Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/q9fcq4y-HVIoae_QByCLdJQtAUI.roa
File:                     q9fcq4y-HVIoae_QByCLdJQtAUI.roa (raw, json)
Hash identifier:          jZtMi+PoMkhOfpmGDjJ9unfpo95EVjUm0pmmbq6gM3M=
Subject key identifier:   AB:D7:DC:AB:8C:BE:1D:52:28:69:EF:D0:07:20:8B:74:94:2D:01:42
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC4924780F5C7430A0BBA20CF05C7A8DE
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/q9fcq4y-HVIoae_QByCLdJQtAUI.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212830
IP address blocks:        193.57.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:47:80:f5:c7:43:0a:0b:ba:20:cf:05:c7:a8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abd7dcab8cbe1d522869efd007208b74942d0142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:df:4d:12:0e:c1:d9:e6:ad:c3:68:a9:17:d3:
                    ae:81:0b:5b:a3:6a:a2:02:0b:a0:1f:16:07:71:69:
                    4b:2a:b9:33:e1:a3:d6:f5:34:35:8f:6f:6e:32:7c:
                    f8:cb:de:9c:ae:49:9c:d1:13:5c:7c:d8:01:63:75:
                    96:62:92:d8:e4:10:53:2b:8b:54:27:a3:0a:0a:83:
                    65:46:8e:31:d3:92:bc:48:4b:b4:b4:cb:5e:cf:3f:
                    d6:7b:c5:01:c5:f7:56:f2:6f:94:10:96:f7:ed:2f:
                    fb:d3:26:3c:d2:85:11:0f:78:aa:bd:ff:19:2f:c2:
                    4b:74:a6:9c:fb:23:d1:77:12:fb:ed:fc:e3:ce:36:
                    97:5b:85:8a:1c:80:6b:89:10:90:bb:8f:ce:df:77:
                    ad:a0:b8:25:fa:40:91:07:ab:a3:15:44:d4:fb:2f:
                    44:ef:5c:38:6f:6d:1d:d3:a8:4c:f2:d7:0f:fa:e3:
                    8e:5f:7a:12:cf:78:88:8f:a3:1f:ea:c6:bd:41:ad:
                    3c:9e:d8:17:b0:a5:eb:89:62:8e:c6:0f:99:45:88:
                    09:af:e2:cf:d4:49:af:f2:86:2f:e4:1a:5d:d0:cb:
                    79:69:ff:4d:62:13:fb:09:fa:6b:42:1a:0e:db:6e:
                    7c:03:e0:5f:92:1d:2f:0f:be:35:a0:fb:46:93:ff:
                    7b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D7:DC:AB:8C:BE:1D:52:28:69:EF:D0:07:20:8B:74:94:2D:01:42
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/q9fcq4y-HVIoae_QByCLdJQtAUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:4a:55:f8:b5:3a:37:f6:e4:18:7a:51:74:46:d2:af:95:84:
         50:fe:8f:26:11:67:20:db:ef:5c:a9:65:c1:a6:0a:48:f9:48:
         c8:27:ca:ae:9e:84:ce:f6:8f:81:2d:06:f4:3d:04:b7:be:65:
         91:30:e0:1a:46:24:47:f7:4d:11:ba:04:e4:2e:0d:b9:1d:47:
         4a:21:f1:b6:e8:47:0c:00:39:a3:6e:35:32:8e:a7:57:8e:21:
         af:86:83:9e:de:55:07:e3:6f:0c:be:53:c7:f6:d8:0b:3b:f7:
         ec:00:52:e3:89:6f:ac:bd:e9:b8:a9:ec:d3:6d:64:6b:cd:cf:
         0c:d2:ee:3f:d6:c0:15:6a:20:dd:f2:4f:82:61:b3:ac:42:12:
         d9:42:2f:bc:dc:55:ca:02:fa:e7:ef:4e:5e:f2:df:ac:0e:cd:
         a7:ea:ba:ca:d4:73:2e:e5:c0:cf:e2:10:de:3d:9f:e5:89:07:
         51:c7:e4:a8:6f:bc:30:ec:09:f4:0a:d8:f2:3b:64:54:7d:da:
         69:70:57:60:25:fb:e7:a4:7a:54:b4:1a:20:b1:f0:ad:4f:6d:
         35:ca:be:fe:c9:fd:ec:27:aa:8c:99:b7:82:91:2b:a0:5b:fb:
         a0:d5:68:c0:1e:ac:e9:b9:ec:f4:16:a1:63:9f:e5:79:9e:4d:
         81:16:ff:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkeA9cdDCgu6IM8Fx6jeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQ3ZGNhYjhjYmUxZDUyMjg2OWVmZDAwNzIwOGI3NDk0MmQwMTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN9NEg7B2eatw2ipF9OugQtbo2qi
AgugHxYHcWlLKrkz4aPW9TQ1j29uMnz4y96crkmc0RNcfNgBY3WWYpLY5BBTK4tU
J6MKCoNlRo4x05K8SEu0tMtezz/We8UBxfdW8m+UEJb37S/70yY80oURD3iqvf8Z
L8JLdKac+yPRdxL77fzjzjaXW4WKHIBriRCQu4/O33etoLgl+kCRB6ujFUTU+y9E
71w4b20d06hM8tcP+uOOX3oSz3iIj6Mf6sa9Qa08ntgXsKXriWKOxg+ZRYgJr+LP
1Emv8oYv5Bpd0Mt5af9NYhP7CfprQhoO2258A+Bfkh0vD741oPtGk/97tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvX3KuMvh1SKGnv0Acgi3SULQFCMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvcTlmY3E0eS1IVklvYWVfUUJ5Q0xkSlF0QVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTmSMA0G
CSqGSIb3DQEBCwUAA4IBAQB2SlX4tTo39uQYelF0RtKvlYRQ/o8mEWcg2+9cqWXB
pgpI+UjIJ8qunoTO9o+BLQb0PQS3vmWRMOAaRiRH900RugTkLg25HUdKIfG26EcM
ADmjbjUyjqdXjiGvhoOe3lUH428MvlPH9tgLO/fsAFLjiW+svem4qezTbWRrzc8M
0u4/1sAVaiDd8k+CYbOsQhLZQi+83FXKAvrn705e8t+sDs2n6rrK1HMu5cDP4hDe
PZ/liQdRx+Sob7ww7An0CtjyO2RUfdppcFdgJfvnpHpUtBogsfCtT201yr7+yf3s
J6qMmbeCkSugW/ug1WjAHqzpuez0FqFjn+V5nk2BFv/N
-----END CERTIFICATE-----