Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/9U3bU46y_y3GzGlvcw0AH4iZ5nY.roa
File:                     9U3bU46y_y3GzGlvcw0AH4iZ5nY.roa (raw, json)
Hash identifier:          HMZR3s2vrQ96IojjsRDICXckx5UI5qYRyueTSI3ug8M=
Subject key identifier:   F5:4D:DB:53:8E:B2:FF:2D:C6:CC:69:6F:73:0D:00:1F:88:99:E6:76
Certificate issuer:       /CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Certificate serial:       018CC64A7B97B0490DE5474F2D8B4D159BB5
Authority key identifier: D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/9U3bU46y_y3GzGlvcw0AH4iZ5nY.roa
Signing time:             Mon 01 Jan 2024 18:30:19 +0000
ROA not before:           Mon 01 Jan 2024 18:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        193.162.44.0/24 maxlen: 32
                          2a10:f0c0::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7b:97:b0:49:0d:e5:47:4f:2d:8b:4d:15:9b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
        Validity
            Not Before: Jan  1 18:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f54ddb538eb2ff2dc6cc696f730d001f8899e676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a8:8f:d3:af:18:b9:81:8f:d3:b9:6a:3d:f5:
                    51:fa:22:54:a3:99:af:28:c9:e8:f1:32:c0:7d:4c:
                    7c:fe:95:9f:7c:a5:70:c7:e5:c1:12:72:36:f6:46:
                    bc:38:cf:2a:e8:b2:e4:1c:b5:4c:5c:0a:78:f0:c3:
                    f9:39:30:4f:80:48:ad:6f:63:1e:39:41:cd:4c:66:
                    dc:08:84:08:e7:56:c2:6a:13:92:a1:8f:36:e6:c3:
                    a2:03:8b:a2:95:3e:f1:f2:2d:eb:9d:06:8e:1b:38:
                    fd:11:00:10:f3:b5:66:0c:b5:4f:4d:58:59:a6:cc:
                    a9:3f:c0:ab:e5:7f:a3:55:74:ba:d7:64:c1:cd:55:
                    8e:8a:84:98:64:b7:88:e0:d4:93:79:8f:63:ab:be:
                    f5:3b:c8:09:24:7a:99:22:48:79:e3:56:cb:aa:c6:
                    c3:7e:2c:8d:b6:00:64:ad:7b:0f:0a:bb:b5:0c:3e:
                    d3:ba:0e:ef:c7:97:23:e6:4c:22:ce:0d:0a:d5:e8:
                    0e:15:c6:22:f6:d7:71:0f:f8:81:2e:44:5e:90:13:
                    7e:52:cf:16:cb:0f:e2:b7:0e:9d:7e:2f:c9:1c:ff:
                    d1:ec:d1:6a:d3:56:fe:a2:78:bc:39:1d:70:48:4c:
                    99:3c:ca:6e:c3:5b:15:65:55:71:cd:4d:f7:3e:ef:
                    98:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4D:DB:53:8E:B2:FF:2D:C6:CC:69:6F:73:0D:00:1F:88:99:E6:76
            X509v3 Authority Key Identifier:
                keyid:D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/9U3bU46y_y3GzGlvcw0AH4iZ5nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.44.0/24
                IPv6:
                  2a10:f0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:16:2f:72:28:36:a2:bf:c5:f2:14:a0:fb:20:14:52:35:e8:
         bd:06:3e:54:23:db:74:9c:49:13:3a:fd:6b:9e:8c:f9:70:cc:
         9d:2c:d3:03:1d:8f:11:2d:70:62:cd:dd:2d:34:e4:d5:ec:5b:
         e2:90:b3:f7:2a:c1:c4:aa:a0:34:4e:d4:99:72:69:cc:b0:09:
         1d:6d:65:bd:00:fc:2d:42:d3:60:13:6c:76:f3:c5:93:72:d2:
         a1:69:73:e9:f8:c4:ee:60:db:09:9f:0e:29:72:ee:e8:a3:e0:
         0d:d0:9b:85:6b:9d:56:a7:b6:e1:5e:5e:95:0b:ec:9f:e1:22:
         09:d0:57:4b:ac:f3:ab:27:c0:1f:41:e9:ba:40:87:d9:33:4f:
         21:da:99:3f:c5:3e:a6:5c:39:a0:88:ca:b9:d9:c8:74:4f:ca:
         70:fe:fd:10:27:23:19:57:4e:5a:6c:d0:48:65:57:fd:07:01:
         10:7a:40:4c:1c:57:bb:ad:ee:e2:e6:6a:0b:9c:8d:21:ab:2d:
         6f:09:56:8b:f8:bb:15:04:6c:5f:c6:55:3b:9c:aa:d7:c0:0a:
         9e:35:4f:2f:7a:1c:51:20:70:89:2d:92:87:13:f6:91:0b:3f:
         7f:3c:ad:d2:37:0a:44:8b:39:ff:f7:f3:f4:82:65:e2:79:8f:
         4d:19:c1:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSnuXsEkN5UdPLYtNFZu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDA3OWJiNzA3MGVkMGVlZWEzYTFhNDY3Yzc5NDYyYmNj
NTQ1NWYwHhcNMjQwMTAxMTgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRkZGI1MzhlYjJmZjJkYzZjYzY5NmY3MzBkMDAxZjg4OTllNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqiP068YuYGP07lqPfVR+iJUo5mv
KMno8TLAfUx8/pWffKVwx+XBEnI29ka8OM8q6LLkHLVMXAp48MP5OTBPgEitb2Me
OUHNTGbcCIQI51bCahOSoY825sOiA4uilT7x8i3rnQaOGzj9EQAQ87VmDLVPTVhZ
psypP8Cr5X+jVXS612TBzVWOioSYZLeI4NSTeY9jq771O8gJJHqZIkh541bLqsbD
fiyNtgBkrXsPCru1DD7Tug7vx5cj5kwizg0K1egOFcYi9tdxD/iBLkRekBN+Us8W
yw/itw6dfi/JHP/R7NFq01b+oni8OR1wSEyZPMpuw1sVZVVxzU33Pu+YVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPVN21OOsv8txsxpb3MNAB+ImeZ2MB8GA1UdIwQY
MBaAFNBAebtwcO0O7qOhpGfHlGK8xUVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTkt
NjIwOThkMWVjMWU2LzEvOVUzYlU0NnlfeTNHekdsdmN3MEFINGlaNW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTktNjIwOThkMWVjMWU2
LzEvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaIsMA0E
AgACMAcDBQMqEPDAMA0GCSqGSIb3DQEBCwUAA4IBAQAeFi9yKDaiv8XyFKD7IBRS
Nei9Bj5UI9t0nEkTOv1rnoz5cMydLNMDHY8RLXBizd0tNOTV7FvikLP3KsHEqqA0
TtSZcmnMsAkdbWW9APwtQtNgE2x288WTctKhaXPp+MTuYNsJnw4pcu7oo+AN0JuF
a51Wp7bhXl6VC+yf4SIJ0FdLrPOrJ8AfQem6QIfZM08h2pk/xT6mXDmgiMq52ch0
T8pw/v0QJyMZV05abNBIZVf9BwEQekBMHFe7re7i5moLnI0hqy1vCVaL+LsVBGxf
xlU7nKrXwAqeNU8vehxRIHCJLZKHE/aRCz9/PK3SNwpEizn/9/P0gmXieY9NGcFB
-----END CERTIFICATE-----