Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/7KQCvCvT9ytYVLRU_ccxo51yQOg.roa
File:                     7KQCvCvT9ytYVLRU_ccxo51yQOg.roa (raw, json)
Hash identifier:          k0NZu4y/42Zc9MXpBjUA4yLVvl1s5IWHm8Pf1Qy5WV8=
Subject key identifier:   EC:A4:02:BC:2B:D3:F7:2B:58:54:B4:54:FD:C7:31:A3:9D:72:40:E8
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC4924963F3EBD1DC7C28DCB0FF30B3F3
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/7KQCvCvT9ytYVLRU_ccxo51yQOg.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        193.57.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:49:63:f3:eb:d1:dc:7c:28:dc:b0:ff:30:b3:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eca402bc2bd3f72b5854b454fdc731a39d7240e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d6:bf:b7:61:dd:4d:47:b1:9d:67:30:67:f2:
                    91:32:e6:f3:82:3f:6e:8a:ef:7c:0c:7d:ee:30:0d:
                    f8:61:71:ce:5e:c6:d1:f0:1a:dc:94:7b:22:d4:10:
                    1e:c8:43:a5:e0:7d:68:db:b6:c5:b3:27:04:01:ea:
                    d2:f9:a3:47:e3:3c:e5:c1:69:0f:76:bf:92:ea:cc:
                    da:fd:84:9e:83:cb:b5:98:1f:9e:09:6c:6c:55:84:
                    43:5f:d0:16:8d:f4:74:ce:25:fa:97:16:5f:7e:f2:
                    0b:49:33:08:49:74:78:53:f6:62:33:93:6c:f6:a5:
                    51:df:8b:c2:52:2f:02:f6:b5:07:b7:de:27:0c:95:
                    3b:81:d7:4f:be:7d:3d:53:f6:c7:1c:64:66:83:5a:
                    d6:d5:14:86:08:0d:df:4d:f9:1b:b4:ae:bc:4e:98:
                    35:11:f4:c1:0c:20:26:24:bf:e9:93:71:1c:a1:e8:
                    4f:d5:5a:ac:19:d9:54:45:a4:8c:d3:9c:73:8f:ec:
                    79:f1:0b:36:47:e9:76:b6:96:ea:dd:66:e0:30:53:
                    ae:31:b0:fe:39:b2:b1:9f:c3:bd:16:f2:79:7d:44:
                    5d:a2:c8:e3:c0:87:cf:84:56:ce:4f:9c:a5:01:aa:
                    38:97:98:de:99:d6:a4:bc:1c:c6:84:43:8c:6a:8b:
                    75:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A4:02:BC:2B:D3:F7:2B:58:54:B4:54:FD:C7:31:A3:9D:72:40:E8
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/7KQCvCvT9ytYVLRU_ccxo51yQOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:fc:99:45:3a:92:c1:ba:ee:21:ad:0e:77:c0:4a:d2:03:ed:
         06:6a:9b:22:fc:2e:17:a8:72:f2:7a:e7:51:f0:92:ed:54:45:
         8e:e1:c9:f2:b4:a6:78:cc:83:95:66:6f:54:5d:21:f3:ca:e3:
         66:d5:26:d2:71:d2:bc:cd:d2:ea:62:4d:19:a1:1a:ba:69:8e:
         2e:a5:47:e8:b0:f5:97:21:13:8e:2d:07:9a:b1:92:15:7e:9a:
         c9:a3:16:d7:5c:39:81:43:3c:01:f9:fc:d1:88:b6:70:22:b9:
         7c:87:a5:1e:f7:81:be:ea:90:49:2f:2e:f2:25:c6:8f:14:ed:
         c4:0f:db:2c:3d:7d:56:1b:93:c2:7c:2a:a7:35:f5:74:23:27:
         96:08:c6:95:8d:6c:6c:84:4d:05:8f:7f:95:e6:b5:73:09:96:
         cc:3a:e7:fd:d7:6e:47:e5:a5:0f:03:69:0b:0e:a4:ad:ab:8b:
         49:21:a1:d9:31:f0:c9:9c:c6:b0:2f:3d:25:9f:8b:d4:1c:27:
         bd:9a:0d:24:d5:2e:c5:51:c0:e3:39:82:01:d4:dc:56:d8:75:
         a3:5b:15:28:05:75:23:5c:50:b6:e9:c6:88:f1:4a:65:64:ea:
         bc:2a:f0:99:63:89:7a:dc:5c:7e:62:30:3b:26:c5:fd:63:73:
         32:f2:21:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkklj8+vR3Hwo3LD/MLPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2E0MDJiYzJiZDNmNzJiNTg1NGI0NTRmZGM3MzFhMzlkNzI0MGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNa/t2HdTUexnWcwZ/KRMubzgj9u
iu98DH3uMA34YXHOXsbR8BrclHsi1BAeyEOl4H1o27bFsycEAerS+aNH4zzlwWkP
dr+S6sza/YSeg8u1mB+eCWxsVYRDX9AWjfR0ziX6lxZffvILSTMISXR4U/ZiM5Ns
9qVR34vCUi8C9rUHt94nDJU7gddPvn09U/bHHGRmg1rW1RSGCA3fTfkbtK68Tpg1
EfTBDCAmJL/pk3EcoehP1VqsGdlURaSM05xzj+x58Qs2R+l2tpbq3WbgMFOuMbD+
ObKxn8O9FvJ5fURdosjjwIfPhFbOT5ylAao4l5jemdakvBzGhEOMaot1cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOykArwr0/crWFS0VP3HMaOdckDoMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvN0tRQ3ZDdlQ5eXRZVkxSVV9jY3hvNTF5UU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTmlMA0G
CSqGSIb3DQEBCwUAA4IBAQB2/JlFOpLBuu4hrQ53wErSA+0Gapsi/C4XqHLyeudR
8JLtVEWO4cnytKZ4zIOVZm9UXSHzyuNm1SbScdK8zdLqYk0ZoRq6aY4upUfosPWX
IROOLQeasZIVfprJoxbXXDmBQzwB+fzRiLZwIrl8h6Ue94G+6pBJLy7yJcaPFO3E
D9ssPX1WG5PCfCqnNfV0IyeWCMaVjWxshE0Fj3+V5rVzCZbMOuf9125H5aUPA2kL
DqStq4tJIaHZMfDJnMawLz0ln4vUHCe9mg0k1S7FUcDjOYIB1NxW2HWjWxUoBXUj
XFC26caI8UplZOq8KvCZY4l63Fx+YjA7JsX9Y3My8iHD
-----END CERTIFICATE-----