Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/sfEwbrddR6oD0l9OIi15DQe2XQg.roa
File:                     sfEwbrddR6oD0l9OIi15DQe2XQg.roa (raw, json)
Hash identifier:          F9q9mpzCnOpHJyZ0qY3KZAZXb5gR6NlTQ4eGPnGPZOI=
Subject key identifier:   B1:F1:30:6E:B7:5D:47:AA:03:D2:5F:4E:22:2D:79:0D:07:B6:5D:08
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B739B898C72741BB28D03A129393E6
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/sfEwbrddR6oD0l9OIi15DQe2XQg.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41951
IP address blocks:        193.252.16.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:39:b8:98:c7:27:41:bb:28:d0:3a:12:93:93:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f1306eb75d47aa03d25f4e222d790d07b65d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d2:e1:63:02:e2:99:44:d4:57:f0:bc:74:1d:
                    2c:9e:36:f0:db:2b:58:ef:f3:9a:c3:50:65:d5:9a:
                    72:f3:ce:42:5c:f8:d1:bf:aa:be:24:29:4a:0b:2b:
                    02:a7:ef:f7:90:b2:2d:77:8a:6d:81:de:5a:31:3e:
                    ae:c4:64:e4:b4:3d:47:13:fb:68:70:da:40:cb:07:
                    12:57:1c:ed:01:a8:a6:39:75:3f:f1:b0:0f:48:d6:
                    bc:83:2a:46:c1:cf:58:e0:34:35:b1:80:99:fa:fe:
                    8e:15:bd:53:e9:2a:a1:36:6d:52:87:b6:f1:f7:62:
                    3d:c0:f7:7e:d5:40:27:ef:e6:69:f0:63:29:74:5a:
                    d2:68:94:88:af:26:89:b5:39:d5:a5:d2:82:e4:3c:
                    08:59:d2:be:97:6e:69:77:06:dd:67:8b:03:c8:de:
                    ec:fe:c7:3b:5f:55:4a:25:8f:e0:d3:2e:8f:ea:56:
                    79:c8:ce:a3:e0:30:a3:4b:7e:e4:90:b3:56:bf:82:
                    38:af:01:e1:3a:9c:a3:a5:e9:60:92:c8:dc:e1:23:
                    45:cc:88:67:42:de:e0:f6:7b:4c:94:08:74:df:73:
                    45:d0:4d:8c:39:ae:ae:15:cc:d4:6e:6e:23:68:a9:
                    08:7b:3f:cb:bf:b7:f5:48:8b:df:22:d2:bd:9f:b1:
                    c6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F1:30:6E:B7:5D:47:AA:03:D2:5F:4E:22:2D:79:0D:07:B6:5D:08
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/sfEwbrddR6oD0l9OIi15DQe2XQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.252.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:80:01:c0:06:37:ed:4e:2e:b0:1f:dd:0d:14:f9:38:06:e4:
         54:fb:6f:47:99:bf:1e:21:5f:fc:27:9d:82:e9:6e:d2:ed:ae:
         e5:dd:f1:c6:11:d0:ce:1d:40:10:f4:03:51:9c:20:31:b5:cb:
         93:79:12:19:0d:e6:3a:46:42:6c:53:51:1f:52:aa:30:16:32:
         d4:22:16:12:50:93:df:c1:a2:4c:9c:06:c0:5b:56:6f:b3:ca:
         c9:fc:3e:d2:8a:91:9d:a0:1d:dc:a4:f1:da:3c:6b:b7:98:11:
         ef:e9:a5:22:fb:93:36:2b:f8:f9:12:4e:fb:cc:29:fb:16:61:
         44:f9:5e:02:14:69:5c:eb:c0:c7:74:28:ef:36:08:5f:16:5a:
         8d:3e:a5:47:cb:dc:94:79:1a:2f:77:58:04:f3:96:c3:96:9b:
         fb:80:6a:b0:08:19:00:f9:b4:8d:00:29:4b:22:fd:ea:44:94:
         7d:a2:8c:d0:be:94:6b:38:87:72:12:78:0d:d5:56:e9:8c:03:
         f6:52:e6:39:41:b6:bb:bf:af:e4:8d:eb:d5:0b:14:d7:46:eb:
         c3:a1:46:9e:cf:18:44:fa:dd:a1:1a:51:3b:01:3f:18:91:d2:
         10:d6:d9:4f:be:3e:f4:f9:bb:fc:aa:d8:a2:22:23:5b:d4:76:
         7e:48:f7:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzm4mMcnQbso0DoSk5PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYxMzA2ZWI3NWQ0N2FhMDNkMjVmNGUyMjJkNzkwZDA3YjY1ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtLhYwLimUTUV/C8dB0snjbw2ytY
7/Oaw1Bl1Zpy885CXPjRv6q+JClKCysCp+/3kLItd4ptgd5aMT6uxGTktD1HE/to
cNpAywcSVxztAaimOXU/8bAPSNa8gypGwc9Y4DQ1sYCZ+v6OFb1T6SqhNm1Sh7bx
92I9wPd+1UAn7+Zp8GMpdFrSaJSIryaJtTnVpdKC5DwIWdK+l25pdwbdZ4sDyN7s
/sc7X1VKJY/g0y6P6lZ5yM6j4DCjS37kkLNWv4I4rwHhOpyjpelgksjc4SNFzIhn
Qt7g9ntMlAh033NF0E2MOa6uFczUbm4jaKkIez/Lv7f1SIvfItK9n7HGxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHxMG63XUeqA9JfTiIteQ0Htl0IMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvc2ZFd2JyZGRSNm9EMGw5T0lpMTVEUWUyWFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfwQMA0G
CSqGSIb3DQEBCwUAA4IBAQAzgAHABjftTi6wH90NFPk4BuRU+29Hmb8eIV/8J52C
6W7S7a7l3fHGEdDOHUAQ9ANRnCAxtcuTeRIZDeY6RkJsU1EfUqowFjLUIhYSUJPf
waJMnAbAW1Zvs8rJ/D7SipGdoB3cpPHaPGu3mBHv6aUi+5M2K/j5Ek77zCn7FmFE
+V4CFGlc68DHdCjvNghfFlqNPqVHy9yUeRovd1gE85bDlpv7gGqwCBkA+bSNAClL
Iv3qRJR9oozQvpRrOIdyEngN1VbpjAP2UuY5Qba7v6/kjevVCxTXRuvDoUaezxhE
+t2hGlE7AT8YkdIQ1tlPvj70+bv8qtiiIiNb1HZ+SPcD
-----END CERTIFICATE-----