Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/dH4KGCzel1ha5oRK00ZHD6_b004.roa
File:                     dH4KGCzel1ha5oRK00ZHD6_b004.roa (raw, json)
Hash identifier:          pEVGxuLIW3MoSsI19dmysq77nBHRShIJlt29OyPaoHQ=
Subject key identifier:   74:7E:0A:18:2C:DE:97:58:5A:E6:84:4A:D3:46:47:0F:AF:DB:D3:4E
Certificate issuer:       /CN=2fcc934652842b7bd9a7cec002c77c1ca13f1064
Certificate serial:       018CC4245BC02067E9D6F5DA1DEE804A7AC8
Authority key identifier: 2F:CC:93:46:52:84:2B:7B:D9:A7:CE:C0:02:C7:7C:1C:A1:3F:10:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8yTRlKEK3vZp87AAsd8HKE_EGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/dH4KGCzel1ha5oRK00ZHD6_b004.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42301
IP address blocks:        193.200.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/L8yTRlKEK3vZp87AAsd8HKE_EGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/L8yTRlKEK3vZp87AAsd8HKE_EGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8yTRlKEK3vZp87AAsd8HKE_EGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:c0:20:67:e9:d6:f5:da:1d:ee:80:4a:7a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fcc934652842b7bd9a7cec002c77c1ca13f1064
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=747e0a182cde97585ae6844ad346470fafdbd34e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:03:d5:88:b7:08:aa:12:74:13:55:63:89:7a:
                    4c:83:4e:18:1d:bf:8d:d9:68:61:a2:6e:9d:61:15:
                    24:54:86:1e:12:25:52:a1:75:79:79:dd:33:5e:64:
                    4e:00:fe:91:7d:48:62:8a:dd:e2:f6:2f:2e:d3:7d:
                    7f:e2:64:c6:c5:86:08:51:11:19:10:f0:e3:1b:e1:
                    35:ad:8e:27:da:6c:11:56:22:c9:71:eb:eb:e2:40:
                    54:d7:cf:9e:90:6f:95:97:27:cc:c4:ce:ff:c3:68:
                    f8:8c:14:8b:46:43:3b:f4:9d:85:f8:4e:17:23:3a:
                    42:c0:aa:c3:44:c6:da:0d:ef:ff:15:f0:46:b2:d5:
                    f1:0f:a2:1d:01:83:45:67:c8:b9:96:93:d9:1f:cf:
                    5b:fe:ed:66:9a:16:58:6c:cb:7b:1f:e4:aa:3f:96:
                    08:58:af:6f:bd:4b:6f:de:06:8d:a5:d8:81:cb:fc:
                    6d:c9:9f:b2:ac:88:44:7e:05:fc:02:56:8e:ed:23:
                    dd:12:92:ea:80:60:9f:ee:56:fb:4e:a3:e1:e0:03:
                    4a:34:89:50:ea:8b:f7:35:16:53:0e:96:98:3d:55:
                    f9:be:90:17:24:bc:12:c7:c9:c0:a6:58:bc:b2:c9:
                    70:e5:24:10:7f:28:2c:97:c8:6f:57:52:c6:2e:5b:
                    11:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7E:0A:18:2C:DE:97:58:5A:E6:84:4A:D3:46:47:0F:AF:DB:D3:4E
            X509v3 Authority Key Identifier:
                keyid:2F:CC:93:46:52:84:2B:7B:D9:A7:CE:C0:02:C7:7C:1C:A1:3F:10:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8yTRlKEK3vZp87AAsd8HKE_EGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/dH4KGCzel1ha5oRK00ZHD6_b004.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bb70d3-632e-4eff-84ff-6dcf7c3849bc/1/L8yTRlKEK3vZp87AAsd8HKE_EGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:fb:46:25:bf:e4:97:40:30:d9:5b:ed:5a:bf:15:4c:3b:41:
         51:b3:59:00:52:ce:87:91:ac:a9:d8:0b:c7:f4:19:42:80:10:
         90:f5:36:83:ec:cf:e2:8a:51:19:ff:11:07:a7:34:98:f3:b0:
         34:f1:21:9c:ac:2f:bf:b5:85:2a:fb:f7:f3:cf:80:81:7c:f7:
         9e:8d:e3:e9:64:d6:9d:12:e1:29:6c:72:0b:09:8a:a2:ef:0d:
         2c:7a:60:2c:84:b1:dd:05:3f:61:75:2b:4a:1e:c4:dd:09:c8:
         14:57:27:34:15:62:a4:9f:66:92:39:02:5e:14:cc:fa:cd:29:
         1c:1a:26:f2:0b:d5:45:77:e6:28:6d:91:c5:25:93:2e:7a:85:
         e1:f6:81:eb:a5:fc:1b:ed:ac:0b:89:8a:44:2d:d9:5b:05:5d:
         45:0a:af:1b:81:bb:0b:a9:fb:d8:8a:e6:95:7d:f5:e5:03:66:
         5a:10:7d:0c:e1:ea:3c:34:ee:1f:bb:e1:f3:ac:e5:42:8a:fc:
         2d:cb:a2:8f:6f:33:78:2e:1f:db:b2:5a:d1:97:94:80:32:d9:
         c3:1b:37:93:a9:46:d9:82:9b:f3:f6:87:4c:cc:a8:27:67:80:
         53:d0:e0:bd:a8:50:de:63:7e:46:d2:4b:be:99:92:f7:f5:8a:
         8f:28:f3:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFvAIGfp1vXaHe6ASnrIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2M5MzQ2NTI4NDJiN2JkOWE3Y2VjMDAyYzc3YzFjYTEz
ZjEwNjQwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdlMGExODJjZGU5NzU4NWFlNjg0NGFkMzQ2NDcwZmFmZGJkMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQPViLcIqhJ0E1VjiXpMg04YHb+N
2Whhom6dYRUkVIYeEiVSoXV5ed0zXmROAP6RfUhiit3i9i8u031/4mTGxYYIUREZ
EPDjG+E1rY4n2mwRViLJcevr4kBU18+ekG+VlyfMxM7/w2j4jBSLRkM79J2F+E4X
IzpCwKrDRMbaDe//FfBGstXxD6IdAYNFZ8i5lpPZH89b/u1mmhZYbMt7H+SqP5YI
WK9vvUtv3gaNpdiBy/xtyZ+yrIhEfgX8AlaO7SPdEpLqgGCf7lb7TqPh4ANKNIlQ
6ov3NRZTDpaYPVX5vpAXJLwSx8nApli8sslw5SQQfygsl8hvV1LGLlsRgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR+Chgs3pdYWuaEStNGRw+v29NOMB8GA1UdIwQY
MBaAFC/Mk0ZShCt72afOwALHfByhPxBkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDh5VFJsS0VLM3ZacDg3QUFzZDhIS0VfRUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9iYjcwZDMtNjMyZS00ZWZmLTg0ZmYt
NmRjZjdjMzg0OWJjLzEvZEg0S0dDemVsMWhhNW9SSzAwWkhENl9iMDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9iYjcwZDMtNjMyZS00ZWZmLTg0ZmYtNmRjZjdjMzg0OWJj
LzEvTDh5VFJsS0VLM3ZacDg3QUFzZDhIS0VfRUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjvMA0G
CSqGSIb3DQEBCwUAA4IBAQBw+0Ylv+SXQDDZW+1avxVMO0FRs1kAUs6Hkayp2AvH
9BlCgBCQ9TaD7M/iilEZ/xEHpzSY87A08SGcrC+/tYUq+/fzz4CBfPeejePpZNad
EuEpbHILCYqi7w0semAshLHdBT9hdStKHsTdCcgUVyc0FWKkn2aSOQJeFMz6zSkc
GibyC9VFd+YobZHFJZMueoXh9oHrpfwb7awLiYpELdlbBV1FCq8bgbsLqfvYiuaV
ffXlA2ZaEH0M4eo8NO4fu+HzrOVCivwty6KPbzN4Lh/bslrRl5SAMtnDGzeTqUbZ
gpvz9odMzKgnZ4BT0OC9qFDeY35G0ku+mZL39YqPKPOD
-----END CERTIFICATE-----