Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/w0maLiytibCuE006Ei_urYqziCw.roa
File:                     w0maLiytibCuE006Ei_urYqziCw.roa (raw, json)
Hash identifier:          1/15JI54wd3OZtFF+Rv+Npj8jebFpoagQ35e4Ghap+Y=
Subject key identifier:   C3:49:9A:2E:2C:AD:89:B0:AE:13:4D:3A:12:2F:EE:AD:8A:B3:88:2C
Certificate issuer:       /CN=5d2f21e5a4fbe015205f6cef88afae19cd06a612
Certificate serial:       018CC5DC1AB53132421EA76B3D0AD2564DA3
Authority key identifier: 5D:2F:21:E5:A4:FB:E0:15:20:5F:6C:EF:88:AF:AE:19:CD:06:A6:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XS8h5aT74BUgX2zviK-uGc0GphI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/w0maLiytibCuE006Ei_urYqziCw.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20810
IP address blocks:        193.29.228.0/24 maxlen: 24
                          194.113.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/XS8h5aT74BUgX2zviK-uGc0GphI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/XS8h5aT74BUgX2zviK-uGc0GphI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XS8h5aT74BUgX2zviK-uGc0GphI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1a:b5:31:32:42:1e:a7:6b:3d:0a:d2:56:4d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d2f21e5a4fbe015205f6cef88afae19cd06a612
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3499a2e2cad89b0ae134d3a122feead8ab3882c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0c:c9:cb:cf:1b:42:44:d5:e5:93:6c:9f:3e:
                    75:84:da:5d:bc:70:b8:64:81:57:6b:7b:81:a6:c0:
                    f9:91:29:dd:4b:2c:a6:89:eb:72:47:eb:8a:78:8a:
                    56:f1:bd:b0:7d:68:71:c5:42:a0:cf:1e:f5:31:b2:
                    c5:aa:a2:ab:dc:e8:0d:64:18:29:a6:b5:25:fd:4e:
                    6d:97:5b:61:2c:e6:9b:b4:35:3b:59:8f:ee:9f:8c:
                    1a:79:65:23:bf:e2:4f:37:96:9e:0c:c2:e6:49:f9:
                    ae:4e:1e:85:2e:3d:78:11:35:75:1f:64:a3:dd:10:
                    95:35:8c:46:ef:8c:67:f6:40:4d:2a:52:c1:bc:aa:
                    23:93:a2:83:f8:1b:bd:c0:b4:7a:63:9c:bc:ab:0a:
                    78:34:44:20:53:bb:05:98:09:1f:14:77:94:42:83:
                    b6:d7:33:f8:80:b2:6b:b0:27:7d:65:15:d1:4e:93:
                    0b:b7:75:07:4d:8a:39:59:f9:77:37:3b:a3:3b:24:
                    36:5f:c3:36:36:d2:1e:9d:39:d4:a3:29:c2:13:0a:
                    0c:50:8f:67:66:57:95:88:80:c6:ef:c2:e3:6c:9d:
                    d9:fe:00:ab:2b:8d:64:bf:d8:35:44:5a:6a:b7:c5:
                    47:c3:6a:a2:64:aa:95:c4:dd:c4:2c:10:b1:83:5a:
                    fe:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:49:9A:2E:2C:AD:89:B0:AE:13:4D:3A:12:2F:EE:AD:8A:B3:88:2C
            X509v3 Authority Key Identifier:
                keyid:5D:2F:21:E5:A4:FB:E0:15:20:5F:6C:EF:88:AF:AE:19:CD:06:A6:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XS8h5aT74BUgX2zviK-uGc0GphI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/w0maLiytibCuE006Ei_urYqziCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/49e36c-74b6-4547-88ab-214a76210fd6/1/XS8h5aT74BUgX2zviK-uGc0GphI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.228.0/24
                  194.113.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:75:90:07:61:03:34:c6:9e:a2:ab:53:de:8d:1f:eb:a3:26:
         45:38:18:aa:1a:12:d1:37:aa:74:c3:bb:33:04:df:bb:61:58:
         bc:fe:f6:0b:2b:21:cb:a6:42:d4:8e:6f:59:41:29:de:47:a6:
         6a:c8:6d:5b:71:af:f3:80:fe:26:ed:be:c3:85:ef:3d:9a:40:
         09:3c:fb:e8:81:28:2f:98:5f:6f:39:d5:cc:7c:f7:0f:95:eb:
         09:59:9c:44:0c:b5:bd:61:46:48:da:39:91:49:32:71:ea:66:
         cd:f1:1c:b3:de:14:81:4f:fb:b9:5a:84:34:a2:16:2e:f9:01:
         67:8c:13:1b:d1:05:aa:94:e5:fe:0a:c9:3b:be:61:b8:68:43:
         c7:03:9d:a2:8d:95:67:6f:96:17:4e:23:84:bd:6f:1b:2b:ca:
         c2:0e:7b:3f:26:e1:30:58:58:4b:ab:72:67:56:bc:58:c5:0f:
         2e:32:6e:c7:fc:0c:86:13:1b:86:f9:19:f5:02:ca:ac:c2:32:
         38:de:33:f4:c6:4c:22:06:62:0d:25:42:73:a7:52:c7:82:17:
         6b:30:2a:46:78:61:79:80:1b:e2:ed:a2:45:48:29:37:43:45:
         a1:72:c5:6c:cb:f7:3b:d2:8d:e1:b8:6c:dc:05:e3:a9:df:d5:
         e5:f1:b7:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Bq1MTJCHqdrPQrSVk2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMmYyMWU1YTRmYmUwMTUyMDVmNmNlZjg4YWZhZTE5Y2Qw
NmE2MTIwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzQ5OWEyZTJjYWQ4OWIwYWUxMzRkM2ExMjJmZWVhZDhhYjM4ODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAzJy88bQkTV5ZNsnz51hNpdvHC4
ZIFXa3uBpsD5kSndSyymietyR+uKeIpW8b2wfWhxxUKgzx71MbLFqqKr3OgNZBgp
prUl/U5tl1thLOabtDU7WY/un4waeWUjv+JPN5aeDMLmSfmuTh6FLj14ETV1H2Sj
3RCVNYxG74xn9kBNKlLBvKojk6KD+Bu9wLR6Y5y8qwp4NEQgU7sFmAkfFHeUQoO2
1zP4gLJrsCd9ZRXRTpMLt3UHTYo5Wfl3NzujOyQ2X8M2NtIenTnUoynCEwoMUI9n
ZleViIDG78LjbJ3Z/gCrK41kv9g1RFpqt8VHw2qiZKqVxN3ELBCxg1r+CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMNJmi4srYmwrhNNOhIv7q2Ks4gsMB8GA1UdIwQY
MBaAFF0vIeWk++AVIF9s74ivrhnNBqYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFM4aDVhVDc0QlVnWDJ6dmlLLXVHYzBHcGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi80OWUzNmMtNzRiNi00NTQ3LTg4YWIt
MjE0YTc2MjEwZmQ2LzEvdzBtYUxpeXRpYkN1RTAwNkVpX3VyWXF6aUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi80OWUzNmMtNzRiNi00NTQ3LTg4YWItMjE0YTc2MjEwZmQ2
LzEvWFM4aDVhVDc0QlVnWDJ6dmlLLXVHYzBHcGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR3kAwQA
wnFzMA0GCSqGSIb3DQEBCwUAA4IBAQBndZAHYQM0xp6iq1PejR/royZFOBiqGhLR
N6p0w7szBN+7YVi8/vYLKyHLpkLUjm9ZQSneR6ZqyG1bca/zgP4m7b7Dhe89mkAJ
PPvogSgvmF9vOdXMfPcPlesJWZxEDLW9YUZI2jmRSTJx6mbN8Ryz3hSBT/u5WoQ0
ohYu+QFnjBMb0QWqlOX+Csk7vmG4aEPHA52ijZVnb5YXTiOEvW8bK8rCDns/JuEw
WFhLq3JnVrxYxQ8uMm7H/AyGExuG+Rn1AsqswjI43jP0xkwiBmINJUJzp1LHghdr
MCpGeGF5gBvi7aJFSCk3Q0WhcsVsy/c70o3huGzcBeOp39Xl8bf7
-----END CERTIFICATE-----