Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/DzpKo4r5ltsdkdIJ81IKEwJLo7I.roa
File:                     DzpKo4r5ltsdkdIJ81IKEwJLo7I.roa (raw, json)
Hash identifier:          B3mWdf7rXyp3870KJRzWLCq2XDI+ZecR5nsOoyPc1Bc=
Subject key identifier:   0F:3A:4A:A3:8A:F9:96:DB:1D:91:D2:09:F3:52:0A:13:02:4B:A3:B2
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018DB203ADEBE98D8BEC77B25EC84113B764
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/DzpKo4r5ltsdkdIJ81IKEwJLo7I.roa
Signing time:             Fri 16 Feb 2024 13:03:22 +0000
ROA not before:           Fri 16 Feb 2024 13:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41436
IP address blocks:        193.34.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:03:ad:eb:e9:8d:8b:ec:77:b2:5e:c8:41:13:b7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Feb 16 13:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f3a4aa38af996db1d91d209f3520a13024ba3b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:61:d4:cc:2c:ed:e5:8e:62:4f:d7:39:13:
                    bf:66:11:58:61:41:e4:2e:a0:8c:e8:6a:55:56:fd:
                    42:1c:bd:9c:c5:00:6d:54:98:f0:4b:e0:02:63:3a:
                    5c:0b:30:e0:5e:ca:f9:a7:18:df:09:9d:d1:9f:ff:
                    1f:39:61:33:d5:eb:33:26:c9:9e:73:4d:4e:55:ce:
                    67:b4:4a:8d:72:db:54:4e:66:72:55:c4:49:9b:c5:
                    e0:07:da:6b:26:87:f0:11:8c:81:d8:28:4a:98:ef:
                    89:17:a7:d6:a7:fd:5d:5c:9d:29:9e:5f:8f:9c:26:
                    d4:c7:03:17:ef:67:cc:25:84:76:62:03:8b:04:b8:
                    5d:2e:f3:4a:8e:37:28:7b:30:8c:07:a3:eb:ce:ac:
                    5a:5e:53:43:82:5b:c2:7e:bc:eb:ef:9a:34:a8:7a:
                    7c:24:1c:3a:ba:a4:5f:b9:bc:e4:37:5a:20:56:07:
                    78:7f:e6:46:e6:77:1d:a3:25:cd:d3:8b:71:1e:45:
                    cf:7d:8b:5b:e2:03:7b:2d:11:4a:bd:a6:3c:f5:a5:
                    d5:db:5a:4f:09:d3:7a:47:b2:f7:59:2b:e2:7b:85:
                    ae:41:9f:43:e2:b7:81:f2:b1:4a:cf:df:9a:62:6f:
                    b3:55:da:c1:e0:4b:63:c6:f5:74:bf:f1:d8:a1:c7:
                    6d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:3A:4A:A3:8A:F9:96:DB:1D:91:D2:09:F3:52:0A:13:02:4B:A3:B2
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/DzpKo4r5ltsdkdIJ81IKEwJLo7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:10:32:3a:b3:88:3c:d9:52:91:23:20:bd:e8:89:f3:c8:cd:
         fc:13:bd:03:31:05:5b:84:22:1c:bc:4e:cd:79:45:a3:d1:96:
         37:5a:c2:9c:9c:98:0b:1f:ff:f5:ea:c2:90:14:d0:a5:c1:0a:
         02:4e:3c:9b:99:8d:9d:1b:12:a4:23:b8:eb:31:ce:e8:df:df:
         af:92:65:6f:a3:ba:0c:3d:e5:8f:4f:68:1f:7b:75:64:6a:c8:
         5c:d7:d1:6f:c5:cf:94:b8:30:10:34:9a:02:e9:71:a6:19:bb:
         88:79:bb:6b:fe:46:84:99:61:f3:cb:96:79:8c:75:41:09:ab:
         00:1b:d3:e3:ca:4b:6c:07:b0:61:af:d9:22:26:71:16:7c:d9:
         64:02:51:5c:af:11:d3:f1:52:91:88:19:4c:84:1b:fb:71:c3:
         27:25:c9:70:73:b1:65:3a:1e:e3:84:26:21:55:d4:9e:fe:f8:
         ad:ee:39:15:bf:fd:4e:b4:68:9f:2e:ea:53:94:17:e5:8c:d1:
         b2:6b:cc:ca:06:8a:06:a2:ea:b6:d4:a7:c6:32:82:d3:7e:ac:
         57:7c:55:7c:81:23:cc:39:c9:77:6f:2d:a8:9e:56:f4:5a:a7:
         89:e5:43:f7:59:3b:3b:35:64:7b:d9:bc:c8:9c:fb:a2:44:2f:
         fc:46:29:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2yA63r6Y2L7HeyXshBE7dkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMjE2MTMwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjNhNGFhMzhhZjk5NmRiMWQ5MWQyMDlmMzUyMGExMzAyNGJhM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSFh1Mws7eWOYk/XORO/ZhFYYUHk
LqCM6GpVVv1CHL2cxQBtVJjwS+ACYzpcCzDgXsr5pxjfCZ3Rn/8fOWEz1eszJsme
c01OVc5ntEqNcttUTmZyVcRJm8XgB9prJofwEYyB2ChKmO+JF6fWp/1dXJ0pnl+P
nCbUxwMX72fMJYR2YgOLBLhdLvNKjjcoezCMB6PrzqxaXlNDglvCfrzr75o0qHp8
JBw6uqRfubzkN1ogVgd4f+ZG5ncdoyXN04txHkXPfYtb4gN7LRFKvaY89aXV21pP
CdN6R7L3WSvie4WuQZ9D4reB8rFKz9+aYm+zVdrB4EtjxvV0v/HYocdtkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA86SqOK+ZbbHZHSCfNSChMCS6OyMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvRHpwS280cjVsdHNka2RJSjgxSUtFd0pMbzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSIxMA0G
CSqGSIb3DQEBCwUAA4IBAQBFEDI6s4g82VKRIyC96InzyM38E70DMQVbhCIcvE7N
eUWj0ZY3WsKcnJgLH//16sKQFNClwQoCTjybmY2dGxKkI7jrMc7o39+vkmVvo7oM
PeWPT2gfe3Vkashc19Fvxc+UuDAQNJoC6XGmGbuIebtr/kaEmWHzy5Z5jHVBCasA
G9PjyktsB7Bhr9kiJnEWfNlkAlFcrxHT8VKRiBlMhBv7ccMnJclwc7FlOh7jhCYh
VdSe/vit7jkVv/1OtGifLupTlBfljNGya8zKBooGouq21KfGMoLTfqxXfFV8gSPM
Ocl3by2onlb0WqeJ5UP3WTs7NWR72bzInPuiRC/8Riml
-----END CERTIFICATE-----