Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/1-QU7AV0CgBj1dc2osLeL-ouNDrc.roa
File:                     1-QU7AV0CgBj1dc2osLeL-ouNDrc.roa (raw, json)
Hash identifier:          Sg7e/ubr8nCFeItpVGZAyAtGQD166Nvt0dR9TLD0wkc=
Subject key identifier:   F9:05:3B:01:5D:02:80:18:F5:75:CD:A8:B0:B7:8B:FA:8B:8D:0E:B7
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018ED91FD90C20C5A36C23C28F54C9CC1EA3
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/1-QU7AV0CgBj1dc2osLeL-ouNDrc.roa
Signing time:             Sat 13 Apr 2024 20:22:06 +0000
ROA not before:           Sat 13 Apr 2024 20:22:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200908
IP address blocks:        193.163.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d9:1f:d9:0c:20:c5:a3:6c:23:c2:8f:54:c9:cc:1e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Apr 13 20:22:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9053b015d028018f575cda8b0b78bfa8b8d0eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8f:89:f3:ed:2c:ec:ca:c4:3e:2d:b9:24:c2:
                    c7:9c:59:96:13:02:1b:f4:09:e8:f8:67:16:b5:b4:
                    f1:a4:76:79:cf:7f:99:71:54:c1:8f:c6:80:86:89:
                    dc:14:ee:e9:0e:5e:a3:bd:14:4c:b7:53:70:5c:b5:
                    af:d3:80:75:aa:00:17:74:2c:05:e6:ed:4b:99:82:
                    ea:96:9d:65:fc:14:55:61:3a:29:4b:e9:4c:81:22:
                    a6:ae:23:5a:a5:91:f9:e0:10:25:44:9e:18:06:f1:
                    5d:4e:19:f1:a0:b8:64:94:04:c0:d5:f5:a2:e2:bc:
                    42:64:10:a7:14:c4:c2:7e:3e:08:1f:a9:5b:77:7c:
                    2d:c7:26:57:cf:09:be:81:3e:12:54:18:45:96:54:
                    a7:fa:05:66:0a:8f:84:fb:23:e1:cb:c0:c4:e1:d9:
                    bd:00:fe:3e:63:57:07:f1:ee:1e:f8:c7:c6:49:9f:
                    f4:8e:6b:af:31:5f:15:f7:2d:fd:f7:e0:8c:d6:53:
                    2a:88:42:d2:48:be:36:09:eb:b3:8c:b9:17:61:09:
                    d1:6f:3f:da:9d:c8:81:eb:9e:db:f0:8b:b6:7d:73:
                    40:7c:7c:38:dc:f9:60:b3:9b:0d:12:8a:a4:a0:00:
                    da:69:11:24:90:d6:a4:f0:2b:eb:18:2b:f9:07:2d:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:05:3B:01:5D:02:80:18:F5:75:CD:A8:B0:B7:8B:FA:8B:8D:0E:B7
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/1-QU7AV0CgBj1dc2osLeL-ouNDrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:d0:a9:29:b5:d9:2b:a0:67:83:27:49:8a:9c:ad:e6:e6:fc:
         a0:84:94:cc:31:e1:bf:2f:26:4e:63:1e:e2:18:20:b8:d3:5c:
         95:32:10:ca:66:26:c8:3f:f8:ff:85:5d:41:52:e8:4a:11:5b:
         36:d5:61:8e:19:24:a2:96:62:87:d3:01:0b:fa:8e:d4:41:db:
         03:d2:cd:ab:fd:34:10:89:36:4c:ea:2d:5d:a1:a7:3b:d4:c7:
         40:0e:55:9d:03:71:4b:32:a5:ef:90:d0:2a:e9:a7:56:9b:70:
         2b:8b:26:c6:a2:a0:b9:5e:26:b3:fd:ea:e7:8a:f4:01:1f:c8:
         6d:ab:bd:41:2b:da:7e:67:6b:49:09:f1:37:d8:e2:cd:e9:e4:
         e1:59:a7:c1:6a:ae:a1:12:06:60:ae:d4:a4:06:04:d0:16:34:
         37:68:eb:8b:96:40:cc:fc:66:09:7e:05:7f:36:1c:0b:e9:5a:
         ce:06:61:fc:33:f7:fb:30:41:6f:0a:0f:3c:ab:5f:b7:e6:2e:
         a6:21:5c:8e:b9:30:31:23:d4:df:e8:e1:27:46:10:25:61:50:
         19:76:06:62:9e:dd:1b:bc:fa:f7:9f:d0:33:90:2c:46:a8:18:
         7a:62:fe:e2:3b:25:26:0c:e8:eb:2d:94:0d:c6:2f:32:0d:04:
         5f:6c:b8:a8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7ZH9kMIMWjbCPCj1TJzB6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwNDEzMjAyMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA1M2IwMTVkMDI4MDE4ZjU3NWNkYThiMGI3OGJmYThiOGQwZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4+J8+0s7MrEPi25JMLHnFmWEwIb
9Ano+GcWtbTxpHZ5z3+ZcVTBj8aAhoncFO7pDl6jvRRMt1NwXLWv04B1qgAXdCwF
5u1LmYLqlp1l/BRVYTopS+lMgSKmriNapZH54BAlRJ4YBvFdThnxoLhklATA1fWi
4rxCZBCnFMTCfj4IH6lbd3wtxyZXzwm+gT4SVBhFllSn+gVmCo+E+yPhy8DE4dm9
AP4+Y1cH8e4e+MfGSZ/0jmuvMV8V9y399+CM1lMqiELSSL42CeuzjLkXYQnRbz/a
nciB657b8Iu2fXNAfHw43Plgs5sNEoqkoADaaREkkNak8CvrGCv5By29CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkFOwFdAoAY9XXNqLC3i/qLjQ63MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvMS1RVTdBVjBDZ0JqMWRjMm9zTGVMLW91TkRyYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODMvN2IxYzU1LWRkZDAtNDI4MS04Mzc4LTRkZDA0MzQ2YWJj
My8xL09yb1Jja2N1cUFKbDBTbUNsbjNncUxDOFdRRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGjdTAN
BgkqhkiG9w0BAQsFAAOCAQEAZNCpKbXZK6BngydJipyt5ub8oISUzDHhvy8mTmMe
4hgguNNclTIQymYmyD/4/4VdQVLoShFbNtVhjhkkopZih9MBC/qO1EHbA9LNq/00
EIk2TOotXaGnO9THQA5VnQNxSzKl75DQKumnVptwK4smxqKguV4ms/3q54r0AR/I
bau9QSvafmdrSQnxN9jizenk4VmnwWquoRIGYK7UpAYE0BY0N2jri5ZAzPxmCX4F
fzYcC+lazgZh/DP3+zBBbwoPPKtft+YupiFcjrkwMSPU3+jhJ0YQJWFQGXYGYp7d
G7z695/QM5AsRqgYemL+4jslJgzo6y2UDcYvMg0EX2y4qA==
-----END CERTIFICATE-----