Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/eTprPEpA4LOl_HnFAoGz9qI-OWs.roa
File:                     eTprPEpA4LOl_HnFAoGz9qI-OWs.roa (raw, json)
Hash identifier:          rj4qDh0PsDQBwOKGDCi0+FtyCBh4Q9K2XL23OFRKfOo=
Subject key identifier:   79:3A:6B:3C:4A:40:E0:B3:A5:FC:79:C5:02:81:B3:F6:A2:3E:39:6B
Certificate issuer:       /CN=09f93d62beb75bb4232dcd052d270276d36f8573
Certificate serial:       018CC80191AD6FC3C11DEAE2B4E750F08F0B
Authority key identifier: 09:F9:3D:62:BE:B7:5B:B4:23:2D:CD:05:2D:27:02:76:D3:6F:85:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cfk9Yr63W7QjLc0FLScCdtNvhXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/eTprPEpA4LOl_HnFAoGz9qI-OWs.roa
Signing time:             Tue 02 Jan 2024 02:29:55 +0000
ROA not before:           Tue 02 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.141.193.0/24 maxlen: 24
                          2a04:ac0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/Cfk9Yr63W7QjLc0FLScCdtNvhXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/Cfk9Yr63W7QjLc0FLScCdtNvhXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cfk9Yr63W7QjLc0FLScCdtNvhXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:91:ad:6f:c3:c1:1d:ea:e2:b4:e7:50:f0:8f:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f93d62beb75bb4232dcd052d270276d36f8573
        Validity
            Not Before: Jan  2 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=793a6b3c4a40e0b3a5fc79c50281b3f6a23e396b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:8c:96:0e:34:24:a4:26:15:82:27:fb:db:
                    4a:06:0b:c1:73:ed:62:9e:cd:b7:d4:78:cf:af:03:
                    ba:4d:d1:77:4a:d2:2c:73:d7:a5:f0:99:ed:96:be:
                    a4:7f:89:69:99:22:ca:b3:f3:9f:84:f2:40:21:e2:
                    ab:a4:86:6b:e4:e9:1c:ce:cb:8e:66:ec:71:98:7e:
                    41:96:40:fc:8a:9d:02:05:fd:4f:3a:0e:27:c4:dd:
                    74:b5:0d:d9:e9:5b:97:8f:65:9c:93:55:8c:80:c2:
                    75:65:98:e5:bc:ad:2f:10:51:19:a0:49:6b:5b:07:
                    71:f5:37:f0:09:87:8f:75:c9:ee:c0:1c:00:f5:30:
                    63:f2:f7:a7:24:69:0e:5e:27:4f:34:7a:e8:d8:e7:
                    d5:df:25:32:ab:5b:bf:b3:06:c9:20:57:15:81:41:
                    1d:d2:51:35:cb:85:6a:40:cf:98:65:52:7f:90:fb:
                    db:b3:f5:31:58:93:75:f6:5d:0a:0e:ee:d0:7f:96:
                    b1:ab:14:b3:0c:a1:bb:33:bd:64:39:4c:52:4d:f9:
                    fe:de:69:c7:70:74:f5:1e:ab:36:61:e6:3e:63:64:
                    8e:2a:72:9a:07:63:2a:0a:8c:a2:c3:ed:b6:65:47:
                    13:73:51:18:f7:7f:37:bf:f1:86:ac:81:d1:48:b1:
                    44:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:3A:6B:3C:4A:40:E0:B3:A5:FC:79:C5:02:81:B3:F6:A2:3E:39:6B
            X509v3 Authority Key Identifier:
                keyid:09:F9:3D:62:BE:B7:5B:B4:23:2D:CD:05:2D:27:02:76:D3:6F:85:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cfk9Yr63W7QjLc0FLScCdtNvhXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/eTprPEpA4LOl_HnFAoGz9qI-OWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/705aad-59b2-474e-a3d8-bf34d01f8b0a/1/Cfk9Yr63W7QjLc0FLScCdtNvhXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.193.0/24
                IPv6:
                  2a04:ac0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:de:0d:ae:a5:a7:73:25:0a:4e:e8:c0:41:5a:e7:51:f2:fa:
         4a:4e:83:a6:2f:68:06:27:3c:d9:0a:d3:59:3e:60:9b:84:fe:
         7a:60:9f:43:70:72:be:72:1d:03:38:4d:41:a8:0d:4d:ee:4c:
         89:fd:cb:05:6c:db:37:a4:0f:35:fd:df:98:6e:90:69:d8:b5:
         e0:7a:df:3d:84:4b:de:f6:4e:64:e7:ca:77:23:66:e1:8e:f8:
         2d:af:0b:c9:92:fb:da:09:a8:a9:66:bf:59:ed:67:7b:5f:6e:
         66:b8:7e:e8:12:41:7f:a2:b3:1d:99:01:fd:84:15:d0:5f:8f:
         29:71:af:f0:95:15:44:45:4b:63:5d:ac:9d:d3:b8:4d:ef:1a:
         91:98:f0:39:ce:3f:30:ad:91:f2:39:a9:73:c8:93:85:3c:51:
         71:fc:ac:67:f8:ef:79:65:9a:01:6e:d7:cd:d8:4d:09:fe:d2:
         df:67:42:7a:df:bd:bb:40:64:21:97:5b:c6:f8:45:3d:6c:9a:
         5b:45:26:69:a2:75:ed:71:6d:a6:51:91:18:d1:4e:4c:e4:4a:
         6a:e5:5d:63:e4:9c:29:c5:36:f0:41:fb:98:53:c9:04:59:21:
         3e:e3:d0:08:a4:51:3d:b3:70:0c:1e:32:13:30:08:07:a7:2c:
         b7:db:f3:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAZGtb8PBHeritOdQ8I8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjkzZDYyYmViNzViYjQyMzJkY2QwNTJkMjcwMjc2ZDM2
Zjg1NzMwHhcNMjQwMTAyMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTNhNmIzYzRhNDBlMGIzYTVmYzc5YzUwMjgxYjNmNmEyM2UzOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6mMlg40JKQmFYIn+9tKBgvBc+1i
ns231HjPrwO6TdF3StIsc9el8Jntlr6kf4lpmSLKs/OfhPJAIeKrpIZr5OkczsuO
ZuxxmH5BlkD8ip0CBf1POg4nxN10tQ3Z6VuXj2Wck1WMgMJ1ZZjlvK0vEFEZoElr
Wwdx9TfwCYePdcnuwBwA9TBj8venJGkOXidPNHro2OfV3yUyq1u/swbJIFcVgUEd
0lE1y4VqQM+YZVJ/kPvbs/UxWJN19l0KDu7Qf5axqxSzDKG7M71kOUxSTfn+3mnH
cHT1Hqs2YeY+Y2SOKnKaB2MqCoyiw+22ZUcTc1EY9383v/GGrIHRSLFEqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHk6azxKQOCzpfx5xQKBs/aiPjlrMB8GA1UdIwQY
MBaAFAn5PWK+t1u0Iy3NBS0nAnbTb4VzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZrOVlyNjNXN1FqTGMwRkxTY0NkdE52aFhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83MDVhYWQtNTliMi00NzRlLWEzZDgt
YmYzNGQwMWY4YjBhLzEvZVRwclBFcEE0TE9sX0huRkFvR3o5cUktT1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny83MDVhYWQtNTliMi00NzRlLWEzZDgtYmYzNGQwMWY4YjBh
LzEvQ2ZrOVlyNjNXN1FqTGMwRkxTY0NkdE52aFhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuY3BMA8E
AgACMAkDBwAqBArAAAIwDQYJKoZIhvcNAQELBQADggEBAHDeDa6lp3MlCk7owEFa
51Hy+kpOg6YvaAYnPNkK01k+YJuE/npgn0Nwcr5yHQM4TUGoDU3uTIn9ywVs2zek
DzX935hukGnYteB63z2ES972TmTnyncjZuGO+C2vC8mS+9oJqKlmv1ntZ3tfbma4
fugSQX+isx2ZAf2EFdBfjylxr/CVFURFS2NdrJ3TuE3vGpGY8DnOPzCtkfI5qXPI
k4U8UXH8rGf473llmgFu183YTQn+0t9nQnrfvbtAZCGXW8b4RT1smltFJmmide1x
baZRkRjRTkzkSmrlXWPknCnFNvBB+5hTyQRZIT7j0AikUT2zcAweMhMwCAenLLfb
8zU=
-----END CERTIFICATE-----