Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/9TNeA-M30sGItgtZGpB5lxQMkEg.roa
File:                     9TNeA-M30sGItgtZGpB5lxQMkEg.roa (raw, json)
Hash identifier:          giKCCGwKVw4SKpaRfbykEe36hHaaotoWCNuEty4ylNM=
Subject key identifier:   F5:33:5E:03:E3:37:D2:C1:88:B6:0B:59:1A:90:79:97:14:0C:90:48
Certificate issuer:       /CN=a93616365693fb6502cb4d687bb66747b1a2fd74
Certificate serial:       018CC9BC4CC6BE35770DF280829F10D3F8CF
Authority key identifier: A9:36:16:36:56:93:FB:65:02:CB:4D:68:7B:B6:67:47:B1:A2:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/9TNeA-M30sGItgtZGpB5lxQMkEg.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        193.192.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 07:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4c:c6:be:35:77:0d:f2:80:82:9f:10:d3:f8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a93616365693fb6502cb4d687bb66747b1a2fd74
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5335e03e337d2c188b60b591a907997140c9048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:33:ee:95:d3:44:5e:51:fd:3f:1e:ad:f3:cf:
                    a2:54:b2:03:7b:a1:46:5e:af:6e:ec:b9:bb:76:69:
                    d4:27:40:02:d2:86:14:3b:36:4d:91:8b:7a:cc:a9:
                    29:8d:0c:42:56:c3:1a:99:cb:8c:7f:21:f5:54:cd:
                    a5:11:49:78:40:4b:f1:34:a0:4d:2b:81:e4:f1:ab:
                    45:92:dd:a4:3e:5a:5d:2b:a0:3e:98:f2:e0:b8:2c:
                    4f:42:17:17:b5:48:0f:32:1a:d0:a0:a7:a9:95:67:
                    d2:5e:07:79:c1:87:30:5c:32:4e:d7:b3:56:21:50:
                    5d:df:65:d8:f2:38:0b:7a:38:83:8b:7b:5b:e7:5f:
                    51:05:28:22:cb:06:c3:66:75:de:8f:5b:b6:97:e8:
                    10:3a:04:04:ed:f4:79:e2:99:34:b8:a2:92:16:b4:
                    34:d8:f8:42:6d:13:f3:1b:cf:a9:35:70:29:09:08:
                    f2:d0:16:fa:62:d3:5d:33:50:de:ea:f5:5b:10:9e:
                    a0:7c:79:f6:f9:0e:c7:75:e7:a9:f8:d3:e9:4f:b9:
                    e9:4e:24:ea:fd:28:c6:ff:1f:49:94:9f:c7:de:b9:
                    8e:28:e2:ab:a5:2a:47:4a:6f:f5:90:d5:0f:ba:0c:
                    1b:29:23:cd:9b:69:c6:f0:85:5e:43:db:12:bb:c2:
                    4d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:33:5E:03:E3:37:D2:C1:88:B6:0B:59:1A:90:79:97:14:0C:90:48
            X509v3 Authority Key Identifier:
                keyid:A9:36:16:36:56:93:FB:65:02:CB:4D:68:7B:B6:67:47:B1:A2:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/9TNeA-M30sGItgtZGpB5lxQMkEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ceb187-7486-404c-a1dc-09129872e143/1/qTYWNlaT-2UCy01oe7ZnR7Gi_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:c7:33:bc:b0:f3:0d:1a:3c:9d:fe:68:18:3e:eb:78:0d:2a:
         e0:ee:ae:e6:6a:47:57:87:f1:8d:bc:22:71:c8:56:88:9d:34:
         e5:26:ac:5f:27:2a:9d:d5:c3:7a:62:47:7a:b0:31:bf:20:ed:
         d6:df:1e:97:a2:3b:96:9f:b9:14:09:e9:2a:64:ae:8b:74:cb:
         ed:d5:93:a3:db:8e:f2:f2:98:ec:53:f6:80:00:84:92:3d:f6:
         eb:d9:f3:76:2b:0c:65:45:9a:b5:2c:82:07:ee:34:86:e5:ab:
         a9:b5:a7:f7:1c:45:73:d4:58:e3:1b:b4:82:0a:c6:04:9f:2f:
         b5:ea:e1:6a:b1:ec:57:dd:6f:d9:18:7b:ad:37:6b:80:fa:86:
         17:56:77:17:21:80:ed:49:d3:1e:e1:7e:f9:71:29:51:c4:8c:
         df:e4:60:67:76:9d:63:13:1a:9d:94:e3:c4:cf:ba:26:85:e0:
         dc:b9:30:59:69:a4:67:1b:56:c1:28:bd:52:13:50:bf:9d:5e:
         9a:a2:a2:49:c9:0f:bb:1a:7a:fa:73:5f:f9:62:f7:9d:9f:e1:
         18:4d:48:5f:c0:3f:49:5e:86:db:b1:56:a6:89:1f:2e:7b:ee:
         36:c6:d8:08:2f:ed:4f:96:3f:12:6a:90:95:f8:0b:52:3f:91:
         50:23:8a:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvEzGvjV3DfKAgp8Q0/jPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzYxNjM2NTY5M2ZiNjUwMmNiNGQ2ODdiYjY2NzQ3YjFh
MmZkNzQwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTMzNWUwM2UzMzdkMmMxODhiNjBiNTkxYTkwNzk5NzE0MGM5MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDPuldNEXlH9Px6t88+iVLIDe6FG
Xq9u7Lm7dmnUJ0AC0oYUOzZNkYt6zKkpjQxCVsMamcuMfyH1VM2lEUl4QEvxNKBN
K4Hk8atFkt2kPlpdK6A+mPLguCxPQhcXtUgPMhrQoKeplWfSXgd5wYcwXDJO17NW
IVBd32XY8jgLejiDi3tb519RBSgiywbDZnXej1u2l+gQOgQE7fR54pk0uKKSFrQ0
2PhCbRPzG8+pNXApCQjy0Bb6YtNdM1De6vVbEJ6gfHn2+Q7Hdeep+NPpT7npTiTq
/SjG/x9JlJ/H3rmOKOKrpSpHSm/1kNUPugwbKSPNm2nG8IVeQ9sSu8JNXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUzXgPjN9LBiLYLWRqQeZcUDJBIMB8GA1UdIwQY
MBaAFKk2FjZWk/tlAstNaHu2Z0exov10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRZV05sYVQtMlVDeTAxb2U3Wm5SN0dpX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZWIxODctNzQ4Ni00MDRjLWExZGMt
MDkxMjk4NzJlMTQzLzEvOVROZUEtTTMwc0dJdGd0WkdwQjVseFFNa0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZWIxODctNzQ4Ni00MDRjLWExZGMtMDkxMjk4NzJlMTQz
LzEvcVRZV05sYVQtMlVDeTAxb2U3Wm5SN0dpX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcAgMA0G
CSqGSIb3DQEBCwUAA4IBAQBfxzO8sPMNGjyd/mgYPut4DSrg7q7makdXh/GNvCJx
yFaInTTlJqxfJyqd1cN6Ykd6sDG/IO3W3x6XojuWn7kUCekqZK6LdMvt1ZOj247y
8pjsU/aAAISSPfbr2fN2KwxlRZq1LIIH7jSG5auptaf3HEVz1FjjG7SCCsYEny+1
6uFqsexX3W/ZGHutN2uA+oYXVncXIYDtSdMe4X75cSlRxIzf5GBndp1jExqdlOPE
z7omheDcuTBZaaRnG1bBKL1SE1C/nV6aoqJJyQ+7Gnr6c1/5Yvedn+EYTUhfwD9J
XobbsVamiR8ue+42xtgIL+1Plj8SapCV+AtSP5FQI4r0
-----END CERTIFICATE-----