Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/o4abMjUdUgLdwdvrFYedFqVowos.roa
File:                     o4abMjUdUgLdwdvrFYedFqVowos.roa (raw, json)
Hash identifier:          g4yY3yDOxodvWSwT9flMUuiMsNoDKSzvTCzN0crdrYs=
Subject key identifier:   A3:86:9B:32:35:1D:52:02:DD:C1:DB:EB:15:87:9D:16:A5:68:C2:8B
Certificate issuer:       /CN=5725add2bff3e668ae18554beebf31a23a69dda5
Certificate serial:       018CC8DE6FFAE3341766E8303EC03B0AE9EB
Authority key identifier: 57:25:AD:D2:BF:F3:E6:68:AE:18:55:4B:EE:BF:31:A2:3A:69:DD:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VyWt0r_z5miuGFVL7r8xojpp3aU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/o4abMjUdUgLdwdvrFYedFqVowos.roa
Signing time:             Tue 02 Jan 2024 06:31:09 +0000
ROA not before:           Tue 02 Jan 2024 06:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12823
IP address blocks:        193.53.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/VyWt0r_z5miuGFVL7r8xojpp3aU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/VyWt0r_z5miuGFVL7r8xojpp3aU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VyWt0r_z5miuGFVL7r8xojpp3aU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6f:fa:e3:34:17:66:e8:30:3e:c0:3b:0a:e9:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5725add2bff3e668ae18554beebf31a23a69dda5
        Validity
            Not Before: Jan  2 06:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3869b32351d5202ddc1dbeb15879d16a568c28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:4f:67:fd:d5:4c:8c:93:70:e2:56:2d:6e:
                    9d:7b:cc:73:f6:0f:a5:35:1b:e0:3c:3f:70:40:1e:
                    2d:cd:41:47:39:1f:50:02:17:59:c2:bc:81:91:d1:
                    00:6a:98:ec:29:b9:11:b1:f9:c9:46:0f:6f:cd:26:
                    89:03:c2:ef:6b:95:df:1a:68:a2:27:e1:53:f7:f2:
                    d6:af:85:92:6f:e4:c9:58:56:66:7b:cd:6e:21:ae:
                    a2:e0:61:04:34:51:ed:b8:77:4e:c0:2c:b8:df:89:
                    85:69:c7:9a:1d:33:55:72:f9:c5:f0:02:a8:b1:14:
                    37:bd:6d:6d:ca:ff:61:dd:1b:c2:e0:6f:e3:39:5b:
                    d4:7a:8c:37:dc:13:aa:58:2d:d2:65:7d:de:40:3e:
                    30:87:2c:3a:5c:b6:d2:de:45:62:48:97:95:c2:64:
                    2a:72:83:02:62:4d:fa:79:af:4c:3a:43:2a:38:b3:
                    67:5b:15:0c:3a:e5:c6:a9:05:59:43:20:30:f9:f9:
                    01:fb:d3:be:79:65:66:c7:b3:2a:6c:05:52:59:85:
                    40:08:ec:4f:b6:a5:cc:35:87:ba:68:43:50:25:21:
                    5d:78:70:76:8e:f7:39:c6:16:ad:af:56:6a:65:78:
                    27:19:53:58:da:2f:4a:9c:58:97:e5:1e:b5:fd:10:
                    f0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:86:9B:32:35:1D:52:02:DD:C1:DB:EB:15:87:9D:16:A5:68:C2:8B
            X509v3 Authority Key Identifier:
                keyid:57:25:AD:D2:BF:F3:E6:68:AE:18:55:4B:EE:BF:31:A2:3A:69:DD:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VyWt0r_z5miuGFVL7r8xojpp3aU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/o4abMjUdUgLdwdvrFYedFqVowos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/da9489-6b8f-47b0-a69d-b69e44349395/1/VyWt0r_z5miuGFVL7r8xojpp3aU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:48:a6:66:d6:a1:5a:39:c8:37:29:34:2a:99:fe:ac:b0:e3:
         f4:62:8c:52:b0:b7:af:17:f3:e5:8c:0f:c8:78:9c:c4:26:be:
         2e:2b:79:99:6a:57:c6:4e:ae:6d:63:64:bb:23:c9:16:bd:db:
         9b:24:94:f1:06:ce:bd:74:5f:47:58:e4:0f:2c:15:96:d2:9c:
         01:db:40:55:72:52:90:e0:45:b9:59:0a:64:2e:63:a4:dd:1c:
         76:02:a7:ef:d9:c8:88:c7:0f:96:45:26:aa:01:90:6f:d2:a2:
         f9:53:ba:88:b1:7c:e3:cf:7d:1a:08:9a:40:d6:24:ad:c2:e4:
         ca:df:de:fb:58:b3:b3:e1:04:91:2b:53:63:c9:ac:4e:69:dc:
         d3:f2:a4:76:3e:ab:a1:25:46:a7:4b:27:ca:4a:72:68:43:15:
         c0:a8:98:a3:9f:48:30:a4:fc:59:cf:f9:0d:12:7e:a8:59:a7:
         55:9d:43:3f:d5:d8:66:24:93:d7:78:3d:b9:ce:a3:b1:38:62:
         4a:4b:99:ec:a6:c8:20:cb:9d:72:a1:91:5a:95:9a:f4:df:d1:
         36:24:4f:32:bb:74:fc:ec:2c:b0:34:62:97:26:9b:f0:6c:e0:
         e1:55:36:eb:84:bf:90:92:39:66:2a:5f:bb:4a:19:f4:0b:88:
         65:ea:0e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3m/64zQXZugwPsA7CunrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MjVhZGQyYmZmM2U2NjhhZTE4NTU0YmVlYmYzMWEyM2E2
OWRkYTUwHhcNMjQwMTAyMDYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg2OWIzMjM1MWQ1MjAyZGRjMWRiZWIxNTg3OWQxNmE1NjhjMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCBPZ/3VTIyTcOJWLW6de8xz9g+l
NRvgPD9wQB4tzUFHOR9QAhdZwryBkdEAapjsKbkRsfnJRg9vzSaJA8Lva5XfGmii
J+FT9/LWr4WSb+TJWFZme81uIa6i4GEENFHtuHdOwCy434mFaceaHTNVcvnF8AKo
sRQ3vW1tyv9h3RvC4G/jOVvUeow33BOqWC3SZX3eQD4whyw6XLbS3kViSJeVwmQq
coMCYk36ea9MOkMqOLNnWxUMOuXGqQVZQyAw+fkB+9O+eWVmx7MqbAVSWYVACOxP
tqXMNYe6aENQJSFdeHB2jvc5xhatr1ZqZXgnGVNY2i9KnFiX5R61/RDwPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOGmzI1HVIC3cHb6xWHnRalaMKLMB8GA1UdIwQY
MBaAFFclrdK/8+ZorhhVS+6/MaI6ad2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnlXdDByX3o1bWl1R0ZWTDdyOHhvanBwM2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kYTk0ODktNmI4Zi00N2IwLWE2OWQt
YjY5ZTQ0MzQ5Mzk1LzEvbzRhYk1qVWRVZ0xkd2R2ckZZZWRGcVZvd29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kYTk0ODktNmI4Zi00N2IwLWE2OWQtYjY5ZTQ0MzQ5Mzk1
LzEvVnlXdDByX3o1bWl1R0ZWTDdyOHhvanBwM2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTVqMA0G
CSqGSIb3DQEBCwUAA4IBAQASSKZm1qFaOcg3KTQqmf6ssOP0YoxSsLevF/PljA/I
eJzEJr4uK3mZalfGTq5tY2S7I8kWvdubJJTxBs69dF9HWOQPLBWW0pwB20BVclKQ
4EW5WQpkLmOk3Rx2Aqfv2ciIxw+WRSaqAZBv0qL5U7qIsXzjz30aCJpA1iStwuTK
3977WLOz4QSRK1NjyaxOadzT8qR2PquhJUanSyfKSnJoQxXAqJijn0gwpPxZz/kN
En6oWadVnUM/1dhmJJPXeD25zqOxOGJKS5nspsggy51yoZFalZr039E2JE8yu3T8
7CywNGKXJpvwbODhVTbrhL+QkjlmKl+7Shn0C4hl6g6W
-----END CERTIFICATE-----