Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/0__JA9u_GkeyRbFfVmVpaXWRgn0.roa
File:                     0__JA9u_GkeyRbFfVmVpaXWRgn0.roa (raw, json)
Hash identifier:          bYcIt7//xQHV8llniYC/YT9F/SpRYO9HCdkvS4CCf+4=
Subject key identifier:   D3:FF:C9:03:DB:BF:1A:47:B2:45:B1:5F:56:65:69:69:75:91:82:7D
Certificate issuer:       /CN=838ec3942813d3f3536c127e1a821bfbef6db2a4
Certificate serial:       018CC8705474DF297E4DB3911739FC1E4123
Authority key identifier: 83:8E:C3:94:28:13:D3:F3:53:6C:12:7E:1A:82:1B:FB:EF:6D:B2:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/0__JA9u_GkeyRbFfVmVpaXWRgn0.roa
Signing time:             Tue 02 Jan 2024 04:30:54 +0000
ROA not before:           Tue 02 Jan 2024 04:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211416
IP address blocks:        193.56.134.0/24 maxlen: 24
                          2a10:e840::/32 maxlen: 64
                          2a10:e840:1::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:54:74:df:29:7e:4d:b3:91:17:39:fc:1e:41:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=838ec3942813d3f3536c127e1a821bfbef6db2a4
        Validity
            Not Before: Jan  2 04:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3ffc903dbbf1a47b245b15f566569697591827d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:15:8b:79:38:9f:5f:e2:34:29:00:82:26:54:
                    27:6a:8b:28:e4:17:28:7e:89:4a:71:b9:f9:26:4d:
                    0c:2d:8e:97:e8:a0:13:25:29:a5:fe:74:1b:82:8e:
                    e7:5e:4a:e2:8e:73:42:78:3c:4e:03:47:61:ac:a3:
                    16:c4:3b:4f:d9:2a:ad:23:af:ee:b7:e4:66:e6:d3:
                    83:fc:67:80:84:5e:b0:5f:c9:d7:d6:f1:92:05:84:
                    66:a4:a9:50:7a:95:5a:05:e9:c5:a3:99:35:ce:d8:
                    ec:3a:62:9a:a4:1d:44:1e:bf:2c:ff:f8:2b:78:44:
                    15:f9:0c:7c:7c:1f:37:f8:ae:1e:50:6a:ba:bb:2e:
                    9b:d2:d9:8e:81:0b:d8:b3:52:86:8a:4e:3b:30:39:
                    f4:6b:fb:bf:9c:74:df:40:a2:5e:80:9f:25:c6:d2:
                    a6:0d:57:47:ab:fc:6a:b4:8c:fb:e7:c6:8d:3a:cd:
                    83:2c:a2:9a:fa:0d:86:26:76:5a:6b:8b:8e:70:60:
                    de:39:8c:2b:c8:05:5b:90:89:49:57:e4:18:6a:5c:
                    c4:7f:39:30:7f:e6:30:ae:f4:09:d6:bf:78:d7:bb:
                    b5:68:f7:7d:e0:64:9a:9d:a7:8d:83:80:a7:c3:0d:
                    30:29:e2:38:25:3f:b6:1c:f4:de:6c:08:a7:dd:a7:
                    09:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FF:C9:03:DB:BF:1A:47:B2:45:B1:5F:56:65:69:69:75:91:82:7D
            X509v3 Authority Key Identifier:
                keyid:83:8E:C3:94:28:13:D3:F3:53:6C:12:7E:1A:82:1B:FB:EF:6D:B2:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/0__JA9u_GkeyRbFfVmVpaXWRgn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.134.0/24
                IPv6:
                  2a10:e840::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:c5:1a:71:20:98:f8:63:49:c9:73:c0:15:ee:38:e3:25:bc:
         21:4b:d3:82:41:0f:51:6c:b7:55:61:70:cd:d6:15:eb:8f:36:
         ff:d5:0b:ac:ec:59:26:21:09:5e:82:e9:3f:e3:bd:79:66:8a:
         d2:ca:86:13:d3:77:cc:f2:a3:62:f1:e0:f5:d5:b7:00:26:27:
         9c:4f:1e:1b:57:82:41:7d:60:79:b4:f5:4e:3b:27:12:47:cc:
         38:59:e0:fc:88:e8:e0:4d:7c:48:79:f6:df:07:b1:a5:bb:df:
         aa:d5:49:ad:cd:d6:31:7f:47:6f:25:9a:da:9b:00:4d:9f:14:
         16:4a:85:90:8f:d4:02:83:2b:7c:9a:69:b7:68:a6:72:c1:0d:
         59:ef:e3:43:0a:44:c2:7e:54:47:d1:90:5a:b1:49:a1:3c:11:
         a1:79:c5:4e:a2:38:ed:d2:bd:7e:3d:a3:61:63:0a:16:b6:19:
         f7:35:65:ea:96:25:8e:28:cc:99:a2:19:2b:6f:6e:75:6b:a0:
         26:26:78:cd:24:e2:6a:f4:a4:3f:a2:8f:63:2a:80:69:9d:b6:
         60:c1:bf:8a:8f:68:6d:f1:75:1c:c2:da:4a:c5:d9:55:c4:ac:
         10:90:93:ee:86:6b:f9:3a:98:52:03:2b:18:4a:5a:03:f7:85:
         b3:25:07:5a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcFR03yl+TbORFzn8HkEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOGVjMzk0MjgxM2QzZjM1MzZjMTI3ZTFhODIxYmZiZWY2
ZGIyYTQwHhcNMjQwMTAyMDQzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZmYzkwM2RiYmYxYTQ3YjI0NWIxNWY1NjY1Njk2OTc1OTE4MjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohWLeTifX+I0KQCCJlQnaoso5Bco
folKcbn5Jk0MLY6X6KATJSml/nQbgo7nXkrijnNCeDxOA0dhrKMWxDtP2SqtI6/u
t+Rm5tOD/GeAhF6wX8nX1vGSBYRmpKlQepVaBenFo5k1ztjsOmKapB1EHr8s//gr
eEQV+Qx8fB83+K4eUGq6uy6b0tmOgQvYs1KGik47MDn0a/u/nHTfQKJegJ8lxtKm
DVdHq/xqtIz758aNOs2DLKKa+g2GJnZaa4uOcGDeOYwryAVbkIlJV+QYalzEfzkw
f+YwrvQJ1r9417u1aPd94GSanaeNg4Cnww0wKeI4JT+2HPTebAin3acJHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNP/yQPbvxpHskWxX1ZlaWl1kYJ9MB8GA1UdIwQY
MBaAFIOOw5QoE9PzU2wSfhqCG/vvbbKkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzQ3RGxDZ1QwX05UYkJKLUdvSWItLTl0c3FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wYzRiMTYtNmI5NC00MDgwLTkxNjUt
Yjg1MzU2N2RhMGVhLzEvMF9fSkE5dV9Ha2V5UmJGZlZtVnBhWFdSZ24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wYzRiMTYtNmI5NC00MDgwLTkxNjUtYjg1MzU2N2RhMGVh
LzEvZzQ3RGxDZ1QwX05UYkJKLUdvSWItLTl0c3FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTiGMA0E
AgACMAcDBQAqEOhAMA0GCSqGSIb3DQEBCwUAA4IBAQBZxRpxIJj4Y0nJc8AV7jjj
JbwhS9OCQQ9RbLdVYXDN1hXrjzb/1Qus7FkmIQleguk/4715ZorSyoYT03fM8qNi
8eD11bcAJiecTx4bV4JBfWB5tPVOOycSR8w4WeD8iOjgTXxIefbfB7Glu9+q1Umt
zdYxf0dvJZramwBNnxQWSoWQj9QCgyt8mmm3aKZywQ1Z7+NDCkTCflRH0ZBasUmh
PBGhecVOojjt0r1+PaNhYwoWthn3NWXqliWOKMyZohkrb251a6AmJnjNJOJq9KQ/
oo9jKoBpnbZgwb+Kj2ht8XUcwtpKxdlVxKwQkJPuhmv5OphSAysYSloD94WzJQda
-----END CERTIFICATE-----