Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/kmUznj93NrBEDPEQxHEBiFPEov0.roa
File:                     kmUznj93NrBEDPEQxHEBiFPEov0.roa (raw, json)
Hash identifier:          7hMm5lB3CYUGyGQn3La+LwTMQ8taZmjZp0ZSG54mR4k=
Subject key identifier:   92:65:33:9E:3F:77:36:B0:44:0C:F1:10:C4:71:01:88:53:C4:A2:FD
Certificate issuer:       /CN=1e08a59ed98f59a0ea0e6c4379c30f5bd5f20821
Certificate serial:       018CC26D46A429CD99C41F9E02B0CE752CE5
Authority key identifier: 1E:08:A5:9E:D9:8F:59:A0:EA:0E:6C:43:79:C3:0F:5B:D5:F2:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/kmUznj93NrBEDPEQxHEBiFPEov0.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34968
IP address blocks:        193.169.26.0/23 maxlen: 23
                          193.169.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:46:a4:29:cd:99:c4:1f:9e:02:b0:ce:75:2c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e08a59ed98f59a0ea0e6c4379c30f5bd5f20821
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9265339e3f7736b0440cf110c471018853c4a2fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2b:f4:de:cc:5a:d1:9c:b3:61:2a:23:9e:d2:
                    28:cb:09:8a:f6:dc:64:17:39:bd:54:01:17:ab:59:
                    95:c0:fe:43:c0:80:44:49:3b:19:35:c0:44:83:bf:
                    38:4b:57:8a:4f:92:e8:98:15:f6:3b:3e:c1:f8:5e:
                    a2:2d:e3:54:f1:22:d1:05:24:6f:b4:50:2b:45:c7:
                    5c:c5:9f:8f:46:67:a3:64:19:85:f4:79:22:af:b8:
                    0b:ca:eb:98:8c:e7:ab:d7:3c:8b:f4:95:1d:19:97:
                    c7:5c:97:87:0b:c4:1c:6a:34:3a:4f:73:a0:64:7e:
                    2b:62:a7:ca:40:6a:71:6a:de:f8:66:37:71:3c:2a:
                    7e:79:da:c7:60:4b:52:80:e4:43:60:5b:4e:70:8d:
                    83:a1:aa:2c:3c:d2:b0:49:9d:2e:5c:57:89:67:bc:
                    47:bf:51:fa:e9:39:4b:c2:1a:99:43:ce:ee:e6:a3:
                    c6:e2:1a:66:4b:3d:c7:bb:cf:bf:b0:19:0c:a2:be:
                    6b:0c:80:c3:13:a6:53:90:8e:d8:98:90:6c:8f:f2:
                    0a:09:ed:09:c7:2f:8f:0d:af:c7:78:8a:65:e3:a1:
                    9a:84:e5:f6:d9:56:6e:be:86:dd:4e:9f:41:f7:96:
                    df:ca:f6:37:8c:30:f8:27:b7:48:ac:b1:ca:33:1a:
                    34:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:65:33:9E:3F:77:36:B0:44:0C:F1:10:C4:71:01:88:53:C4:A2:FD
            X509v3 Authority Key Identifier:
                keyid:1E:08:A5:9E:D9:8F:59:A0:EA:0E:6C:43:79:C3:0F:5B:D5:F2:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/kmUznj93NrBEDPEQxHEBiFPEov0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.26.0/23
                  193.169.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:43:bf:ec:8f:56:42:0d:86:9e:25:44:2b:27:5a:6b:fb:e8:
         19:99:9d:4c:2c:02:4f:6b:82:91:24:0f:5f:ad:6b:be:d4:40:
         80:83:5b:cc:04:8e:90:0f:3a:13:fd:00:6c:2d:6d:7b:87:66:
         d0:cb:30:27:8c:98:20:86:1e:cf:4d:c3:6c:d4:5d:3a:b9:28:
         1a:2e:87:b1:f1:94:c1:e1:ea:c6:af:02:0c:50:ab:fe:f7:b2:
         d8:65:4a:d9:8b:d6:9e:b3:9e:2f:1b:80:88:77:04:0a:ee:11:
         5e:75:e8:d5:c3:1e:39:ca:81:74:93:5e:5a:3f:fc:42:6c:fe:
         0d:80:c1:0b:1c:45:dd:47:47:07:01:2b:c2:01:60:49:4a:4a:
         dc:79:cb:cc:6d:34:10:4c:4a:83:88:7b:79:bb:df:1a:b4:de:
         cb:87:ab:df:40:28:29:81:6e:fe:c9:f8:2a:dd:aa:8e:a1:b6:
         b1:a9:d4:97:a1:9a:e2:99:fa:41:81:cd:89:52:fe:5a:ae:36:
         01:04:ba:39:b5:d7:a5:d7:db:9c:e5:e8:53:34:a7:20:b9:b5:
         a1:c4:d3:e4:ad:41:a3:41:14:67:d4:74:e7:02:8b:82:04:be:
         78:2b:80:37:b1:29:a2:4a:76:28:a4:bf:f7:66:85:75:57:1d:
         e0:f3:63:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbUakKc2ZxB+eArDOdSzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMDhhNTllZDk4ZjU5YTBlYTBlNmM0Mzc5YzMwZjViZDVm
MjA4MjEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY1MzM5ZTNmNzczNmIwNDQwY2YxMTBjNDcxMDE4ODUzYzRhMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyv03sxa0ZyzYSojntIoywmK9txk
Fzm9VAEXq1mVwP5DwIBESTsZNcBEg784S1eKT5LomBX2Oz7B+F6iLeNU8SLRBSRv
tFArRcdcxZ+PRmejZBmF9Hkir7gLyuuYjOer1zyL9JUdGZfHXJeHC8QcajQ6T3Og
ZH4rYqfKQGpxat74ZjdxPCp+edrHYEtSgORDYFtOcI2DoaosPNKwSZ0uXFeJZ7xH
v1H66TlLwhqZQ87u5qPG4hpmSz3Hu8+/sBkMor5rDIDDE6ZTkI7YmJBsj/IKCe0J
xy+PDa/HeIpl46GahOX22VZuvobdTp9B95bfyvY3jDD4J7dIrLHKMxo0awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJJlM54/dzawRAzxEMRxAYhTxKL9MB8GA1UdIwQY
MBaAFB4IpZ7Zj1mg6g5sQ3nDD1vV8gghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGdpbG50bVBXYURxRG14RGVjTVBXOVh5Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZTJmNGItNDI5Zi00MzI3LWI3NDct
MWY0MDczYmE0MzZmLzEva21Vem5qOTNOckJFRFBFUXhIRUJpRlBFb3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZTJmNGItNDI5Zi00MzI3LWI3NDctMWY0MDczYmE0MzZm
LzEvSGdpbG50bVBXYURxRG14RGVjTVBXOVh5Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwakaAwQB
walcMA0GCSqGSIb3DQEBCwUAA4IBAQBMQ7/sj1ZCDYaeJUQrJ1pr++gZmZ1MLAJP
a4KRJA9frWu+1ECAg1vMBI6QDzoT/QBsLW17h2bQyzAnjJgghh7PTcNs1F06uSga
Loex8ZTB4erGrwIMUKv+97LYZUrZi9aes54vG4CIdwQK7hFedejVwx45yoF0k15a
P/xCbP4NgMELHEXdR0cHASvCAWBJSkrcecvMbTQQTEqDiHt5u98atN7Lh6vfQCgp
gW7+yfgq3aqOobaxqdSXoZrimfpBgc2JUv5arjYBBLo5tdel19uc5ehTNKcgubWh
xNPkrUGjQRRn1HTnAouCBL54K4A3sSmiSnYopL/3ZoV1Vx3g82PQ
-----END CERTIFICATE-----