Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/slMYV_iuygfwaFofkVtIE29eMFQ.roa
File:                     slMYV_iuygfwaFofkVtIE29eMFQ.roa (raw, json)
Hash identifier:          UqX92FjwjzJm77Xm3Ngtw3EOY5ousIaS4eI/mpGzQ5o=
Subject key identifier:   B2:53:18:57:F8:AE:CA:07:F0:68:5A:1F:91:5B:48:13:6F:5E:30:54
Certificate issuer:       /CN=9aac0da35100668060d30f173d6102e182d1b9ea
Certificate serial:       018CC3B6F2D035A5BD60362B7A9B8269B6DE
Authority key identifier: 9A:AC:0D:A3:51:00:66:80:60:D3:0F:17:3D:61:02:E1:82:D1:B9:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mqwNo1EAZoBg0w8XPWEC4YLRueo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/slMYV_iuygfwaFofkVtIE29eMFQ.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43430
IP address blocks:        193.46.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/mqwNo1EAZoBg0w8XPWEC4YLRueo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/mqwNo1EAZoBg0w8XPWEC4YLRueo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mqwNo1EAZoBg0w8XPWEC4YLRueo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f2:d0:35:a5:bd:60:36:2b:7a:9b:82:69:b6:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aac0da35100668060d30f173d6102e182d1b9ea
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2531857f8aeca07f0685a1f915b48136f5e3054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:31:7d:86:1d:5a:ef:4d:76:07:e3:91:7f:5d:
                    ec:80:05:8d:f3:3f:0f:df:6c:e8:dc:77:64:b5:8a:
                    2a:1d:28:33:28:48:82:87:c0:60:dd:85:b3:3a:bc:
                    10:b2:28:ae:20:b0:a8:65:c9:3b:33:1a:f8:1f:5c:
                    b9:8e:f5:0c:7c:f9:7e:33:1d:e4:b4:76:60:73:e3:
                    d4:12:43:47:f1:92:4a:04:5d:5a:a0:ed:1e:fe:33:
                    6e:94:c9:a6:6c:bc:b1:bd:15:15:c0:bc:7b:7a:a6:
                    c6:e1:b3:0d:61:1e:63:4d:8b:07:24:8b:50:d1:10:
                    48:f7:7f:7d:1e:d9:50:40:02:c0:70:9e:23:fa:5c:
                    bd:13:c2:5d:a7:0e:9d:a6:67:5a:2c:ba:8c:07:7e:
                    81:7a:08:6a:02:49:5a:fe:0b:51:67:26:1d:f6:b2:
                    97:94:38:8f:93:e6:b3:32:23:dd:50:a8:e7:e7:db:
                    18:73:a7:1e:c6:32:6c:48:8d:0e:45:e0:75:3a:c0:
                    17:68:88:dc:20:a2:af:c5:21:74:13:7a:7c:22:30:
                    f0:9e:2a:19:c7:79:8a:60:5a:de:8c:2a:ea:bc:52:
                    63:de:6f:09:16:3e:c9:3c:0c:72:1d:af:ed:b2:f5:
                    97:86:a0:a4:40:db:ed:e4:6b:96:8a:28:55:46:b7:
                    ea:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:53:18:57:F8:AE:CA:07:F0:68:5A:1F:91:5B:48:13:6F:5E:30:54
            X509v3 Authority Key Identifier:
                keyid:9A:AC:0D:A3:51:00:66:80:60:D3:0F:17:3D:61:02:E1:82:D1:B9:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mqwNo1EAZoBg0w8XPWEC4YLRueo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/slMYV_iuygfwaFofkVtIE29eMFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/32828b-0271-462c-a7ae-51b107dc9f39/1/mqwNo1EAZoBg0w8XPWEC4YLRueo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ed:50:d9:b0:74:2e:4d:38:83:85:2c:16:4b:f7:dc:6d:d5:
         59:d2:62:e9:a5:38:4d:34:55:a7:c4:11:97:da:6a:ec:12:f0:
         2a:a2:17:a5:03:25:cc:93:97:df:f3:60:5b:cb:77:b0:5f:7e:
         52:ab:24:f5:6f:5c:bb:fc:ba:70:f0:44:6c:fa:71:0c:35:f2:
         97:12:74:1d:38:7d:c5:3a:28:83:0e:7a:16:60:59:97:ba:ce:
         6e:ae:e4:90:de:a4:eb:32:ff:45:09:16:6f:8b:d1:d4:64:40:
         c7:cf:de:83:52:90:72:07:6d:e3:46:0c:a3:19:08:53:3b:bb:
         3b:13:cc:4c:0e:10:99:11:b0:2d:46:7c:fd:eb:70:9f:35:b6:
         36:0d:af:ee:95:4b:02:07:b8:f7:7a:d6:2d:42:97:d9:f9:63:
         2e:f9:c1:42:11:e1:55:28:d9:ec:5b:bc:eb:e0:dc:51:b7:fb:
         45:09:d2:fd:1f:58:7d:4c:f8:91:f5:11:bc:e2:38:63:16:03:
         c4:7d:a3:f3:10:80:b7:71:22:85:20:61:f5:b3:cb:cf:05:e6:
         a4:b9:5f:4c:66:c1:59:4d:33:69:53:81:cf:3a:28:ce:55:21:
         3d:25:e6:f1:d8:27:d5:52:b3:19:46:3b:a1:07:6a:7e:1b:db:
         cb:4c:05:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvLQNaW9YDYrepuCabbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhYWMwZGEzNTEwMDY2ODA2MGQzMGYxNzNkNjEwMmUxODJk
MWI5ZWEwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjUzMTg1N2Y4YWVjYTA3ZjA2ODVhMWY5MTViNDgxMzZmNWUzMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TF9hh1a7012B+ORf13sgAWN8z8P
32zo3HdktYoqHSgzKEiCh8Bg3YWzOrwQsiiuILCoZck7Mxr4H1y5jvUMfPl+Mx3k
tHZgc+PUEkNH8ZJKBF1aoO0e/jNulMmmbLyxvRUVwLx7eqbG4bMNYR5jTYsHJItQ
0RBI9399HtlQQALAcJ4j+ly9E8Jdpw6dpmdaLLqMB36BeghqAkla/gtRZyYd9rKX
lDiPk+azMiPdUKjn59sYc6cexjJsSI0OReB1OsAXaIjcIKKvxSF0E3p8IjDwnioZ
x3mKYFrejCrqvFJj3m8JFj7JPAxyHa/tsvWXhqCkQNvt5GuWiihVRrfqwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJTGFf4rsoH8GhaH5FbSBNvXjBUMB8GA1UdIwQY
MBaAFJqsDaNRAGaAYNMPFz1hAuGC0bnqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXF3Tm8xRUFab0JnMHc4WFBXRUM0WUxSdWVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8zMjgyOGItMDI3MS00NjJjLWE3YWUt
NTFiMTA3ZGM5ZjM5LzEvc2xNWVZfaXV5Z2Z3YUZvZmtWdElFMjllTUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8zMjgyOGItMDI3MS00NjJjLWE3YWUtNTFiMTA3ZGM5ZjM5
LzEvbXF3Tm8xRUFab0JnMHc4WFBXRUM0WUxSdWVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5HMA0G
CSqGSIb3DQEBCwUAA4IBAQCY7VDZsHQuTTiDhSwWS/fcbdVZ0mLppThNNFWnxBGX
2mrsEvAqohelAyXMk5ff82Bby3ewX35SqyT1b1y7/Lpw8ERs+nEMNfKXEnQdOH3F
OiiDDnoWYFmXus5uruSQ3qTrMv9FCRZvi9HUZEDHz96DUpByB23jRgyjGQhTO7s7
E8xMDhCZEbAtRnz963CfNbY2Da/ulUsCB7j3etYtQpfZ+WMu+cFCEeFVKNnsW7zr
4NxRt/tFCdL9H1h9TPiR9RG84jhjFgPEfaPzEIC3cSKFIGH1s8vPBeakuV9MZsFZ
TTNpU4HPOijOVSE9Jebx2CfVUrMZRjuhB2p+G9vLTAV4
-----END CERTIFICATE-----