Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/_qbDyQ6dzlkSGdl6USHWcM-rat4.roa
File:                     _qbDyQ6dzlkSGdl6USHWcM-rat4.roa (raw, json)
Hash identifier:          f4Odvp26XnT4rEqNPqXxa7Z3Yb7TbN3x8P+5HxBXtmY=
Subject key identifier:   FE:A6:C3:C9:0E:9D:CE:59:12:19:D9:7A:51:21:D6:70:CF:AB:6A:DE
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A67A0CC7F75E7E176796C00AA90A
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/_qbDyQ6dzlkSGdl6USHWcM-rat4.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12908
IP address blocks:        193.255.134.0/24 maxlen: 24
                          193.255.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a6:7a:0c:c7:f7:5e:7e:17:67:96:c0:0a:a9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fea6c3c90e9dce591219d97a5121d670cfab6ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8e:16:5d:fc:d2:d0:e5:0e:01:19:e9:a0:91:
                    8f:8f:92:13:cd:6c:0e:14:54:4c:46:28:fa:65:3d:
                    a5:57:9a:10:2c:bb:ca:90:4d:c3:d6:c4:04:9e:4b:
                    1c:fb:e1:c7:7c:4e:08:8a:93:e9:13:b9:d6:8c:2a:
                    f8:17:86:98:32:7a:a1:fa:84:53:75:69:bc:c8:6a:
                    39:63:ca:73:1d:0f:65:47:58:c6:02:7a:52:3f:13:
                    ba:95:f3:cc:29:da:fd:77:c3:13:44:43:73:3b:8b:
                    94:0c:6a:8b:c7:cb:f2:ca:80:e4:3f:41:c4:ff:88:
                    e6:aa:5c:6f:df:22:cd:cc:c1:5a:d9:26:e4:a2:a8:
                    1c:d7:fe:f3:95:de:17:2e:55:59:4a:ca:a8:26:39:
                    8c:a4:84:e1:43:17:b8:5a:36:7e:4d:e1:94:e4:52:
                    56:18:91:0b:2a:02:29:43:35:1c:50:4f:5e:0b:ac:
                    fe:3a:eb:29:55:b3:51:1c:f3:61:f5:6b:6d:42:96:
                    e6:17:c6:c7:11:cd:8c:9c:a3:34:d8:cb:ac:fc:7e:
                    ed:f6:54:b0:34:db:13:92:72:dd:36:58:4b:15:d3:
                    64:a0:07:26:e7:3f:b8:6e:ff:a2:8d:a3:e4:85:f2:
                    92:fb:c3:14:34:a5:25:62:68:a5:93:ef:1b:27:19:
                    93:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A6:C3:C9:0E:9D:CE:59:12:19:D9:7A:51:21:D6:70:CF:AB:6A:DE
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/_qbDyQ6dzlkSGdl6USHWcM-rat4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.255.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:0d:64:c1:92:39:10:7c:5d:76:d6:e6:2e:04:58:4c:f1:3c:
         57:33:d8:cd:88:de:a8:01:47:30:7a:69:1f:c8:09:8d:4f:ba:
         62:7e:6d:0b:bc:72:4d:d0:f0:a8:da:28:59:71:2f:11:15:71:
         ea:02:32:6c:d3:32:d9:f9:8d:1c:c6:88:9e:e5:16:0b:1a:04:
         dd:78:2d:51:e6:1e:53:9f:0e:12:f3:87:77:ec:0d:ea:8f:f0:
         2f:77:cd:3e:59:18:33:f6:e1:fa:15:42:d8:af:b1:a1:99:9e:
         85:e1:58:71:c0:ca:47:f2:21:35:06:db:71:8c:64:3b:dc:a5:
         8d:26:63:ac:e8:b5:a5:06:97:8c:8a:74:b3:4e:13:9f:27:08:
         6d:6d:de:1f:a4:b4:6f:7e:27:8c:ac:5c:26:97:e9:50:71:a7:
         d3:ab:27:6a:29:34:2b:1f:5a:10:a9:a7:42:d0:24:60:5d:47:
         32:5b:19:19:e6:70:d4:1a:95:c1:16:3c:7c:fb:cd:9a:e2:b4:
         3f:b7:38:bd:60:ee:1f:30:3e:8a:1a:3f:e5:24:d5:df:f4:20:
         0e:71:29:ae:c2:fc:ab:88:0d:35:4e:2e:27:58:32:63:46:6c:
         38:8b:69:16:ef:70:0c:29:9b:e5:8e:e0:9c:80:ac:fe:e4:a4:
         56:8e:0c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKZ6DMf3Xn4XZ5bACqkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWE2YzNjOTBlOWRjZTU5MTIxOWQ5N2E1MTIxZDY3MGNmYWI2YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI4WXfzS0OUOARnpoJGPj5ITzWwO
FFRMRij6ZT2lV5oQLLvKkE3D1sQEnksc++HHfE4IipPpE7nWjCr4F4aYMnqh+oRT
dWm8yGo5Y8pzHQ9lR1jGAnpSPxO6lfPMKdr9d8MTRENzO4uUDGqLx8vyyoDkP0HE
/4jmqlxv3yLNzMFa2Sbkoqgc1/7zld4XLlVZSsqoJjmMpIThQxe4WjZ+TeGU5FJW
GJELKgIpQzUcUE9eC6z+OuspVbNRHPNh9WttQpbmF8bHEc2MnKM02Mus/H7t9lSw
NNsTknLdNlhLFdNkoAcm5z+4bv+ijaPkhfKS+8MUNKUlYmilk+8bJxmTyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6mw8kOnc5ZEhnZelEh1nDPq2reMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvX3FiRHlRNmR6bGtTR2RsNlVTSFdjTS1yYXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwf+GMA0G
CSqGSIb3DQEBCwUAA4IBAQAhDWTBkjkQfF121uYuBFhM8TxXM9jNiN6oAUcwemkf
yAmNT7pifm0LvHJN0PCo2ihZcS8RFXHqAjJs0zLZ+Y0cxoie5RYLGgTdeC1R5h5T
nw4S84d37A3qj/Avd80+WRgz9uH6FULYr7GhmZ6F4VhxwMpH8iE1BttxjGQ73KWN
JmOs6LWlBpeMinSzThOfJwhtbd4fpLRvfieMrFwml+lQcafTqydqKTQrH1oQqadC
0CRgXUcyWxkZ5nDUGpXBFjx8+82a4rQ/tzi9YO4fMD6KGj/lJNXf9CAOcSmuwvyr
iA01Ti4nWDJjRmw4i2kW73AMKZvljuCcgKz+5KRWjgxY
-----END CERTIFICATE-----