Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/g94WQ0Tg5_urv___giFu9yWQbtE.roa
File:                     g94WQ0Tg5_urv___giFu9yWQbtE.roa (raw, json)
Hash identifier:          U/TY4qFwZ6aTlKcV6k33mnKnxNSX9tL5wlU5Q6nKliU=
Subject key identifier:   83:DE:16:43:44:E0:E7:FB:AB:BF:FF:FF:82:21:6E:F7:25:90:6E:D1
Certificate issuer:       /CN=5a1b1acf226f3c2ffc31c1eb2b6a5194b50b52f4
Certificate serial:       018CC5006DF26F7F0B40457E807E75B88A51
Authority key identifier: 5A:1B:1A:CF:22:6F:3C:2F:FC:31:C1:EB:2B:6A:51:94:B5:0B:52:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhsazyJvPC_8McHrK2pRlLULUvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/g94WQ0Tg5_urv___giFu9yWQbtE.roa
Signing time:             Mon 01 Jan 2024 12:29:48 +0000
ROA not before:           Mon 01 Jan 2024 12:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.239.22.0/23 maxlen: 23
                          193.239.20.0/22 maxlen: 22
                          193.239.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/WhsazyJvPC_8McHrK2pRlLULUvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/WhsazyJvPC_8McHrK2pRlLULUvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhsazyJvPC_8McHrK2pRlLULUvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6d:f2:6f:7f:0b:40:45:7e:80:7e:75:b8:8a:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a1b1acf226f3c2ffc31c1eb2b6a5194b50b52f4
        Validity
            Not Before: Jan  1 12:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83de164344e0e7fbabbfffff82216ef725906ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c4:90:69:7e:da:f8:86:ce:ed:ad:94:d2:4d:
                    4b:74:03:b9:96:a2:7f:eb:c7:07:c1:34:3e:25:13:
                    d9:6f:68:e6:95:ab:e3:9a:dd:a3:82:5e:1d:06:7f:
                    c3:9f:b0:79:46:00:47:23:52:f9:15:80:22:ab:dd:
                    b0:b7:92:73:ad:69:c0:a4:5f:c9:ef:f4:95:54:35:
                    b1:44:1f:0f:51:81:51:bf:39:e5:59:c8:4f:3d:b3:
                    94:6c:57:f1:99:20:5e:bd:2e:11:92:2e:1f:05:ac:
                    0b:94:22:10:6f:67:90:d5:6b:4b:bb:ef:42:49:6f:
                    4a:6c:57:26:d0:ad:b2:b1:48:03:20:fa:48:cd:dd:
                    38:b0:4a:83:2d:90:23:bc:22:e4:41:c0:0b:47:7a:
                    4a:be:f9:44:1e:a5:e7:4d:72:e9:e9:13:b2:45:90:
                    4b:db:07:30:f8:fa:fd:f8:43:4f:72:a0:52:66:36:
                    f5:ce:9e:28:42:9b:14:8f:32:bd:06:6b:58:b6:39:
                    bf:9e:89:bd:bc:ab:27:6b:35:cb:01:ac:ff:4b:55:
                    73:80:35:30:34:c1:53:72:7e:e9:92:da:51:ea:01:
                    ed:1a:cb:fd:88:36:56:e8:03:48:32:47:5f:6f:c9:
                    17:9f:f1:b1:42:e5:7e:81:11:08:f3:1c:11:0e:82:
                    e9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:DE:16:43:44:E0:E7:FB:AB:BF:FF:FF:82:21:6E:F7:25:90:6E:D1
            X509v3 Authority Key Identifier:
                keyid:5A:1B:1A:CF:22:6F:3C:2F:FC:31:C1:EB:2B:6A:51:94:B5:0B:52:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhsazyJvPC_8McHrK2pRlLULUvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/g94WQ0Tg5_urv___giFu9yWQbtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/23b5f9-8880-4b54-ad08-731ddb1c07ed/1/WhsazyJvPC_8McHrK2pRlLULUvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:04:1b:b2:35:0f:f3:6f:2a:62:42:21:7c:2a:6f:13:85:0e:
         68:64:08:b2:bc:3f:69:8a:63:e9:f4:42:f3:a9:d1:d9:df:d7:
         f7:3d:e0:41:ac:a1:a2:7c:90:7a:67:cc:aa:a6:f9:64:6a:a0:
         44:34:ac:98:01:ec:db:7d:93:75:b5:eb:63:55:52:ab:b1:de:
         77:9b:e0:83:f8:96:dd:34:d7:29:5b:cd:fe:92:24:a4:b3:f3:
         dc:75:08:62:0a:8d:08:27:70:34:ad:67:26:05:20:cd:23:be:
         cf:2f:35:5a:bd:cd:68:3e:7a:05:41:3e:88:bd:0a:38:77:2c:
         66:e3:a3:5c:96:7a:6f:fa:80:31:e0:fd:9e:3b:62:9a:a0:1c:
         7d:17:ef:a4:64:69:fa:71:6f:49:16:77:b1:a8:75:37:6d:d5:
         23:c5:12:d1:b5:95:30:09:b2:72:71:cf:b8:e4:a0:87:04:ff:
         54:08:89:a9:54:6d:9b:48:6d:c1:87:1c:6f:63:ac:67:8b:3d:
         d8:6c:19:44:63:e3:79:ee:0d:af:17:c4:88:89:66:84:6d:97:
         59:c8:ce:e2:f6:9c:34:d7:f4:7c:30:a5:13:0b:ac:97:ca:f5:
         a7:ff:9b:4b:de:f7:42:42:a8:f9:19:4a:ec:f2:51:a2:cf:f2:
         dd:47:a6:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAG3yb38LQEV+gH51uIpRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMWIxYWNmMjI2ZjNjMmZmYzMxYzFlYjJiNmE1MTk0YjUw
YjUyZjQwHhcNMjQwMTAxMTIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2RlMTY0MzQ0ZTBlN2ZiYWJiZmZmZmY4MjIxNmVmNzI1OTA2ZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicSQaX7a+IbO7a2U0k1LdAO5lqJ/
68cHwTQ+JRPZb2jmlavjmt2jgl4dBn/Dn7B5RgBHI1L5FYAiq92wt5JzrWnApF/J
7/SVVDWxRB8PUYFRvznlWchPPbOUbFfxmSBevS4Rki4fBawLlCIQb2eQ1WtLu+9C
SW9KbFcm0K2ysUgDIPpIzd04sEqDLZAjvCLkQcALR3pKvvlEHqXnTXLp6ROyRZBL
2wcw+Pr9+ENPcqBSZjb1zp4oQpsUjzK9BmtYtjm/nom9vKsnazXLAaz/S1VzgDUw
NMFTcn7pktpR6gHtGsv9iDZW6ANIMkdfb8kXn/GxQuV+gREI8xwRDoLpTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPeFkNE4Of7q7///4IhbvclkG7RMB8GA1UdIwQY
MBaAFFobGs8ibzwv/DHB6ytqUZS1C1L0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hzYXp5SnZQQ184TWNIcksycFJsTFVMVXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8yM2I1ZjktODg4MC00YjU0LWFkMDgt
NzMxZGRiMWMwN2VkLzEvZzk0V1EwVGc1X3Vydl9fX2dpRnU5eVdRYnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8yM2I1ZjktODg4MC00YjU0LWFkMDgtNzMxZGRiMWMwN2Vk
LzEvV2hzYXp5SnZQQ184TWNIcksycFJsTFVMVXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwe8UMA0G
CSqGSIb3DQEBCwUAA4IBAQAYBBuyNQ/zbypiQiF8Km8ThQ5oZAiyvD9pimPp9ELz
qdHZ39f3PeBBrKGifJB6Z8yqpvlkaqBENKyYAezbfZN1tetjVVKrsd53m+CD+Jbd
NNcpW83+kiSks/PcdQhiCo0IJ3A0rWcmBSDNI77PLzVavc1oPnoFQT6IvQo4dyxm
46Nclnpv+oAx4P2eO2KaoBx9F++kZGn6cW9JFnexqHU3bdUjxRLRtZUwCbJycc+4
5KCHBP9UCImpVG2bSG3BhxxvY6xniz3YbBlEY+N57g2vF8SIiWaEbZdZyM7i9pw0
1/R8MKUTC6yXyvWn/5tL3vdCQqj5GUrs8lGiz/LdR6bD
-----END CERTIFICATE-----