Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/189SBiDiQmkkYB7PsaGish2aMXg.roa
File:                     189SBiDiQmkkYB7PsaGish2aMXg.roa (raw, json)
Hash identifier:          6nM83JyY4NVKOGXZhs88d0F8UgPrOopxyc6NSok6zA0=
Subject key identifier:   D7:CF:52:06:20:E2:42:69:24:60:1E:CF:B1:A1:A2:B2:1D:9A:31:78
Certificate issuer:       /CN=9f29e8554020bdefa17c5561438fb4baf5831f52
Certificate serial:       018CC2DAEBF8AE54C02D4A16C9F6E220CDCF
Authority key identifier: 9F:29:E8:55:40:20:BD:EF:A1:7C:55:61:43:8F:B4:BA:F5:83:1F:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/189SBiDiQmkkYB7PsaGish2aMXg.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29093
IP address blocks:        193.143.128.0/23 maxlen: 24
                          195.234.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:eb:f8:ae:54:c0:2d:4a:16:c9:f6:e2:20:cd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f29e8554020bdefa17c5561438fb4baf5831f52
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7cf520620e2426924601ecfb1a1a2b21d9a3178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:91:5b:36:8e:5b:dd:51:74:da:b8:95:e3:db:
                    d9:a6:36:50:b9:d3:4c:d9:54:a4:8a:fd:19:54:d7:
                    1f:87:cc:14:dc:e8:0c:43:49:55:f0:b3:7d:a3:c6:
                    a6:d5:68:11:19:46:85:c5:84:fb:f6:3f:49:e0:aa:
                    ef:a3:bd:e0:06:d3:7f:bf:e1:66:e5:3e:fa:70:f3:
                    f9:76:ce:91:6d:bb:0f:6a:40:3f:c3:d1:2d:a9:43:
                    aa:af:b7:d1:30:89:1c:07:80:81:77:87:d8:fe:59:
                    35:b3:90:53:4f:8e:51:25:31:99:3a:69:f4:60:5b:
                    be:d8:11:4c:96:73:70:10:4b:e0:70:c8:51:21:03:
                    c1:87:af:57:6f:1b:f7:28:2f:e3:e0:cd:ea:18:a7:
                    9b:bf:85:d3:e4:e8:65:e2:68:e2:c8:65:83:15:53:
                    65:0d:9d:36:9f:62:5c:8f:58:40:02:e7:fa:0a:e7:
                    62:89:9a:d8:12:9a:41:7b:fd:3e:e1:52:1a:ac:2f:
                    70:c6:8e:45:bc:93:91:db:b1:c4:ec:53:13:0c:65:
                    73:58:aa:27:27:3a:3c:60:ec:aa:3b:bc:8d:ef:e9:
                    14:bc:a7:99:6d:04:5a:84:26:66:49:da:0b:86:8b:
                    f7:d6:14:e0:aa:4c:01:32:92:69:ae:01:6f:89:f4:
                    3f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CF:52:06:20:E2:42:69:24:60:1E:CF:B1:A1:A2:B2:1D:9A:31:78
            X509v3 Authority Key Identifier:
                keyid:9F:29:E8:55:40:20:BD:EF:A1:7C:55:61:43:8F:B4:BA:F5:83:1F:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/189SBiDiQmkkYB7PsaGish2aMXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.128.0/23
                  195.234.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:c7:59:5a:f1:45:b4:12:6b:14:c2:48:d9:f4:7c:38:1b:dc:
         b1:fc:e3:ce:63:89:2e:c7:23:97:88:2f:f6:16:92:82:d5:a1:
         6a:7e:f1:3c:7d:7f:b6:35:3a:c1:d7:ba:1e:29:f0:15:4e:d0:
         15:9e:88:51:d3:06:5e:b9:8f:61:4e:2f:0c:a3:4d:d9:98:15:
         2b:01:d5:12:77:0f:c1:a3:aa:fd:0f:3a:8a:06:e7:6c:90:58:
         98:35:c4:48:4a:0e:5e:ff:ff:0b:3b:04:6c:1f:1f:c4:fd:c9:
         77:47:f2:f0:55:34:21:e1:cb:bc:bd:53:8d:b9:4d:1e:37:18:
         62:8f:38:a7:2e:33:bd:5b:ef:93:90:f9:1e:7c:88:45:9e:c1:
         9c:99:5d:ba:c7:0b:a1:8f:38:d8:0c:24:cc:7a:ae:a6:e3:7a:
         9c:e0:7c:a3:9c:77:38:c2:83:e0:15:b1:49:0f:ed:02:7a:a7:
         5c:ba:ea:f0:b1:24:14:73:d7:33:ac:4d:54:a3:7c:d0:fc:ff:
         69:71:40:ab:35:61:f4:4a:a2:88:5c:50:c3:e4:e6:9d:d2:fc:
         de:12:eb:56:cd:7a:01:35:96:82:bd:83:49:f0:61:9c:42:d7:
         28:cc:0e:43:57:90:6b:05:d8:b4:6f:a5:cd:49:d0:a4:96:0e:
         97:0b:07:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uv4rlTALUoWyfbiIM3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMjllODU1NDAyMGJkZWZhMTdjNTU2MTQzOGZiNGJhZjU4
MzFmNTIwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NmNTIwNjIwZTI0MjY5MjQ2MDFlY2ZiMWExYTJiMjFkOWEzMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpFbNo5b3VF02riV49vZpjZQudNM
2VSkiv0ZVNcfh8wU3OgMQ0lV8LN9o8am1WgRGUaFxYT79j9J4Krvo73gBtN/v+Fm
5T76cPP5ds6RbbsPakA/w9EtqUOqr7fRMIkcB4CBd4fY/lk1s5BTT45RJTGZOmn0
YFu+2BFMlnNwEEvgcMhRIQPBh69Xbxv3KC/j4M3qGKebv4XT5Ohl4mjiyGWDFVNl
DZ02n2Jcj1hAAuf6CudiiZrYEppBe/0+4VIarC9wxo5FvJOR27HE7FMTDGVzWKon
Jzo8YOyqO7yN7+kUvKeZbQRahCZmSdoLhov31hTgqkwBMpJprgFvifQ/2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNfPUgYg4kJpJGAez7GhorIdmjF4MB8GA1UdIwQY
MBaAFJ8p6FVAIL3voXxVYUOPtLr1gx9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnlub1ZVQWd2ZS1oZkZWaFE0LTB1dldESDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yZGJlMDQtNDNhOC00OTYzLThlODYt
M2ZlOGY4OTZlNTUxLzEvMTg5U0JpRGlRbWtrWUI3UHNhR2lzaDJhTVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yZGJlMDQtNDNhOC00OTYzLThlODYtM2ZlOGY4OTZlNTUx
LzEvbnlub1ZVQWd2ZS1oZkZWaFE0LTB1dldESDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwY+AAwQA
w+qHMA0GCSqGSIb3DQEBCwUAA4IBAQABx1la8UW0EmsUwkjZ9Hw4G9yx/OPOY4ku
xyOXiC/2FpKC1aFqfvE8fX+2NTrB17oeKfAVTtAVnohR0wZeuY9hTi8Mo03ZmBUr
AdUSdw/Bo6r9DzqKBudskFiYNcRISg5e//8LOwRsHx/E/cl3R/LwVTQh4cu8vVON
uU0eNxhijzinLjO9W++TkPkefIhFnsGcmV26xwuhjzjYDCTMeq6m43qc4HyjnHc4
woPgFbFJD+0CeqdcuurwsSQUc9czrE1Uo3zQ/P9pcUCrNWH0SqKIXFDD5Oad0vze
EutWzXoBNZaCvYNJ8GGcQtcozA5DV5BrBdi0b6XNSdCklg6XCwda
-----END CERTIFICATE-----