Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cBwzx2i840MHn8lcrjURxD5UcgQ.roa
File:                     cBwzx2i840MHn8lcrjURxD5UcgQ.roa (raw, json)
Hash identifier:          VgPPRC0vbRG9zy8qSLCdJuf8mLr9ZFq/IPEMPQiHbwo=
Subject key identifier:   70:1C:33:C7:68:BC:E3:43:07:9F:C9:5C:AE:35:11:C4:3E:54:72:04
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6FE1F8B6B9A27F429656135FA9F2
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cBwzx2i840MHn8lcrjURxD5UcgQ.roa
Signing time:             Tue 02 Jan 2024 10:33:38 +0000
ROA not before:           Tue 02 Jan 2024 10:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205847
IP address blocks:        193.41.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6f:e1:f8:b6:b9:a2:7f:42:96:56:13:5f:a9:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701c33c768bce343079fc95cae3511c43e547204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:79:18:2c:3d:fd:41:3c:d2:0c:c6:24:7d:bf:
                    a8:d0:2b:74:f2:46:39:d4:29:60:3f:97:68:86:27:
                    75:ad:2f:f3:a2:c2:6f:ac:10:00:77:c4:5e:30:1b:
                    71:ea:5b:ed:97:37:66:95:68:ca:05:45:f4:b2:f6:
                    e9:dd:c8:e9:70:a9:3e:ff:92:dc:b4:0f:e1:3c:e0:
                    44:25:bb:df:07:bd:ea:43:ad:58:51:b1:ad:61:94:
                    d0:bf:70:ba:62:cf:04:7d:a6:53:54:4b:62:6d:93:
                    a6:7a:66:67:87:95:8b:26:af:9c:13:e9:02:05:3f:
                    48:17:7a:eb:3e:ae:b0:71:1a:d8:a1:75:7e:e6:b7:
                    2a:3f:b6:15:da:33:d6:d7:8a:fa:b3:2a:0f:98:23:
                    a5:19:0a:db:d5:87:0d:24:59:99:a9:16:f9:93:ca:
                    3c:bc:5b:1a:1e:2a:ba:64:b8:50:b9:51:7a:14:c1:
                    b8:3b:c4:eb:a3:86:e9:34:60:08:16:6c:29:d6:84:
                    36:e0:79:ba:c5:2d:01:52:d1:e9:ca:84:d0:02:a5:
                    cc:62:8c:6b:ab:ff:b3:a1:16:87:d6:07:99:ae:54:
                    3f:d0:f6:89:1f:f9:87:5d:48:26:99:0a:12:ac:38:
                    17:3b:7a:1a:92:c7:44:f4:4b:be:66:cd:31:94:b7:
                    e8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1C:33:C7:68:BC:E3:43:07:9F:C9:5C:AE:35:11:C4:3E:54:72:04
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cBwzx2i840MHn8lcrjURxD5UcgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:30:57:8d:b9:be:ef:84:ed:80:65:81:7c:65:34:ed:30:a1:
         63:ab:c1:80:c9:08:a5:24:5f:a0:5f:21:22:f4:22:db:ca:33:
         f7:9b:a4:d7:19:df:29:19:f7:35:cd:cf:a8:8a:21:f6:4a:10:
         0f:76:93:25:d1:24:6e:b4:7b:5c:24:c4:8b:ee:12:83:ab:8c:
         59:4f:e8:74:bb:0f:28:30:9b:a2:49:85:67:a1:5e:11:b4:45:
         44:b6:94:25:cc:6d:be:80:6d:e8:7c:3a:0a:87:0f:32:31:29:
         2e:a5:4e:d5:93:79:ac:36:11:9e:2f:da:ac:d1:b1:9b:fc:25:
         8b:23:c9:fb:6b:34:f8:1f:c2:88:88:ec:95:82:8b:ff:20:72:
         4d:2f:6f:32:a3:4b:05:da:05:f2:28:75:84:0c:47:a7:7b:62:
         67:f8:42:54:6d:ed:9d:2a:79:ea:b5:31:d1:99:bb:06:86:0b:
         54:5f:af:8f:cf:2a:e2:16:c7:ce:c9:cd:87:1b:99:05:32:df:
         65:f6:42:a4:ee:8a:c1:65:0e:67:03:35:ae:69:f9:a9:6b:ab:
         64:ee:a3:ed:de:ce:f9:d6:28:ef:ff:0c:c3:eb:67:22:df:35:
         fb:db:f7:28:bb:33:9a:8c:93:e1:bb:30:05:ff:88:89:db:eb:
         36:51:8a:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvG/h+La5on9CllYTX6nyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFjMzNjNzY4YmNlMzQzMDc5ZmM5NWNhZTM1MTFjNDNlNTQ3MjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13kYLD39QTzSDMYkfb+o0Ct08kY5
1ClgP5dohid1rS/zosJvrBAAd8ReMBtx6lvtlzdmlWjKBUX0svbp3cjpcKk+/5Lc
tA/hPOBEJbvfB73qQ61YUbGtYZTQv3C6Ys8EfaZTVEtibZOmemZnh5WLJq+cE+kC
BT9IF3rrPq6wcRrYoXV+5rcqP7YV2jPW14r6syoPmCOlGQrb1YcNJFmZqRb5k8o8
vFsaHiq6ZLhQuVF6FMG4O8Tro4bpNGAIFmwp1oQ24Hm6xS0BUtHpyoTQAqXMYoxr
q/+zoRaH1geZrlQ/0PaJH/mHXUgmmQoSrDgXO3oaksdE9Eu+Zs0xlLfomQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAcM8dovONDB5/JXK41EcQ+VHIEMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvY0J3engyaTg0ME1IbjhsY3JqVVJ4RDVVY2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnYMA0G
CSqGSIb3DQEBCwUAA4IBAQBtMFeNub7vhO2AZYF8ZTTtMKFjq8GAyQilJF+gXyEi
9CLbyjP3m6TXGd8pGfc1zc+oiiH2ShAPdpMl0SRutHtcJMSL7hKDq4xZT+h0uw8o
MJuiSYVnoV4RtEVEtpQlzG2+gG3ofDoKhw8yMSkupU7Vk3msNhGeL9qs0bGb/CWL
I8n7azT4H8KIiOyVgov/IHJNL28yo0sF2gXyKHWEDEene2Jn+EJUbe2dKnnqtTHR
mbsGhgtUX6+PzyriFsfOyc2HG5kFMt9l9kKk7orBZQ5nAzWuafmpa6tk7qPt3s75
1ijv/wzD62ci3zX72/couzOajJPhuzAF/4iJ2+s2UYpb
-----END CERTIFICATE-----