Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/9M3Y-Hrpmoo7o3-HwcgarmY0BRY.roa
File:                     9M3Y-Hrpmoo7o3-HwcgarmY0BRY.roa (raw, json)
Hash identifier:          npyrA5GEB9fTs20vU2I5ClF3f1vh32Xm39WFm7jVTBA=
Subject key identifier:   F4:CD:D8:F8:7A:E9:9A:8A:3B:A3:7F:87:C1:C8:1A:AE:66:34:05:16
Certificate issuer:       /CN=c2370cf1809b7bc663ad4143c08976b48102efb9
Certificate serial:       018CC64B43D33A6A418001E9A8967CBC138C
Authority key identifier: C2:37:0C:F1:80:9B:7B:C6:63:AD:41:43:C0:89:76:B4:81:02:EF:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjcM8YCbe8ZjrUFDwIl2tIEC77k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/9M3Y-Hrpmoo7o3-HwcgarmY0BRY.roa
Signing time:             Mon 01 Jan 2024 18:31:10 +0000
ROA not before:           Mon 01 Jan 2024 18:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211356
IP address blocks:        193.163.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/wjcM8YCbe8ZjrUFDwIl2tIEC77k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/wjcM8YCbe8ZjrUFDwIl2tIEC77k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjcM8YCbe8ZjrUFDwIl2tIEC77k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:43:d3:3a:6a:41:80:01:e9:a8:96:7c:bc:13:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2370cf1809b7bc663ad4143c08976b48102efb9
        Validity
            Not Before: Jan  1 18:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4cdd8f87ae99a8a3ba37f87c1c81aae66340516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1d:10:7a:5a:24:85:f2:3d:6b:08:29:c3:2d:
                    80:98:98:a6:5d:d1:17:f2:4b:2d:1e:cc:ca:0f:70:
                    94:cb:d7:35:74:08:81:1e:3d:cb:a8:f4:15:af:ec:
                    f5:86:58:3b:43:b1:dd:cb:e1:8e:13:d0:66:e2:10:
                    e1:b3:03:fd:ef:d8:27:e8:05:75:27:d5:a2:32:40:
                    09:8b:e5:38:64:8a:aa:fe:28:76:65:59:6b:04:3e:
                    87:8c:f6:30:55:71:cd:a0:6b:e3:be:43:85:b5:90:
                    a0:10:6f:4c:ce:c8:69:90:ce:a7:98:dc:61:9e:f3:
                    c0:5d:ec:46:2b:e2:64:ad:61:88:5d:20:21:4b:07:
                    50:05:a0:28:45:84:96:5d:39:ab:4b:84:f5:06:1e:
                    b9:8e:c9:5f:fd:dc:f0:0b:f4:30:21:a8:b8:5f:3b:
                    2a:b0:f6:32:76:f5:a7:76:6e:53:b1:d7:39:59:5b:
                    99:b6:df:fb:c6:53:f2:14:d0:10:3b:43:e1:27:ef:
                    52:e6:11:7d:c8:96:de:7f:dc:89:66:52:56:3b:f3:
                    07:9f:33:13:5c:f4:91:ba:db:aa:bd:f8:72:24:ea:
                    05:ae:55:5e:03:5d:a0:97:a1:6c:29:12:25:ee:81:
                    0b:5e:58:42:3a:b5:b7:e7:19:d5:8d:10:5b:a0:38:
                    6e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CD:D8:F8:7A:E9:9A:8A:3B:A3:7F:87:C1:C8:1A:AE:66:34:05:16
            X509v3 Authority Key Identifier:
                keyid:C2:37:0C:F1:80:9B:7B:C6:63:AD:41:43:C0:89:76:B4:81:02:EF:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjcM8YCbe8ZjrUFDwIl2tIEC77k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/9M3Y-Hrpmoo7o3-HwcgarmY0BRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/acdbe3-b82f-495b-b55b-e1563f812929/1/wjcM8YCbe8ZjrUFDwIl2tIEC77k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:e2:c5:1d:75:d8:c8:01:d9:3e:f0:d0:b4:89:d2:b5:2e:43:
         41:8c:42:e4:6c:a7:04:5d:97:f6:67:d4:f8:6f:b2:b4:9c:3d:
         e1:49:65:42:47:b1:45:a2:55:b1:95:07:e4:d7:20:bf:30:7e:
         12:34:b0:4c:82:a7:c5:7a:2a:a0:05:2f:76:e5:65:62:cf:ed:
         20:12:bb:78:48:86:2d:b1:34:64:39:35:75:00:eb:9a:f8:ac:
         cb:f0:3a:9e:78:2c:aa:c7:b6:3b:fe:20:fa:3b:df:1f:e9:ee:
         7e:bb:26:15:85:9a:05:e9:dd:2b:0a:e1:db:1e:1c:4d:f1:fe:
         72:b8:79:a8:13:fa:d4:0c:74:bb:36:5d:8c:8a:21:01:49:47:
         16:0e:46:d9:a3:8e:37:0a:f5:c8:df:9d:a7:93:73:74:e2:df:
         d0:cd:db:1f:89:c2:42:84:a0:cb:75:dc:b6:18:d2:77:06:cf:
         ae:94:a2:ff:0d:5e:cb:63:73:4e:66:46:a4:c7:5c:90:ce:16:
         fe:4f:0a:3c:5c:da:61:bc:3c:77:ad:c6:42:05:0f:f8:0d:d9:
         b1:68:a8:42:17:f3:67:f9:c5:b0:9b:cb:48:45:ac:49:aa:a6:
         cc:1a:9c:18:27:cc:57:34:28:41:5e:5c:b6:72:fc:45:8e:5d:
         b7:ff:5f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0PTOmpBgAHpqJZ8vBOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzcwY2YxODA5YjdiYzY2M2FkNDE0M2MwODk3NmI0ODEw
MmVmYjkwHhcNMjQwMTAxMTgzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGNkZDhmODdhZTk5YThhM2JhMzdmODdjMWM4MWFhZTY2MzQwNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB0QelokhfI9awgpwy2AmJimXdEX
8kstHszKD3CUy9c1dAiBHj3LqPQVr+z1hlg7Q7Hdy+GOE9Bm4hDhswP979gn6AV1
J9WiMkAJi+U4ZIqq/ih2ZVlrBD6HjPYwVXHNoGvjvkOFtZCgEG9MzshpkM6nmNxh
nvPAXexGK+JkrWGIXSAhSwdQBaAoRYSWXTmrS4T1Bh65jslf/dzwC/QwIai4Xzsq
sPYydvWndm5Tsdc5WVuZtt/7xlPyFNAQO0PhJ+9S5hF9yJbef9yJZlJWO/MHnzMT
XPSRutuqvfhyJOoFrlVeA12gl6FsKRIl7oELXlhCOrW35xnVjRBboDhuPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTN2Ph66ZqKO6N/h8HIGq5mNAUWMB8GA1UdIwQY
MBaAFMI3DPGAm3vGY61BQ8CJdrSBAu+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pjTThZQ2JlOFpqclVGRHdJbDJ0SUVDNzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9hY2RiZTMtYjgyZi00OTViLWI1NWIt
ZTE1NjNmODEyOTI5LzEvOU0zWS1IcnBtb283bzMtSHdjZ2FybVkwQlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9hY2RiZTMtYjgyZi00OTViLWI1NWItZTE1NjNmODEyOTI5
LzEvd2pjTThZQ2JlOFpqclVGRHdJbDJ0SUVDNzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaO7MA0G
CSqGSIb3DQEBCwUAA4IBAQBN4sUdddjIAdk+8NC0idK1LkNBjELkbKcEXZf2Z9T4
b7K0nD3hSWVCR7FFolWxlQfk1yC/MH4SNLBMgqfFeiqgBS925WViz+0gErt4SIYt
sTRkOTV1AOua+KzL8DqeeCyqx7Y7/iD6O98f6e5+uyYVhZoF6d0rCuHbHhxN8f5y
uHmoE/rUDHS7Nl2MiiEBSUcWDkbZo443CvXI352nk3N04t/QzdsficJChKDLddy2
GNJ3Bs+ulKL/DV7LY3NOZkakx1yQzhb+Two8XNphvDx3rcZCBQ/4DdmxaKhCF/Nn
+cWwm8tIRaxJqqbMGpwYJ8xXNChBXly2cvxFjl23/1/c
-----END CERTIFICATE-----