Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/gH3el4hhzwfJm3GZyIB_YYZS7WU.roa
File:                     gH3el4hhzwfJm3GZyIB_YYZS7WU.roa (raw, json)
Hash identifier:          UjId64fFfNjoY8A9qUAk3UGVwvEtwNTz/+nPxCuS9yk=
Subject key identifier:   80:7D:DE:97:88:61:CF:07:C9:9B:71:99:C8:80:7F:61:86:52:ED:65
Certificate issuer:       /CN=40d5591a75bd693e9d3b766834bf074f7b1eee3a
Certificate serial:       018CC3B68D6D147A203DE8FAB7140A6F47EB
Authority key identifier: 40:D5:59:1A:75:BD:69:3E:9D:3B:76:68:34:BF:07:4F:7B:1E:EE:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVZGnW9aT6dO3ZoNL8HT3se7jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/gH3el4hhzwfJm3GZyIB_YYZS7WU.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13195
IP address blocks:        193.201.107.0/24 maxlen: 24
                          2001:678:c28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/QNVZGnW9aT6dO3ZoNL8HT3se7jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/QNVZGnW9aT6dO3ZoNL8HT3se7jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVZGnW9aT6dO3ZoNL8HT3se7jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8d:6d:14:7a:20:3d:e8:fa:b7:14:0a:6f:47:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d5591a75bd693e9d3b766834bf074f7b1eee3a
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=807dde978861cf07c99b7199c8807f618652ed65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8b:1d:70:23:7b:e9:ca:dc:c3:48:8a:cc:62:
                    51:77:b0:1c:ef:43:7e:06:14:5c:45:b0:5c:20:5a:
                    43:48:14:26:6a:dd:7b:0a:8f:bc:b7:42:9c:e0:7c:
                    4b:58:52:2f:a6:7e:b7:d1:5d:52:3d:55:a1:4c:69:
                    a4:b1:d6:da:1e:bc:56:10:1f:ea:44:eb:61:b1:f2:
                    12:40:5d:8d:4e:85:ed:8f:68:fd:62:96:dc:0f:c9:
                    81:70:e5:7c:df:9c:60:06:17:41:8a:3d:09:ac:da:
                    b9:90:bf:9a:e5:4c:65:fb:3a:6b:91:85:c0:a2:7b:
                    16:57:67:14:a5:65:79:56:71:55:50:29:0c:f0:36:
                    43:11:f0:4c:dd:3c:e5:52:c2:f3:bf:df:c9:fe:56:
                    0d:0d:3e:44:54:e3:22:87:f4:2b:42:1a:be:f5:99:
                    16:3d:42:21:bf:49:87:23:c3:5b:3a:e1:4c:c9:54:
                    41:6b:f5:a2:dd:ed:c7:8b:fa:ad:4f:60:75:d5:4a:
                    b2:84:e1:05:83:c6:20:0e:59:bd:c1:33:01:8b:c4:
                    0d:8d:5a:ee:fa:f7:54:e8:5d:7c:af:5b:b6:28:07:
                    e0:1a:98:d9:f6:df:d8:43:31:bf:35:9e:18:9b:13:
                    ab:b5:00:28:43:3b:ec:f4:cc:40:0c:22:97:fe:fa:
                    36:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7D:DE:97:88:61:CF:07:C9:9B:71:99:C8:80:7F:61:86:52:ED:65
            X509v3 Authority Key Identifier:
                keyid:40:D5:59:1A:75:BD:69:3E:9D:3B:76:68:34:BF:07:4F:7B:1E:EE:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVZGnW9aT6dO3ZoNL8HT3se7jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/gH3el4hhzwfJm3GZyIB_YYZS7WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9c9f28-4f41-472d-a63e-a10a3a4963fb/1/QNVZGnW9aT6dO3ZoNL8HT3se7jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.107.0/24
                IPv6:
                  2001:678:c28::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:c0:96:6c:6d:fb:05:40:d5:ef:42:00:65:ba:6e:81:ba:36:
         50:e7:32:3a:a4:6c:8b:ad:8b:be:f8:da:5b:78:83:cc:af:6a:
         a9:26:e5:74:1a:f8:3d:d3:fe:a8:d1:41:d9:5f:53:89:22:3f:
         10:a6:b3:b0:96:41:41:ea:37:60:bd:c7:c3:98:bb:04:5b:0b:
         c0:bb:28:c7:67:90:56:3b:32:29:f8:45:83:cb:48:4e:1d:43:
         a1:44:ee:90:7b:0d:c2:c0:30:9d:82:bf:75:80:ff:5b:af:2f:
         cd:7d:e8:0b:2b:a7:47:5b:f0:b8:c9:a6:3a:68:37:01:42:85:
         4c:01:35:4d:aa:8a:27:ff:15:f1:4b:49:17:40:5a:84:f8:d1:
         61:b5:85:f0:45:e8:c6:fb:89:f7:07:4d:b6:0b:ed:34:e5:eb:
         3a:cb:72:5b:67:af:76:2e:fe:8f:a9:a0:bb:ee:7d:02:aa:cc:
         50:c7:61:da:cf:7e:67:95:89:49:04:b1:49:d7:4a:a4:e2:a2:
         e8:47:8b:7d:76:90:b5:37:28:5d:a3:18:1f:31:42:ee:ef:64:
         e9:09:05:16:5f:79:68:69:4c:cf:fe:92:6c:8d:a7:37:73:42:
         c8:f2:7e:14:94:cd:96:ef:b8:6f:3c:11:60:a0:51:e7:9c:ef:
         a0:1b:51:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDto1tFHogPej6txQKb0frMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1OTFhNzViZDY5M2U5ZDNiNzY2ODM0YmYwNzRmN2Ix
ZWVlM2EwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdkZGU5Nzg4NjFjZjA3Yzk5YjcxOTljODgwN2Y2MTg2NTJlZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiosdcCN76crcw0iKzGJRd7Ac70N+
BhRcRbBcIFpDSBQmat17Co+8t0Kc4HxLWFIvpn630V1SPVWhTGmksdbaHrxWEB/q
ROthsfISQF2NToXtj2j9YpbcD8mBcOV835xgBhdBij0JrNq5kL+a5Uxl+zprkYXA
onsWV2cUpWV5VnFVUCkM8DZDEfBM3TzlUsLzv9/J/lYNDT5EVOMih/QrQhq+9ZkW
PUIhv0mHI8NbOuFMyVRBa/Wi3e3Hi/qtT2B11UqyhOEFg8YgDlm9wTMBi8QNjVru
+vdU6F18r1u2KAfgGpjZ9t/YQzG/NZ4YmxOrtQAoQzvs9MxADCKX/vo2qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIB93peIYc8HyZtxmciAf2GGUu1lMB8GA1UdIwQY
MBaAFEDVWRp1vWk+nTt2aDS/B097Hu46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WWkduVzlhVDZkTzNab05MOEhUM3NlN2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85YzlmMjgtNGY0MS00NzJkLWE2M2Ut
YTEwYTNhNDk2M2ZiLzEvZ0gzZWw0aGh6d2ZKbTNHWnlJQl9ZWVpTN1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85YzlmMjgtNGY0MS00NzJkLWE2M2UtYTEwYTNhNDk2M2Zi
LzEvUU5WWkduVzlhVDZkTzNab05MOEhUM3NlN2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwclrMA8E
AgACMAkDBwAgAQZ4DCgwDQYJKoZIhvcNAQELBQADggEBAHvAlmxt+wVA1e9CAGW6
boG6NlDnMjqkbIuti7742lt4g8yvaqkm5XQa+D3T/qjRQdlfU4kiPxCms7CWQUHq
N2C9x8OYuwRbC8C7KMdnkFY7Min4RYPLSE4dQ6FE7pB7DcLAMJ2Cv3WA/1uvL819
6Asrp0db8LjJpjpoNwFChUwBNU2qiif/FfFLSRdAWoT40WG1hfBF6Mb7ifcHTbYL
7TTl6zrLcltnr3Yu/o+poLvufQKqzFDHYdrPfmeViUkEsUnXSqTiouhHi312kLU3
KF2jGB8xQu7vZOkJBRZfeWhpTM/+kmyNpzdzQsjyfhSUzZbvuG88EWCgUeec76Ab
UU8=
-----END CERTIFICATE-----