Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/pF8mlLa4DIaVdawERlI1KCLszjw.roa
File:                     pF8mlLa4DIaVdawERlI1KCLszjw.roa (raw, json)
Hash identifier:          HGS4cH68Z8DRPCcmZJ/IZZk3cp5ommT7GdIMzeiE9M8=
Subject key identifier:   A4:5F:26:94:B6:B8:0C:86:95:75:AC:04:46:52:35:28:22:EC:CE:3C
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018CC801F90BB360FD052F0403BFDD2579A2
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/pF8mlLa4DIaVdawERlI1KCLszjw.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        193.34.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 10:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f9:0b:b3:60:fd:05:2f:04:03:bf:dd:25:79:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a45f2694b6b80c869575ac044652352822ecce3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b7:1b:34:4c:9c:21:26:e9:b5:87:f3:b4:bb:
                    70:e2:57:5b:85:79:27:fd:cc:51:0b:5f:f4:b7:38:
                    f3:e5:3b:21:5b:77:fc:b2:16:5b:12:c7:a4:41:33:
                    4e:ea:83:c6:be:e2:5f:96:d2:8a:7a:93:56:c2:2e:
                    9a:17:5f:a8:ee:b4:14:d7:3e:65:86:2a:db:fd:5a:
                    41:8d:8a:8e:7c:e1:bc:d6:d5:5d:98:e7:5c:53:1d:
                    eb:f2:66:d5:69:8b:e9:1c:26:87:8c:b3:d0:b2:7d:
                    d3:70:f5:fc:45:3b:3a:87:ac:a0:05:8f:6f:fd:99:
                    d3:f3:ed:be:f1:21:05:b2:7e:dc:84:f3:93:b2:6d:
                    16:06:a8:62:34:68:05:ff:a7:fb:7f:c6:1d:f0:e9:
                    e1:87:76:c8:b9:0e:c0:cc:72:b2:c5:17:f4:1a:d9:
                    b8:e8:6f:ef:b7:6e:87:94:0f:ee:72:13:4c:a9:48:
                    28:be:a0:c2:9a:ea:0f:c0:4b:a1:47:30:1d:4d:06:
                    6d:f1:07:c8:9b:9f:24:ba:67:28:23:9a:37:52:b9:
                    d5:19:0e:72:65:88:b6:cd:2a:98:12:c3:a6:d4:ec:
                    c4:51:ab:bf:2f:09:71:dc:9d:d2:06:be:b1:a8:c7:
                    e3:d0:1c:08:52:2e:b1:56:8f:21:33:db:6d:9c:02:
                    2d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5F:26:94:B6:B8:0C:86:95:75:AC:04:46:52:35:28:22:EC:CE:3C
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/pF8mlLa4DIaVdawERlI1KCLszjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:15:e6:39:5a:13:8a:82:fc:8f:36:a7:10:b3:9d:1e:41:1a:
         f9:1b:e5:fb:75:55:d2:5d:41:e8:00:73:91:13:96:86:e4:8a:
         99:99:86:33:d6:3c:44:dd:2f:01:43:cf:ae:e5:f5:30:a9:57:
         cd:6c:cc:14:8c:f6:d1:26:52:de:89:f5:d8:79:55:c4:af:47:
         7f:aa:6c:8c:0b:5a:27:3a:82:be:52:37:f1:3c:95:b2:a1:45:
         44:00:54:fc:19:f6:dd:3b:f8:8d:13:ed:a9:45:5c:cd:08:fe:
         fe:8d:07:bb:40:08:fd:1f:65:85:cb:2c:be:79:6f:07:0f:ea:
         ce:21:5f:79:26:24:6f:30:90:a7:03:1f:4c:64:3e:38:33:30:
         d1:7f:e6:1f:bd:98:78:58:50:4f:8f:3e:6b:64:60:38:e8:39:
         f2:43:27:8c:19:0b:99:a6:4b:39:74:e0:de:45:e9:48:73:5a:
         7a:4a:ca:9f:c8:4a:57:72:d5:47:d7:56:c8:2b:45:d8:76:cb:
         e3:5d:34:07:11:8b:5c:d7:ab:87:89:6d:1b:57:7c:38:2c:09:
         9a:90:84:3a:25:36:b5:f5:8d:6e:0c:8b:6c:a3:47:e5:f3:66:
         ec:1f:2b:92:87:0d:42:13:e7:a1:76:ed:3c:90:4b:f3:83:1e:
         75:da:da:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfkLs2D9BS8EA7/dJXmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDVmMjY5NGI2YjgwYzg2OTU3NWFjMDQ0NjUyMzUyODIyZWNjZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbcbNEycISbptYfztLtw4ldbhXkn
/cxRC1/0tzjz5TshW3f8shZbEsekQTNO6oPGvuJfltKKepNWwi6aF1+o7rQU1z5l
hirb/VpBjYqOfOG81tVdmOdcUx3r8mbVaYvpHCaHjLPQsn3TcPX8RTs6h6ygBY9v
/ZnT8+2+8SEFsn7chPOTsm0WBqhiNGgF/6f7f8Yd8Onhh3bIuQ7AzHKyxRf0Gtm4
6G/vt26HlA/uchNMqUgovqDCmuoPwEuhRzAdTQZt8QfIm58kumcoI5o3UrnVGQ5y
ZYi2zSqYEsOm1OzEUau/Lwlx3J3SBr6xqMfj0BwIUi6xVo8hM9ttnAIt0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRfJpS2uAyGlXWsBEZSNSgi7M48MB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvcEY4bWxMYTRESWFWZGF3RVJsSTFLQ0xzemp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSIyMA0G
CSqGSIb3DQEBCwUAA4IBAQAcFeY5WhOKgvyPNqcQs50eQRr5G+X7dVXSXUHoAHOR
E5aG5IqZmYYz1jxE3S8BQ8+u5fUwqVfNbMwUjPbRJlLeifXYeVXEr0d/qmyMC1on
OoK+UjfxPJWyoUVEAFT8GfbdO/iNE+2pRVzNCP7+jQe7QAj9H2WFyyy+eW8HD+rO
IV95JiRvMJCnAx9MZD44MzDRf+YfvZh4WFBPjz5rZGA46DnyQyeMGQuZpks5dODe
RelIc1p6SsqfyEpXctVH11bIK0XYdsvjXTQHEYtc16uHiW0bV3w4LAmakIQ6JTa1
9Y1uDItso0fl82bsHyuShw1CE+ehdu08kEvzgx512toN
-----END CERTIFICATE-----