Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/Ocn0SMk-B9MOIwrwTHrLBGlImxQ.roa
File:                     Ocn0SMk-B9MOIwrwTHrLBGlImxQ.roa (raw, json)
Hash identifier:          AJGW2Tp8XuU35OgF0kzQxTYTm9R4aWURh8wDmlONp94=
Subject key identifier:   39:C9:F4:48:C9:3E:07:D3:0E:23:0A:F0:4C:7A:CB:04:69:48:9B:14
Certificate issuer:       /CN=abc45b658b1ec0fdeb459e6ff2577db8ca6a9330
Certificate serial:       018CC34951462B2B61BB09A38253049B0157
Authority key identifier: AB:C4:5B:65:8B:1E:C0:FD:EB:45:9E:6F:F2:57:7D:B8:CA:6A:93:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/Ocn0SMk-B9MOIwrwTHrLBGlImxQ.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12303
IP address blocks:        193.41.47.0/24 maxlen: 24
                          2a0f:7ec0:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:51:46:2b:2b:61:bb:09:a3:82:53:04:9b:01:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc45b658b1ec0fdeb459e6ff2577db8ca6a9330
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c9f448c93e07d30e230af04c7acb0469489b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:20:22:ee:e8:5c:95:85:45:16:f2:42:78:73:
                    16:28:7f:16:96:26:10:8e:e7:4b:07:97:86:5a:4b:
                    78:5e:07:2b:76:e0:ff:fe:e1:fa:26:5a:ee:92:12:
                    9d:0b:b9:cd:05:92:33:3d:5f:a9:1f:12:b8:a7:02:
                    1e:db:9e:c8:14:b6:6f:ec:c4:0d:04:b1:8f:2a:3b:
                    2d:a2:1d:63:62:8c:b9:5e:64:a7:eb:c6:3e:1a:06:
                    62:19:00:d2:b7:4c:5d:84:25:0b:17:16:a5:8c:7d:
                    c0:65:49:59:e1:ed:ae:0f:dc:15:47:c0:63:12:80:
                    d8:4d:a3:3f:eb:00:d6:8c:f3:a0:51:93:95:2e:87:
                    5a:dd:8b:f0:1b:1c:92:3f:a4:68:88:f8:b0:1d:3b:
                    84:f4:7b:28:2f:24:2b:4d:32:22:6f:2e:ab:db:71:
                    79:03:6e:83:20:3e:b7:73:97:8b:f5:c8:57:0c:92:
                    b9:b9:09:e8:cd:3f:dd:ce:b3:f7:38:b7:a5:cb:95:
                    d3:d6:58:b5:0f:9c:14:3f:56:9b:85:f8:e5:19:e0:
                    7d:42:30:8d:70:4a:2e:0b:d7:63:9a:54:41:0c:14:
                    9e:81:1c:a1:d4:ab:b5:eb:4e:4b:54:ab:b3:04:82:
                    5d:fe:05:85:59:cb:ee:8a:1b:33:ef:73:26:6f:b9:
                    f4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C9:F4:48:C9:3E:07:D3:0E:23:0A:F0:4C:7A:CB:04:69:48:9B:14
            X509v3 Authority Key Identifier:
                keyid:AB:C4:5B:65:8B:1E:C0:FD:EB:45:9E:6F:F2:57:7D:B8:CA:6A:93:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/Ocn0SMk-B9MOIwrwTHrLBGlImxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.47.0/24
                IPv6:
                  2a0f:7ec0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:16:88:e3:3e:44:db:e3:98:66:c4:b3:69:13:19:26:2e:6c:
         23:4d:eb:20:6c:2c:d1:a4:09:da:3d:8a:38:d1:fa:88:27:5f:
         d6:71:bf:1a:66:30:a5:5c:71:d0:56:0f:e8:a0:97:07:bd:87:
         57:7c:ad:41:d0:9e:af:b8:10:5b:4e:01:12:66:e3:9f:da:80:
         63:de:41:cf:95:0f:10:a4:6a:22:8c:a8:14:76:b2:35:c8:10:
         27:8d:7f:b8:f9:bf:31:63:50:d2:d1:5a:0d:c6:3b:10:4d:df:
         37:6c:b5:3e:1d:03:d4:70:61:d1:57:ec:af:40:25:47:4b:70:
         24:44:6a:eb:50:74:00:68:30:de:d8:39:48:77:2a:66:d4:d2:
         c3:7b:fb:42:d3:57:d5:bf:c0:69:3b:82:77:ec:d5:42:09:9d:
         77:ba:59:26:1d:c0:ea:66:be:1e:17:c5:15:74:5c:45:5c:34:
         ea:a5:27:fb:76:c5:5d:64:55:31:be:a5:ad:4f:50:7d:9b:85:
         5e:93:3a:fc:ac:03:13:ef:9d:61:46:1f:89:ac:bd:4e:68:50:
         2d:60:fb:2d:a4:57:1b:0d:ff:e2:9d:6b:1d:dc:0e:66:4d:88:
         e5:a4:12:17:ac:e2:f1:f0:d8:88:89:bc:b6:de:29:7d:5d:85:
         f5:70:79:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSVFGKythuwmjglMEmwFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzQ1YjY1OGIxZWMwZmRlYjQ1OWU2ZmYyNTc3ZGI4Y2E2
YTkzMzAwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM5ZjQ0OGM5M2UwN2QzMGUyMzBhZjA0YzdhY2IwNDY5NDg5YjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiAi7uhclYVFFvJCeHMWKH8WliYQ
judLB5eGWkt4XgcrduD//uH6JlrukhKdC7nNBZIzPV+pHxK4pwIe257IFLZv7MQN
BLGPKjstoh1jYoy5XmSn68Y+GgZiGQDSt0xdhCULFxaljH3AZUlZ4e2uD9wVR8Bj
EoDYTaM/6wDWjPOgUZOVLoda3YvwGxySP6RoiPiwHTuE9HsoLyQrTTIiby6r23F5
A26DID63c5eL9chXDJK5uQnozT/dzrP3OLely5XT1li1D5wUP1abhfjlGeB9QjCN
cEouC9djmlRBDBSegRyh1Ku1605LVKuzBIJd/gWFWcvuihsz73Mmb7n0JwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDnJ9EjJPgfTDiMK8Ex6ywRpSJsUMB8GA1UdIwQY
MBaAFKvEW2WLHsD960Web/JXfbjKapMwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThSYlpZc2V3UDNyUlo1djhsZDl1TXBxa3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9jNWMxYjMtZTVjYS00YTgzLTgzOTAt
OTE3OTMzYjE1MDJlLzEvT2NuMFNNay1COU1PSXdyd1RIckxCR2xJbXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9jNWMxYjMtZTVjYS00YTgzLTgzOTAtOTE3OTMzYjE1MDJl
LzEvcThSYlpZc2V3UDNyUlo1djhsZDl1TXBxa3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSkvMA8E
AgACMAkDBwAqD37AAQAwDQYJKoZIhvcNAQELBQADggEBAA4WiOM+RNvjmGbEs2kT
GSYubCNN6yBsLNGkCdo9ijjR+ognX9ZxvxpmMKVccdBWD+iglwe9h1d8rUHQnq+4
EFtOARJm45/agGPeQc+VDxCkaiKMqBR2sjXIECeNf7j5vzFjUNLRWg3GOxBN3zds
tT4dA9RwYdFX7K9AJUdLcCREautQdABoMN7YOUh3KmbU0sN7+0LTV9W/wGk7gnfs
1UIJnXe6WSYdwOpmvh4XxRV0XEVcNOqlJ/t2xV1kVTG+pa1PUH2bhV6TOvysAxPv
nWFGH4msvU5oUC1g+y2kVxsN/+Kdax3cDmZNiOWkEhes4vHw2IiJvLbeKX1dhfVw
efQ=
-----END CERTIFICATE-----