Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/Yx5UYEtHJEqaFUEdpDqrgB3_pFg.roa
File:                     Yx5UYEtHJEqaFUEdpDqrgB3_pFg.roa (raw, json)
Hash identifier:          qr9V2xm9rgb7tzvz8iBPH3CvCpH1miAF1lNSHGh8D+Q=
Subject key identifier:   63:1E:54:60:4B:47:24:4A:9A:15:41:1D:A4:3A:AB:80:1D:FF:A4:58
Certificate issuer:       /CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
Certificate serial:       018CC7934137186ACE33BDC69E7F77788B34
Authority key identifier: 5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/Yx5UYEtHJEqaFUEdpDqrgB3_pFg.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        193.46.200.0/24 maxlen: 24
                          193.46.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:41:37:18:6a:ce:33:bd:c6:9e:7f:77:78:8b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=631e54604b47244a9a15411da43aab801dffa458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:9b:33:04:96:cc:06:a3:a8:75:14:16:04:
                    c4:01:1d:3b:fb:86:8e:ea:08:ca:2b:09:48:b2:d4:
                    ea:2c:46:5a:80:1a:6c:c7:33:7e:b9:e9:17:7d:03:
                    32:bc:86:c3:31:2e:73:19:cd:a7:af:57:b3:bc:cb:
                    79:79:b7:3c:4f:d1:93:b3:df:25:69:07:47:2f:93:
                    5d:43:ca:c5:da:d9:c4:18:cb:ff:c2:e9:f3:c2:b8:
                    fa:eb:2f:58:51:23:6e:3d:e2:15:0f:49:b9:c7:1e:
                    6e:57:c0:ce:f4:3c:59:ae:5f:07:8b:49:a5:dc:ea:
                    0d:07:b3:07:93:9d:14:24:4d:09:f7:88:df:72:b9:
                    7e:1e:78:e5:d2:2f:b9:9a:1e:b5:fa:5f:6d:e0:d8:
                    40:e8:4c:7c:ac:c8:83:5a:a5:d1:74:8f:73:84:d7:
                    51:a7:54:ab:40:72:34:fe:d9:94:50:ad:9c:6f:ad:
                    68:76:b3:d5:ff:66:58:a4:b8:c7:ce:cb:50:b9:d8:
                    3c:ca:90:7a:5f:a1:17:da:96:ba:0d:c2:81:15:92:
                    ab:32:09:49:c8:f9:ee:b9:94:bc:83:11:63:67:21:
                    b9:51:33:ec:52:67:4b:4f:9e:41:d4:fc:64:13:8f:
                    ce:e0:06:b3:93:b0:50:0b:5d:ad:ce:cd:05:95:9c:
                    ae:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:1E:54:60:4B:47:24:4A:9A:15:41:1D:A4:3A:AB:80:1D:FF:A4:58
            X509v3 Authority Key Identifier:
                keyid:5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/Yx5UYEtHJEqaFUEdpDqrgB3_pFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.0.0/24
                  193.46.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:08:4b:63:07:ad:c0:a0:0f:0f:e0:9b:8f:66:63:8d:60:ea:
         1d:72:cb:5f:fe:28:0b:da:51:e7:75:ae:1c:bd:4c:53:84:78:
         a3:d8:d8:a4:e9:3d:71:f9:44:c4:55:94:ea:dc:77:61:78:93:
         56:67:c7:1c:49:21:03:45:59:8f:42:d1:96:1f:63:5f:46:be:
         3b:28:7c:5a:b9:cd:65:e5:5a:41:24:53:a7:64:e8:13:f2:8d:
         2c:ba:b3:0e:54:66:23:5d:1b:03:da:12:7b:de:62:43:6b:d7:
         09:af:b0:18:91:b7:c4:7c:81:3c:6a:96:bc:88:8a:37:b3:1e:
         65:27:1e:3c:5e:7f:eb:82:60:a4:88:b2:c8:11:cd:10:fe:48:
         75:24:50:89:f5:13:96:14:5a:e0:ab:54:33:40:cd:da:0a:71:
         09:01:5d:31:47:08:a8:27:a4:1d:54:40:7e:6c:c7:ac:9b:c9:
         78:fe:15:4d:46:27:95:be:82:ca:34:d7:32:69:98:43:03:e0:
         cb:08:45:55:8f:c5:98:f7:bf:9b:75:3b:bf:dd:ad:51:36:47:
         48:7c:77:52:1b:48:f1:74:db:ab:72:a1:4b:32:55:fa:72:e3:
         64:ae:38:85:97:03:9e:b9:49:d3:43:b7:cf:8d:dd:7a:0e:71:
         53:d9:da:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk0E3GGrOM73Gnn93eIs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmE2MjU1ZGVkYWExYTFiNmIxN2NiOGVhOTFlMDJkNDEy
Yjg3MTgwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzFlNTQ2MDRiNDcyNDRhOWExNTQxMWRhNDNhYWI4MDFkZmZhNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU2bMwSWzAajqHUUFgTEAR07+4aO
6gjKKwlIstTqLEZagBpsxzN+uekXfQMyvIbDMS5zGc2nr1ezvMt5ebc8T9GTs98l
aQdHL5NdQ8rF2tnEGMv/wunzwrj66y9YUSNuPeIVD0m5xx5uV8DO9DxZrl8Hi0ml
3OoNB7MHk50UJE0J94jfcrl+Hnjl0i+5mh61+l9t4NhA6Ex8rMiDWqXRdI9zhNdR
p1SrQHI0/tmUUK2cb61odrPV/2ZYpLjHzstQudg8ypB6X6EX2pa6DcKBFZKrMglJ
yPnuuZS8gxFjZyG5UTPsUmdLT55B1PxkE4/O4Aazk7BQC12tzs0FlZyujQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGMeVGBLRyRKmhVBHaQ6q4Ad/6RYMB8GA1UdIwQY
MBaAFF+6YlXe2qGhtrF8uOqR4C1BK4cYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEt
NjFlNTEyYmEyNWI3LzEvWXg1VVlFdEhKRXFhRlVFZHBEcXJnQjNfcEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEtNjFlNTEyYmEyNWI3
LzEvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS4AAwQA
wS7IMA0GCSqGSIb3DQEBCwUAA4IBAQAvCEtjB63AoA8P4JuPZmONYOodcstf/igL
2lHnda4cvUxThHij2Nik6T1x+UTEVZTq3HdheJNWZ8ccSSEDRVmPQtGWH2NfRr47
KHxauc1l5VpBJFOnZOgT8o0surMOVGYjXRsD2hJ73mJDa9cJr7AYkbfEfIE8apa8
iIo3sx5lJx48Xn/rgmCkiLLIEc0Q/kh1JFCJ9ROWFFrgq1QzQM3aCnEJAV0xRwio
J6QdVEB+bMesm8l4/hVNRieVvoLKNNcyaZhDA+DLCEVVj8WY97+bdTu/3a1RNkdI
fHdSG0jxdNurcqFLMlX6cuNkrjiFlwOeuUnTQ7fPjd16DnFT2drH
-----END CERTIFICATE-----