Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/VpMdeuXl-C_ErRqb_iOyMlXRyjk.roa
File:                     VpMdeuXl-C_ErRqb_iOyMlXRyjk.roa (raw, json)
Hash identifier:          Sb5EvJip94fFKKW9hcAcGUGdSztfoZRXcHOa5GEZV80=
Subject key identifier:   56:93:1D:7A:E5:E5:F8:2F:C4:AD:1A:9B:FE:23:B2:32:55:D1:CA:39
Certificate issuer:       /CN=b409168fdb52e9b7d1a7a5e8f518edfbc2c3f9af
Certificate serial:       018CC79500A368952CF1E9EBFEEFB3A072D2
Authority key identifier: B4:09:16:8F:DB:52:E9:B7:D1:A7:A5:E8:F5:18:ED:FB:C2:C3:F9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/VpMdeuXl-C_ErRqb_iOyMlXRyjk.roa
Signing time:             Tue 02 Jan 2024 00:31:20 +0000
ROA not before:           Tue 02 Jan 2024 00:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12912
IP address blocks:        193.91.1.0/24 maxlen: 24
                          193.91.6.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:00:a3:68:95:2c:f1:e9:eb:fe:ef:b3:a0:72:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b409168fdb52e9b7d1a7a5e8f518edfbc2c3f9af
        Validity
            Not Before: Jan  2 00:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56931d7ae5e5f82fc4ad1a9bfe23b23255d1ca39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c1:fe:5a:ff:4f:d5:f1:c2:a6:3c:be:50:d7:
                    19:59:6a:38:f2:02:5e:63:c1:bf:93:ac:d7:4b:4b:
                    75:25:95:7d:75:04:0c:93:e4:13:a8:ee:49:fa:13:
                    d4:c6:a4:ec:71:a2:15:e0:d7:7a:93:16:5a:0c:d0:
                    9f:60:76:40:03:2e:3e:c7:0e:db:ce:54:3c:fe:a4:
                    33:09:ae:fa:be:1f:48:42:6c:88:a7:7e:f8:9d:aa:
                    f3:ee:3e:af:14:f0:70:12:0f:f8:68:5a:9c:46:60:
                    d6:92:29:19:7c:e6:8f:dc:94:d0:e8:24:ae:0b:9c:
                    81:88:0f:70:09:1b:b6:21:51:ca:39:39:45:96:9e:
                    ce:b6:17:22:f8:c2:d9:91:69:c7:a0:7f:2d:00:df:
                    ed:13:33:32:cb:e9:38:33:32:ec:17:e0:c2:9b:7d:
                    7e:b8:09:6d:bc:da:91:ce:b7:10:7e:e3:c3:15:2a:
                    e7:b4:74:23:5f:e8:4d:82:c7:97:39:9c:3b:07:19:
                    4b:b5:55:2c:76:a2:16:9a:05:a9:23:2b:12:d2:3e:
                    f1:b1:c5:cd:5c:e4:59:3b:ad:6c:8f:5d:20:51:36:
                    ee:3a:e2:c5:90:31:00:d2:ef:e1:97:65:d0:99:64:
                    0f:dc:8b:e3:55:48:e4:77:ba:e5:14:97:a4:ee:ce:
                    9d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:93:1D:7A:E5:E5:F8:2F:C4:AD:1A:9B:FE:23:B2:32:55:D1:CA:39
            X509v3 Authority Key Identifier:
                keyid:B4:09:16:8F:DB:52:E9:B7:D1:A7:A5:E8:F5:18:ED:FB:C2:C3:F9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/VpMdeuXl-C_ErRqb_iOyMlXRyjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/36ba9d-33af-4cf3-a27d-fa718ac9d758/1/tAkWj9tS6bfRp6Xo9Rjt-8LD-a8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.91.1.0/24
                  193.91.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:dc:27:0f:39:1a:5c:e2:9a:10:9f:5b:b6:51:4e:90:08:0d:
         16:a2:56:48:95:71:1b:bc:78:6d:81:ac:78:e1:30:54:41:4e:
         ab:42:9b:c1:0b:d5:47:f0:3f:5a:94:30:a7:93:79:cf:b1:1c:
         ba:a4:ca:a9:77:96:b7:7a:4c:9d:71:ca:d9:65:85:86:af:d5:
         0e:85:1c:a0:e7:de:55:bd:cc:ed:50:92:3e:72:dc:be:f7:e1:
         d4:0f:45:70:8d:3b:d8:26:6e:de:38:45:2c:c5:e6:50:64:d3:
         b6:ba:c6:f3:a7:55:d6:fc:10:de:1d:3c:46:6f:1c:d3:5a:b6:
         39:b6:1f:b5:c0:d3:c9:38:c3:b4:30:45:ca:c3:88:65:53:3c:
         78:82:be:b6:5e:71:be:ea:cc:c5:bc:ad:34:e8:90:e8:a3:c9:
         3a:a8:e9:12:a8:cb:17:42:c0:87:1c:1a:2c:5e:3b:a0:9e:c3:
         08:f3:b8:4c:a7:77:28:de:23:35:2a:37:ee:b6:8b:4a:cb:ac:
         fb:6b:a1:9b:ef:e3:a1:9c:82:41:18:15:d2:96:60:68:94:23:
         1d:d1:8e:08:22:90:a0:5b:51:97:b1:da:39:3e:2f:e9:f2:ae:
         e8:45:e0:50:87:11:e3:3c:f2:dc:59:af:7f:67:60:46:f7:86:
         27:6b:b7:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlQCjaJUs8enr/u+zoHLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDkxNjhmZGI1MmU5YjdkMWE3YTVlOGY1MThlZGZiYzJj
M2Y5YWYwHhcNMjQwMTAyMDAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjkzMWQ3YWU1ZTVmODJmYzRhZDFhOWJmZTIzYjIzMjU1ZDFjYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsH+Wv9P1fHCpjy+UNcZWWo48gJe
Y8G/k6zXS0t1JZV9dQQMk+QTqO5J+hPUxqTscaIV4Nd6kxZaDNCfYHZAAy4+xw7b
zlQ8/qQzCa76vh9IQmyIp374narz7j6vFPBwEg/4aFqcRmDWkikZfOaP3JTQ6CSu
C5yBiA9wCRu2IVHKOTlFlp7Othci+MLZkWnHoH8tAN/tEzMyy+k4MzLsF+DCm31+
uAltvNqRzrcQfuPDFSrntHQjX+hNgseXOZw7BxlLtVUsdqIWmgWpIysS0j7xscXN
XORZO61sj10gUTbuOuLFkDEA0u/hl2XQmWQP3IvjVUjkd7rlFJek7s6dnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFaTHXrl5fgvxK0am/4jsjJV0co5MB8GA1UdIwQY
MBaAFLQJFo/bUum30ael6PUY7fvCw/mvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFrV2o5dFM2YmZScDZYbzlSanQtOExELWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zNmJhOWQtMzNhZi00Y2YzLWEyN2Qt
ZmE3MThhYzlkNzU4LzEvVnBNZGV1WGwtQ19FclJxYl9pT3lNbFhSeWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zNmJhOWQtMzNhZi00Y2YzLWEyN2QtZmE3MThhYzlkNzU4
LzEvdEFrV2o5dFM2YmZScDZYbzlSanQtOExELWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwVsBAwQB
wVsGMA0GCSqGSIb3DQEBCwUAA4IBAQAs3CcPORpc4poQn1u2UU6QCA0WolZIlXEb
vHhtgax44TBUQU6rQpvBC9VH8D9alDCnk3nPsRy6pMqpd5a3ekydccrZZYWGr9UO
hRyg595VvcztUJI+cty+9+HUD0VwjTvYJm7eOEUsxeZQZNO2usbzp1XW/BDeHTxG
bxzTWrY5th+1wNPJOMO0MEXKw4hlUzx4gr62XnG+6szFvK006JDoo8k6qOkSqMsX
QsCHHBosXjugnsMI87hMp3co3iM1KjfutotKy6z7a6Gb7+OhnIJBGBXSlmBolCMd
0Y4IIpCgW1GXsdo5Pi/p8q7oReBQhxHjPPLcWa9/Z2BG94Yna7eb
-----END CERTIFICATE-----