Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/cQ23B6Hg9y19S8dpBTfklGEJh5w.roa
File:                     cQ23B6Hg9y19S8dpBTfklGEJh5w.roa (raw, json)
Hash identifier:          Gipv8H+giNDKkNHZ2gPNTU6Epb+CbYgBGNScak/cPQk=
Subject key identifier:   71:0D:B7:07:A1:E0:F7:2D:7D:4B:C7:69:05:37:E4:94:61:09:87:9C
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B7F0D303E1E81F75298A61B1FEC96
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/cQ23B6Hg9y19S8dpBTfklGEJh5w.roa
Signing time:             Tue 02 Jan 2024 12:34:57 +0000
ROA not before:           Tue 02 Jan 2024 12:34:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39200
IP address blocks:        193.189.123.0/24 maxlen: 24
                          2001:678:b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:7f:0d:30:3e:1e:81:f7:52:98:a6:1b:1f:ec:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710db707a1e0f72d7d4bc7690537e4946109879c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:a6:4c:18:1e:2b:b6:11:4e:68:53:03:06:
                    4d:6e:f7:3c:bc:47:40:a3:67:33:92:63:0c:e2:0d:
                    b7:da:74:3f:40:8d:a9:dc:50:3f:3a:ac:7b:cd:3d:
                    2a:fe:5d:7f:22:73:5b:f9:72:2c:18:c2:bd:5d:71:
                    49:de:e8:ca:ab:24:ac:23:05:b6:5f:68:c6:7b:77:
                    a3:2a:39:89:b1:eb:ad:6c:86:4f:aa:ce:53:c6:96:
                    1c:78:dd:8a:d8:b4:b1:c4:d1:8c:9a:ec:fd:7b:da:
                    a9:58:c0:85:e6:55:e8:a0:d6:ca:65:c7:05:b3:c5:
                    00:d5:30:c6:57:04:df:02:90:bf:18:24:51:09:57:
                    10:89:49:f9:b7:71:f2:4f:aa:f2:79:a5:55:7c:68:
                    af:98:23:84:e2:41:45:17:3c:49:77:18:f5:09:cb:
                    e0:dd:81:ab:da:4b:ea:81:5c:0d:85:25:3a:e4:ba:
                    d8:0a:3a:bd:15:1d:bf:52:a3:81:1d:29:41:19:3f:
                    a6:4b:89:51:24:79:b3:6f:7d:dd:0d:c7:f9:b3:05:
                    ff:11:ff:de:03:7f:11:c8:f7:be:12:8e:f6:1a:50:
                    ba:75:ff:43:91:73:fc:c8:38:cb:d0:62:3b:ad:14:
                    e9:27:e9:9f:a5:73:94:bf:91:da:30:72:45:2b:0b:
                    70:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0D:B7:07:A1:E0:F7:2D:7D:4B:C7:69:05:37:E4:94:61:09:87:9C
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/cQ23B6Hg9y19S8dpBTfklGEJh5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.123.0/24
                IPv6:
                  2001:678:b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:89:a3:3c:d5:07:52:5f:29:16:b9:49:84:55:9d:19:ea:16:
         d9:c3:37:36:5f:05:d0:3b:e5:0e:99:db:43:11:06:b6:62:c1:
         57:30:dc:82:90:6c:66:44:68:af:7d:b9:fd:85:91:8a:ef:49:
         af:d3:de:cc:73:ef:49:5d:26:7c:30:05:6e:da:ff:9b:0b:c7:
         6f:2f:aa:b6:59:b3:18:a7:91:dd:80:4f:4c:54:7a:08:54:05:
         f4:32:66:20:ba:d5:9e:5f:c6:11:ba:07:29:13:ed:32:e6:45:
         81:e3:19:78:c7:81:ad:e4:93:6f:e0:fb:5b:5a:e8:e7:cb:a5:
         d6:99:08:b5:4d:5b:0d:7c:0f:b0:91:1f:71:14:63:1e:94:b2:
         bd:ce:fd:3f:cb:17:c1:71:ae:64:9d:2f:cc:ad:d3:be:84:53:
         d3:7a:9c:1a:7b:a2:4f:f8:d3:1e:a3:df:40:3e:0f:24:e4:e5:
         78:5c:22:11:6c:94:23:6a:ab:cd:c3:b8:97:47:3d:ef:2b:b8:
         7b:c0:49:55:b7:6c:53:ba:63:8c:9e:36:b3:be:a9:16:01:c4:
         89:aa:82:23:3f:c6:5c:90:ed:ed:22:0c:b8:5c:34:56:ba:c1:
         00:ef:7b:8d:f5:50:09:6c:63:99:d2:bc:ac:f6:fb:cb:bf:cd:
         02:1e:0f:8b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK38NMD4egfdSmKYbH+yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTBkYjcwN2ExZTBmNzJkN2Q0YmM3NjkwNTM3ZTQ5NDYxMDk4NzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEmmTBgeK7YRTmhTAwZNbvc8vEdA
o2czkmMM4g232nQ/QI2p3FA/Oqx7zT0q/l1/InNb+XIsGMK9XXFJ3ujKqySsIwW2
X2jGe3ejKjmJseutbIZPqs5TxpYceN2K2LSxxNGMmuz9e9qpWMCF5lXooNbKZccF
s8UA1TDGVwTfApC/GCRRCVcQiUn5t3HyT6ryeaVVfGivmCOE4kFFFzxJdxj1Ccvg
3YGr2kvqgVwNhSU65LrYCjq9FR2/UqOBHSlBGT+mS4lRJHmzb33dDcf5swX/Ef/e
A38RyPe+Eo72GlC6df9DkXP8yDjL0GI7rRTpJ+mfpXOUv5HaMHJFKwtw3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHENtweh4PctfUvHaQU35JRhCYecMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvY1EyM0I2SGc5eTE5UzhkcEJUZmtsR0VKaDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwb17MA8E
AgACMAkDBwAgAQZ4ALAwDQYJKoZIhvcNAQELBQADggEBAAuJozzVB1JfKRa5SYRV
nRnqFtnDNzZfBdA75Q6Z20MRBrZiwVcw3IKQbGZEaK99uf2FkYrvSa/T3sxz70ld
JnwwBW7a/5sLx28vqrZZsxinkd2AT0xUeghUBfQyZiC61Z5fxhG6BykT7TLmRYHj
GXjHga3kk2/g+1ta6OfLpdaZCLVNWw18D7CRH3EUYx6Usr3O/T/LF8FxrmSdL8yt
076EU9N6nBp7ok/40x6j30A+DyTk5XhcIhFslCNqq83DuJdHPe8ruHvASVW3bFO6
Y4yeNrO+qRYBxImqgiM/xlyQ7e0iDLhcNFa6wQDve431UAlsY5nSvKz2+8u/zQIe
D4s=
-----END CERTIFICATE-----