Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1_66bsve3XDh6ta58DdTHBX8oos.roa
File:                     1_66bsve3XDh6ta58DdTHBX8oos.roa (raw, json)
Hash identifier:          fnGk/Lo8MxhcRMvMwZgraQxbayWsZAiUcJ2vMlUbs90=
Subject key identifier:   D7:FE:BA:6E:CB:DE:DD:70:E1:EA:D6:B9:F0:37:53:1C:15:FC:A2:8B
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EBDAE7C23D4B24D58ACA97162ED1A7BFC
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1_66bsve3XDh6ta58DdTHBX8oos.roa
Signing time:             Mon 08 Apr 2024 12:28:32 +0000
ROA not before:           Mon 08 Apr 2024 12:28:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        193.104.57.0/24 maxlen: 24
                          195.43.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:ae:7c:23:d4:b2:4d:58:ac:a9:71:62:ed:1a:7b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  8 12:28:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7feba6ecbdedd70e1ead6b9f037531c15fca28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:04:ad:20:a1:b8:d9:3e:48:17:fb:7d:d9:eb:
                    20:3e:a7:d9:7b:f9:86:c8:74:26:df:ef:c8:fa:87:
                    3a:80:cb:36:80:48:1a:aa:52:6e:7f:08:db:93:7f:
                    56:b8:40:95:91:5b:fa:73:20:39:22:48:04:e3:72:
                    d9:06:39:2b:ed:cc:76:9e:e9:c9:6a:e8:06:e3:5c:
                    53:00:4f:1d:f1:5f:6a:b5:d6:c1:e8:fd:ab:a7:48:
                    4e:90:05:fd:47:6c:62:41:98:ed:19:c9:f9:e3:d9:
                    8b:f5:5a:d4:6a:56:fe:96:50:e4:c6:bd:24:39:c0:
                    7d:0d:8e:44:2f:9e:bf:66:74:b3:67:e7:7d:da:15:
                    7a:32:83:11:2b:06:29:3b:08:aa:3b:66:97:2a:54:
                    21:4a:fd:44:54:e3:34:34:b9:91:1e:f3:cd:aa:e0:
                    29:4c:79:38:10:63:cd:9d:3f:e7:94:54:a9:91:60:
                    6a:29:aa:09:90:b8:92:f6:1e:41:70:f7:01:7f:14:
                    af:00:e1:6c:45:36:48:a7:4a:fa:67:b3:fd:0a:bf:
                    44:58:48:ff:86:bf:5e:c9:b9:2b:d4:72:0a:42:32:
                    6b:82:b9:62:f6:4c:d8:5c:e3:83:51:e3:06:43:76:
                    f6:ad:10:12:08:22:b2:f2:8f:a1:79:f4:f9:51:54:
                    85:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:FE:BA:6E:CB:DE:DD:70:E1:EA:D6:B9:F0:37:53:1C:15:FC:A2:8B
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1_66bsve3XDh6ta58DdTHBX8oos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.57.0/24
                  195.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:65:b5:bb:93:a2:77:f6:50:dc:20:3c:c2:e0:f3:76:b2:61:
         5e:ef:f0:43:24:75:e3:e6:01:e6:5d:10:c8:00:ce:31:4d:e4:
         b7:3c:64:6b:a1:c1:9f:6a:01:0a:27:4b:58:23:a2:aa:a7:8f:
         75:dc:e6:54:8f:a3:1e:98:a5:1c:ac:89:fe:6a:c2:42:bd:60:
         6d:4e:e1:cf:cc:a5:27:61:b3:31:45:bc:49:04:7a:67:50:a8:
         a6:6c:1b:c7:0b:d2:15:d1:ed:f4:4d:04:94:8f:92:f2:9a:86:
         c9:16:96:24:cc:6b:90:5b:41:38:53:a2:fb:e9:5b:c2:ec:ed:
         33:65:0a:a6:40:fd:98:04:fd:c6:6a:c0:a5:1c:e2:31:fb:93:
         49:4b:b7:96:a3:4f:56:8d:b8:63:08:51:05:34:8c:f0:57:86:
         e8:8b:de:6e:9d:8d:e7:40:c7:4d:76:06:96:89:8a:5c:66:24:
         48:c4:8b:93:16:b4:d2:e3:05:34:e2:57:37:65:d4:00:93:be:
         b4:61:41:ac:3e:5d:45:60:ee:13:98:91:4a:e0:bc:a0:a6:6d:
         71:b7:72:61:36:68:c6:72:c8:b9:6f:65:f8:2f:af:c5:4d:84:
         02:59:b1:79:36:24:dd:8c:28:c4:52:ef:83:60:0d:4f:d1:07:
         50:b1:23:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY69rnwj1LJNWKypcWLtGnv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA4MTIyODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2ZlYmE2ZWNiZGVkZDcwZTFlYWQ2YjlmMDM3NTMxYzE1ZmNhMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgStIKG42T5IF/t92esgPqfZe/mG
yHQm3+/I+oc6gMs2gEgaqlJufwjbk39WuECVkVv6cyA5IkgE43LZBjkr7cx2nunJ
augG41xTAE8d8V9qtdbB6P2rp0hOkAX9R2xiQZjtGcn549mL9VrUalb+llDkxr0k
OcB9DY5EL56/ZnSzZ+d92hV6MoMRKwYpOwiqO2aXKlQhSv1EVOM0NLmRHvPNquAp
THk4EGPNnT/nlFSpkWBqKaoJkLiS9h5BcPcBfxSvAOFsRTZIp0r6Z7P9Cr9EWEj/
hr9eybkr1HIKQjJrgrli9kzYXOODUeMGQ3b2rRASCCKy8o+hefT5UVSFewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNf+um7L3t1w4erWufA3UxwV/KKLMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMV82NmJzdmUzWERoNnRhNThEZFRIQlg4b29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWg5AwQA
wyuOMA0GCSqGSIb3DQEBCwUAA4IBAQBtZbW7k6J39lDcIDzC4PN2smFe7/BDJHXj
5gHmXRDIAM4xTeS3PGRrocGfagEKJ0tYI6Kqp4913OZUj6MemKUcrIn+asJCvWBt
TuHPzKUnYbMxRbxJBHpnUKimbBvHC9IV0e30TQSUj5LymobJFpYkzGuQW0E4U6L7
6VvC7O0zZQqmQP2YBP3GasClHOIx+5NJS7eWo09WjbhjCFEFNIzwV4boi95unY3n
QMdNdgaWiYpcZiRIxIuTFrTS4wU04lc3ZdQAk760YUGsPl1FYO4TmJFK4Lygpm1x
t3JhNmjGcsi5b2X4L6/FTYQCWbF5NiTdjCjEUu+DYA1P0QdQsSMN
-----END CERTIFICATE-----