Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/tAq3dHhGNVzX9E5zheb9qYACMZY.roa
File:                     tAq3dHhGNVzX9E5zheb9qYACMZY.roa (raw, json)
Hash identifier:          YFS8kZ7OnJ2UPUy9s6w+Qv1vtpeAIlN8yahl9L9I8T4=
Subject key identifier:   B4:0A:B7:74:78:46:35:5C:D7:F4:4E:73:85:E6:FD:A9:80:02:31:96
Certificate issuer:       /CN=d2e42a583fa251b432cfc1dca8bd341d50660b95
Certificate serial:       018CC94D501CD907601838017AD920339ADD
Authority key identifier: D2:E4:2A:58:3F:A2:51:B4:32:CF:C1:DC:A8:BD:34:1D:50:66:0B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0uQqWD-iUbQyz8HcqL00HVBmC5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/tAq3dHhGNVzX9E5zheb9qYACMZY.roa
Signing time:             Tue 02 Jan 2024 08:32:16 +0000
ROA not before:           Tue 02 Jan 2024 08:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209140
IP address blocks:        193.105.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/0uQqWD-iUbQyz8HcqL00HVBmC5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/0uQqWD-iUbQyz8HcqL00HVBmC5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0uQqWD-iUbQyz8HcqL00HVBmC5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:50:1c:d9:07:60:18:38:01:7a:d9:20:33:9a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2e42a583fa251b432cfc1dca8bd341d50660b95
        Validity
            Not Before: Jan  2 08:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b40ab7747846355cd7f44e7385e6fda980023196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:34:99:ca:3d:46:4b:70:ee:3e:c2:55:64:f9:
                    28:1c:74:58:a0:7e:ab:b8:fd:c1:5c:01:ea:72:27:
                    28:cf:d7:38:dd:e7:df:37:2f:ac:92:ec:3f:17:7d:
                    9c:23:ed:3e:5d:9a:d6:be:76:a5:83:fe:da:f9:71:
                    0c:b2:59:9d:d2:05:7d:4b:87:f0:bf:65:0f:79:ab:
                    0e:c8:52:c5:11:ed:05:2e:11:6b:01:80:0c:fe:f1:
                    6e:42:ba:1e:3d:ce:d9:ac:b4:c0:54:2e:26:72:8d:
                    eb:77:27:0f:c8:1c:b6:5b:33:03:e6:5b:2a:b3:4f:
                    87:03:00:5d:e3:0e:0e:41:33:ee:40:80:d2:2d:92:
                    c0:a9:40:82:83:6d:00:13:9f:88:af:d2:d5:66:b2:
                    44:a2:4c:eb:aa:81:19:6c:31:a8:5c:00:9c:ef:ef:
                    ed:ca:5e:79:90:a6:b1:f1:54:02:1b:d2:34:17:a4:
                    2b:78:e6:ef:6b:87:d3:e4:61:0a:fd:aa:15:67:db:
                    21:1d:11:99:f8:be:22:e8:89:15:4d:a3:20:33:d2:
                    0c:ef:70:c8:15:20:64:d4:47:f7:be:31:af:56:06:
                    a8:5d:fb:6f:ff:bd:e7:41:3f:8e:d1:2f:5b:c4:e7:
                    83:60:71:d3:aa:b2:cb:d4:a1:2b:44:22:ae:18:be:
                    30:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:0A:B7:74:78:46:35:5C:D7:F4:4E:73:85:E6:FD:A9:80:02:31:96
            X509v3 Authority Key Identifier:
                keyid:D2:E4:2A:58:3F:A2:51:B4:32:CF:C1:DC:A8:BD:34:1D:50:66:0B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0uQqWD-iUbQyz8HcqL00HVBmC5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/tAq3dHhGNVzX9E5zheb9qYACMZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/3ab7fc-baef-4a96-bdd3-fdc1dcda2961/1/0uQqWD-iUbQyz8HcqL00HVBmC5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c5:98:f5:6b:96:5a:f2:f6:13:19:d7:9e:96:00:52:f3:7e:
         52:57:8f:ff:81:ac:fe:73:ae:f0:92:97:9e:8a:59:21:57:47:
         51:24:be:3f:07:37:50:db:71:69:f9:ff:28:9c:26:e0:ee:34:
         22:bf:79:a0:3a:e5:56:67:a6:b6:0e:d4:f2:25:83:20:96:8a:
         b3:27:a0:13:b2:e8:09:06:6b:6b:fa:4a:1c:7e:65:08:e1:e6:
         30:18:b4:ae:ec:03:41:06:ad:7f:a7:b6:e1:b6:0b:f1:87:11:
         6a:49:03:42:9b:7c:04:b9:ff:cc:93:1e:49:68:4d:bb:75:d5:
         43:b5:b5:22:ed:4c:66:2b:40:29:6c:60:b9:5a:c8:38:a3:50:
         ee:c5:e7:c0:0b:61:97:83:ed:c4:03:ff:d3:ea:85:63:ae:3d:
         18:1d:40:f9:a9:b7:29:5e:bd:b1:96:dd:89:fe:96:2b:09:ba:
         96:4c:f7:1d:5e:d9:4e:cf:ad:e0:1a:4a:2e:14:68:ce:b0:73:
         66:aa:aa:12:c3:6d:0c:41:1a:a4:21:a4:54:ad:97:88:a9:99:
         16:b4:a0:9d:c1:7e:fe:37:f2:10:fe:36:58:b0:48:76:db:cf:
         79:8f:e1:64:02:31:4e:bd:5e:73:ba:74:e8:6f:9f:98:e8:7e:
         d8:24:82:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVAc2QdgGDgBetkgM5rdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZTQyYTU4M2ZhMjUxYjQzMmNmYzFkY2E4YmQzNDFkNTA2
NjBiOTUwHhcNMjQwMTAyMDgzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDBhYjc3NDc4NDYzNTVjZDdmNDRlNzM4NWU2ZmRhOTgwMDIzMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzSZyj1GS3DuPsJVZPkoHHRYoH6r
uP3BXAHqcicoz9c43effNy+skuw/F32cI+0+XZrWvnalg/7a+XEMslmd0gV9S4fw
v2UPeasOyFLFEe0FLhFrAYAM/vFuQroePc7ZrLTAVC4mco3rdycPyBy2WzMD5lsq
s0+HAwBd4w4OQTPuQIDSLZLAqUCCg20AE5+Ir9LVZrJEokzrqoEZbDGoXACc7+/t
yl55kKax8VQCG9I0F6QreObva4fT5GEK/aoVZ9shHRGZ+L4i6IkVTaMgM9IM73DI
FSBk1Ef3vjGvVgaoXftv/73nQT+O0S9bxOeDYHHTqrLL1KErRCKuGL4wUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQKt3R4RjVc1/ROc4Xm/amAAjGWMB8GA1UdIwQY
MBaAFNLkKlg/olG0Ms/B3Ki9NB1QZguVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHVRcVdELWlVYlF5ejhIY3FMMDBIVkJtQzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8zYWI3ZmMtYmFlZi00YTk2LWJkZDMt
ZmRjMWRjZGEyOTYxLzEvdEFxM2RIaEdOVnpYOUU1emhlYjlxWUFDTVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8zYWI3ZmMtYmFlZi00YTk2LWJkZDMtZmRjMWRjZGEyOTYx
LzEvMHVRcVdELWlVYlF5ejhIY3FMMDBIVkJtQzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlUMA0G
CSqGSIb3DQEBCwUAA4IBAQB8xZj1a5Za8vYTGdeelgBS835SV4//gaz+c67wkpee
ilkhV0dRJL4/BzdQ23Fp+f8onCbg7jQiv3mgOuVWZ6a2DtTyJYMgloqzJ6ATsugJ
Bmtr+kocfmUI4eYwGLSu7ANBBq1/p7bhtgvxhxFqSQNCm3wEuf/Mkx5JaE27ddVD
tbUi7UxmK0ApbGC5Wsg4o1DuxefAC2GXg+3EA//T6oVjrj0YHUD5qbcpXr2xlt2J
/pYrCbqWTPcdXtlOz63gGkouFGjOsHNmqqoSw20MQRqkIaRUrZeIqZkWtKCdwX7+
N/IQ/jZYsEh22895j+FkAjFOvV5zunTob5+Y6H7YJII2
-----END CERTIFICATE-----