Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/jdtmdNwPEglji36Uo3X_YpWq8qQ.roa
File:                     jdtmdNwPEglji36Uo3X_YpWq8qQ.roa (raw, json)
Hash identifier:          kXNF3O3oqWUVfDc4jdBXKpBE4uOWNeUSiU5u/sX71nM=
Subject key identifier:   8D:DB:66:74:DC:0F:12:09:63:8B:7E:94:A3:75:FF:62:95:AA:F2:A4
Certificate issuer:       /CN=7c3532e52eaafef948c42c8b1d51145cac9d4c96
Certificate serial:       018CC4245333FF204AEF8E7513672F83776D
Authority key identifier: 7C:35:32:E5:2E:AA:FE:F9:48:C4:2C:8B:1D:51:14:5C:AC:9D:4C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDUy5S6q_vlIxCyLHVEUXKydTJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/jdtmdNwPEglji36Uo3X_YpWq8qQ.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204591
IP address blocks:        193.22.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/fDUy5S6q_vlIxCyLHVEUXKydTJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/fDUy5S6q_vlIxCyLHVEUXKydTJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDUy5S6q_vlIxCyLHVEUXKydTJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:53:33:ff:20:4a:ef:8e:75:13:67:2f:83:77:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3532e52eaafef948c42c8b1d51145cac9d4c96
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ddb6674dc0f1209638b7e94a375ff6295aaf2a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:db:76:3c:93:91:85:0a:52:31:c8:76:bf:56:
                    f8:10:ab:d2:60:33:0c:d5:cb:a3:0e:9e:3a:54:82:
                    a8:e0:1a:a5:60:bb:bf:9e:f2:f6:35:0e:dd:e6:60:
                    31:67:98:63:a8:4b:fd:94:1c:d4:2d:75:6b:af:ed:
                    c4:b0:bc:4d:ec:4d:fb:10:37:54:de:b5:b3:66:14:
                    92:07:56:dd:05:5a:d3:de:46:c7:ab:b6:aa:20:f7:
                    93:ab:63:08:6b:64:9d:1a:47:5c:aa:72:d2:af:78:
                    18:95:bb:71:4b:43:43:cd:e7:d9:ca:5e:3f:3c:7b:
                    1e:60:d1:92:3b:b4:93:27:4d:70:52:08:75:6c:86:
                    6a:f7:c0:50:2c:19:ae:f7:77:f8:82:be:cf:bd:ab:
                    97:11:2e:57:84:35:29:2a:26:47:dd:f3:a8:dc:d1:
                    66:9d:b6:fe:73:7c:ba:10:c4:36:5c:df:fc:61:bf:
                    29:6a:a3:ab:e7:35:06:63:f4:fb:87:ee:93:5a:30:
                    d8:b9:63:76:a6:ab:a3:2d:9c:4c:1d:1b:32:9b:be:
                    af:05:65:6a:93:41:b5:b6:18:ad:b8:2d:97:a4:19:
                    e5:a2:76:5e:4b:8d:8c:16:75:0c:61:54:1a:76:09:
                    04:a9:ab:c9:a1:e2:6d:d9:ee:bd:4c:d6:f0:68:c4:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:DB:66:74:DC:0F:12:09:63:8B:7E:94:A3:75:FF:62:95:AA:F2:A4
            X509v3 Authority Key Identifier:
                keyid:7C:35:32:E5:2E:AA:FE:F9:48:C4:2C:8B:1D:51:14:5C:AC:9D:4C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDUy5S6q_vlIxCyLHVEUXKydTJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/jdtmdNwPEglji36Uo3X_YpWq8qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a43850-02a2-4859-9bde-564ebdcf3f96/1/fDUy5S6q_vlIxCyLHVEUXKydTJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:54:25:fa:a9:86:ba:ca:76:b2:40:b6:93:76:5e:e0:12:e5:
         16:e4:a9:73:73:b1:49:ce:9e:a4:ef:dd:14:87:b0:cd:9e:6f:
         07:12:5b:6f:a4:2a:a9:e3:85:9e:f2:87:28:b8:a2:c7:58:1c:
         af:2b:89:3d:fa:be:96:c7:65:f4:00:d1:b4:60:09:c9:ae:c5:
         b2:06:42:ad:76:18:2e:27:d0:76:c1:6f:1a:5f:f1:f1:47:ac:
         21:49:dd:48:42:37:ec:83:12:19:30:d2:76:94:33:fe:5c:a3:
         67:0a:55:e4:e4:70:41:10:6f:71:e8:a1:13:3b:5b:e6:9c:4a:
         95:06:7a:06:bd:51:07:ac:56:d3:a1:44:b2:c7:01:66:d7:c1:
         9d:97:61:f0:73:cb:dd:e8:13:cc:90:06:64:97:79:fb:70:9d:
         2e:4f:1c:18:cf:4d:5a:eb:c4:a1:46:a3:9c:02:43:49:38:94:
         c8:e1:03:0e:1f:3f:d0:18:a2:fa:5c:5b:fc:ce:7b:84:f0:d8:
         1a:02:0f:51:26:ff:ec:ff:1e:bb:10:73:da:c2:89:d4:e8:c3:
         1c:7d:39:13:8f:8c:56:42:61:37:81:e7:71:45:cf:f7:91:43:
         66:e6:8d:7a:11:0f:3c:de:63:c1:a8:04:11:f4:74:04:a9:04:
         74:e2:d5:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFMz/yBK7451E2cvg3dtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMzUzMmU1MmVhYWZlZjk0OGM0MmM4YjFkNTExNDVjYWM5
ZDRjOTYwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGRiNjY3NGRjMGYxMjA5NjM4YjdlOTRhMzc1ZmY2Mjk1YWFmMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9t2PJORhQpSMch2v1b4EKvSYDMM
1cujDp46VIKo4BqlYLu/nvL2NQ7d5mAxZ5hjqEv9lBzULXVrr+3EsLxN7E37EDdU
3rWzZhSSB1bdBVrT3kbHq7aqIPeTq2MIa2SdGkdcqnLSr3gYlbtxS0NDzefZyl4/
PHseYNGSO7STJ01wUgh1bIZq98BQLBmu93f4gr7PvauXES5XhDUpKiZH3fOo3NFm
nbb+c3y6EMQ2XN/8Yb8paqOr5zUGY/T7h+6TWjDYuWN2pqujLZxMHRsym76vBWVq
k0G1thituC2XpBnlonZeS42MFnUMYVQadgkEqavJoeJt2e69TNbwaMSO5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3bZnTcDxIJY4t+lKN1/2KVqvKkMB8GA1UdIwQY
MBaAFHw1MuUuqv75SMQsix1RFFysnUyWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkRVeTVTNnFfdmxJeEN5TEhWRVVYS3lkVEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hNDM4NTAtMDJhMi00ODU5LTliZGUt
NTY0ZWJkY2YzZjk2LzEvamR0bWROd1BFZ2xqaTM2VW8zWF9ZcFdxOHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hNDM4NTAtMDJhMi00ODU5LTliZGUtNTY0ZWJkY2YzZjk2
LzEvZkRVeTVTNnFfdmxJeEN5TEhWRVVYS3lkVEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRboMA0G
CSqGSIb3DQEBCwUAA4IBAQCLVCX6qYa6ynayQLaTdl7gEuUW5Klzc7FJzp6k790U
h7DNnm8HEltvpCqp44We8ocouKLHWByvK4k9+r6Wx2X0ANG0YAnJrsWyBkKtdhgu
J9B2wW8aX/HxR6whSd1IQjfsgxIZMNJ2lDP+XKNnClXk5HBBEG9x6KETO1vmnEqV
BnoGvVEHrFbToUSyxwFm18Gdl2Hwc8vd6BPMkAZkl3n7cJ0uTxwYz01a68ShRqOc
AkNJOJTI4QMOHz/QGKL6XFv8znuE8NgaAg9RJv/s/x67EHPawonU6MMcfTkTj4xW
QmE3gedxRc/3kUNm5o16EQ883mPBqAQR9HQEqQR04tUB
-----END CERTIFICATE-----