Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/Guq8UY9UwoB1dEGM-Fnv-Bt3kbk.roa
File:                     Guq8UY9UwoB1dEGM-Fnv-Bt3kbk.roa (raw, json)
Hash identifier:          fZrrHAcMYEBP85C5Rrhowm33LmVIMCYVNB82IeneJFw=
Subject key identifier:   1A:EA:BC:51:8F:54:C2:80:75:74:41:8C:F8:59:EF:F8:1B:77:91:B9
Certificate issuer:       /CN=1d5da9109f614c7c4159b3231a3877702a6f21ce
Certificate serial:       018CC6B8BAB9EF5A1D34FD80F23CB82A5A79
Authority key identifier: 1D:5D:A9:10:9F:61:4C:7C:41:59:B3:23:1A:38:77:70:2A:6F:21:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/Guq8UY9UwoB1dEGM-Fnv-Bt3kbk.roa
Signing time:             Mon 01 Jan 2024 20:30:44 +0000
ROA not before:           Mon 01 Jan 2024 20:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43462
IP address blocks:        193.46.75.0/24 maxlen: 24
                          2001:67c:1fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ba:b9:ef:5a:1d:34:fd:80:f2:3c:b8:2a:5a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d5da9109f614c7c4159b3231a3877702a6f21ce
        Validity
            Not Before: Jan  1 20:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aeabc518f54c2807574418cf859eff81b7791b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1b:9b:41:95:20:ca:90:a1:91:8c:a7:86:3d:
                    40:dd:6e:ba:af:59:8e:54:96:43:aa:e2:06:33:22:
                    70:09:f7:c9:be:54:d9:fd:b6:14:2e:70:90:8d:e9:
                    dd:04:17:cf:ac:85:39:bd:07:d7:67:ea:29:8f:53:
                    4a:58:2d:f9:b6:da:50:68:ee:6f:96:81:60:91:d8:
                    40:6d:b7:f7:b4:e8:5d:34:fd:13:51:d4:05:cb:5a:
                    a8:40:e9:5e:67:a8:4c:84:c2:7b:6c:26:80:ff:8d:
                    c5:e2:c2:64:25:ab:09:a7:81:f8:ba:52:38:b6:3d:
                    1b:3f:34:17:45:6b:35:dc:ed:81:45:42:b7:6c:28:
                    23:69:83:3c:86:70:06:12:e4:5b:d3:26:c9:0a:ba:
                    52:0b:ce:e5:c4:eb:a2:5a:e0:0e:b4:0c:9d:dc:3d:
                    5d:23:25:34:3d:9f:99:5f:74:b9:b1:53:5d:8f:ed:
                    ef:1d:56:01:a2:9d:7f:8b:4b:45:8f:cc:c9:40:b3:
                    78:bf:57:86:b6:a8:34:95:75:c4:9e:3d:f3:e6:0b:
                    f6:87:d0:59:f5:48:06:25:2f:06:0f:d7:08:8f:32:
                    76:49:21:a0:e3:0f:47:c7:bb:da:7f:39:3d:c5:14:
                    2d:ff:ef:d2:aa:e5:a8:ba:02:bb:ca:75:cd:52:a4:
                    a3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:EA:BC:51:8F:54:C2:80:75:74:41:8C:F8:59:EF:F8:1B:77:91:B9
            X509v3 Authority Key Identifier:
                keyid:1D:5D:A9:10:9F:61:4C:7C:41:59:B3:23:1A:38:77:70:2A:6F:21:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/Guq8UY9UwoB1dEGM-Fnv-Bt3kbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/33ac0e-e19e-4c89-bdf3-706a6fc164b1/1/HV2pEJ9hTHxBWbMjGjh3cCpvIc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.75.0/24
                IPv6:
                  2001:67c:1fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:61:9e:42:5d:24:d1:99:ce:39:a2:40:bc:13:e7:da:83:02:
         d1:c2:8a:56:d9:57:17:6f:ce:1e:03:7f:f6:35:ce:a6:c1:3d:
         5c:d4:c6:c0:ef:ab:f3:c6:15:49:59:18:09:fb:5e:a1:5b:5e:
         29:c1:df:75:9d:76:e6:92:25:92:38:e5:10:fe:a6:f0:f6:8a:
         99:da:b3:8b:ef:91:a8:cb:a8:fe:eb:5a:e7:d9:cd:93:ab:bc:
         48:f6:55:8f:5e:33:06:26:c2:55:0a:fb:47:6a:0a:99:cf:ca:
         88:26:a6:45:60:90:3e:bd:53:2d:0a:94:29:71:23:9f:5d:e7:
         17:ac:60:97:f1:ca:5a:f0:70:4c:25:7c:e1:39:cf:85:0b:11:
         d6:69:a4:ff:d4:ac:39:82:e5:26:f1:93:e2:fe:f2:5c:8b:43:
         c5:bf:29:47:74:12:3c:82:54:7f:e6:79:80:4f:97:52:76:11:
         9b:5f:3a:a0:3b:ab:75:2f:ea:77:c8:e3:fb:65:0f:73:62:c6:
         2b:ed:47:2a:45:6e:18:68:3a:9b:b1:ff:70:27:f1:31:31:b0:
         5f:e7:7a:3c:79:0b:21:1f:ef:91:a5:40:97:13:81:95:b4:f8:
         65:8f:69:13:49:68:00:11:3a:12:2d:29:4d:ce:74:23:65:11:
         4f:dc:9b:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuLq571odNP2A8jy4Klp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNWRhOTEwOWY2MTRjN2M0MTU5YjMyMzFhMzg3NzcwMmE2
ZjIxY2UwHhcNMjQwMTAxMjAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWVhYmM1MThmNTRjMjgwNzU3NDQxOGNmODU5ZWZmODFiNzc5MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRubQZUgypChkYynhj1A3W66r1mO
VJZDquIGMyJwCffJvlTZ/bYULnCQjendBBfPrIU5vQfXZ+opj1NKWC35ttpQaO5v
loFgkdhAbbf3tOhdNP0TUdQFy1qoQOleZ6hMhMJ7bCaA/43F4sJkJasJp4H4ulI4
tj0bPzQXRWs13O2BRUK3bCgjaYM8hnAGEuRb0ybJCrpSC87lxOuiWuAOtAyd3D1d
IyU0PZ+ZX3S5sVNdj+3vHVYBop1/i0tFj8zJQLN4v1eGtqg0lXXEnj3z5gv2h9BZ
9UgGJS8GD9cIjzJ2SSGg4w9Hx7vafzk9xRQt/+/SquWougK7ynXNUqSjJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBrqvFGPVMKAdXRBjPhZ7/gbd5G5MB8GA1UdIwQY
MBaAFB1dqRCfYUx8QVmzIxo4d3AqbyHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFYycEVKOWhUSHhCV2JNakdqaDNjQ3B2SWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zM2FjMGUtZTE5ZS00Yzg5LWJkZjMt
NzA2YTZmYzE2NGIxLzEvR3VxOFVZOVV3b0IxZEVHTS1GbnYtQnQza2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zM2FjMGUtZTE5ZS00Yzg5LWJkZjMtNzA2YTZmYzE2NGIx
LzEvSFYycEVKOWhUSHhCV2JNakdqaDNjQ3B2SWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwS5LMA8E
AgACMAkDBwAgAQZ8AfwwDQYJKoZIhvcNAQELBQADggEBAKphnkJdJNGZzjmiQLwT
59qDAtHCilbZVxdvzh4Df/Y1zqbBPVzUxsDvq/PGFUlZGAn7XqFbXinB33WdduaS
JZI45RD+pvD2ipnas4vvkajLqP7rWufZzZOrvEj2VY9eMwYmwlUK+0dqCpnPyogm
pkVgkD69Uy0KlClxI59d5xesYJfxylrwcEwlfOE5z4ULEdZppP/UrDmC5Sbxk+L+
8lyLQ8W/KUd0EjyCVH/meYBPl1J2EZtfOqA7q3Uv6nfI4/tlD3NixivtRypFbhho
Opux/3An8TExsF/nejx5CyEf75GlQJcTgZW0+GWPaRNJaAAROhItKU3OdCNlEU/c
m4U=
-----END CERTIFICATE-----