Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/DXA0w7Y67bG2Tiw3w_NQNV_XO_g.roa
File:                     DXA0w7Y67bG2Tiw3w_NQNV_XO_g.roa (raw, json)
Hash identifier:          yDeX08lh1Okx3zq7GBkQCGf73C49fzCPhMXB7X6ZQbY=
Subject key identifier:   0D:70:34:C3:B6:3A:ED:B1:B6:4E:2C:37:C3:F3:50:35:5F:D7:3B:F8
Certificate issuer:       /CN=0687a4aca581d8ebcdfe24b65f1e70a12f289a78
Certificate serial:       0191AA15D346C2219B9C1DC623E43139084E
Authority key identifier: 06:87:A4:AC:A5:81:D8:EB:CD:FE:24:B6:5F:1E:70:A1:2F:28:9A:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BoekrKWB2OvN_iS2Xx5woS8omng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/DXA0w7Y67bG2Tiw3w_NQNV_XO_g.roa
Signing time:             Sat 31 Aug 2024 20:17:22 +0000
ROA not before:           Sat 31 Aug 2024 20:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        193.33.176.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/BoekrKWB2OvN_iS2Xx5woS8omng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/BoekrKWB2OvN_iS2Xx5woS8omng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BoekrKWB2OvN_iS2Xx5woS8omng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:aa:15:d3:46:c2:21:9b:9c:1d:c6:23:e4:31:39:08:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0687a4aca581d8ebcdfe24b65f1e70a12f289a78
        Validity
            Not Before: Aug 31 20:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d7034c3b63aedb1b64e2c37c3f350355fd73bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:60:bd:32:8f:b5:af:0a:ac:fa:60:00:83:94:
                    ad:b2:de:59:af:62:63:a6:b1:a3:c5:b9:d0:fb:91:
                    7c:f4:58:b4:82:dd:40:ca:9c:61:7e:ac:54:96:98:
                    8b:47:e1:1c:03:04:c1:04:da:da:84:8a:15:10:5b:
                    34:85:70:ac:19:d6:dc:7b:c3:7d:91:3c:7f:86:1e:
                    01:c4:3e:0a:ea:20:f7:67:c1:76:bc:c2:4d:fb:06:
                    3f:8b:8f:2f:4d:23:44:51:41:9f:89:a6:11:41:b9:
                    12:97:49:91:04:bd:1f:29:fc:41:74:a8:08:11:4d:
                    5c:94:4e:65:1b:ea:bb:ca:4f:9c:80:92:c9:99:fa:
                    92:45:92:fa:90:2f:1f:64:b7:08:78:59:cc:b6:eb:
                    6d:b9:2b:77:57:4b:a5:3c:40:5b:bf:3f:ee:15:52:
                    29:0d:84:95:58:e2:56:f2:7b:bf:a3:87:75:2d:82:
                    af:b6:0d:6a:db:da:76:01:a9:91:af:fe:54:81:38:
                    3d:c2:f3:22:4b:f1:e9:bd:2c:2a:f2:0c:a2:0e:e7:
                    7f:31:77:b5:db:1b:88:ac:59:a1:eb:bf:7a:d2:98:
                    c7:b6:6c:14:8b:19:05:51:eb:1a:be:06:6a:3a:f3:
                    ae:cd:18:fb:8b:0e:6b:9a:64:17:f8:a5:46:ce:d9:
                    52:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:70:34:C3:B6:3A:ED:B1:B6:4E:2C:37:C3:F3:50:35:5F:D7:3B:F8
            X509v3 Authority Key Identifier:
                keyid:06:87:A4:AC:A5:81:D8:EB:CD:FE:24:B6:5F:1E:70:A1:2F:28:9A:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BoekrKWB2OvN_iS2Xx5woS8omng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/DXA0w7Y67bG2Tiw3w_NQNV_XO_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9df11b-0187-4a91-b5d1-2d28a19135fd/1/BoekrKWB2OvN_iS2Xx5woS8omng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:35:f4:4d:4c:90:7d:99:5e:82:62:99:63:f8:c0:4d:46:7f:
         a6:c8:a4:9c:8a:5f:4a:87:ea:8c:39:af:b5:28:66:2e:78:97:
         a2:8c:6d:66:3c:6c:a6:8f:50:f6:e9:ea:d1:b2:e9:61:6f:52:
         76:dc:f7:77:63:a7:53:4e:1d:45:b3:1b:06:3e:13:e4:bd:c3:
         61:19:b5:48:14:10:91:be:3d:2a:e5:8e:7a:17:79:c9:f3:64:
         7e:49:c7:ea:89:3a:68:85:cc:02:d8:67:99:7b:93:97:c8:c9:
         16:f4:ba:c6:e1:eb:d3:f3:4c:e5:54:f5:2a:f1:75:e3:9a:10:
         8a:dd:ea:76:e7:f6:d6:61:ec:95:fe:c7:2e:0c:c5:cc:8f:8f:
         9b:5c:03:a4:74:2d:84:63:32:db:1c:3b:b6:88:60:fc:ac:7d:
         e8:9a:2a:75:74:a3:06:84:da:da:f4:3d:df:2a:58:c8:1b:72:
         b1:5c:09:f9:80:89:f8:5e:3f:e2:65:d6:59:54:6c:5c:91:29:
         50:ff:4b:32:da:78:d8:b8:b7:89:60:5e:a8:83:d6:1a:2e:88:
         81:2f:31:9c:35:18:26:41:e1:a6:8e:c1:49:40:1b:d6:74:6d:
         74:66:45:bf:cd:47:af:7b:36:6e:55:32:f9:6a:47:5c:67:d2:
         71:6a:0f:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGqFdNGwiGbnB3GI+QxOQhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ODdhNGFjYTU4MWQ4ZWJjZGZlMjRiNjVmMWU3MGExMmYy
ODlhNzgwHhcNMjQwODMxMjAxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDcwMzRjM2I2M2FlZGIxYjY0ZTJjMzdjM2YzNTAzNTVmZDczYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGC9Mo+1rwqs+mAAg5Stst5Zr2Jj
prGjxbnQ+5F89Fi0gt1AypxhfqxUlpiLR+EcAwTBBNrahIoVEFs0hXCsGdbce8N9
kTx/hh4BxD4K6iD3Z8F2vMJN+wY/i48vTSNEUUGfiaYRQbkSl0mRBL0fKfxBdKgI
EU1clE5lG+q7yk+cgJLJmfqSRZL6kC8fZLcIeFnMtuttuSt3V0ulPEBbvz/uFVIp
DYSVWOJW8nu/o4d1LYKvtg1q29p2AamRr/5UgTg9wvMiS/HpvSwq8gyiDud/MXe1
2xuIrFmh67960pjHtmwUixkFUesavgZqOvOuzRj7iw5rmmQX+KVGztlSCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1wNMO2Ou2xtk4sN8PzUDVf1zv4MB8GA1UdIwQY
MBaAFAaHpKylgdjrzf4ktl8ecKEvKJp4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm9la3JLV0IyT3ZOX2lTMlh4NXdvUzhvbW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85ZGYxMWItMDE4Ny00YTkxLWI1ZDEt
MmQyOGExOTEzNWZkLzEvRFhBMHc3WTY3YkcyVGl3M3dfTlFOVl9YT19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85ZGYxMWItMDE4Ny00YTkxLWI1ZDEtMmQyOGExOTEzNWZk
LzEvQm9la3JLV0IyT3ZOX2lTMlh4NXdvUzhvbW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSGwMA0G
CSqGSIb3DQEBCwUAA4IBAQC0NfRNTJB9mV6CYplj+MBNRn+myKScil9Kh+qMOa+1
KGYueJeijG1mPGymj1D26erRsulhb1J23Pd3Y6dTTh1FsxsGPhPkvcNhGbVIFBCR
vj0q5Y56F3nJ82R+ScfqiTpohcwC2GeZe5OXyMkW9LrG4evT80zlVPUq8XXjmhCK
3ep25/bWYeyV/scuDMXMj4+bXAOkdC2EYzLbHDu2iGD8rH3omip1dKMGhNra9D3f
KljIG3KxXAn5gIn4Xj/iZdZZVGxckSlQ/0sy2njYuLeJYF6og9YaLoiBLzGcNRgm
QeGmjsFJQBvWdG10ZkW/zUevezZuVTL5akdcZ9Jxag8X
-----END CERTIFICATE-----