Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/aSE_vOxaBPTwzQojgmT49BImlkc.roa
File:                     aSE_vOxaBPTwzQojgmT49BImlkc.roa (raw, json)
Hash identifier:          OIvF6XmAsffCFEWyuQeuAM2IcS4Blmxz4lQAKiXuSus=
Subject key identifier:   69:21:3F:BC:EC:5A:04:F4:F0:CD:0A:23:82:64:F8:F4:12:26:96:47
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       018CC34890838BBE4B82A530451964215335
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/aSE_vOxaBPTwzQojgmT49BImlkc.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47129
IP address blocks:        193.34.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:83:8b:be:4b:82:a5:30:45:19:64:21:53:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69213fbcec5a04f4f0cd0a238264f8f412269647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:b6:6c:ce:13:bc:c6:93:c9:06:24:2f:c0:
                    29:50:04:18:05:3a:1d:6a:0a:9a:c2:0d:e1:dd:f5:
                    b6:96:94:64:fc:7f:7f:4d:8e:80:58:65:ca:5d:2c:
                    85:cd:d5:c6:05:a5:84:3b:3a:92:e6:71:50:d6:71:
                    10:f8:bf:ff:45:2d:9b:ea:f5:aa:77:bb:b2:d1:a5:
                    35:59:46:db:8b:61:2c:bd:e1:f7:27:54:0e:1b:a2:
                    4a:5b:99:d4:09:00:a1:4e:da:a5:47:04:c1:59:51:
                    55:24:03:c8:34:4a:b3:76:9e:df:9a:d2:01:4f:6d:
                    d0:dc:0a:e3:7d:26:90:91:9f:2c:3d:c2:3b:ff:82:
                    20:8f:3c:ed:19:99:70:9d:8c:19:d8:fc:76:6a:28:
                    2b:35:58:ca:e3:78:1e:da:c2:23:2a:18:34:ce:80:
                    32:54:69:84:fb:92:d9:5a:3f:3f:ff:6b:88:49:e7:
                    1c:9f:7e:b5:2b:1a:bc:dc:93:84:5f:4e:07:47:21:
                    fe:41:15:60:0b:d5:87:6e:b7:be:f4:19:8a:df:c3:
                    8a:b7:cd:0b:3b:f9:93:63:9a:78:5c:69:cd:27:ff:
                    62:59:37:3e:a5:f1:a9:e7:26:bd:76:8a:e8:7c:a7:
                    49:f0:ff:3b:5e:e4:1a:6a:ce:04:34:bb:14:7b:ed:
                    8b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:21:3F:BC:EC:5A:04:F4:F0:CD:0A:23:82:64:F8:F4:12:26:96:47
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/aSE_vOxaBPTwzQojgmT49BImlkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:70:15:ac:72:a5:4f:99:77:9f:3f:f7:00:8b:6b:f1:1b:2c:
         79:0a:26:ee:15:67:d9:12:46:97:31:67:51:5e:18:61:9d:e9:
         4b:f3:ac:de:3a:91:ea:66:2a:e3:8d:66:bd:13:f9:a6:1d:02:
         bc:83:a9:d7:6b:47:d2:2c:8c:a5:36:29:39:7c:aa:a4:b9:c3:
         83:0c:a8:03:f9:df:f0:d8:12:37:b5:06:a1:29:58:8e:85:fe:
         88:ce:90:f5:53:69:00:8c:40:dd:c0:04:8d:c9:4c:ed:53:2e:
         46:00:17:51:79:20:87:cc:3e:48:63:1f:cf:a6:1d:1d:2d:1d:
         09:7d:ab:d5:99:9b:61:c3:df:90:bf:82:61:16:b4:4f:92:4a:
         e2:34:7d:40:b6:9c:54:15:d6:03:57:3d:bb:79:9b:73:ab:2f:
         1c:1b:93:89:f8:e3:c9:a4:de:57:d6:e3:ff:d2:49:d9:ff:3e:
         c4:39:c9:d2:f4:fb:4b:08:61:35:cf:90:a7:13:73:d0:c8:ed:
         90:b3:40:f0:f2:3a:a2:af:c0:db:91:45:c6:3a:26:ad:6a:9d:
         0e:7e:0b:8f:f8:04:72:fe:9b:fb:4a:fc:46:a7:58:ff:d9:bb:
         00:c8:cb:67:6d:82:e9:c4:ed:14:44:c9:6d:9a:34:7a:0f:bd:
         9c:5a:7b:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJCDi75LgqUwRRlkIVM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTIxM2ZiY2VjNWEwNGY0ZjBjZDBhMjM4MjY0ZjhmNDEyMjY5NjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTa2bM4TvMaTyQYkL8ApUAQYBTod
agqawg3h3fW2lpRk/H9/TY6AWGXKXSyFzdXGBaWEOzqS5nFQ1nEQ+L//RS2b6vWq
d7uy0aU1WUbbi2EsveH3J1QOG6JKW5nUCQChTtqlRwTBWVFVJAPINEqzdp7fmtIB
T23Q3ArjfSaQkZ8sPcI7/4IgjzztGZlwnYwZ2Px2aigrNVjK43ge2sIjKhg0zoAy
VGmE+5LZWj8//2uISeccn361Kxq83JOEX04HRyH+QRVgC9WHbre+9BmK38OKt80L
O/mTY5p4XGnNJ/9iWTc+pfGp5ya9dorofKdJ8P87XuQaas4ENLsUe+2LowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkhP7zsWgT08M0KI4Jk+PQSJpZHMB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvYVNFX3ZPeGFCUFR3elFvamdtVDQ5QkltbGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSJzMA0G
CSqGSIb3DQEBCwUAA4IBAQAHcBWscqVPmXefP/cAi2vxGyx5CibuFWfZEkaXMWdR
XhhhnelL86zeOpHqZirjjWa9E/mmHQK8g6nXa0fSLIylNik5fKqkucODDKgD+d/w
2BI3tQahKViOhf6IzpD1U2kAjEDdwASNyUztUy5GABdReSCHzD5IYx/Pph0dLR0J
favVmZthw9+Qv4JhFrRPkkriNH1AtpxUFdYDVz27eZtzqy8cG5OJ+OPJpN5X1uP/
0knZ/z7EOcnS9PtLCGE1z5CnE3PQyO2Qs0Dw8jqir8DbkUXGOiatap0OfguP+ARy
/pv7SvxGp1j/2bsAyMtnbYLpxO0URMltmjR6D72cWnub
-----END CERTIFICATE-----