Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/W6J95Ol1lJbAnqs4X7yWNje2KhY.roa
File:                     W6J95Ol1lJbAnqs4X7yWNje2KhY.roa (raw, json)
Hash identifier:          LZwGPXWMi6s2TEKP9XIUIS3IZpwD20QCDPJES7+kri4=
Subject key identifier:   5B:A2:7D:E4:E9:75:94:96:C0:9E:AB:38:5F:BC:96:36:37:B6:2A:16
Certificate issuer:       /CN=928016db55e664ba721e19ae9ab4316c10d96708
Certificate serial:       018CC49376CE575557CF559F51CA2C25950D
Authority key identifier: 92:80:16:DB:55:E6:64:BA:72:1E:19:AE:9A:B4:31:6C:10:D9:67:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/koAW21XmZLpyHhmumrQxbBDZZwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/W6J95Ol1lJbAnqs4X7yWNje2KhY.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        193.43.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/koAW21XmZLpyHhmumrQxbBDZZwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/koAW21XmZLpyHhmumrQxbBDZZwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/koAW21XmZLpyHhmumrQxbBDZZwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:76:ce:57:55:57:cf:55:9f:51:ca:2c:25:95:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=928016db55e664ba721e19ae9ab4316c10d96708
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ba27de4e9759496c09eab385fbc963637b62a16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:13:7a:19:cf:1e:19:c2:4d:74:b0:65:0e:25:
                    87:a0:d9:63:3a:c2:58:04:25:1d:77:31:89:bd:ce:
                    0f:6d:0b:4d:87:f2:44:8d:86:aa:2e:73:05:0b:98:
                    8a:2b:b5:f6:60:69:6f:9a:d4:01:e2:9e:80:55:24:
                    88:65:95:cc:7f:a9:68:9b:4a:2b:44:68:17:af:3a:
                    a3:46:c5:9c:fe:c2:03:57:19:53:0d:e0:24:24:4a:
                    af:93:68:f2:1c:bf:73:f8:af:38:6c:59:7e:2a:7a:
                    06:eb:fa:f5:c3:5a:f3:39:fa:28:9d:ae:fe:7a:87:
                    20:14:f8:24:74:de:ed:49:b0:65:41:c1:7b:73:a8:
                    54:d4:b6:a9:d4:29:89:4a:c1:b1:be:56:b5:78:da:
                    8e:6f:30:e7:66:c3:45:9f:0a:c6:12:e3:ca:ec:35:
                    ad:7c:b4:28:91:c7:bf:22:e5:8f:b4:e1:e9:19:62:
                    99:df:29:13:a6:93:e8:6e:de:e2:39:5a:7a:d0:7b:
                    80:60:b3:71:e1:00:d2:40:f0:da:56:0a:58:43:cd:
                    6e:87:18:d0:f0:55:34:41:95:2b:bf:ca:f1:bf:b7:
                    39:b7:9d:a9:cd:c0:95:35:7f:a7:5e:34:1b:55:6a:
                    a2:27:4f:4e:51:ec:f7:ca:c6:5d:4e:d1:4c:19:d0:
                    4c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:A2:7D:E4:E9:75:94:96:C0:9E:AB:38:5F:BC:96:36:37:B6:2A:16
            X509v3 Authority Key Identifier:
                keyid:92:80:16:DB:55:E6:64:BA:72:1E:19:AE:9A:B4:31:6C:10:D9:67:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/koAW21XmZLpyHhmumrQxbBDZZwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/W6J95Ol1lJbAnqs4X7yWNje2KhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/721a1c-cf39-4448-883b-e89cdab82e1c/1/koAW21XmZLpyHhmumrQxbBDZZwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:27:f2:9a:87:c7:93:a2:90:c5:20:42:83:14:d8:a4:dc:54:
         3d:83:b4:1e:25:a5:94:d5:2f:bf:00:81:48:81:e7:1b:a3:fb:
         60:0f:35:f5:ce:09:70:9f:d8:4d:16:30:22:fa:20:29:cc:6e:
         95:ec:20:fa:eb:f4:6c:9f:f4:4a:92:0f:db:c2:70:6b:12:c9:
         7f:0f:55:10:95:4e:23:4b:f9:03:d4:ec:bb:f4:ba:be:85:7a:
         b0:b0:f9:86:2b:46:e6:cd:87:e1:f8:c3:9f:a5:24:25:94:c0:
         e0:ad:db:b0:58:67:8a:9a:05:c7:9f:5c:66:d8:76:22:2f:2c:
         16:67:e3:53:8f:0e:b6:0b:ed:bb:74:6c:41:43:22:36:8a:28:
         e0:1e:7f:94:80:75:e4:98:4e:dd:ea:27:6b:83:bd:7a:d5:9b:
         fb:e4:c8:1b:a8:e9:36:0c:60:a2:f8:b6:bc:37:18:3f:a4:8f:
         ac:31:73:63:81:37:8e:43:60:fe:28:e9:9d:71:cf:9a:cd:db:
         25:65:9c:d4:26:aa:8c:07:d1:ea:8c:2e:a2:19:6a:84:3c:a5:
         ef:27:3b:35:72:e8:bf:18:9c:ed:5d:8f:a1:a5:78:8f:a5:bc:
         5a:86:ad:36:7d:2f:98:3e:7b:cd:b5:86:e7:8b:15:d9:f5:35:
         32:31:0d:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3bOV1VXz1WfUcosJZUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyODAxNmRiNTVlNjY0YmE3MjFlMTlhZTlhYjQzMTZjMTBk
OTY3MDgwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmEyN2RlNGU5NzU5NDk2YzA5ZWFiMzg1ZmJjOTYzNjM3YjYyYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRN6Gc8eGcJNdLBlDiWHoNljOsJY
BCUddzGJvc4PbQtNh/JEjYaqLnMFC5iKK7X2YGlvmtQB4p6AVSSIZZXMf6lom0or
RGgXrzqjRsWc/sIDVxlTDeAkJEqvk2jyHL9z+K84bFl+KnoG6/r1w1rzOfoona7+
eocgFPgkdN7tSbBlQcF7c6hU1Lap1CmJSsGxvla1eNqObzDnZsNFnwrGEuPK7DWt
fLQokce/IuWPtOHpGWKZ3ykTppPobt7iOVp60HuAYLNx4QDSQPDaVgpYQ81uhxjQ
8FU0QZUrv8rxv7c5t52pzcCVNX+nXjQbVWqiJ09OUez3ysZdTtFMGdBMvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuifeTpdZSWwJ6rOF+8ljY3tioWMB8GA1UdIwQY
MBaAFJKAFttV5mS6ch4Zrpq0MWwQ2WcIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva29BVzIxWG1aTHB5SGhtdW1yUXhiQkRaWndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83MjFhMWMtY2YzOS00NDQ4LTg4M2It
ZTg5Y2RhYjgyZTFjLzEvVzZKOTVPbDFsSmJBbnFzNFg3eVdOamUyS2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83MjFhMWMtY2YzOS00NDQ4LTg4M2ItZTg5Y2RhYjgyZTFj
LzEva29BVzIxWG1aTHB5SGhtdW1yUXhiQkRaWndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSthMA0G
CSqGSIb3DQEBCwUAA4IBAQCTJ/Kah8eTopDFIEKDFNik3FQ9g7QeJaWU1S+/AIFI
gecbo/tgDzX1zglwn9hNFjAi+iApzG6V7CD66/Rsn/RKkg/bwnBrEsl/D1UQlU4j
S/kD1Oy79Lq+hXqwsPmGK0bmzYfh+MOfpSQllMDgrduwWGeKmgXHn1xm2HYiLywW
Z+NTjw62C+27dGxBQyI2iijgHn+UgHXkmE7d6idrg7161Zv75MgbqOk2DGCi+La8
Nxg/pI+sMXNjgTeOQ2D+KOmdcc+azdslZZzUJqqMB9HqjC6iGWqEPKXvJzs1cui/
GJztXY+hpXiPpbxahq02fS+YPnvNtYbnixXZ9TUyMQ26
-----END CERTIFICATE-----