Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/_zmnJWMCf_4aKxjl6_vglrRDKE8.roa
File:                     _zmnJWMCf_4aKxjl6_vglrRDKE8.roa (raw, json)
Hash identifier:          u6Y3m1NeHr/iI3sd6p3gVIYKio1ic5lv7aowJsJITc8=
Subject key identifier:   FF:39:A7:25:63:02:7F:FE:1A:2B:18:E5:EB:FB:E0:96:B4:43:28:4F
Certificate issuer:       /CN=1e0c47ba799a060733383b8a4db36e84b62d315d
Certificate serial:       018CC56E237F4AFEBD2C1C9EA3A44CBA6304
Authority key identifier: 1E:0C:47:BA:79:9A:06:07:33:38:3B:8A:4D:B3:6E:84:B6:2D:31:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/_zmnJWMCf_4aKxjl6_vglrRDKE8.roa
Signing time:             Mon 01 Jan 2024 14:29:38 +0000
ROA not before:           Mon 01 Jan 2024 14:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213142
IP address blocks:        193.247.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:23:7f:4a:fe:bd:2c:1c:9e:a3:a4:4c:ba:63:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e0c47ba799a060733383b8a4db36e84b62d315d
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff39a72563027ffe1a2b18e5ebfbe096b443284f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:77:17:20:dc:ff:fd:5f:b4:bf:72:6f:d2:16:
                    16:34:fa:ad:d6:80:61:94:bd:0f:04:03:c9:4a:ae:
                    62:e3:6a:9c:b6:29:6a:fb:2b:0f:9c:1a:f0:6b:b6:
                    6c:40:14:be:0d:ac:bc:76:1b:23:34:0e:cc:02:84:
                    55:0e:eb:12:8c:1d:ec:7a:03:21:39:d3:f5:de:d0:
                    14:5b:34:6b:85:16:09:cf:15:c1:f3:4f:da:84:c0:
                    f4:d7:d6:bb:4a:15:06:1f:80:f6:b6:28:f4:f5:81:
                    df:33:27:49:32:a9:bd:59:f0:2a:d5:c1:d8:e8:14:
                    c5:f3:5a:c1:ec:5f:3d:da:20:0b:53:29:dd:cc:69:
                    d3:0b:9d:b3:32:d2:f3:da:5a:3d:2d:df:2d:bb:26:
                    83:3a:ee:66:a2:52:97:66:d9:8b:c5:c1:90:d3:72:
                    59:26:99:17:fa:86:b9:21:db:8f:8e:08:5f:f9:6b:
                    fc:d2:6d:90:6f:cf:3b:86:15:c8:ab:02:63:44:5c:
                    45:d4:81:e0:f7:83:69:aa:3d:1f:1b:6b:0d:6a:ee:
                    f3:db:96:4c:46:da:10:a3:77:5b:66:9b:51:5e:e4:
                    7e:7d:0d:a7:dc:e5:aa:fd:8d:0e:8d:45:e9:31:46:
                    89:c4:05:f4:e5:40:53:50:15:5c:9c:c8:25:c8:c7:
                    dd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:39:A7:25:63:02:7F:FE:1A:2B:18:E5:EB:FB:E0:96:B4:43:28:4F
            X509v3 Authority Key Identifier:
                keyid:1E:0C:47:BA:79:9A:06:07:33:38:3B:8A:4D:B3:6E:84:B6:2D:31:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/_zmnJWMCf_4aKxjl6_vglrRDKE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:f2:82:c0:7b:03:ad:8d:75:39:0d:35:8d:64:d9:7a:42:4b:
         7e:0c:e2:a1:03:2c:4e:36:2b:ad:d5:67:da:fd:68:34:4f:ff:
         79:dc:4f:05:8d:d6:15:2f:e0:12:85:d3:57:10:66:dc:26:a4:
         bb:c0:a1:e8:96:f3:a1:53:37:49:39:d7:e0:a2:40:5d:a7:0b:
         6c:e5:3f:a8:f8:f9:4d:7e:9d:8a:23:08:ba:e0:88:52:9d:43:
         02:32:94:44:9b:6f:be:c2:48:54:b4:31:95:3a:c1:64:23:f7:
         86:f5:65:57:66:b4:bd:2e:d3:1c:60:de:fb:c7:16:47:36:2b:
         ed:f1:c5:cc:1b:5d:d5:88:30:fe:4e:3a:2d:20:a1:75:e3:21:
         5d:e6:7b:1b:93:f1:c1:8c:60:68:17:0b:e9:59:7d:66:fc:78:
         73:2b:7e:bf:3e:29:a3:a4:dd:16:88:0c:35:50:5f:ba:51:05:
         dc:da:dc:b1:e9:60:0a:13:85:16:79:5b:50:fb:6d:c5:70:ac:
         33:25:e0:b1:96:6b:77:5c:2f:90:b8:c1:26:64:1b:c6:2e:02:
         85:3f:fc:c8:86:19:19:22:a8:9e:03:97:61:84:ee:00:7b:d0:
         07:af:fd:b7:62:3f:d7:79:cc:ba:61:89:72:e4:64:c8:ef:88:
         bf:73:49:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiN/Sv69LByeo6RMumMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMGM0N2JhNzk5YTA2MDczMzM4M2I4YTRkYjM2ZTg0YjYy
ZDMxNWQwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjM5YTcyNTYzMDI3ZmZlMWEyYjE4ZTVlYmZiZTA5NmI0NDMyODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHcXINz//V+0v3Jv0hYWNPqt1oBh
lL0PBAPJSq5i42qctilq+ysPnBrwa7ZsQBS+Day8dhsjNA7MAoRVDusSjB3segMh
OdP13tAUWzRrhRYJzxXB80/ahMD019a7ShUGH4D2tij09YHfMydJMqm9WfAq1cHY
6BTF81rB7F892iALUyndzGnTC52zMtLz2lo9Ld8tuyaDOu5molKXZtmLxcGQ03JZ
JpkX+oa5IduPjghf+Wv80m2Qb887hhXIqwJjRFxF1IHg94Npqj0fG2sNau7z25ZM
RtoQo3dbZptRXuR+fQ2n3OWq/Y0OjUXpMUaJxAX05UBTUBVcnMglyMfdhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP85pyVjAn/+GisY5ev74Ja0QyhPMB8GA1UdIwQY
MBaAFB4MR7p5mgYHMzg7ik2zboS2LTFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGd4SHVubWFCZ2N6T0R1S1RiTnVoTFl0TVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lN2ZlNWEtYjYyNi00YTMyLWExY2Mt
YTMyN2I4YjU2ZWQ2LzEvX3ptbkpXTUNmXzRhS3hqbDZfdmdsclJES0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lN2ZlNWEtYjYyNi00YTMyLWExY2MtYTMyN2I4YjU2ZWQ2
LzEvSGd4SHVubWFCZ2N6T0R1S1RiTnVoTFl0TVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfdDMA0G
CSqGSIb3DQEBCwUAA4IBAQCw8oLAewOtjXU5DTWNZNl6Qkt+DOKhAyxONiut1Wfa
/Wg0T/953E8FjdYVL+AShdNXEGbcJqS7wKHolvOhUzdJOdfgokBdpwts5T+o+PlN
fp2KIwi64IhSnUMCMpREm2++wkhUtDGVOsFkI/eG9WVXZrS9LtMcYN77xxZHNivt
8cXMG13ViDD+TjotIKF14yFd5nsbk/HBjGBoFwvpWX1m/HhzK36/PimjpN0WiAw1
UF+6UQXc2tyx6WAKE4UWeVtQ+23FcKwzJeCxlmt3XC+QuMEmZBvGLgKFP/zIhhkZ
IqieA5dhhO4Ae9AHr/23Yj/Xecy6YYly5GTI74i/c0mh
-----END CERTIFICATE-----