Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/q2WuRD__g7owa7jwZPoKNOBX21s.roa
File:                     q2WuRD__g7owa7jwZPoKNOBX21s.roa (raw, json)
Hash identifier:          MuFkeuCZVY1sEiUIjo12aOnxza77ZfKzRHxggdO9WMc=
Subject key identifier:   AB:65:AE:44:3F:FF:83:BA:30:6B:B8:F0:64:FA:0A:34:E0:57:DB:5B
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018CC801F97F7399D3E7AA06E6BC84745CA1
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/q2WuRD__g7owa7jwZPoKNOBX21s.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        193.34.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f9:7f:73:99:d3:e7:aa:06:e6:bc:84:74:5c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab65ae443fff83ba306bb8f064fa0a34e057db5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:55:38:88:1a:f1:ef:fa:90:19:f5:a8:54:17:
                    a5:cf:20:5f:ec:69:c7:7d:b1:dd:14:b3:87:99:e2:
                    c7:25:3f:a8:8c:9e:ea:a8:bd:f3:b5:33:56:11:e3:
                    dd:0d:19:f3:9f:3b:b5:d7:80:8b:7b:96:5d:82:f7:
                    76:32:58:85:43:8b:70:56:63:06:12:1e:46:a5:fd:
                    c1:eb:dd:95:f0:27:08:ee:d2:b2:cd:9b:c8:98:5d:
                    03:2a:bc:82:a8:62:75:8a:13:42:42:a0:3e:85:c0:
                    87:fd:12:4f:83:01:48:dd:9c:28:88:25:2b:c1:ea:
                    05:85:1a:f4:90:34:1c:6a:0d:24:7a:a3:2c:2d:66:
                    99:7c:d9:d0:13:73:f0:81:d2:a1:e3:c0:ee:5f:cc:
                    97:2d:f2:cf:eb:8f:f8:a9:e9:99:66:8e:36:c1:2e:
                    59:13:06:4a:b9:59:75:8c:17:eb:2f:15:89:1c:c8:
                    35:7d:40:94:a4:d7:c4:a4:62:a8:83:5a:d2:7a:0c:
                    0b:a1:27:96:d8:c2:99:b8:b8:c9:54:7a:3a:e6:a1:
                    ac:3e:3a:e2:07:35:fd:39:ec:c6:70:cf:83:95:d0:
                    40:f1:49:73:94:53:d2:8e:1c:57:bd:bf:2e:ff:83:
                    4e:cd:e0:36:2f:62:43:01:27:26:44:f7:ad:b8:36:
                    ec:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:65:AE:44:3F:FF:83:BA:30:6B:B8:F0:64:FA:0A:34:E0:57:DB:5B
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/q2WuRD__g7owa7jwZPoKNOBX21s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9c:3e:4b:82:b7:57:82:7f:8c:ae:3d:e8:af:a3:90:e5:7b:
         2e:d5:77:af:71:48:73:61:0b:0a:07:01:5f:e6:59:be:7a:98:
         a6:48:18:02:2e:13:60:5a:5c:eb:42:bb:cc:e0:20:17:1f:52:
         1f:58:3c:c6:90:6b:21:7f:d0:7e:92:07:c6:6b:22:d9:05:39:
         4b:2e:d4:97:9e:a7:3a:15:15:9b:a3:ff:6c:cb:05:ad:4d:ea:
         28:1e:71:0f:a9:2d:72:43:2d:ef:44:de:fc:86:4a:8d:0e:90:
         d5:f4:3b:fc:a0:69:0d:0a:8b:4f:19:8c:2f:bd:8f:a5:01:c0:
         7b:17:4a:d6:ab:32:a9:3c:54:96:59:08:0a:46:bf:16:71:71:
         05:00:88:b0:b3:8a:d3:ac:cf:64:06:e2:6c:50:8b:f5:65:01:
         01:4d:01:85:48:fa:73:72:9e:9b:d2:ca:3d:5f:c7:ff:64:0f:
         eb:c5:31:41:95:f5:24:94:4f:6b:5c:42:95:8d:53:f0:8b:97:
         40:d4:af:2a:1f:b5:8a:4d:2c:29:c4:9f:f5:9a:e5:9b:e0:57:
         47:d7:bc:3b:2e:2f:cb:0d:4b:bb:8f:4e:30:f2:f3:05:78:52:
         37:d3:98:e9:1c:2a:cf:3e:87:7c:80:2d:83:eb:fc:b2:37:21:
         34:8c:5e:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfl/c5nT56oG5ryEdFyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjY1YWU0NDNmZmY4M2JhMzA2YmI4ZjA2NGZhMGEzNGUwNTdkYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1U4iBrx7/qQGfWoVBelzyBf7GnH
fbHdFLOHmeLHJT+ojJ7qqL3ztTNWEePdDRnznzu114CLe5Zdgvd2MliFQ4twVmMG
Eh5Gpf3B692V8CcI7tKyzZvImF0DKryCqGJ1ihNCQqA+hcCH/RJPgwFI3ZwoiCUr
weoFhRr0kDQcag0keqMsLWaZfNnQE3PwgdKh48DuX8yXLfLP64/4qemZZo42wS5Z
EwZKuVl1jBfrLxWJHMg1fUCUpNfEpGKog1rSegwLoSeW2MKZuLjJVHo65qGsPjri
BzX9OezGcM+DldBA8UlzlFPSjhxXvb8u/4NOzeA2L2JDAScmRPetuDbskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtlrkQ//4O6MGu48GT6CjTgV9tbMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvcTJXdVJEX19nN293YTdqd1pQb0tOT0JYMjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSIxMA0G
CSqGSIb3DQEBCwUAA4IBAQCbnD5LgrdXgn+Mrj3or6OQ5Xsu1XevcUhzYQsKBwFf
5lm+epimSBgCLhNgWlzrQrvM4CAXH1IfWDzGkGshf9B+kgfGayLZBTlLLtSXnqc6
FRWbo/9sywWtTeooHnEPqS1yQy3vRN78hkqNDpDV9Dv8oGkNCotPGYwvvY+lAcB7
F0rWqzKpPFSWWQgKRr8WcXEFAIiws4rTrM9kBuJsUIv1ZQEBTQGFSPpzcp6b0so9
X8f/ZA/rxTFBlfUklE9rXEKVjVPwi5dA1K8qH7WKTSwpxJ/1muWb4FdH17w7Li/L
DUu7j04w8vMFeFI305jpHCrPPod8gC2D6/yyNyE0jF5S
-----END CERTIFICATE-----