Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/F_SN_5FdC9P9kaPAihiL5sECKGk.roa
File:                     F_SN_5FdC9P9kaPAihiL5sECKGk.roa (raw, json)
Hash identifier:          Vyoli3nJcjtW9m0HrRp2BHJwo62vYJz9Wpg1w1C7faw=
Subject key identifier:   17:F4:8D:FF:91:5D:0B:D3:FD:91:A3:C0:8A:18:8B:E6:C1:02:28:69
Certificate issuer:       /CN=f89df56248f9777fa22d5da6c04b5fb332a4b350
Certificate serial:       018CC7955216062507AE45E3B31DB0D003BE
Authority key identifier: F8:9D:F5:62:48:F9:77:7F:A2:2D:5D:A6:C0:4B:5F:B3:32:A4:B3:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/F_SN_5FdC9P9kaPAihiL5sECKGk.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28853
IP address blocks:        193.138.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:52:16:06:25:07:ae:45:e3:b3:1d:b0:d0:03:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f89df56248f9777fa22d5da6c04b5fb332a4b350
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17f48dff915d0bd3fd91a3c08a188be6c1022869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:25:f5:28:87:e5:cb:89:6c:77:83:a0:c9:e5:
                    29:70:52:67:8a:27:4d:f8:fb:af:0b:44:03:80:b4:
                    f7:16:a5:80:b3:60:e7:b5:62:ed:fa:dc:ce:fa:ec:
                    f2:2f:61:63:81:ee:b5:f1:b0:5a:ee:a8:32:3b:54:
                    19:e4:4f:1e:d7:d0:70:88:e3:33:5a:3d:4a:a7:b5:
                    29:5f:b9:e0:4f:54:93:4d:8c:ee:1d:6f:ee:99:c8:
                    95:85:05:db:ca:5b:12:60:e1:5c:bc:0d:c8:0a:c3:
                    ad:85:6e:de:f3:6e:b3:54:84:ed:24:a4:4b:28:22:
                    77:27:6c:42:e6:09:9d:25:19:fc:8c:d7:fa:cf:35:
                    32:53:27:ff:15:36:be:d7:01:a1:cd:5c:ec:e6:1c:
                    3f:64:39:16:a6:b8:1a:27:72:b1:6b:73:a8:b8:8e:
                    e5:c5:eb:74:d1:70:02:bf:cf:44:c0:98:f1:85:26:
                    d3:fb:55:cf:1e:ab:d0:b0:98:9c:e6:75:43:22:19:
                    29:30:ea:f1:16:27:42:2c:e0:86:29:02:1b:7c:bf:
                    70:6a:f9:9a:40:4c:51:a4:f9:d7:b7:53:ca:78:00:
                    94:c4:29:a8:2d:29:91:c9:9b:5f:39:54:d1:e7:30:
                    95:4a:08:26:0b:fb:17:be:38:97:e2:ce:a8:0e:1b:
                    38:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F4:8D:FF:91:5D:0B:D3:FD:91:A3:C0:8A:18:8B:E6:C1:02:28:69
            X509v3 Authority Key Identifier:
                keyid:F8:9D:F5:62:48:F9:77:7F:A2:2D:5D:A6:C0:4B:5F:B3:32:A4:B3:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/F_SN_5FdC9P9kaPAihiL5sECKGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:6a:18:71:a0:e8:db:bd:46:46:5b:b1:ec:53:a6:70:a8:13:
         ce:8b:a6:7b:fe:e2:ce:15:49:99:0b:f8:db:73:84:c1:c1:72:
         ea:92:99:db:96:a6:94:71:d2:aa:4f:53:42:d0:e3:32:ec:a0:
         ad:87:63:4a:7e:18:a2:2a:c4:bd:17:fe:26:ae:73:72:51:b0:
         de:2d:ec:15:0c:0d:ad:34:68:ac:d2:8f:30:27:45:43:c3:a6:
         9e:d1:f1:27:4f:8d:a6:a0:15:29:5e:61:8a:76:1b:75:08:83:
         1e:5f:99:8c:ee:4e:ea:2e:94:5f:e2:e0:78:6d:c6:5e:71:70:
         83:80:ab:6a:df:f9:09:b1:28:4e:7e:f6:9b:99:95:a1:96:e8:
         f3:2a:1d:4c:6e:6a:31:29:e0:2a:7c:06:fb:e4:a4:12:f2:87:
         24:f8:8a:98:0a:51:33:ac:44:1c:c9:15:dd:90:fd:08:2d:5a:
         67:61:e1:75:03:f3:f8:06:e3:a8:65:86:ac:b7:b6:aa:d2:1f:
         db:93:9a:af:57:5a:82:80:07:2d:85:46:28:68:ee:a2:22:3d:
         b8:9b:62:ee:06:a8:ca:82:4b:52:24:1a:53:75:b8:fb:02:34:
         3e:df:5c:49:0e:d3:a7:63:2f:73:15:ca:c5:33:3c:72:7c:76:
         af:28:b3:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVIWBiUHrkXjsx2w0AO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OWRmNTYyNDhmOTc3N2ZhMjJkNWRhNmMwNGI1ZmIzMzJh
NGIzNTAwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y0OGRmZjkxNWQwYmQzZmQ5MWEzYzA4YTE4OGJlNmMxMDIyODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCX1KIfly4lsd4OgyeUpcFJniidN
+PuvC0QDgLT3FqWAs2DntWLt+tzO+uzyL2Fjge618bBa7qgyO1QZ5E8e19BwiOMz
Wj1Kp7UpX7ngT1STTYzuHW/umciVhQXbylsSYOFcvA3ICsOthW7e826zVITtJKRL
KCJ3J2xC5gmdJRn8jNf6zzUyUyf/FTa+1wGhzVzs5hw/ZDkWprgaJ3Kxa3OouI7l
xet00XACv89EwJjxhSbT+1XPHqvQsJic5nVDIhkpMOrxFidCLOCGKQIbfL9wavma
QExRpPnXt1PKeACUxCmoLSmRyZtfOVTR5zCVSggmC/sXvjiX4s6oDhs4nQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBf0jf+RXQvT/ZGjwIoYi+bBAihpMB8GA1UdIwQY
MBaAFPid9WJI+Xd/oi1dpsBLX7MypLNQMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1KMzFZa2o1ZDMtaUxWMm13RXRmc3pLa3MxQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvZDQ2ZDI1LTVkOGYtNDk4OS1iNTU3
LWMxNmJhZWRmNmZhNi8xL0ZfU05fNUZkQzlQOWthUEFpaGlMNXNFQ0tHay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvZDQ2ZDI1LTVkOGYtNDk4OS1iNTU3LWMxNmJhZWRmNmZh
Ni8xLzEtSjMxWWtqNWQzLWlMVjJtd0V0ZnN6S2tzMUEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBimcw
DQYJKoZIhvcNAQELBQADggEBADNqGHGg6Nu9RkZbsexTpnCoE86Lpnv+4s4VSZkL
+NtzhMHBcuqSmduWppRx0qpPU0LQ4zLsoK2HY0p+GKIqxL0X/iauc3JRsN4t7BUM
Da00aKzSjzAnRUPDpp7R8SdPjaagFSleYYp2G3UIgx5fmYzuTuoulF/i4Hhtxl5x
cIOAq2rf+QmxKE5+9puZlaGW6PMqHUxuajEp4Cp8BvvkpBLyhyT4ipgKUTOsRBzJ
Fd2Q/QgtWmdh4XUD8/gG46hlhqy3tqrSH9uTmq9XWoKABy2FRiho7qIiPbibYu4G
qMqCS1IkGlN1uPsCND7fXEkO06djL3MVysUzPHJ8dq8osxQ=
-----END CERTIFICATE-----