Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/guBY5axYg6fQaqviS0rbcHGzcm0.roa
File:                     guBY5axYg6fQaqviS0rbcHGzcm0.roa (raw, json)
Hash identifier:          RG9zrPmkYfp0eq4Y/LDfyKXSYM0KVej4LePIS3gFDkI=
Subject key identifier:   82:E0:58:E5:AC:58:83:A7:D0:6A:AB:E2:4B:4A:DB:70:71:B3:72:6D
Certificate issuer:       /CN=a3b85fe2b2c26991b1f31c66fc67ac0c8a109746
Certificate serial:       018CC3492D7446B7823F78C8E596693945DA
Authority key identifier: A3:B8:5F:E2:B2:C2:69:91:B1:F3:1C:66:FC:67:AC:0C:8A:10:97:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o7hf4rLCaZGx8xxm_GesDIoQl0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/guBY5axYg6fQaqviS0rbcHGzcm0.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39048
IP address blocks:        193.176.93.0/24 maxlen: 24
                          193.176.92.0/24 maxlen: 24
                          193.176.95.0/24 maxlen: 24
                          193.176.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/o7hf4rLCaZGx8xxm_GesDIoQl0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/o7hf4rLCaZGx8xxm_GesDIoQl0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o7hf4rLCaZGx8xxm_GesDIoQl0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2d:74:46:b7:82:3f:78:c8:e5:96:69:39:45:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3b85fe2b2c26991b1f31c66fc67ac0c8a109746
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e058e5ac5883a7d06aabe24b4adb7071b3726d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:54:b1:df:aa:68:d8:c4:13:fd:f7:6f:b0:bf:
                    ba:a6:e3:12:94:ac:3a:9b:2e:33:2d:97:f4:bd:cb:
                    50:68:f2:fd:d3:b9:ff:48:f5:70:aa:34:60:c8:76:
                    c5:54:af:58:7d:d2:d2:d4:36:ab:59:ce:99:9b:cb:
                    28:2d:57:f5:39:f0:ca:8b:48:93:77:73:de:a5:d6:
                    7a:36:68:d9:e7:7e:a2:c2:c4:c5:4a:88:6f:a5:4f:
                    ec:79:3d:86:96:19:ad:e7:2c:c5:84:ed:21:b0:39:
                    d0:fb:f5:3a:83:40:3a:5c:3f:33:6b:5c:da:32:53:
                    56:1a:f6:f4:63:58:2d:96:8e:ba:be:f2:4a:db:3a:
                    b1:46:36:9c:91:94:d3:bd:c9:ae:87:a9:49:43:cb:
                    d4:48:50:86:d1:d0:6e:92:e5:75:17:05:20:25:96:
                    d6:e5:45:ba:29:87:17:01:66:9c:9f:05:e3:25:72:
                    b4:06:13:7a:41:da:1e:a0:d7:25:01:84:19:4e:22:
                    62:86:5a:cd:cf:4b:44:e5:eb:de:fd:52:7b:f7:c5:
                    31:1e:ec:f4:8d:88:7c:0b:72:ff:e6:b9:0a:69:64:
                    4a:5d:ae:b3:ff:d8:66:5c:98:01:35:d8:f6:f8:4b:
                    9e:fd:5a:0a:04:23:1b:1a:32:94:4f:d2:f7:69:b2:
                    ce:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E0:58:E5:AC:58:83:A7:D0:6A:AB:E2:4B:4A:DB:70:71:B3:72:6D
            X509v3 Authority Key Identifier:
                keyid:A3:B8:5F:E2:B2:C2:69:91:B1:F3:1C:66:FC:67:AC:0C:8A:10:97:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o7hf4rLCaZGx8xxm_GesDIoQl0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/guBY5axYg6fQaqviS0rbcHGzcm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e99082-659e-49e2-ad91-76bb71eb0a5a/1/o7hf4rLCaZGx8xxm_GesDIoQl0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:95:cd:03:1f:d9:3b:f8:7b:65:8d:cb:c9:32:f1:8d:d8:4b:
         a5:19:11:79:4b:e9:37:aa:13:66:f0:8c:8b:64:aa:80:ba:74:
         32:a7:5a:56:ac:12:cd:48:e9:a0:68:f0:bb:9b:79:c1:8e:4f:
         89:31:94:9d:6f:2a:f8:60:c1:68:2d:6d:5a:68:06:0c:a0:88:
         5b:62:3e:a3:1f:9e:73:5a:49:2b:83:38:bb:10:57:7b:76:20:
         f8:3f:47:7c:1f:91:5f:78:36:a5:c8:d6:9a:02:4f:6e:5c:67:
         0d:6d:07:05:52:0a:a5:90:d8:d3:83:19:62:82:dd:70:1d:45:
         82:08:83:77:95:01:3e:03:82:97:fe:59:bd:17:13:5a:96:18:
         b8:55:4c:74:a3:29:d6:39:9a:14:84:c8:fc:78:0c:ad:9e:1d:
         b5:a9:a3:5f:56:fe:6e:96:fb:a7:1e:28:73:59:2b:30:15:9c:
         50:0d:b5:d9:91:63:2f:ae:f8:d1:a1:23:25:88:d4:2c:ab:3d:
         6b:76:18:53:e9:21:c4:68:10:3d:b7:8b:10:cb:e8:4b:59:45:
         91:42:c9:dd:8b:2e:f4:1f:6f:ab:f5:6d:31:c7:6e:69:12:29:
         8a:f1:86:4e:a3:03:e0:9c:bb:9a:9a:47:28:78:0a:cd:4c:63:
         16:e9:48:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSS10RreCP3jI5ZZpOUXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYjg1ZmUyYjJjMjY5OTFiMWYzMWM2NmZjNjdhYzBjOGEx
MDk3NDYwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmUwNThlNWFjNTg4M2E3ZDA2YWFiZTI0YjRhZGI3MDcxYjM3MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1Sx36po2MQT/fdvsL+6puMSlKw6
my4zLZf0vctQaPL907n/SPVwqjRgyHbFVK9YfdLS1DarWc6Zm8soLVf1OfDKi0iT
d3PepdZ6NmjZ536iwsTFSohvpU/seT2Glhmt5yzFhO0hsDnQ+/U6g0A6XD8za1za
MlNWGvb0Y1gtlo66vvJK2zqxRjackZTTvcmuh6lJQ8vUSFCG0dBukuV1FwUgJZbW
5UW6KYcXAWacnwXjJXK0BhN6QdoeoNclAYQZTiJihlrNz0tE5eve/VJ798UxHuz0
jYh8C3L/5rkKaWRKXa6z/9hmXJgBNdj2+Eue/VoKBCMbGjKUT9L3abLOuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILgWOWsWIOn0Gqr4ktK23Bxs3JtMB8GA1UdIwQY
MBaAFKO4X+KywmmRsfMcZvxnrAyKEJdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzdoZjRyTENhWkd4OHh4bV9HZXNESW9RbDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lOTkwODItNjU5ZS00OWUyLWFkOTEt
NzZiYjcxZWIwYTVhLzEvZ3VCWTVheFlnNmZRYXF2aVMwcmJjSEd6Y20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lOTkwODItNjU5ZS00OWUyLWFkOTEtNzZiYjcxZWIwYTVh
LzEvbzdoZjRyTENhWkd4OHh4bV9HZXNESW9RbDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbBcMA0G
CSqGSIb3DQEBCwUAA4IBAQBwlc0DH9k7+HtljcvJMvGN2EulGRF5S+k3qhNm8IyL
ZKqAunQyp1pWrBLNSOmgaPC7m3nBjk+JMZSdbyr4YMFoLW1aaAYMoIhbYj6jH55z
Wkkrgzi7EFd7diD4P0d8H5FfeDalyNaaAk9uXGcNbQcFUgqlkNjTgxligt1wHUWC
CIN3lQE+A4KX/lm9FxNalhi4VUx0oynWOZoUhMj8eAytnh21qaNfVv5ulvunHihz
WSswFZxQDbXZkWMvrvjRoSMliNQsqz1rdhhT6SHEaBA9t4sQy+hLWUWRQsndiy70
H2+r9W0xx25pEimK8YZOowPgnLuamkcoeArNTGMW6UhN
-----END CERTIFICATE-----