Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/oKM8J4rtJYeez8l1wI0XJDUJXdo.roa
File:                     oKM8J4rtJYeez8l1wI0XJDUJXdo.roa (raw, json)
Hash identifier:          C+IgABWOfoGmvPv8t8cmipYmT/nASZMMg70PXa0MLF4=
Subject key identifier:   A0:A3:3C:27:8A:ED:25:87:9E:CF:C9:75:C0:8D:17:24:35:09:5D:DA
Certificate issuer:       /CN=fdd7002bf3a2eacfc881d5e1a0211098c669956c
Certificate serial:       018CC86F692E14227B5051E1BE2F924407B7
Authority key identifier: FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/oKM8J4rtJYeez8l1wI0XJDUJXdo.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29273
IP address blocks:        193.41.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:69:2e:14:22:7b:50:51:e1:be:2f:92:44:07:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd7002bf3a2eacfc881d5e1a0211098c669956c
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0a33c278aed25879ecfc975c08d172435095dda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2f:e2:2d:a6:2d:8d:1c:0e:48:db:6f:94:9b:
                    cc:57:3a:db:88:e3:28:9d:1a:54:e6:5c:1b:99:3c:
                    00:15:57:e8:40:18:7d:1c:bc:df:92:ab:db:10:e9:
                    7e:98:cb:8b:22:59:92:fc:9f:d4:4f:f8:8a:ba:8b:
                    ab:66:5d:7c:91:09:5d:92:bd:1e:80:ff:2b:2e:20:
                    c3:eb:b3:0a:7b:6a:f3:f5:fb:cf:b4:62:58:e9:6e:
                    39:94:a0:06:a5:73:87:ac:d7:05:ac:7d:bc:cd:54:
                    20:2a:f2:06:b3:a1:88:9d:23:9d:72:55:75:fc:93:
                    c3:1f:e0:bd:47:fb:6d:32:ac:b1:43:da:fe:ac:63:
                    7c:d2:28:e7:07:a5:ee:83:31:e0:8a:e9:a4:86:5c:
                    3a:1e:e9:29:99:45:27:ac:79:e4:51:22:f4:7d:35:
                    d5:1f:c1:29:92:27:a3:7c:9b:a8:4f:64:83:fc:bc:
                    65:93:a8:62:41:14:c1:46:66:ad:90:37:82:8e:a1:
                    58:90:0e:ff:aa:2f:73:1d:34:39:8f:b2:97:1e:ca:
                    f8:23:4e:6b:5c:90:a0:5b:2c:10:22:d7:27:95:25:
                    96:73:27:24:b9:dd:8e:0f:64:96:7d:fd:13:a5:05:
                    c7:c2:c1:21:32:3e:3e:1f:46:a0:45:85:ac:29:bf:
                    f7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A3:3C:27:8A:ED:25:87:9E:CF:C9:75:C0:8D:17:24:35:09:5D:DA
            X509v3 Authority Key Identifier:
                keyid:FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/oKM8J4rtJYeez8l1wI0XJDUJXdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f9:c6:77:6c:3b:c5:db:25:b8:f3:6c:3f:c8:dd:38:46:36:
         41:f3:58:2b:71:78:4f:f9:fc:51:11:32:01:05:67:e3:5d:7b:
         0f:a1:81:fc:98:81:48:be:fa:32:39:a3:a4:ad:66:6d:0a:b1:
         5e:c1:35:5b:5b:21:58:ee:f7:12:b5:8d:a1:a0:10:71:35:b7:
         a1:03:14:c1:7c:25:48:a0:59:a4:82:d9:50:fb:86:90:ac:5b:
         35:54:da:51:6a:84:04:1e:6e:ec:fa:aa:d6:55:16:02:6c:3d:
         5a:e0:2f:96:b8:9b:05:71:06:b3:4e:14:f5:3e:e2:31:7d:dc:
         2d:58:89:9b:b6:94:b8:23:10:40:9d:c0:6a:61:c1:a3:b9:6f:
         72:04:cf:df:94:5b:6a:c0:bb:99:96:8d:cd:77:5a:d2:52:19:
         68:bc:00:9e:c6:76:61:20:64:92:29:11:15:2d:c6:68:ad:c2:
         69:83:2e:47:a9:40:82:5b:a4:75:73:ae:9d:e6:e4:ea:01:36:
         da:a6:e0:4b:5f:11:eb:16:fb:34:82:8c:59:96:f9:d4:e9:20:
         ad:84:86:db:bc:c1:d9:e5:94:9c:fe:fa:0d:85:a6:6b:2f:19:
         de:b2:a5:e8:5e:39:b5:c6:dc:81:76:30:4c:ec:41:3f:7f:b8:
         97:e9:6c:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2kuFCJ7UFHhvi+SRAe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDcwMDJiZjNhMmVhY2ZjODgxZDVlMWEwMjExMDk4YzY2
OTk1NmMwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGEzM2MyNzhhZWQyNTg3OWVjZmM5NzVjMDhkMTcyNDM1MDk1ZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy/iLaYtjRwOSNtvlJvMVzrbiOMo
nRpU5lwbmTwAFVfoQBh9HLzfkqvbEOl+mMuLIlmS/J/UT/iKuourZl18kQldkr0e
gP8rLiDD67MKe2rz9fvPtGJY6W45lKAGpXOHrNcFrH28zVQgKvIGs6GInSOdclV1
/JPDH+C9R/ttMqyxQ9r+rGN80ijnB6XugzHgiumkhlw6HukpmUUnrHnkUSL0fTXV
H8EpkiejfJuoT2SD/Lxlk6hiQRTBRmatkDeCjqFYkA7/qi9zHTQ5j7KXHsr4I05r
XJCgWywQItcnlSWWcyckud2OD2SWff0TpQXHwsEhMj4+H0agRYWsKb/39QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCjPCeK7SWHns/JdcCNFyQ1CV3aMB8GA1UdIwQY
MBaAFP3XACvzourPyIHV4aAhEJjGaZVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RjQUtfT2k2c19JZ2RYaG9DRVFtTVpwbFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xMDFiY2YtZDFkZi00N2M0LWEyZWIt
MjE2MWZmNDc4ODFjLzEvb0tNOEo0cnRKWWVlejhsMXdJMFhKRFVKWGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xMDFiY2YtZDFkZi00N2M0LWEyZWItMjE2MWZmNDc4ODFj
LzEvX2RjQUtfT2k2c19JZ2RYaG9DRVFtTVpwbFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSkkMA0G
CSqGSIb3DQEBCwUAA4IBAQBj+cZ3bDvF2yW482w/yN04RjZB81grcXhP+fxRETIB
BWfjXXsPoYH8mIFIvvoyOaOkrWZtCrFewTVbWyFY7vcStY2hoBBxNbehAxTBfCVI
oFmkgtlQ+4aQrFs1VNpRaoQEHm7s+qrWVRYCbD1a4C+WuJsFcQazThT1PuIxfdwt
WImbtpS4IxBAncBqYcGjuW9yBM/flFtqwLuZlo3Nd1rSUhlovACexnZhIGSSKREV
LcZorcJpgy5HqUCCW6R1c66d5uTqATbapuBLXxHrFvs0goxZlvnU6SCthIbbvMHZ
5ZSc/voNhaZrLxnesqXoXjm1xtyBdjBM7EE/f7iX6Wzx
-----END CERTIFICATE-----