Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/NiRCiJjOtgZ6ABUSVox0uAjH-bQ.roa
File:                     NiRCiJjOtgZ6ABUSVox0uAjH-bQ.roa (raw, json)
Hash identifier:          +xYLpk7pmXfOzPym7JByT+vtdtx2Vak6xUHt/mqQCPY=
Subject key identifier:   36:24:42:88:98:CE:B6:06:7A:00:15:12:56:8C:74:B8:08:C7:F9:B4
Certificate issuer:       /CN=2c0ceb81ebce859f50928e8ed3e1f0a8511152db
Certificate serial:       018CC9BA67E279945DDA3DCA9FD57EDB928A
Authority key identifier: 2C:0C:EB:81:EB:CE:85:9F:50:92:8E:8E:D3:E1:F0:A8:51:11:52:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LAzrgevOhZ9Qko6O0-HwqFERUts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/NiRCiJjOtgZ6ABUSVox0uAjH-bQ.roa
Signing time:             Tue 02 Jan 2024 10:31:25 +0000
ROA not before:           Tue 02 Jan 2024 10:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.201.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/LAzrgevOhZ9Qko6O0-HwqFERUts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/LAzrgevOhZ9Qko6O0-HwqFERUts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LAzrgevOhZ9Qko6O0-HwqFERUts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:67:e2:79:94:5d:da:3d:ca:9f:d5:7e:db:92:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c0ceb81ebce859f50928e8ed3e1f0a8511152db
        Validity
            Not Before: Jan  2 10:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3624428898ceb6067a001512568c74b808c7f9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:74:57:2f:b1:24:37:3d:a3:14:1e:d4:7c:
                    cd:6f:59:d8:04:b1:ac:6b:61:10:36:cb:13:cd:1b:
                    8b:11:2a:5b:74:dd:5d:ce:5c:eb:de:b6:54:ae:9f:
                    07:f9:de:c7:04:34:f0:f9:50:93:16:6d:2e:48:a1:
                    25:3c:2c:f6:f5:54:36:2c:0d:81:49:e1:c7:79:51:
                    7a:0a:fb:35:1b:35:7b:f4:51:f5:07:2a:a0:3b:0c:
                    84:7f:22:e6:c8:75:7c:ca:43:0b:11:2c:9e:1f:53:
                    2d:a9:ac:5e:2c:17:c0:cb:be:8a:6b:ed:12:a8:53:
                    cd:17:71:41:04:94:16:65:2e:4c:4a:2e:3f:45:48:
                    c4:25:c4:26:87:45:e1:4d:e5:61:e1:f7:d5:57:b2:
                    77:c2:84:27:ce:7b:fc:ab:4f:9e:8b:2f:21:b7:1a:
                    42:38:ff:23:e9:e4:6f:3c:ed:7c:a1:cc:94:42:e2:
                    a1:da:2d:25:ef:b0:68:5e:6e:7e:ce:ed:2a:91:5e:
                    c7:09:4a:e5:d9:72:99:4f:30:5e:2d:f1:b9:f2:c9:
                    0d:1d:f7:9d:b1:bb:da:69:c8:52:7f:3b:58:2a:12:
                    86:17:d5:52:41:c2:5f:c3:61:ae:4a:7f:b2:3f:0f:
                    4b:7a:8d:0f:6f:0d:ba:c4:52:d8:d1:a6:a8:07:a8:
                    61:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:24:42:88:98:CE:B6:06:7A:00:15:12:56:8C:74:B8:08:C7:F9:B4
            X509v3 Authority Key Identifier:
                keyid:2C:0C:EB:81:EB:CE:85:9F:50:92:8E:8E:D3:E1:F0:A8:51:11:52:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LAzrgevOhZ9Qko6O0-HwqFERUts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/NiRCiJjOtgZ6ABUSVox0uAjH-bQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/04982c-5ffc-42a8-9879-6e8b34f1976b/1/LAzrgevOhZ9Qko6O0-HwqFERUts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:7c:a7:16:25:ab:74:2c:64:11:71:26:62:80:0f:46:3a:26:
         67:11:72:15:7b:00:7b:d1:01:35:bd:18:f6:d9:45:85:e1:05:
         bc:36:d5:ad:31:75:2a:2e:2f:fb:cc:15:f6:48:af:29:b1:3a:
         29:49:6d:eb:cc:c8:02:8c:8d:26:c0:54:06:ac:73:b6:75:e9:
         34:31:ca:aa:da:e9:92:32:c7:e9:80:c9:68:96:39:af:bf:ea:
         7a:1d:d1:dc:2d:03:a8:29:13:8b:e6:ce:28:2e:f6:e0:f0:56:
         0e:ee:95:17:93:c2:a4:26:97:4a:ab:b3:31:3d:14:dc:8b:62:
         7c:6a:35:ed:8d:85:9d:96:86:ba:3a:b1:1e:0d:01:a3:fa:f8:
         3b:dd:50:e3:a1:d8:0e:44:90:ff:0a:fb:9c:76:88:8c:a3:2e:
         18:d7:0d:5f:18:e9:e4:e1:96:7e:11:e0:e5:da:04:2f:c1:4c:
         bd:05:bf:1b:5f:61:8b:84:6e:29:37:62:1b:f9:4c:9a:b6:9a:
         97:56:2d:1c:08:38:8a:e4:21:c3:40:07:9d:a2:d1:ee:03:7d:
         38:10:91:64:4e:b0:95:b2:d5:67:16:01:8e:29:36:2b:4f:5b:
         d1:8a:3c:4a:8d:b3:53:d4:fc:8b:e4:36:45:fa:25:c6:7f:83:
         c1:4f:f2:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumfieZRd2j3Kn9V+25KKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMGNlYjgxZWJjZTg1OWY1MDkyOGU4ZWQzZTFmMGE4NTEx
MTUyZGIwHhcNMjQwMTAyMTAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI0NDI4ODk4Y2ViNjA2N2EwMDE1MTI1NjhjNzRiODA4YzdmOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmux0Vy+xJDc9oxQe1HzNb1nYBLGs
a2EQNssTzRuLESpbdN1dzlzr3rZUrp8H+d7HBDTw+VCTFm0uSKElPCz29VQ2LA2B
SeHHeVF6Cvs1GzV79FH1ByqgOwyEfyLmyHV8ykMLESyeH1MtqaxeLBfAy76Ka+0S
qFPNF3FBBJQWZS5MSi4/RUjEJcQmh0XhTeVh4ffVV7J3woQnznv8q0+eiy8htxpC
OP8j6eRvPO18ocyUQuKh2i0l77BoXm5+zu0qkV7HCUrl2XKZTzBeLfG58skNHfed
sbvaachSfztYKhKGF9VSQcJfw2GuSn+yPw9Leo0Pbw26xFLY0aaoB6hhyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYkQoiYzrYGegAVElaMdLgIx/m0MB8GA1UdIwQY
MBaAFCwM64HrzoWfUJKOjtPh8KhREVLbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEF6cmdldk9oWjlRa282TzAtSHdxRkVSVXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8wNDk4MmMtNWZmYy00MmE4LTk4Nzkt
NmU4YjM0ZjE5NzZiLzEvTmlSQ2lKak90Z1o2QUJVU1ZveDB1QWpILWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8wNDk4MmMtNWZmYy00MmE4LTk4NzktNmU4YjM0ZjE5NzZi
LzEvTEF6cmdldk9oWjlRa282TzAtSHdxRkVSVXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwckhMA0G
CSqGSIb3DQEBCwUAA4IBAQCmfKcWJat0LGQRcSZigA9GOiZnEXIVewB70QE1vRj2
2UWF4QW8NtWtMXUqLi/7zBX2SK8psTopSW3rzMgCjI0mwFQGrHO2dek0Mcqq2umS
MsfpgMloljmvv+p6HdHcLQOoKROL5s4oLvbg8FYO7pUXk8KkJpdKq7MxPRTci2J8
ajXtjYWdloa6OrEeDQGj+vg73VDjodgORJD/CvucdoiMoy4Y1w1fGOnk4ZZ+EeDl
2gQvwUy9Bb8bX2GLhG4pN2Ib+UyatpqXVi0cCDiK5CHDQAedotHuA304EJFkTrCV
stVnFgGOKTYrT1vRijxKjbNT1PyL5DZF+iXGf4PBT/KL
-----END CERTIFICATE-----