Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/o9at-H8dNqitFTAUBoq5d7lp4JQ.roa
File:                     o9at-H8dNqitFTAUBoq5d7lp4JQ.roa (raw, json)
Hash identifier:          h1vdJsQogeaSl/nuPJTfeCksvT+c5xf9C3+afQLh7rU=
Subject key identifier:   A3:D6:AD:F8:7F:1D:36:A8:AD:15:30:14:06:8A:B9:77:B9:69:E0:94
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       018CC4937587AD64AAEF5164AC10CEB48DCB
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/o9at-H8dNqitFTAUBoq5d7lp4JQ.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39144
IP address blocks:        193.178.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:75:87:ad:64:aa:ef:51:64:ac:10:ce:b4:8d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3d6adf87f1d36a8ad153014068ab977b969e094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:12:2b:a5:e8:1d:5f:c1:1c:3e:80:48:93:
                    b8:be:2c:9e:de:38:71:ee:c6:40:2d:9c:16:46:e5:
                    a0:a2:c0:96:e9:48:df:ab:34:d9:29:ed:aa:fb:93:
                    6e:de:a8:c9:0c:68:55:d8:58:00:79:1c:47:39:7f:
                    e5:a9:d2:de:66:67:fb:22:c6:7b:0f:ae:58:bf:a0:
                    9a:cd:36:2a:d5:a8:14:d4:6d:45:a4:63:23:08:53:
                    99:2a:57:96:45:34:3d:f4:8d:5a:51:2d:a3:f8:dd:
                    3b:f5:80:de:57:00:1d:bb:52:ed:58:5f:8f:20:89:
                    81:e7:4d:fa:cd:f9:de:e1:ef:03:34:87:d9:0b:cc:
                    03:15:dd:d3:a3:16:2d:0b:95:a4:ce:32:c0:f7:53:
                    a2:9a:f9:03:38:2b:ea:36:80:fc:16:e4:e0:87:57:
                    23:77:46:99:a3:19:6a:89:38:5b:35:1c:2f:7d:e9:
                    fe:c3:26:e9:88:5f:09:77:a4:9a:b3:bc:58:32:27:
                    53:a3:1e:f3:e9:5d:ea:2d:c8:dc:f3:76:4b:ef:89:
                    fd:5c:d9:f5:61:94:f4:53:66:09:83:1d:05:27:2a:
                    f5:4d:68:c6:82:a7:5e:4b:77:2f:32:32:c0:73:f1:
                    84:e2:15:cb:bd:68:ea:fa:39:62:5c:d5:40:43:a4:
                    ba:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D6:AD:F8:7F:1D:36:A8:AD:15:30:14:06:8A:B9:77:B9:69:E0:94
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/o9at-H8dNqitFTAUBoq5d7lp4JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:46:b8:cc:91:f6:59:c5:dc:8b:d4:28:3a:62:12:80:26:a7:
         0a:43:f6:d1:f5:8f:fe:5d:a5:cd:89:c2:eb:c6:51:27:c4:cd:
         bd:dd:e9:19:5b:bd:1b:eb:cd:16:ff:21:b5:cd:ab:91:83:b3:
         01:80:2a:03:67:d0:aa:1f:c2:9c:4b:02:e4:16:5f:c5:a9:78:
         21:52:06:e4:d1:47:98:ab:62:1a:ae:91:8c:b8:f8:55:9d:44:
         ce:6c:ec:1c:2b:dd:97:db:86:bb:f0:c1:94:e4:44:2e:08:1f:
         ec:a0:de:1a:72:4f:67:6b:9c:f5:d3:43:64:7a:bc:57:04:33:
         e6:e4:fd:9d:70:32:4e:cf:03:bb:a3:20:24:01:13:8c:e0:04:
         d4:c9:38:93:f5:43:12:7f:5a:fe:e8:ae:ee:64:13:46:5d:bc:
         72:43:d2:4a:e0:9d:f0:ec:f8:d4:a0:73:72:ae:97:d7:c8:6c:
         e4:5b:b3:82:25:31:4c:de:a8:f2:07:dc:7b:0c:2b:fe:19:46:
         42:ba:bb:33:1a:b9:14:16:cd:93:ed:de:ba:78:e9:65:6a:54:
         12:a7:c8:ce:12:5f:6a:fe:be:ab:93:17:8c:cf:88:10:bf:07:
         46:04:27:22:46:ef:92:36:bf:99:ca:b9:e3:d4:6e:45:81:c6:
         45:d4:10:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3WHrWSq71FkrBDOtI3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q2YWRmODdmMWQzNmE4YWQxNTMwMTQwNjhhYjk3N2I5NjllMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkcSK6XoHV/BHD6ASJO4viye3jhx
7sZALZwWRuWgosCW6UjfqzTZKe2q+5Nu3qjJDGhV2FgAeRxHOX/lqdLeZmf7IsZ7
D65Yv6CazTYq1agU1G1FpGMjCFOZKleWRTQ99I1aUS2j+N079YDeVwAdu1LtWF+P
IImB5036zfne4e8DNIfZC8wDFd3ToxYtC5WkzjLA91OimvkDOCvqNoD8FuTgh1cj
d0aZoxlqiThbNRwvfen+wybpiF8Jd6Sas7xYMidTox7z6V3qLcjc83ZL74n9XNn1
YZT0U2YJgx0FJyr1TWjGgqdeS3cvMjLAc/GE4hXLvWjq+jliXNVAQ6S6RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPWrfh/HTaorRUwFAaKuXe5aeCUMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvbzlhdC1IOGROcWl0RlRBVUJvcTVkN2xwNEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbIhMA0G
CSqGSIb3DQEBCwUAA4IBAQATRrjMkfZZxdyL1Cg6YhKAJqcKQ/bR9Y/+XaXNicLr
xlEnxM293ekZW70b680W/yG1zauRg7MBgCoDZ9CqH8KcSwLkFl/FqXghUgbk0UeY
q2IarpGMuPhVnUTObOwcK92X24a78MGU5EQuCB/soN4ack9na5z100NkerxXBDPm
5P2dcDJOzwO7oyAkAROM4ATUyTiT9UMSf1r+6K7uZBNGXbxyQ9JK4J3w7PjUoHNy
rpfXyGzkW7OCJTFM3qjyB9x7DCv+GUZCurszGrkUFs2T7d66eOllalQSp8jOEl9q
/r6rkxeMz4gQvwdGBCciRu+SNr+Zyrnj1G5FgcZF1BB6
-----END CERTIFICATE-----