Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/_4MUfJOPCmplA66Lqc38AqGBFqE.roa
File:                     _4MUfJOPCmplA66Lqc38AqGBFqE.roa (raw, json)
Hash identifier:          WWqb8MvMKnGSxobKoMT6ZC8jHB1UdaVJvY8ro7/Syds=
Subject key identifier:   FF:83:14:7C:93:8F:0A:6A:65:03:AE:8B:A9:CD:FC:02:A1:81:16:A1
Certificate issuer:       /CN=ace49763d2fdb90986469403066cb5e6a7825f0c
Certificate serial:       018CC794135ED7410DEAE0431A4AC162E9E8
Authority key identifier: AC:E4:97:63:D2:FD:B9:09:86:46:94:03:06:6C:B5:E6:A7:82:5F:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rOSXY9L9uQmGRpQDBmy15qeCXww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/_4MUfJOPCmplA66Lqc38AqGBFqE.roa
Signing time:             Tue 02 Jan 2024 00:30:19 +0000
ROA not before:           Tue 02 Jan 2024 00:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25521
IP address blocks:        193.0.220.0/23 maxlen: 23
                          2a13:8f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/rOSXY9L9uQmGRpQDBmy15qeCXww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/rOSXY9L9uQmGRpQDBmy15qeCXww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rOSXY9L9uQmGRpQDBmy15qeCXww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:13:5e:d7:41:0d:ea:e0:43:1a:4a:c1:62:e9:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ace49763d2fdb90986469403066cb5e6a7825f0c
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff83147c938f0a6a6503ae8ba9cdfc02a18116a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:65:d2:71:02:9f:fc:b2:4b:f4:1e:5a:b2:ee:
                    38:ee:ef:e6:77:de:5e:12:4c:10:b2:ad:19:96:5d:
                    09:25:63:3c:df:df:a8:80:04:83:69:3b:b7:43:f2:
                    3c:d5:1f:a9:42:ee:85:ad:56:65:5b:a7:c4:1b:dd:
                    5c:5c:5b:b2:5e:40:70:80:15:b7:d2:07:29:b6:9a:
                    70:4c:0b:7e:60:51:95:18:91:3b:67:21:0f:4f:5f:
                    92:d2:cc:5d:0b:f4:1e:9e:98:f8:b4:03:43:3f:e9:
                    c7:9d:5c:55:eb:bc:8e:d4:52:92:70:bd:5d:f9:cf:
                    15:ca:03:c9:51:f7:f4:c1:de:bc:f2:9b:90:3d:1e:
                    81:84:79:93:99:36:4e:8f:a0:42:cf:35:0f:87:4b:
                    1b:cc:f7:9d:c4:13:78:aa:4f:14:4e:48:ec:5a:fa:
                    fd:23:14:a5:15:f1:c3:da:cb:eb:a8:67:2d:5e:dd:
                    eb:06:ec:8b:46:0c:b8:d5:ee:1d:20:e0:2a:47:3d:
                    6e:50:38:7a:25:a4:d8:4a:ec:0a:1f:ad:9a:e1:70:
                    e2:69:ce:e8:56:e1:f1:30:4a:f5:40:f7:e7:08:00:
                    62:e9:e6:49:8e:79:27:ec:73:0d:58:41:3e:69:e8:
                    53:4a:a6:b9:a6:ec:d0:57:fc:d5:51:04:1b:c5:d3:
                    d6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:83:14:7C:93:8F:0A:6A:65:03:AE:8B:A9:CD:FC:02:A1:81:16:A1
            X509v3 Authority Key Identifier:
                keyid:AC:E4:97:63:D2:FD:B9:09:86:46:94:03:06:6C:B5:E6:A7:82:5F:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rOSXY9L9uQmGRpQDBmy15qeCXww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/_4MUfJOPCmplA66Lqc38AqGBFqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/rOSXY9L9uQmGRpQDBmy15qeCXww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.220.0/23
                IPv6:
                  2a13:8f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:5b:f2:8e:58:bb:5f:45:f9:84:75:a0:f9:54:54:40:e5:98:
         72:71:da:45:5a:93:f3:d2:c9:38:b5:a3:99:1f:1b:f5:73:ca:
         c1:0e:33:21:04:49:b3:b1:c0:c2:e1:12:26:3f:0c:06:95:5f:
         88:b3:92:ac:51:ef:09:a3:30:2c:7d:29:d5:89:5e:e7:dc:b3:
         be:b3:63:6b:63:47:c3:66:08:95:a7:8d:2f:53:e5:24:54:62:
         4f:1d:b8:46:05:22:87:39:c7:f6:3a:ba:23:92:34:d8:dd:1d:
         05:46:9f:49:4b:f4:3c:a1:c1:8a:55:8b:6e:28:52:15:08:10:
         b0:f2:77:cd:91:ce:3a:26:b0:1d:0f:39:ec:de:1a:52:b3:6a:
         d4:cc:65:13:99:0a:ef:b2:82:56:2f:4a:60:63:99:af:74:26:
         ac:08:06:cb:1e:5b:aa:02:f7:b9:5f:62:7a:5e:e9:39:4b:0d:
         87:37:b0:49:78:a4:53:fc:c2:23:d1:8f:d4:cd:c4:3a:e8:10:
         1b:24:b1:ad:01:93:c3:a1:5b:b7:83:2c:93:20:a2:2b:7d:e2:
         03:a2:c0:6a:30:a4:8a:f1:90:62:8b:bc:e1:03:38:55:8a:1e:
         75:28:bf:b2:b9:39:44:3e:a3:1e:4b:0f:33:ca:7a:c0:96:e0:
         69:a4:3e:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlBNe10EN6uBDGkrBYunoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZTQ5NzYzZDJmZGI5MDk4NjQ2OTQwMzA2NmNiNWU2YTc4
MjVmMGMwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjgzMTQ3YzkzOGYwYTZhNjUwM2FlOGJhOWNkZmMwMmExODExNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmXScQKf/LJL9B5asu447u/md95e
EkwQsq0Zll0JJWM839+ogASDaTu3Q/I81R+pQu6FrVZlW6fEG91cXFuyXkBwgBW3
0gcptppwTAt+YFGVGJE7ZyEPT1+S0sxdC/Qenpj4tANDP+nHnVxV67yO1FKScL1d
+c8VygPJUff0wd688puQPR6BhHmTmTZOj6BCzzUPh0sbzPedxBN4qk8UTkjsWvr9
IxSlFfHD2svrqGctXt3rBuyLRgy41e4dIOAqRz1uUDh6JaTYSuwKH62a4XDiac7o
VuHxMEr1QPfnCABi6eZJjnkn7HMNWEE+aehTSqa5puzQV/zVUQQbxdPWlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP+DFHyTjwpqZQOui6nN/AKhgRahMB8GA1UdIwQY
MBaAFKzkl2PS/bkJhkaUAwZsteangl8MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck9TWFk5TDl1UW1HUnBRREJteTE1cWVDWHd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS80NjMwZmQtYTBjYS00OGEwLWJjYWIt
OTBhOGM2ZTc4NWM5LzEvXzRNVWZKT1BDbXBsQTY2THFjMzhBcUdCRnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS80NjMwZmQtYTBjYS00OGEwLWJjYWItOTBhOGM2ZTc4NWM5
LzEvck9TWFk5TDl1UW1HUnBRREJteTE1cWVDWHd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwQDcMA0E
AgACMAcDBQMqE49AMA0GCSqGSIb3DQEBCwUAA4IBAQCvW/KOWLtfRfmEdaD5VFRA
5ZhycdpFWpPz0sk4taOZHxv1c8rBDjMhBEmzscDC4RImPwwGlV+Is5KsUe8JozAs
fSnViV7n3LO+s2NrY0fDZgiVp40vU+UkVGJPHbhGBSKHOcf2OrojkjTY3R0FRp9J
S/Q8ocGKVYtuKFIVCBCw8nfNkc46JrAdDzns3hpSs2rUzGUTmQrvsoJWL0pgY5mv
dCasCAbLHluqAve5X2J6Xuk5Sw2HN7BJeKRT/MIj0Y/UzcQ66BAbJLGtAZPDoVu3
gyyTIKIrfeIDosBqMKSK8ZBii7zhAzhVih51KL+yuTlEPqMeSw8zynrAluBppD6U
-----END CERTIFICATE-----