Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/bb_507pPaCwSO8NxAzy2glz-StQ.roa
File:                     bb_507pPaCwSO8NxAzy2glz-StQ.roa (raw, json)
Hash identifier:          4OABCrTqqW/8hx0C4T5gDnIKIr2a+mjKWGgAgzb231U=
Subject key identifier:   6D:BF:F9:D3:BA:4F:68:2C:12:3B:C3:71:03:3C:B6:82:5C:FE:4A:D4
Certificate issuer:       /CN=9535462ebb2029a83d3eeab462ff052ecfa0e1c3
Certificate serial:       018CC6B7F39C26D4E8BA7F93EEC322CF3970
Authority key identifier: 95:35:46:2E:BB:20:29:A8:3D:3E:EA:B4:62:FF:05:2E:CF:A0:E1:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/bb_507pPaCwSO8NxAzy2glz-StQ.roa
Signing time:             Mon 01 Jan 2024 20:29:53 +0000
ROA not before:           Mon 01 Jan 2024 20:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        193.43.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:f3:9c:26:d4:e8:ba:7f:93:ee:c3:22:cf:39:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9535462ebb2029a83d3eeab462ff052ecfa0e1c3
        Validity
            Not Before: Jan  1 20:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dbff9d3ba4f682c123bc371033cb6825cfe4ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f6:bf:d2:e3:2d:a2:46:72:fb:8e:bb:3d:a3:
                    04:db:c9:25:63:eb:0b:4d:ce:1d:f8:78:6b:79:b8:
                    80:7a:16:59:4f:14:61:96:6a:41:69:18:6b:21:cf:
                    cb:5f:a8:77:e3:02:e3:df:81:25:16:1e:1a:e1:65:
                    e9:f8:ea:5d:c1:50:64:94:38:4a:10:2f:87:ee:d5:
                    4c:86:e7:b0:ea:34:12:20:a0:c6:ae:e2:2b:cf:aa:
                    68:43:32:b4:c6:9d:80:07:27:53:bb:1c:be:7f:f1:
                    f0:d7:58:4e:a9:12:09:b4:c3:31:16:8e:46:73:c5:
                    55:71:59:ef:1a:fa:c8:fe:d5:fc:74:d6:68:05:3e:
                    46:13:b6:91:ae:c1:cc:ff:58:d7:1f:48:0c:dc:8c:
                    e0:b4:9d:1d:da:b3:9e:5f:9d:b2:6f:bd:72:d3:fa:
                    50:61:9d:e6:91:1e:e9:12:57:11:c7:9e:b3:6a:6c:
                    cf:b1:e3:b9:9d:f1:cf:7d:f3:c8:1d:ee:36:e9:b3:
                    47:68:97:bb:81:9e:6b:dd:19:9a:b3:a1:5c:f7:63:
                    b2:a8:05:b2:01:e5:69:f6:2c:22:d8:84:0f:1a:5a:
                    e7:55:9e:17:7f:e7:37:25:ae:51:45:b8:b3:1b:ed:
                    ae:84:a8:ae:e6:2d:f6:e4:24:43:30:0f:a7:87:26:
                    0d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BF:F9:D3:BA:4F:68:2C:12:3B:C3:71:03:3C:B6:82:5C:FE:4A:D4
            X509v3 Authority Key Identifier:
                keyid:95:35:46:2E:BB:20:29:A8:3D:3E:EA:B4:62:FF:05:2E:CF:A0:E1:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/bb_507pPaCwSO8NxAzy2glz-StQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:fb:4e:f4:df:34:55:75:76:26:2c:f6:c5:18:93:c6:e5:
         42:9a:e2:e9:ad:ff:f8:31:91:b1:ab:12:83:0a:75:41:f0:f1:
         62:22:d0:19:16:00:60:8d:be:4d:77:1a:ee:a5:b1:3d:0f:24:
         14:29:44:1e:eb:60:d7:67:81:20:cf:60:a0:19:63:8c:b2:ac:
         39:04:0a:c9:3f:94:0a:00:53:f5:cd:8a:bb:26:cc:6e:19:c7:
         59:b4:ab:f0:35:d9:ea:92:51:f2:10:a4:a2:65:88:e7:48:7c:
         08:1b:4a:83:7b:35:19:00:11:9a:a1:af:a1:c7:78:af:fb:d7:
         69:ff:f1:f3:02:2f:12:93:1a:3d:23:82:d1:64:3b:d5:c2:26:
         b5:9b:4b:43:2e:b3:66:61:22:82:32:fd:e6:10:45:19:99:ea:
         0d:94:38:cd:a0:ba:c1:33:8f:50:51:fd:96:b4:ec:38:b3:cc:
         30:2c:20:a6:ef:00:80:e9:2e:89:fc:ab:c7:e2:7c:3d:3d:2f:
         32:87:9a:36:9a:ac:56:99:e4:f6:a4:f4:8c:6d:25:87:46:6b:
         7a:d5:14:49:f2:92:64:a5:c4:f8:d4:68:e1:d8:e0:82:bd:cb:
         2a:00:33:74:92:cb:6b:7f:fb:97:9f:60:88:ab:b8:b1:ac:46:
         a4:30:6b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/OcJtToun+T7sMizzlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MzU0NjJlYmIyMDI5YTgzZDNlZWFiNDYyZmYwNTJlY2Zh
MGUxYzMwHhcNMjQwMTAxMjAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJmZjlkM2JhNGY2ODJjMTIzYmMzNzEwMzNjYjY4MjVjZmU0YWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPa/0uMtokZy+467PaME28klY+sL
Tc4d+HhrebiAehZZTxRhlmpBaRhrIc/LX6h34wLj34ElFh4a4WXp+OpdwVBklDhK
EC+H7tVMhuew6jQSIKDGruIrz6poQzK0xp2ABydTuxy+f/Hw11hOqRIJtMMxFo5G
c8VVcVnvGvrI/tX8dNZoBT5GE7aRrsHM/1jXH0gM3IzgtJ0d2rOeX52yb71y0/pQ
YZ3mkR7pElcRx56zamzPseO5nfHPffPIHe426bNHaJe7gZ5r3Rmas6Fc92OyqAWy
AeVp9iwi2IQPGlrnVZ4Xf+c3Ja5RRbizG+2uhKiu5i325CRDMA+nhyYNTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2/+dO6T2gsEjvDcQM8toJc/krUMB8GA1UdIwQY
MBaAFJU1Ri67ICmoPT7qtGL/BS7PoOHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFRWR0xyc2dLYWc5UHVxMFl2OEZMcy1nNGNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80ZjlmOWYtMzBhOC00MzcwLTk0ZTct
MzhhYmZhNGZhMzUwLzEvYmJfNTA3cFBhQ3dTTzhOeEF6eTJnbHotU3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80ZjlmOWYtMzBhOC00MzcwLTk0ZTctMzhhYmZhNGZhMzUw
LzEvbFRWR0xyc2dLYWc5UHVxMFl2OEZMcy1nNGNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwStlMA0G
CSqGSIb3DQEBCwUAA4IBAQA8oPtO9N80VXV2Jiz2xRiTxuVCmuLprf/4MZGxqxKD
CnVB8PFiItAZFgBgjb5NdxrupbE9DyQUKUQe62DXZ4Egz2CgGWOMsqw5BArJP5QK
AFP1zYq7JsxuGcdZtKvwNdnqklHyEKSiZYjnSHwIG0qDezUZABGaoa+hx3iv+9dp
//HzAi8Skxo9I4LRZDvVwia1m0tDLrNmYSKCMv3mEEUZmeoNlDjNoLrBM49QUf2W
tOw4s8wwLCCm7wCA6S6J/KvH4nw9PS8yh5o2mqxWmeT2pPSMbSWHRmt61RRJ8pJk
pcT41Gjh2OCCvcsqADN0kstrf/uXn2CIq7ixrEakMGsi
-----END CERTIFICATE-----