Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/azEF5lHm8WbAh50Tbo-VyXjCc5U.roa
File:                     azEF5lHm8WbAh50Tbo-VyXjCc5U.roa (raw, json)
Hash identifier:          ZQSC/3a6gURic1+6r8rttLfUvVdVVAm6qlXUE0aZkQw=
Subject key identifier:   6B:31:05:E6:51:E6:F1:66:C0:87:9D:13:6E:8F:95:C9:78:C2:73:95
Certificate issuer:       /CN=add261cad0dff2d9bb2f8c7ad0db26ed5730d3dd
Certificate serial:       018CC26D45DBF96767FD392DF93F761A6E83
Authority key identifier: AD:D2:61:CA:D0:DF:F2:D9:BB:2F:8C:7A:D0:DB:26:ED:57:30:D3:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rdJhytDf8tm7L4x60Nsm7Vcw090.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/azEF5lHm8WbAh50Tbo-VyXjCc5U.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.138.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/rdJhytDf8tm7L4x60Nsm7Vcw090.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/rdJhytDf8tm7L4x60Nsm7Vcw090.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rdJhytDf8tm7L4x60Nsm7Vcw090.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:45:db:f9:67:67:fd:39:2d:f9:3f:76:1a:6e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=add261cad0dff2d9bb2f8c7ad0db26ed5730d3dd
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b3105e651e6f166c0879d136e8f95c978c27395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0a:4f:4c:32:38:7e:57:a4:1c:30:9c:b3:eb:
                    eb:3e:5d:71:db:4f:91:7a:9c:e1:5e:fd:8f:be:7d:
                    1c:7a:9d:bd:10:53:3c:77:54:2d:66:75:97:61:b4:
                    ea:e3:5f:0f:1a:2d:f1:aa:dd:49:60:9d:07:9a:a7:
                    1e:e5:9b:b2:37:43:84:f2:30:b7:13:b6:2f:fe:df:
                    5e:41:13:3e:42:cd:cb:ba:c2:e2:6d:fa:d1:a5:a1:
                    83:8f:43:b9:e2:fb:43:ce:85:7e:a7:46:4d:33:d4:
                    20:44:78:b2:75:3c:cd:d4:a0:17:34:da:15:2f:6c:
                    e9:fc:ba:ce:01:6d:cc:de:37:24:0c:f0:9e:6d:65:
                    42:5c:cb:8d:33:e8:e0:72:55:09:51:ba:1b:3e:cd:
                    9b:4e:cd:a0:2f:5e:88:3d:c0:dc:4a:24:7c:ae:f9:
                    d1:f9:d2:0a:05:8a:6a:69:34:48:42:b0:34:96:44:
                    14:ce:19:6c:4a:df:f6:48:84:40:ff:7f:81:cf:64:
                    0b:90:81:85:b0:7c:0a:e7:ce:84:f8:87:07:18:1f:
                    91:88:b7:98:29:f0:c4:ee:cd:b2:25:31:2e:9c:b6:
                    93:ea:f0:be:9a:8e:4b:a7:60:61:ce:e1:34:5d:f5:
                    7b:c5:17:ca:31:7d:f0:b7:22:1a:8d:4d:1f:c8:33:
                    ed:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:31:05:E6:51:E6:F1:66:C0:87:9D:13:6E:8F:95:C9:78:C2:73:95
            X509v3 Authority Key Identifier:
                keyid:AD:D2:61:CA:D0:DF:F2:D9:BB:2F:8C:7A:D0:DB:26:ED:57:30:D3:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdJhytDf8tm7L4x60Nsm7Vcw090.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/azEF5lHm8WbAh50Tbo-VyXjCc5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a434a-eb2f-4026-bcc8-7bc42d5d4072/1/rdJhytDf8tm7L4x60Nsm7Vcw090.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:76:b6:f6:b2:1a:cd:30:a8:e9:5a:82:ad:11:d7:58:16:0d:
         cc:72:f5:d7:33:70:17:ba:70:99:06:b6:ed:6b:f2:ec:6f:2b:
         0f:eb:5c:19:15:02:81:40:70:f4:91:f3:b0:2c:4e:78:e8:79:
         41:f2:7d:cc:0d:92:ef:96:5b:7a:7a:e7:81:8f:e8:11:c0:b4:
         91:ca:22:e4:cc:d2:11:e7:52:38:91:61:22:32:e5:98:98:ef:
         b7:62:a3:f6:c0:5f:48:0e:af:17:b8:14:86:83:14:9d:63:4b:
         ba:1a:41:7a:39:19:3c:8f:e0:78:1f:e3:b4:e0:d0:21:8f:ee:
         e7:07:0f:0a:60:b9:b5:f7:1b:b3:43:2e:27:02:37:a1:8a:9c:
         24:25:ca:0d:53:a7:37:50:8b:ae:6d:ee:6d:50:0e:a3:57:29:
         2b:7b:f0:32:50:51:d1:41:21:69:f5:35:23:bf:a4:f4:70:76:
         ce:62:4d:5d:bc:3b:e6:30:8a:92:68:c2:45:9e:3e:59:4d:e0:
         61:75:52:5c:fc:8e:90:3c:3d:8b:0e:51:b7:f6:a7:a3:31:ee:
         bd:4f:6e:eb:5c:af:b1:e2:2d:3a:3f:29:40:a8:bd:b6:a9:a1:
         9f:6b:dd:ab:70:3d:5c:b1:1e:33:b8:7c:cf:fe:3d:b1:25:8b:
         d1:6f:37:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUXb+Wdn/Tkt+T92Gm6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDI2MWNhZDBkZmYyZDliYjJmOGM3YWQwZGIyNmVkNTcz
MGQzZGQwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMxMDVlNjUxZTZmMTY2YzA4NzlkMTM2ZThmOTVjOTc4YzI3Mzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwpPTDI4flekHDCcs+vrPl1x20+R
epzhXv2Pvn0cep29EFM8d1QtZnWXYbTq418PGi3xqt1JYJ0Hmqce5ZuyN0OE8jC3
E7Yv/t9eQRM+Qs3LusLibfrRpaGDj0O54vtDzoV+p0ZNM9QgRHiydTzN1KAXNNoV
L2zp/LrOAW3M3jckDPCebWVCXMuNM+jgclUJUbobPs2bTs2gL16IPcDcSiR8rvnR
+dIKBYpqaTRIQrA0lkQUzhlsSt/2SIRA/3+Bz2QLkIGFsHwK586E+IcHGB+RiLeY
KfDE7s2yJTEunLaT6vC+mo5Lp2BhzuE0XfV7xRfKMX3wtyIajU0fyDPtPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsxBeZR5vFmwIedE26Plcl4wnOVMB8GA1UdIwQY
MBaAFK3SYcrQ3/LZuy+MetDbJu1XMNPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmRKaHl0RGY4dG03TDR4NjBOc203VmN3MDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wYTQzNGEtZWIyZi00MDI2LWJjYzgt
N2JjNDJkNWQ0MDcyLzEvYXpFRjVsSG04V2JBaDUwVGJvLVZ5WGpDYzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wYTQzNGEtZWIyZi00MDI2LWJjYzgtN2JjNDJkNWQ0MDcy
LzEvcmRKaHl0RGY4dG03TDR4NjBOc203VmN3MDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYr9MA0G
CSqGSIb3DQEBCwUAA4IBAQAfdrb2shrNMKjpWoKtEddYFg3McvXXM3AXunCZBrbt
a/LsbysP61wZFQKBQHD0kfOwLE546HlB8n3MDZLvllt6eueBj+gRwLSRyiLkzNIR
51I4kWEiMuWYmO+3YqP2wF9IDq8XuBSGgxSdY0u6GkF6ORk8j+B4H+O04NAhj+7n
Bw8KYLm19xuzQy4nAjehipwkJcoNU6c3UIuube5tUA6jVykre/AyUFHRQSFp9TUj
v6T0cHbOYk1dvDvmMIqSaMJFnj5ZTeBhdVJc/I6QPD2LDlG39qejMe69T27rXK+x
4i06PylAqL22qaGfa92rcD1csR4zuHzP/j2xJYvRbzeS
-----END CERTIFICATE-----