Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/28Pth53wKhWgK1J2V3VEf5zc6dw.roa
File:                     28Pth53wKhWgK1J2V3VEf5zc6dw.roa (raw, json)
Hash identifier:          Dxnox5Uo6i9Gkwk4VTAU+c7xVJK2oc5ivhC+9xu5gFk=
Subject key identifier:   DB:C3:ED:87:9D:F0:2A:15:A0:2B:52:76:57:75:44:7F:9C:DC:E9:DC
Certificate issuer:       /CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
Certificate serial:       018CC3B6A765A79CA0A53C8E87DD6577910A
Authority key identifier: FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/28Pth53wKhWgK1J2V3VEf5zc6dw.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211360
IP address blocks:        193.84.108.0/24 maxlen: 24
                          2a10:ba80::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a7:65:a7:9c:a0:a5:3c:8e:87:dd:65:77:91:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc3ed879df02a15a02b52765775447f9cdce9dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:41:f9:38:2a:ba:d8:7c:9f:1c:b1:ad:30:fb:
                    78:62:f1:6e:fb:d7:aa:e9:ac:4a:57:d3:b1:31:80:
                    13:b8:00:ff:16:d1:75:40:c9:e2:04:46:5d:d5:d1:
                    17:d2:5f:c3:49:96:c3:9a:e7:fe:19:27:54:16:26:
                    7c:20:81:43:fd:52:5d:be:3c:45:ce:4e:61:8b:ba:
                    f1:b1:47:9c:79:fa:ea:20:b4:29:82:60:86:60:97:
                    5d:35:38:4b:a1:d0:eb:8c:0d:23:bc:32:de:4b:b4:
                    ae:c3:67:63:a7:91:6d:71:20:8f:84:cc:ed:a4:65:
                    53:c5:3b:db:17:90:2a:27:9e:3a:5a:a7:e2:55:ef:
                    75:b4:af:2c:4f:34:ea:a9:a6:37:27:03:08:84:75:
                    10:b5:0a:b2:23:77:96:2a:90:f5:20:5b:f3:c8:aa:
                    f8:f2:68:39:dd:fd:36:68:ce:2d:ae:95:c4:08:02:
                    87:77:19:90:52:da:87:60:49:c1:e7:92:e2:77:6c:
                    30:18:c0:4f:f6:8d:b6:f1:7a:ce:43:d3:05:ba:97:
                    0d:8c:44:84:2f:a8:60:42:b9:f4:10:6f:82:9a:eb:
                    66:c3:7b:6d:e1:6c:ba:4f:86:5b:99:2f:8d:1e:e7:
                    09:0e:0d:0c:7b:ae:ae:dd:6c:e1:38:6f:34:1e:ad:
                    5c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C3:ED:87:9D:F0:2A:15:A0:2B:52:76:57:75:44:7F:9C:DC:E9:DC
            X509v3 Authority Key Identifier:
                keyid:FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/28Pth53wKhWgK1J2V3VEf5zc6dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.108.0/24
                IPv6:
                  2a10:ba80::/31

    Signature Algorithm: sha256WithRSAEncryption
         11:2f:04:c2:97:c0:ea:ae:08:3f:58:d5:a6:53:24:40:43:33:
         9b:ab:a1:7f:fe:35:4b:49:5f:33:c8:67:23:41:91:89:55:b8:
         18:63:a5:e6:b1:da:88:7d:86:fa:14:2c:73:ec:4f:5c:41:0d:
         20:58:fd:03:18:1b:21:91:33:13:30:cc:62:d5:dc:9a:d7:fd:
         09:25:51:24:b9:c2:e8:3a:4d:79:f3:46:db:d3:7e:c7:b7:89:
         72:69:9b:c3:97:20:a5:05:e1:24:c8:c0:9a:e2:c3:9f:d8:f3:
         23:55:ad:3d:0d:06:f7:02:d6:04:27:71:70:30:1c:7f:21:84:
         9f:42:ae:ad:24:fa:aa:08:92:b7:a8:22:3c:84:fa:2f:56:19:
         1a:ac:07:51:94:90:4b:1e:3d:e7:b5:88:08:67:43:2a:15:6d:
         bf:08:35:ee:35:3a:2f:ff:3f:85:8f:46:27:04:93:59:11:e1:
         d3:9d:79:9f:de:76:54:bd:84:18:d0:7a:07:7f:40:58:63:86:
         01:14:47:6c:90:00:ab:46:6f:d4:7d:20:dd:86:06:76:cd:8f:
         87:ba:83:72:8d:b8:18:20:86:9a:b0:d0:6d:39:47:e2:1a:fd:
         6f:a6:89:7f:f0:a5:23:06:17:6a:3e:e3:80:45:12:01:87:28:
         01:35:f8:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtqdlp5ygpTyOh91ld5EKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjFjYjRiYWExNTg2MmQxYjU3NzNiZjJiZTYwY2E1ZjRm
YzI0ZDQwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmMzZWQ4NzlkZjAyYTE1YTAyYjUyNzY1Nzc1NDQ3ZjljZGNlOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEH5OCq62HyfHLGtMPt4YvFu+9eq
6axKV9OxMYATuAD/FtF1QMniBEZd1dEX0l/DSZbDmuf+GSdUFiZ8IIFD/VJdvjxF
zk5hi7rxsUecefrqILQpgmCGYJddNThLodDrjA0jvDLeS7Suw2djp5FtcSCPhMzt
pGVTxTvbF5AqJ546WqfiVe91tK8sTzTqqaY3JwMIhHUQtQqyI3eWKpD1IFvzyKr4
8mg53f02aM4trpXECAKHdxmQUtqHYEnB55Lid2wwGMBP9o228XrOQ9MFupcNjESE
L6hgQrn0EG+Cmutmw3tt4Wy6T4ZbmS+NHucJDg0Me66u3WzhOG80Hq1caQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNvD7Yed8CoVoCtSdld1RH+c3OncMB8GA1UdIwQY
MBaAFP0hy0uqFYYtG1dzvyvmDKX0/CTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUt
YmU1NTIwYTVjODIxLzEvMjhQdGg1M3dLaFdnSzFKMlYzVkVmNXpjNmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUtYmU1NTIwYTVjODIx
LzEvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwVRsMA0E
AgACMAcDBQEqELqAMA0GCSqGSIb3DQEBCwUAA4IBAQARLwTCl8Dqrgg/WNWmUyRA
QzObq6F//jVLSV8zyGcjQZGJVbgYY6XmsdqIfYb6FCxz7E9cQQ0gWP0DGBshkTMT
MMxi1dya1/0JJVEkucLoOk1580bb037Ht4lyaZvDlyClBeEkyMCa4sOf2PMjVa09
DQb3AtYEJ3FwMBx/IYSfQq6tJPqqCJK3qCI8hPovVhkarAdRlJBLHj3ntYgIZ0Mq
FW2/CDXuNTov/z+Fj0YnBJNZEeHTnXmf3nZUvYQY0HoHf0BYY4YBFEdskACrRm/U
fSDdhgZ2zY+HuoNyjbgYIIaasNBtOUfiGv1vpol/8KUjBhdqPuOARRIBhygBNfhr
-----END CERTIFICATE-----