Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/R_Lza2jrfSNLrULh7JcQaui8SEw.roa
File:                     R_Lza2jrfSNLrULh7JcQaui8SEw.roa (raw, json)
Hash identifier:          TNpTRKYXupuzHxQSBg2g/5aMkBjvKGfrKIMQqKH5Jfw=
Subject key identifier:   47:F2:F3:6B:68:EB:7D:23:4B:AD:42:E1:EC:97:10:6A:E8:BC:48:4C
Certificate issuer:       /CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
Certificate serial:       018CC725A6F72632B69AD7D201C14A71B108
Authority key identifier: 2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/R_Lza2jrfSNLrULh7JcQaui8SEw.roa
Signing time:             Mon 01 Jan 2024 22:29:42 +0000
ROA not before:           Mon 01 Jan 2024 22:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20760
IP address blocks:        193.127.0.0/16 maxlen: 24
                          193.201.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a6:f7:26:32:b6:9a:d7:d2:01:c1:4a:71:b1:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
        Validity
            Not Before: Jan  1 22:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47f2f36b68eb7d234bad42e1ec97106ae8bc484c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ca:30:30:a5:2f:69:34:12:32:19:ce:89:36:
                    5f:4a:8c:09:85:32:ef:35:e4:a0:47:6d:fd:96:39:
                    7f:ae:7f:84:28:f2:c9:48:29:b2:11:3b:ad:da:71:
                    6f:4a:7d:ba:59:ce:02:6b:43:14:1b:0b:1f:04:68:
                    0f:ae:4b:9c:82:5c:ca:94:58:54:37:f5:35:00:a9:
                    60:b7:19:ac:db:f1:af:ee:d5:60:e6:a6:6c:f1:3b:
                    9e:06:82:dc:cb:38:7e:1d:65:bc:6f:bc:b2:5e:91:
                    f5:a0:6f:9f:39:28:67:ab:12:13:40:c0:3e:4d:7b:
                    f7:95:b2:69:16:5b:11:16:a8:75:7f:12:a6:ee:d6:
                    fe:7f:a3:69:3a:6a:02:98:df:84:76:2e:f1:f0:18:
                    4f:be:8b:01:3c:1b:63:18:da:a0:82:6e:c0:ec:cb:
                    ce:3f:35:60:f3:86:0c:57:71:24:ca:21:91:77:40:
                    c5:5d:c0:96:db:a8:8d:7e:0c:0b:9f:b7:62:35:77:
                    99:17:f9:b1:39:27:82:6b:c2:1f:f7:24:e2:b2:79:
                    39:2c:08:db:62:8d:ce:5b:da:45:6d:dd:ad:e3:7d:
                    9f:28:80:bd:cc:1d:eb:db:52:bc:d7:90:6e:f5:9c:
                    d4:45:a3:ee:16:5b:c3:0b:bc:63:2f:8f:8e:0f:53:
                    7a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F2:F3:6B:68:EB:7D:23:4B:AD:42:E1:EC:97:10:6A:E8:BC:48:4C
            X509v3 Authority Key Identifier:
                keyid:2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/R_Lza2jrfSNLrULh7JcQaui8SEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.127.0.0/16
                  193.201.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e1:70:c4:23:cb:54:aa:d8:6d:ca:ba:26:66:6e:1f:f9:77:
         1a:f5:29:ee:77:44:eb:40:ab:ee:49:bd:24:49:b9:8b:b2:92:
         a4:c2:c0:43:40:dc:d6:15:c6:fc:69:17:79:61:68:84:16:33:
         99:d3:f2:7b:27:c2:c1:b5:28:cb:d9:87:19:f5:5a:3d:58:69:
         ec:ab:18:f3:e8:1f:0d:62:82:9a:1c:73:cd:84:9b:c2:da:95:
         8c:e6:18:48:6e:81:9d:76:28:47:77:b4:b0:e5:9d:d5:8b:b5:
         2d:6f:ca:a4:eb:42:f8:34:c7:e6:cf:8b:a4:e5:64:6a:9c:f5:
         d0:da:3c:a0:cc:bd:de:93:54:ca:d2:07:ad:bf:56:cb:50:c2:
         f2:02:9d:23:4e:4e:b3:e2:99:d1:a8:4c:a4:d6:e1:01:48:a2:
         79:d1:70:e7:f3:5c:bd:d8:43:1d:d8:68:20:0a:03:4f:8b:61:
         45:7e:c1:cc:f7:c9:67:4a:f5:8c:d4:b3:48:f9:17:33:e1:0e:
         2f:3e:40:e7:e5:8e:44:23:11:0d:a8:56:2b:d8:22:b7:68:c4:
         03:29:56:c1:76:e8:55:a4:e5:ab:a4:4d:4a:ef:b5:ff:61:b4:
         fe:04:13:e6:e9:c9:52:80:95:de:f6:ee:01:df:eb:ad:83:2a:
         63:5f:5a:13
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzHJab3JjK2mtfSAcFKcbEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjM2IwYWU1YjdmNzgxMTIyYzcwOWEyNjUwYWRmOTcyOTE4
N2UxZTEwHhcNMjQwMTAxMjIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2YyZjM2YjY4ZWI3ZDIzNGJhZDQyZTFlYzk3MTA2YWU4YmM0ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsowMKUvaTQSMhnOiTZfSowJhTLv
NeSgR239ljl/rn+EKPLJSCmyETut2nFvSn26Wc4Ca0MUGwsfBGgPrkucglzKlFhU
N/U1AKlgtxms2/Gv7tVg5qZs8TueBoLcyzh+HWW8b7yyXpH1oG+fOShnqxITQMA+
TXv3lbJpFlsRFqh1fxKm7tb+f6NpOmoCmN+Edi7x8BhPvosBPBtjGNqggm7A7MvO
PzVg84YMV3EkyiGRd0DFXcCW26iNfgwLn7diNXeZF/mxOSeCa8If9yTisnk5LAjb
Yo3OW9pFbd2t432fKIC9zB3r21K815Bu9ZzURaPuFlvDC7xjL4+OD1N6zQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFEfy82to630jS61C4eyXEGrovEhMMB8GA1UdIwQY
MBaAFCw7CuW394ESLHCaJlCt+XKRh+HhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEt
ZmZjY2EzZTFmMTdmLzEvUl9MemEyanJmU05MclVMaDdKY1FhdWk4U0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEtZmZjY2EzZTFmMTdm
LzEvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAwX8DBADB
yWwwDQYJKoZIhvcNAQELBQADggEBAH7hcMQjy1Sq2G3KuiZmbh/5dxr1Ke53ROtA
q+5JvSRJuYuykqTCwENA3NYVxvxpF3lhaIQWM5nT8nsnwsG1KMvZhxn1Wj1Yaeyr
GPPoHw1igpocc82Em8LalYzmGEhugZ12KEd3tLDlndWLtS1vyqTrQvg0x+bPi6Tl
ZGqc9dDaPKDMvd6TVMrSB62/VstQwvICnSNOTrPimdGoTKTW4QFIonnRcOfzXL3Y
Qx3YaCAKA0+LYUV+wcz3yWdK9YzUs0j5FzPhDi8+QOfljkQjEQ2oVivYIrdoxAMp
VsF26FWk5aukTUrvtf9htP4EE+bpyVKAld727gHf662DKmNfWhM=
-----END CERTIFICATE-----