Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/miN0wcqDDpDpodQWsXjiXQH4fNU.roa
File:                     miN0wcqDDpDpodQWsXjiXQH4fNU.roa (raw, json)
Hash identifier:          4V/k8OEZQFOqJiX8C4tItiKx5FuDUBvUAhyxaYpcwa0=
Subject key identifier:   9A:23:74:C1:CA:83:0E:90:E9:A1:D4:16:B1:78:E2:5D:01:F8:7C:D5
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B726170EC93D0DD59F111E0202FCD8
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/miN0wcqDDpDpodQWsXjiXQH4fNU.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        193.253.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:26:17:0e:c9:3d:0d:d5:9f:11:1e:02:02:fc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a2374c1ca830e90e9a1d416b178e25d01f87cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:40:fe:04:b6:7d:c8:31:5d:ec:da:a8:8b:8d:
                    e8:b7:a6:de:19:2c:bf:a9:92:27:9c:1a:72:c4:6e:
                    f4:e2:fc:7c:e8:82:18:22:34:02:81:a4:cb:0a:ed:
                    fc:40:8e:89:a8:d4:44:b2:88:71:03:65:a6:eb:8f:
                    fd:35:ce:ee:1f:c3:5a:d3:89:f1:35:6a:64:47:39:
                    19:63:64:90:23:4e:d0:77:fb:9a:e1:9a:d1:6a:91:
                    1c:40:c1:d6:22:39:26:fc:f7:fb:5b:78:b3:84:cd:
                    5c:cd:a5:b3:0f:4f:d3:aa:36:6a:5e:0f:12:7a:10:
                    89:90:8d:07:a3:bf:c1:49:dc:7c:ee:80:00:b5:71:
                    5e:c1:1d:62:4e:3a:3f:01:39:6b:60:46:f9:c9:38:
                    7a:ae:fc:16:b4:53:31:c2:ef:f2:2d:36:af:8f:d5:
                    c3:8a:ff:54:12:15:89:31:0c:2e:62:0a:b4:4f:f0:
                    24:db:f5:ad:17:7d:fb:53:3e:4f:d5:90:33:c9:c4:
                    8b:fe:c9:8e:70:ac:d0:b5:23:11:24:87:6b:e9:26:
                    82:98:bc:30:ab:e4:c1:c8:a7:a8:ff:b2:1d:32:7b:
                    e2:33:4a:70:cd:38:13:52:5e:53:1a:40:da:0f:49:
                    b9:e5:7c:e6:24:4a:ca:0e:97:0b:58:40:06:c4:0c:
                    70:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:23:74:C1:CA:83:0E:90:E9:A1:D4:16:B1:78:E2:5D:01:F8:7C:D5
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/miN0wcqDDpDpodQWsXjiXQH4fNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.253.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:f5:be:38:89:e9:20:20:3d:21:19:c7:79:12:c7:ab:34:dc:
         ab:2e:df:82:3c:ef:97:14:76:87:03:33:09:29:a8:02:62:6e:
         af:3e:1b:33:61:c7:11:20:ac:ee:52:3f:33:48:7b:f8:ec:57:
         c2:40:cb:4f:c2:70:dc:44:ef:38:81:26:f9:54:3d:29:07:af:
         e0:29:cc:cb:7b:0b:1e:cf:be:b6:75:b5:79:ea:f1:94:ab:77:
         7b:34:bd:f9:cb:c8:5b:35:7b:2f:ce:da:71:3e:8e:f6:fd:02:
         79:22:ef:97:68:56:b9:b2:5a:16:04:90:e9:ec:d1:ab:e2:5b:
         f3:96:b2:0e:db:79:92:c3:bb:a6:a9:63:60:5c:5c:f6:42:bc:
         28:ee:0d:a3:19:0b:c3:25:7c:4d:c6:25:16:5a:63:60:b8:a3:
         51:1b:35:18:96:f0:fc:67:76:8a:d8:b3:07:44:31:f2:2a:fb:
         06:02:c7:73:92:a2:93:ea:9e:eb:6a:67:6b:54:bf:a3:e0:e1:
         d8:69:66:b0:53:d5:58:6d:89:28:ea:23:32:2c:2a:73:8f:a2:
         6a:8e:96:63:fc:fe:2f:38:bb:43:e7:7b:cd:6a:df:79:10:53:
         a9:8a:6d:0b:60:10:3d:95:eb:9e:b8:f7:9b:ae:e6:c2:52:08:
         3a:24:73:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyYXDsk9DdWfER4CAvzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTIzNzRjMWNhODMwZTkwZTlhMWQ0MTZiMTc4ZTI1ZDAxZjg3Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0D+BLZ9yDFd7Nqoi43ot6beGSy/
qZInnBpyxG704vx86IIYIjQCgaTLCu38QI6JqNREsohxA2Wm64/9Nc7uH8Na04nx
NWpkRzkZY2SQI07Qd/ua4ZrRapEcQMHWIjkm/Pf7W3izhM1czaWzD0/TqjZqXg8S
ehCJkI0Ho7/BSdx87oAAtXFewR1iTjo/ATlrYEb5yTh6rvwWtFMxwu/yLTavj9XD
iv9UEhWJMQwuYgq0T/Ak2/WtF337Uz5P1ZAzycSL/smOcKzQtSMRJIdr6SaCmLww
q+TByKeo/7IdMnviM0pwzTgTUl5TGkDaD0m55XzmJErKDpcLWEAGxAxwqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJojdMHKgw6Q6aHUFrF44l0B+HzVMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvbWlOMHdjcUREcERwb2RRV3NYamlYUUg0Zk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwf2VMA0G
CSqGSIb3DQEBCwUAA4IBAQCt9b44iekgID0hGcd5EserNNyrLt+CPO+XFHaHAzMJ
KagCYm6vPhszYccRIKzuUj8zSHv47FfCQMtPwnDcRO84gSb5VD0pB6/gKczLewse
z762dbV56vGUq3d7NL35y8hbNXsvztpxPo72/QJ5Iu+XaFa5sloWBJDp7NGr4lvz
lrIO23mSw7umqWNgXFz2Qrwo7g2jGQvDJXxNxiUWWmNguKNRGzUYlvD8Z3aK2LMH
RDHyKvsGAsdzkqKT6p7ramdrVL+j4OHYaWawU9VYbYko6iMyLCpzj6JqjpZj/P4v
OLtD53vNat95EFOpim0LYBA9leueuPebrubCUgg6JHMs
-----END CERTIFICATE-----