Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/sqcYv9KmIv-yM4HE8gmdbq7mr10.roa
File:                     sqcYv9KmIv-yM4HE8gmdbq7mr10.roa (raw, json)
Hash identifier:          hqrAmWPgsmmIr++3fmHtkKaFnKTa1i5jrkH/aJtiGvw=
Subject key identifier:   B2:A7:18:BF:D2:A6:22:FF:B2:33:81:C4:F2:09:9D:6E:AE:E6:AF:5D
Certificate issuer:       /CN=0d4885a8b5a4f6b4ac0e45d11838951e94e6ef3e
Certificate serial:       018CC6B81BDCA4A16033A1AAD1E4BA3FC804
Authority key identifier: 0D:48:85:A8:B5:A4:F6:B4:AC:0E:45:D1:18:38:95:1E:94:E6:EF:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DUiFqLWk9rSsDkXRGDiVHpTm7z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/sqcYv9KmIv-yM4HE8gmdbq7mr10.roa
Signing time:             Mon 01 Jan 2024 20:30:03 +0000
ROA not before:           Mon 01 Jan 2024 20:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        193.189.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/DUiFqLWk9rSsDkXRGDiVHpTm7z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/DUiFqLWk9rSsDkXRGDiVHpTm7z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DUiFqLWk9rSsDkXRGDiVHpTm7z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:1b:dc:a4:a1:60:33:a1:aa:d1:e4:ba:3f:c8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d4885a8b5a4f6b4ac0e45d11838951e94e6ef3e
        Validity
            Not Before: Jan  1 20:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2a718bfd2a622ffb23381c4f2099d6eaee6af5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:42:08:f0:ef:3b:82:23:f5:15:58:01:a3:3c:
                    af:ed:47:31:79:27:29:94:2b:f6:59:e6:93:54:67:
                    eb:b6:8e:3b:61:21:d4:3a:62:98:79:55:f7:f6:d7:
                    8a:3f:cd:33:b1:29:60:76:02:ed:b4:cf:58:11:bc:
                    83:bf:28:c5:c8:a3:1e:f3:47:54:8b:17:1b:35:c9:
                    87:25:ea:ee:e7:22:87:54:03:b5:63:97:75:a1:2a:
                    6d:86:7d:5c:0b:a1:2d:fc:6c:5e:e1:87:b6:e3:02:
                    54:7f:0d:42:4f:3c:66:fb:bf:ae:ba:0f:5b:fb:da:
                    96:24:d2:e1:a2:29:fe:e4:89:78:b0:26:c4:5a:0b:
                    a5:e5:c6:af:8b:26:f4:e9:f8:32:28:60:70:38:f0:
                    36:bd:e4:92:9b:90:bd:99:11:ed:ae:b0:1e:51:15:
                    5e:fd:30:d1:db:35:b7:6c:04:55:e3:ba:4a:c0:82:
                    1a:af:4e:d9:6f:59:6c:6c:88:52:c3:9e:b3:31:6c:
                    b3:9c:5a:54:f7:8d:c1:7d:80:a7:a0:e2:6d:1e:59:
                    9a:18:b4:dc:b9:c8:47:6b:22:54:34:7e:2c:fa:d4:
                    c1:16:1a:50:1e:e1:5f:59:7d:bc:03:9b:36:eb:95:
                    cd:7b:20:7e:46:9d:ff:47:f6:ef:90:98:b4:6f:c0:
                    cd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:A7:18:BF:D2:A6:22:FF:B2:33:81:C4:F2:09:9D:6E:AE:E6:AF:5D
            X509v3 Authority Key Identifier:
                keyid:0D:48:85:A8:B5:A4:F6:B4:AC:0E:45:D1:18:38:95:1E:94:E6:EF:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DUiFqLWk9rSsDkXRGDiVHpTm7z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/sqcYv9KmIv-yM4HE8gmdbq7mr10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/885e4a-9c09-467e-804c-d8fb33f30452/1/DUiFqLWk9rSsDkXRGDiVHpTm7z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:13:e4:24:bb:8b:b0:03:38:d8:f0:a6:a3:94:77:f4:1d:ae:
         3d:01:c3:63:fa:b6:8c:37:92:cd:95:cb:bd:1d:f9:15:83:30:
         9e:90:aa:bf:fc:b5:76:53:f2:22:be:66:85:90:0a:4e:da:4b:
         37:54:15:26:0b:a1:6f:ec:05:84:50:fe:a3:6c:19:e5:70:c0:
         8d:cb:70:ab:38:2c:1d:77:46:c4:9c:d4:20:54:ed:2a:39:27:
         41:b9:8b:eb:f0:dd:52:98:65:eb:dd:3a:02:d8:95:b7:00:e2:
         ba:08:05:ac:09:65:1c:6c:3e:92:86:14:69:aa:73:a7:82:aa:
         e6:27:af:36:59:29:ca:76:03:46:68:a1:ec:6d:a2:06:8e:70:
         f0:f5:cf:ca:cf:2c:79:b8:1d:4b:6e:a0:19:12:e8:78:6a:db:
         6a:71:62:53:d6:bc:29:a8:0d:f6:f0:41:e9:12:c2:49:3d:99:
         12:35:c0:2d:0f:d6:45:af:d6:ce:c6:87:0e:2c:1e:20:34:08:
         11:00:e6:50:52:31:5d:f4:5f:85:f6:a8:13:e2:12:04:ca:e0:
         ab:3b:0a:9c:7e:38:6f:5d:59:0e:35:2c:6a:48:d2:47:01:49:
         e0:e6:eb:74:75:ed:e1:04:eb:7e:f9:a0:06:98:cc:c6:c7:7b:
         9c:5a:7a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuBvcpKFgM6Gq0eS6P8gEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNDg4NWE4YjVhNGY2YjRhYzBlNDVkMTE4Mzg5NTFlOTRl
NmVmM2UwHhcNMjQwMTAxMjAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmE3MThiZmQyYTYyMmZmYjIzMzgxYzRmMjA5OWQ2ZWFlZTZhZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUII8O87giP1FVgBozyv7UcxeScp
lCv2WeaTVGfrto47YSHUOmKYeVX39teKP80zsSlgdgLttM9YEbyDvyjFyKMe80dU
ixcbNcmHJeru5yKHVAO1Y5d1oSpthn1cC6Et/Gxe4Ye24wJUfw1CTzxm+7+uug9b
+9qWJNLhoin+5Il4sCbEWgul5caviyb06fgyKGBwOPA2veSSm5C9mRHtrrAeURVe
/TDR2zW3bARV47pKwIIar07Zb1lsbIhSw56zMWyznFpU943BfYCnoOJtHlmaGLTc
uchHayJUNH4s+tTBFhpQHuFfWX28A5s265XNeyB+Rp3/R/bvkJi0b8DNMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKnGL/SpiL/sjOBxPIJnW6u5q9dMB8GA1UdIwQY
MBaAFA1Ihai1pPa0rA5F0Rg4lR6U5u8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFVpRnFMV2s5clNzRGtYUkdEaVZIcFRtN3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS84ODVlNGEtOWMwOS00NjdlLTgwNGMt
ZDhmYjMzZjMwNDUyLzEvc3FjWXY5S21Jdi15TTRIRThnbWRicTdtcjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS84ODVlNGEtOWMwOS00NjdlLTgwNGMtZDhmYjMzZjMwNDUy
LzEvRFVpRnFMV2s5clNzRGtYUkdEaVZIcFRtN3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwb2JMA0G
CSqGSIb3DQEBCwUAA4IBAQA2E+Qku4uwAzjY8KajlHf0Ha49AcNj+raMN5LNlcu9
HfkVgzCekKq//LV2U/IivmaFkApO2ks3VBUmC6Fv7AWEUP6jbBnlcMCNy3CrOCwd
d0bEnNQgVO0qOSdBuYvr8N1SmGXr3ToC2JW3AOK6CAWsCWUcbD6ShhRpqnOngqrm
J682WSnKdgNGaKHsbaIGjnDw9c/Kzyx5uB1LbqAZEuh4attqcWJT1rwpqA328EHp
EsJJPZkSNcAtD9ZFr9bOxocOLB4gNAgRAOZQUjFd9F+F9qgT4hIEyuCrOwqcfjhv
XVkONSxqSNJHAUng5ut0de3hBOt++aAGmMzGx3ucWnos
-----END CERTIFICATE-----