:53:
         a6:d3:5d:e9:e5:04:56:60:6c:a8:68:86:53:1f:24:b7:3b:8b:
         35:77:cc:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJri1dQvrh3ODFy2W0C9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNTMzZDllZWY1YTgxMjhkYzQzNWQwMmYyMjMzMjgwMzQ4
ZGMyYjYwHhcNMjQwMTAxMjIzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmNmMGIyZWU2ZDU5MjY2NWM0ZmMwNjgxNzZiMmFhMzY4MzU5NTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvQchjsFdoB5u+bmlKdEweQts8IG
XoXeSXCsXdTH1u6w1XqFbc1rF95wllcQpUmvi+2oLL7GIZEzi7ApB+mnIWkk2hMh
yUO04WlK7B3cJsE5WL+RZwkNazLG3dZpyhYyHMwdaihcPp4n+0nAW/T0SLQ8UMWc
lBYjC4vr1WI9aqp8t2LyZS78SpbHFmV1CuWDJA7uE0vFgtEJ31Ggzd1f8qZtzQOj
d5fyK5nQbHUEPB+79FQp0n1qbn9kQs73sucUO5MbSkyuuuHEGRZQEYjN5500awx1
3pUmxhgFdv7zpwzCVTWWLm/qk7oEMy0LkmOXJh++wD4umzpHaz52KsKOZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLPCy7m1ZJmXE/AaBdrKqNoNZWFMB8GA1UdIwQY
MBaAFDNTPZ7vWoEo3ENdAvIjMoA0jcK2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTFNOW51OWFnU2pjUTEwQzhpTXlnRFNOd3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9hM2JjYWQtMWQ5OC00OGI0LWFmYWYt
ZDJjM2I0YzA5ZWExLzEvNHM4TEx1YlZrbVpjVDhCb0Yyc3FvMmcxbFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9hM2JjYWQtMWQ5OC00OGI0LWFmYWYtZDJjM2I0YzA5ZWEx
LzEvTTFNOW51OWFnU2pjUTEwQzhpTXlnRFNOd3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwR+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBX6Y+25padaVQMdAVy53HX9UntirF9pcl/ws1xsWbg
Pi9pT3a0qeFR8MOf5JTmorITKJ3x2acIhGJjXYP8XSgamW/buHKN/GNBmIbCFaxq
jT0P53Z6/D2tuPm/w5tEbUgAVIpYmlTqFMcL8LG58R2pQa5DdNKxdMIKkGmDHQah
ygrMhgaTXKbo8aPqkqncdhc8i/+iJJNL4S2eAuJ6dTNL59uCCJxGXLwCs5iQPnRw
BLVR/CSF3wCtaKC8TNhTE4iXg+1Ig3rMREf4XwN2xLGoV1KPYppkP/peFsqUSCbz
9ebcUv65Ncu4r1Om013p5QRWYGyoaIZTHyS3O4s1d8ys
-----END CERTIFICATE-----