Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/t0lntcaSNZ2SYdDG7vBWgpZEciA.roa
File:                     t0lntcaSNZ2SYdDG7vBWgpZEciA.roa (raw, json)
Hash identifier:          tlOXqnEZpSB2URLXxkBcxdDY5PspDx9ChhFIxyh2FDA=
Subject key identifier:   B7:49:67:B5:C6:92:35:9D:92:61:D0:C6:EE:F0:56:82:96:44:72:20
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       018CC8DEBB4027AA512A8B3D0EAF903ED158
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/t0lntcaSNZ2SYdDG7vBWgpZEciA.roa
Signing time:             Tue 02 Jan 2024 06:31:29 +0000
ROA not before:           Tue 02 Jan 2024 06:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57460
IP address blocks:        193.43.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bb:40:27:aa:51:2a:8b:3d:0e:af:90:3e:d1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74967b5c692359d9261d0c6eef0568296447220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:58:bd:21:c0:d9:cc:42:5d:e1:87:18:69:ab:
                    d5:68:b4:6a:3b:74:05:65:d9:6c:fb:56:70:b7:85:
                    df:10:0e:d5:4a:f8:55:8b:ac:75:47:3d:2c:8c:b8:
                    02:ba:1a:a5:dd:99:5f:46:71:75:0f:59:fb:08:c3:
                    5f:48:65:ac:9a:14:3e:11:d6:b0:5c:ba:fc:d5:f6:
                    5f:e4:2c:d7:4f:92:11:be:74:ac:34:11:fd:e4:ec:
                    68:4a:7a:d4:6e:66:66:9a:ea:cd:37:2a:53:0f:92:
                    d6:64:90:55:8d:ad:10:af:02:7b:40:64:0f:32:09:
                    77:c7:16:bf:52:3d:9e:67:23:f9:74:bb:68:1f:ed:
                    cd:c4:47:56:38:4e:da:00:15:01:66:9d:5b:e3:a0:
                    fb:f3:ba:5a:84:a2:2f:7c:73:f1:aa:0c:0f:a4:4e:
                    c5:e8:9e:9a:fd:d2:56:64:47:f2:83:6a:37:79:90:
                    95:6f:82:c1:44:98:08:3c:d8:ea:bd:34:c9:a8:f1:
                    10:4e:5f:7f:a9:1b:4e:14:c4:f5:2b:a7:c9:08:ea:
                    f6:bf:06:0d:cd:dc:e1:05:94:f1:36:e1:30:86:70:
                    63:84:d4:f0:f0:bb:b0:f1:2d:96:22:5c:9e:d4:b1:
                    22:1e:9f:0a:c4:00:2e:19:bf:60:92:ac:65:b6:f7:
                    3b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:49:67:B5:C6:92:35:9D:92:61:D0:C6:EE:F0:56:82:96:44:72:20
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/t0lntcaSNZ2SYdDG7vBWgpZEciA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:49:6f:9d:fd:42:27:38:0b:e3:27:7d:16:a0:fc:c8:f6:57:
         5c:db:01:e4:aa:40:0f:b8:19:73:7d:0d:87:52:9a:df:cb:0e:
         29:75:55:2f:f0:c3:6f:2a:96:13:86:da:f6:4d:dc:37:9e:f0:
         71:c7:c3:c0:ee:76:e3:fd:03:1f:d0:5c:9b:a6:ec:83:26:b1:
         7f:d9:84:74:a1:9d:5d:3e:de:a8:50:fb:55:07:d0:f2:c1:41:
         ee:b0:31:a2:8a:d4:c2:86:df:a5:5e:99:0c:a9:b6:55:31:97:
         24:6b:80:43:94:27:0c:fb:12:d2:1c:b5:a6:fd:79:1e:7a:3f:
         f8:b1:a0:c7:7c:3e:f2:6c:36:dd:58:03:44:9b:ed:5a:28:e7:
         99:13:4d:43:6f:c2:c4:f5:51:96:8f:1a:99:d8:4c:a1:8c:dc:
         ce:82:90:97:01:ac:12:0a:7f:08:69:a8:19:f1:ad:be:3d:18:
         70:3b:fa:70:67:3f:40:96:1b:4e:1f:dd:74:12:8f:08:f1:ca:
         d2:e7:92:11:09:4f:a4:45:cb:b0:47:c5:f2:ac:dd:ba:3a:c6:
         c9:52:b5:5f:90:f1:d4:7f:a5:d4:fb:16:b2:bf:47:be:a9:fa:
         e7:2d:88:d6:48:4d:db:ab:ce:68:70:1e:1f:9d:51:7b:7c:ee:
         28:1a:a6:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3rtAJ6pRKos9Dq+QPtFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQ5NjdiNWM2OTIzNTlkOTI2MWQwYzZlZWYwNTY4Mjk2NDQ3MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1i9IcDZzEJd4YcYaavVaLRqO3QF
Zdls+1Zwt4XfEA7VSvhVi6x1Rz0sjLgCuhql3ZlfRnF1D1n7CMNfSGWsmhQ+Edaw
XLr81fZf5CzXT5IRvnSsNBH95OxoSnrUbmZmmurNNypTD5LWZJBVja0QrwJ7QGQP
Mgl3xxa/Uj2eZyP5dLtoH+3NxEdWOE7aABUBZp1b46D787pahKIvfHPxqgwPpE7F
6J6a/dJWZEfyg2o3eZCVb4LBRJgIPNjqvTTJqPEQTl9/qRtOFMT1K6fJCOr2vwYN
zdzhBZTxNuEwhnBjhNTw8Luw8S2WIlye1LEiHp8KxAAuGb9gkqxltvc7QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdJZ7XGkjWdkmHQxu7wVoKWRHIgMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEvdDBsbnRjYVNOWjJTWWRERzd2QldncFpFY2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCLSW+d/UInOAvjJ30WoPzI9ldc2wHkqkAPuBlzfQ2H
Uprfyw4pdVUv8MNvKpYThtr2Tdw3nvBxx8PA7nbj/QMf0FybpuyDJrF/2YR0oZ1d
Pt6oUPtVB9DywUHusDGiitTCht+lXpkMqbZVMZcka4BDlCcM+xLSHLWm/Xkeej/4
saDHfD7ybDbdWANEm+1aKOeZE01Db8LE9VGWjxqZ2EyhjNzOgpCXAawSCn8IaagZ
8a2+PRhwO/pwZz9AlhtOH910Eo8I8crS55IRCU+kRcuwR8XyrN26OsbJUrVfkPHU
f6XU+xayv0e+qfrnLYjWSE3bq85ocB4fnVF7fO4oGqYC
-----END CERTIFICATE-----