Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iQdsJ0iD54bbhPhNXpU4JB6UwRw.roa
File:                     iQdsJ0iD54bbhPhNXpU4JB6UwRw.roa (raw, json)
Hash identifier:          wue5X/Y6Cqzf2UI/m7t0ygFpnpreQ6af9lqLsbGN9zY=
Subject key identifier:   89:07:6C:27:48:83:E7:86:DB:84:F8:4D:5E:95:38:24:1E:94:C1:1C
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC49243EE3D101478A95FEC7EC26446CD
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iQdsJ0iD54bbhPhNXpU4JB6UwRw.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61138
IP address blocks:        193.57.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:43:ee:3d:10:14:78:a9:5f:ec:7e:c2:64:46:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89076c274883e786db84f84d5e9538241e94c11c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f8:f0:74:1c:b9:00:f4:f9:23:b3:20:64:28:
                    7a:be:01:b4:d6:64:11:d8:3b:c2:54:cc:28:87:15:
                    51:3a:dd:07:01:4b:2f:07:8f:d7:8b:8f:f2:bb:7d:
                    8f:98:07:74:31:7b:3f:4c:bb:17:56:72:99:4d:a9:
                    93:c0:4c:4d:f7:82:c3:a0:4a:9f:25:0f:56:6c:58:
                    16:80:07:51:4f:f2:f0:ee:5d:91:3a:bb:dd:2a:5f:
                    a9:53:eb:d1:dd:23:d5:8c:6d:dc:2b:8c:cb:98:0c:
                    ff:86:02:f5:00:ec:89:63:0f:8c:b1:6c:74:86:56:
                    7e:f7:10:d7:36:34:f4:fa:24:53:4b:4a:61:6a:77:
                    34:63:83:cb:8e:f0:d4:45:86:6a:98:22:70:9f:5d:
                    34:ab:26:f0:0f:a3:ca:9e:69:7c:9e:69:2a:65:26:
                    05:8a:0d:67:b7:c6:74:f7:47:0b:79:2a:87:6e:5f:
                    9a:e6:c1:ea:37:bc:db:91:dc:a5:1c:04:a1:44:64:
                    dc:66:6b:7c:ab:17:1b:08:08:ca:96:f2:e1:06:00:
                    25:15:85:ad:27:f4:86:7f:c7:1b:a1:21:51:1d:5d:
                    10:90:0c:f1:be:53:b1:14:02:02:ae:a0:e3:47:8b:
                    b0:cc:0e:1e:d7:4c:b7:d4:a4:2a:12:c7:25:99:42:
                    5b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:07:6C:27:48:83:E7:86:DB:84:F8:4D:5E:95:38:24:1E:94:C1:1C
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iQdsJ0iD54bbhPhNXpU4JB6UwRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:70:c7:3b:f1:3e:ea:c0:e0:34:f4:a2:26:e5:53:d0:32:b8:
         91:21:cd:05:6f:3a:97:f3:20:bd:36:3f:69:d7:be:d4:04:58:
         09:78:80:b9:c1:dd:d9:57:0b:04:b1:bc:1d:a5:59:a3:a4:c5:
         93:db:d0:7f:86:b5:70:f8:f8:a0:b2:94:4f:d7:67:db:09:ef:
         6a:8c:21:dd:fb:08:d0:93:aa:6f:0a:14:46:0d:74:7a:9f:39:
         f2:a2:0c:62:9e:3f:a4:21:12:e5:ad:61:cb:3d:62:d2:7d:18:
         21:44:0e:81:39:52:d5:21:c8:b7:46:01:4f:e8:a1:8d:f9:00:
         6b:ea:44:ae:c9:74:69:ff:f4:1d:12:3c:47:d1:dd:cb:20:f6:
         41:9e:d3:83:42:ff:27:45:d4:62:6a:b0:eb:cd:f4:01:3f:11:
         69:9a:3d:33:cb:a0:00:c9:b7:11:51:1a:f2:3d:0f:a2:8a:cf:
         4e:c0:f7:80:ff:b6:5f:2d:45:7d:a8:b1:7f:78:19:09:a5:27:
         e8:53:ce:6a:f2:4a:4a:9c:de:ef:df:2a:19:58:cc:ca:68:c8:
         2d:47:91:e8:69:85:78:e7:bd:f7:94:1b:45:e9:c9:97:91:5f:
         4e:f2:75:74:97:78:2f:73:e7:77:4b:db:e3:b4:1c:7f:1e:48:
         43:61:28:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkPuPRAUeKlf7H7CZEbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTA3NmMyNzQ4ODNlNzg2ZGI4NGY4NGQ1ZTk1MzgyNDFlOTRjMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvjwdBy5APT5I7MgZCh6vgG01mQR
2DvCVMwohxVROt0HAUsvB4/Xi4/yu32PmAd0MXs/TLsXVnKZTamTwExN94LDoEqf
JQ9WbFgWgAdRT/Lw7l2ROrvdKl+pU+vR3SPVjG3cK4zLmAz/hgL1AOyJYw+MsWx0
hlZ+9xDXNjT0+iRTS0phanc0Y4PLjvDURYZqmCJwn100qybwD6PKnml8nmkqZSYF
ig1nt8Z090cLeSqHbl+a5sHqN7zbkdylHAShRGTcZmt8qxcbCAjKlvLhBgAlFYWt
J/SGf8cboSFRHV0QkAzxvlOxFAICrqDjR4uwzA4e10y31KQqEsclmUJbfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkHbCdIg+eG24T4TV6VOCQelMEcMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvaVFkc0owaUQ1NGJiaFBoTlhwVTRKQjZVd1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBMcMc78T7qwOA09KIm5VPQMriRIc0FbzqX8yC9Nj9p
177UBFgJeIC5wd3ZVwsEsbwdpVmjpMWT29B/hrVw+PigspRP12fbCe9qjCHd+wjQ
k6pvChRGDXR6nznyogxinj+kIRLlrWHLPWLSfRghRA6BOVLVIci3RgFP6KGN+QBr
6kSuyXRp//QdEjxH0d3LIPZBntODQv8nRdRiarDrzfQBPxFpmj0zy6AAybcRURry
PQ+iis9OwPeA/7ZfLUV9qLF/eBkJpSfoU85q8kpKnN7v3yoZWMzKaMgtR5HoaYV4
5733lBtF6cmXkV9O8nV0l3gvc+d3S9vjtBx/HkhDYSiH
-----END CERTIFICATE-----