Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/P_-kwzCE4fBoh51QhMqPxHoQgTg.roa
File:                     P_-kwzCE4fBoh51QhMqPxHoQgTg.roa (raw, json)
Hash identifier:          4kKYboqp3k/rQMHMyuoewXvYk9M7bk7vFJOm8xZOfjs=
Subject key identifier:   3F:FF:A4:C3:30:84:E1:F0:68:87:9D:50:84:CA:8F:C4:7A:10:81:38
Certificate issuer:       /CN=39732dcd0c35426144f9f026754179dfaebe8958
Certificate serial:       018CC8DF9F62DB6DDA08D84C8128FD46D163
Authority key identifier: 39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/P_-kwzCE4fBoh51QhMqPxHoQgTg.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41817
IP address blocks:        193.200.2.0/24 maxlen: 24
                          2a0f:97c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:62:db:6d:da:08:d8:4c:81:28:fd:46:d1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39732dcd0c35426144f9f026754179dfaebe8958
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fffa4c33084e1f068879d5084ca8fc47a108138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:12:68:2c:08:3c:6b:c0:83:fd:e9:25:2b:
                    e8:5d:6a:f7:60:00:ad:d7:b8:22:20:67:d7:d8:c3:
                    03:be:3c:c4:09:6d:8e:ba:33:a6:c1:c5:2d:da:6c:
                    3a:cb:ef:46:19:ba:b2:11:f0:82:bf:5a:48:5e:79:
                    4c:a0:0f:90:31:4b:20:fc:31:73:5e:20:67:ad:84:
                    af:84:5c:82:a0:96:d8:5f:d6:4e:3f:00:7c:00:a9:
                    2c:41:48:41:4c:c7:28:a7:11:cb:8f:70:18:53:3c:
                    b3:5a:9e:e1:3c:7d:58:fa:8d:19:36:ba:30:ad:98:
                    1d:c3:02:dc:af:37:3b:15:7e:1c:e3:75:49:36:0e:
                    33:bd:2d:a2:ec:cb:af:1c:3c:45:b6:38:b5:af:5b:
                    77:7b:e6:3e:0e:bf:7f:e4:6d:26:10:ea:6c:4b:2c:
                    29:b5:47:45:50:79:ec:13:8e:12:d2:01:08:9f:84:
                    f2:1f:b6:54:e5:13:e7:ec:ed:ac:27:fd:4b:47:b0:
                    73:a4:79:1e:25:af:1e:63:e5:ed:81:30:3f:78:d5:
                    93:9d:02:06:49:38:be:20:70:59:dc:40:a5:bf:92:
                    4d:82:9d:45:4e:87:e3:00:cc:2d:47:12:22:53:7b:
                    70:d3:a0:d5:7a:33:b4:35:8e:6a:ad:75:62:f1:c8:
                    9a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:FF:A4:C3:30:84:E1:F0:68:87:9D:50:84:CA:8F:C4:7A:10:81:38
            X509v3 Authority Key Identifier:
                keyid:39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/P_-kwzCE4fBoh51QhMqPxHoQgTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.2.0/24
                IPv6:
                  2a0f:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:fa:61:2c:02:19:09:87:57:eb:b4:f2:ab:de:bc:93:7c:e6:
         8b:b8:64:3f:11:32:cf:84:83:c6:1c:38:32:8f:60:ae:56:4c:
         46:86:eb:4e:e8:38:db:11:74:3b:7a:03:87:34:23:4e:12:d6:
         e2:44:a7:43:0d:a2:73:c8:0e:eb:72:7d:3a:ff:93:15:0c:29:
         55:4d:f2:35:9d:83:12:f6:18:81:ca:23:a6:ef:33:39:92:84:
         de:21:18:2b:ad:92:66:34:c8:fd:cd:24:9d:f6:46:e3:cf:46:
         cf:9b:cf:24:95:0f:a8:42:bf:74:a2:e7:ca:a8:91:e9:66:be:
         79:f5:2b:1d:9f:e3:69:98:69:46:92:3f:a3:7b:28:ef:14:02:
         a8:80:45:40:73:55:7e:8b:6a:5d:4e:a9:2d:cf:13:d2:19:93:
         64:8c:47:dd:91:e8:e9:8d:f0:b3:05:de:c2:0a:7e:bb:1f:e2:
         62:a2:ee:92:4b:8d:01:42:dd:8f:8e:0a:88:64:7d:7d:81:49:
         ba:c5:a5:78:13:3b:3f:23:17:7f:7a:d1:d8:97:d5:01:0d:99:
         60:fb:01:43:0a:21:92:14:5a:60:b8:cd:54:d2:d9:95:9b:b3:
         c8:6e:29:ab:6a:1e:ff:b3:cd:98:fd:06:88:9a:1b:c6:9f:2c:
         df:df:5b:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI359i223aCNhMgSj9RtFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzMyZGNkMGMzNTQyNjE0NGY5ZjAyNjc1NDE3OWRmYWVi
ZTg5NTgwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmZmYTRjMzMwODRlMWYwNjg4NzlkNTA4NGNhOGZjNDdhMTA4MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/ESaCwIPGvAg/3pJSvoXWr3YACt
17giIGfX2MMDvjzECW2OujOmwcUt2mw6y+9GGbqyEfCCv1pIXnlMoA+QMUsg/DFz
XiBnrYSvhFyCoJbYX9ZOPwB8AKksQUhBTMcopxHLj3AYUzyzWp7hPH1Y+o0ZNrow
rZgdwwLcrzc7FX4c43VJNg4zvS2i7MuvHDxFtji1r1t3e+Y+Dr9/5G0mEOpsSywp
tUdFUHnsE44S0gEIn4TyH7ZU5RPn7O2sJ/1LR7BzpHkeJa8eY+XtgTA/eNWTnQIG
STi+IHBZ3EClv5JNgp1FTofjAMwtRxIiU3tw06DVejO0NY5qrXVi8ciafwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD//pMMwhOHwaIedUITKj8R6EIE4MB8GA1UdIwQY
MBaAFDlzLc0MNUJhRPnwJnVBed+uvolYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODIt
ZjYwYWYyYTgyMDYwLzEvUF8ta3d6Q0U0ZkJvaDUxUWhNcVB4SG9RZ1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODItZjYwYWYyYTgyMDYw
LzEvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwcgCMA0E
AgACMAcDBQMqD5fAMA0GCSqGSIb3DQEBCwUAA4IBAQBd+mEsAhkJh1frtPKr3ryT
fOaLuGQ/ETLPhIPGHDgyj2CuVkxGhutO6DjbEXQ7egOHNCNOEtbiRKdDDaJzyA7r
cn06/5MVDClVTfI1nYMS9hiByiOm7zM5koTeIRgrrZJmNMj9zSSd9kbjz0bPm88k
lQ+oQr90oufKqJHpZr559Ssdn+NpmGlGkj+jeyjvFAKogEVAc1V+i2pdTqktzxPS
GZNkjEfdkejpjfCzBd7CCn67H+Jiou6SS40BQt2PjgqIZH19gUm6xaV4Ezs/Ixd/
etHYl9UBDZlg+wFDCiGSFFpguM1U0tmVm7PIbimrah7/s82Y/QaImhvGnyzf31vH
-----END CERTIFICATE-----