Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/RQrFURx6CQVAbWVN6ED9Sls3lR0.roa
File:                     RQrFURx6CQVAbWVN6ED9Sls3lR0.roa (raw, json)
Hash identifier:          uKuvy8xU4ud7UCOkGQxBTtVPnXIHCz3nFg4WzPtFhoQ=
Subject key identifier:   45:0A:C5:51:1C:7A:09:05:40:6D:65:4D:E8:40:FD:4A:5B:37:95:1D
Certificate issuer:       /CN=d795a7259f9537186493f482d55cef4b64b1c435
Certificate serial:       018CC56DDB03D2C3BA491C3A153688DF82BE
Authority key identifier: D7:95:A7:25:9F:95:37:18:64:93:F4:82:D5:5C:EF:4B:64:B1:C4:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15WnJZ-VNxhkk_SC1VzvS2SxxDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/RQrFURx6CQVAbWVN6ED9Sls3lR0.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34330
IP address blocks:        193.43.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/15WnJZ-VNxhkk_SC1VzvS2SxxDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/15WnJZ-VNxhkk_SC1VzvS2SxxDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/15WnJZ-VNxhkk_SC1VzvS2SxxDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:db:03:d2:c3:ba:49:1c:3a:15:36:88:df:82:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d795a7259f9537186493f482d55cef4b64b1c435
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=450ac5511c7a0905406d654de840fd4a5b37951d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c2:c7:4e:cd:93:52:be:d6:c3:42:21:10:75:
                    aa:33:51:3c:ab:48:3f:e1:ed:3b:34:ad:ea:5d:15:
                    2b:1d:3d:41:3e:0a:ae:b3:f7:ea:1b:7a:53:10:19:
                    6e:97:d5:b9:86:f8:a1:b1:dc:56:69:4d:d1:33:f9:
                    37:8a:1f:67:b9:74:3e:61:db:92:5b:44:fd:6e:a1:
                    61:0e:88:e4:6c:f8:5a:c9:dd:e5:d5:57:0a:dc:24:
                    01:59:2b:02:69:2b:ef:e1:f9:e2:51:93:9b:34:4e:
                    b0:02:10:1e:0e:06:24:d8:cb:e5:b1:f2:a0:df:35:
                    e0:47:a8:e1:c4:aa:31:ca:fa:70:27:f9:84:81:fe:
                    83:79:ad:8a:8d:b9:71:a7:af:0f:f8:37:ce:b9:70:
                    dd:55:79:ec:84:04:3e:cd:66:9a:9b:e8:b1:e6:42:
                    7e:99:6c:fb:c1:f2:96:de:61:1b:a6:58:08:59:37:
                    c7:11:db:e4:85:f8:be:c4:1f:fd:f4:b0:eb:1e:33:
                    e8:5b:1d:d4:87:38:5d:5a:5d:51:58:2a:aa:2e:de:
                    5d:5f:a4:2c:bc:9d:ea:6a:e5:d6:65:44:86:d6:47:
                    6c:6e:83:52:32:fe:99:af:0c:f7:6a:43:be:cc:ab:
                    3c:bc:7e:fc:bd:d1:c1:24:3a:5b:1d:da:e1:52:48:
                    3b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0A:C5:51:1C:7A:09:05:40:6D:65:4D:E8:40:FD:4A:5B:37:95:1D
            X509v3 Authority Key Identifier:
                keyid:D7:95:A7:25:9F:95:37:18:64:93:F4:82:D5:5C:EF:4B:64:B1:C4:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15WnJZ-VNxhkk_SC1VzvS2SxxDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/RQrFURx6CQVAbWVN6ED9Sls3lR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/daf87d-dfa4-4b14-93e2-b05db0bc97c4/1/15WnJZ-VNxhkk_SC1VzvS2SxxDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:b9:a4:63:32:6c:88:32:0f:1d:99:62:ac:52:4c:7a:78:db:
         fe:03:c7:bc:56:95:31:a2:a0:67:3d:23:52:0e:70:f4:3b:31:
         3f:b6:b7:33:8d:b9:95:f9:0e:c1:87:86:08:ba:81:e2:bf:70:
         50:7a:7b:e8:42:6d:21:87:92:33:a6:dc:f7:22:cc:5c:df:10:
         e5:94:ad:fc:6a:5f:74:06:ae:65:73:37:c0:74:7d:b3:c1:96:
         f5:c0:98:35:3c:5b:9c:61:fa:e8:9d:7e:da:66:ee:97:ae:9d:
         be:f9:8c:be:57:a5:24:01:4e:2f:b2:53:60:63:f2:1b:b9:ac:
         e6:2d:f5:08:dd:73:c1:b5:69:fc:94:45:4b:05:61:a8:41:57:
         fa:25:41:de:88:76:45:a0:e9:66:03:c1:35:47:3e:93:c8:c0:
         55:61:49:c4:16:bd:70:68:66:e5:4b:4e:07:8d:17:af:8e:29:
         b0:86:af:a8:a5:f8:e4:5a:2b:a1:f8:d3:8a:bb:ce:7a:e9:54:
         bf:6a:e3:08:86:9f:41:58:db:97:98:f1:a7:07:7f:36:a8:6b:
         d6:b5:ca:bc:89:bf:a7:a3:e1:d9:f4:9f:86:c9:42:c6:11:d8:
         e4:8c:2c:c2:22:fb:33:da:36:11:7d:d2:fe:e6:6b:00:91:2c:
         12:ff:f8:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbdsD0sO6SRw6FTaI34K+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTVhNzI1OWY5NTM3MTg2NDkzZjQ4MmQ1NWNlZjRiNjRi
MWM0MzUwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBhYzU1MTFjN2EwOTA1NDA2ZDY1NGRlODQwZmQ0YTViMzc5NTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMLHTs2TUr7Ww0IhEHWqM1E8q0g/
4e07NK3qXRUrHT1BPgqus/fqG3pTEBlul9W5hvihsdxWaU3RM/k3ih9nuXQ+YduS
W0T9bqFhDojkbPhayd3l1VcK3CQBWSsCaSvv4fniUZObNE6wAhAeDgYk2MvlsfKg
3zXgR6jhxKoxyvpwJ/mEgf6Dea2Kjblxp68P+DfOuXDdVXnshAQ+zWaam+ix5kJ+
mWz7wfKW3mEbplgIWTfHEdvkhfi+xB/99LDrHjPoWx3UhzhdWl1RWCqqLt5dX6Qs
vJ3qauXWZUSG1kdsboNSMv6Zrwz3akO+zKs8vH78vdHBJDpbHdrhUkg7nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUKxVEcegkFQG1lTehA/UpbN5UdMB8GA1UdIwQY
MBaAFNeVpyWflTcYZJP0gtVc70tkscQ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVXbkpaLVZOeGhra19TQzFWenZTMlN4eERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9kYWY4N2QtZGZhNC00YjE0LTkzZTIt
YjA1ZGIwYmM5N2M0LzEvUlFyRlVSeDZDUVZBYldWTjZFRDlTbHMzbFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9kYWY4N2QtZGZhNC00YjE0LTkzZTItYjA1ZGIwYmM5N2M0
LzEvMTVXbkpaLVZOeGhra19TQzFWenZTMlN4eERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwStNMA0G
CSqGSIb3DQEBCwUAA4IBAQCuuaRjMmyIMg8dmWKsUkx6eNv+A8e8VpUxoqBnPSNS
DnD0OzE/trczjbmV+Q7Bh4YIuoHiv3BQenvoQm0hh5Izptz3Isxc3xDllK38al90
Bq5lczfAdH2zwZb1wJg1PFucYfronX7aZu6Xrp2++Yy+V6UkAU4vslNgY/Ibuazm
LfUI3XPBtWn8lEVLBWGoQVf6JUHeiHZFoOlmA8E1Rz6TyMBVYUnEFr1waGblS04H
jRevjimwhq+opfjkWiuh+NOKu8566VS/auMIhp9BWNuXmPGnB382qGvWtcq8ib+n
o+HZ9J+GyULGEdjkjCzCIvsz2jYRfdL+5msAkSwS//jR
-----END CERTIFICATE-----