Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/T6u-O7Yskk01cBCrVjMPI_vtBDc.roa
File:                     T6u-O7Yskk01cBCrVjMPI_vtBDc.roa (raw, json)
Hash identifier:          EfbOxeZJLKOIzKH92/ZxefZTGwebZrzvgz0YoK09jM4=
Subject key identifier:   4F:AB:BE:3B:B6:2C:92:4D:35:70:10:AB:56:33:0F:23:FB:ED:04:37
Certificate issuer:       /CN=09633ef6550a82af315146a942cf3559557c1fe2
Certificate serial:       018CC94DE1B9FC1065B4543A1D37ABEAF536
Authority key identifier: 09:63:3E:F6:55:0A:82:AF:31:51:46:A9:42:CF:35:59:55:7C:1F:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/T6u-O7Yskk01cBCrVjMPI_vtBDc.roa
Signing time:             Tue 02 Jan 2024 08:32:53 +0000
ROA not before:           Tue 02 Jan 2024 08:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20559
IP address blocks:        193.105.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:e1:b9:fc:10:65:b4:54:3a:1d:37:ab:ea:f5:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09633ef6550a82af315146a942cf3559557c1fe2
        Validity
            Not Before: Jan  2 08:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fabbe3bb62c924d357010ab56330f23fbed0437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2f:a8:67:00:c9:53:60:5f:9b:7b:87:50:38:
                    8d:25:79:90:0a:d1:26:07:46:fa:9e:3c:84:a5:6e:
                    97:5f:28:ba:ef:a4:ec:27:3a:db:8f:db:3e:a7:d0:
                    fa:02:22:1a:e2:89:e2:bc:ac:db:9a:1d:8b:73:eb:
                    e2:12:2e:ec:82:ff:a4:7f:77:eb:7e:3b:4a:21:ab:
                    dc:26:33:b9:1a:58:f3:eb:cf:19:34:a9:f5:ca:f6:
                    48:14:cd:cf:04:aa:b3:6a:b7:1a:89:59:5e:d9:ec:
                    1b:c6:4e:62:ea:8b:fd:d3:b4:26:fc:91:ea:56:0e:
                    65:0d:7f:6e:b8:26:7a:fb:d4:85:d0:4b:ed:e4:c7:
                    63:cd:f7:17:ab:59:e1:e7:a8:c3:45:55:d8:3e:95:
                    c5:49:66:08:f7:a2:16:ca:21:32:70:dd:42:33:58:
                    2e:9d:ad:21:d2:36:e0:42:90:b9:90:f2:42:02:ea:
                    9d:84:82:dc:bc:47:77:af:35:dd:3c:80:35:4d:d9:
                    31:aa:ba:e4:16:0e:91:63:ad:e5:b5:35:d2:24:5c:
                    f4:93:ee:7a:32:36:04:87:71:5c:a3:b3:5e:bf:30:
                    04:4a:f6:e3:de:35:ab:c2:d1:0e:fd:96:cd:45:d3:
                    2c:70:45:d0:0a:15:c6:fc:92:1f:a3:b3:7f:82:32:
                    69:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:AB:BE:3B:B6:2C:92:4D:35:70:10:AB:56:33:0F:23:FB:ED:04:37
            X509v3 Authority Key Identifier:
                keyid:09:63:3E:F6:55:0A:82:AF:31:51:46:A9:42:CF:35:59:55:7C:1F:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/T6u-O7Yskk01cBCrVjMPI_vtBDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:9f:9a:0a:e8:4a:2a:a6:2a:00:05:d1:2e:ab:71:fe:f1:07:
         4a:52:25:0c:40:57:44:a1:09:54:5e:3b:95:eb:fe:c7:ae:c9:
         2e:14:8c:55:32:b1:ac:5f:92:77:db:9c:e7:10:21:ef:48:69:
         a4:81:55:0d:4c:c5:8a:1a:d6:d1:1c:96:a6:73:11:e1:26:f9:
         fb:9a:ab:21:61:ed:38:fe:53:15:eb:a7:a4:33:f1:d5:a2:00:
         06:a7:2d:7f:5e:22:dd:61:81:ca:b4:e6:78:23:ed:c5:ae:4d:
         a1:bf:0f:c8:7a:47:44:5f:02:e8:39:46:2a:a6:9b:26:0b:bc:
         a2:82:6c:4c:00:89:fc:17:45:4c:58:82:7e:78:88:26:94:e3:
         26:04:45:d8:58:59:5a:d0:a2:37:f1:40:96:2c:f7:c8:0f:de:
         04:3f:a3:f3:06:79:25:18:d1:7b:78:58:3a:75:ab:ab:92:f2:
         d8:d5:21:1b:38:d8:45:c6:a8:3e:03:62:0f:85:9f:b1:71:4e:
         af:6b:a7:ed:7d:0a:14:ce:f3:df:99:49:b2:c9:e2:44:ae:22:
         b8:04:5c:2c:8f:ab:dc:93:4d:a2:c5:6f:ed:33:40:18:ab:84:
         21:6f:a7:ea:11:25:21:b0:26:a8:a3:59:01:2a:fe:70:22:91:
         27:f0:b4:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTeG5/BBltFQ6HTer6vU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjMzZWY2NTUwYTgyYWYzMTUxNDZhOTQyY2YzNTU5NTU3
YzFmZTIwHhcNMjQwMTAyMDgzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmFiYmUzYmI2MmM5MjRkMzU3MDEwYWI1NjMzMGYyM2ZiZWQwNDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS+oZwDJU2Bfm3uHUDiNJXmQCtEm
B0b6njyEpW6XXyi676TsJzrbj9s+p9D6AiIa4onivKzbmh2Lc+viEi7sgv+kf3fr
fjtKIavcJjO5Gljz688ZNKn1yvZIFM3PBKqzarcaiVle2ewbxk5i6ov907Qm/JHq
Vg5lDX9uuCZ6+9SF0Evt5MdjzfcXq1nh56jDRVXYPpXFSWYI96IWyiEycN1CM1gu
na0h0jbgQpC5kPJCAuqdhILcvEd3rzXdPIA1TdkxqrrkFg6RY63ltTXSJFz0k+56
MjYEh3Fco7NevzAESvbj3jWrwtEO/ZbNRdMscEXQChXG/JIfo7N/gjJpnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+rvju2LJJNNXAQq1YzDyP77QQ3MB8GA1UdIwQY
MBaAFAljPvZVCoKvMVFGqULPNVlVfB/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dNLTlsVUtncTh4VVVhcFFzODFXVlY4SC1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zNGQ1NDgtZTAyZi00ZjgyLWJhZWIt
YmIxZGYxYjNkMzJkLzEvVDZ1LU83WXNrazAxY0JDclZqTVBJX3Z0QkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zNGQ1NDgtZTAyZi00ZjgyLWJhZWItYmIxZGYxYjNkMzJk
LzEvQ1dNLTlsVUtncTh4VVVhcFFzODFXVlY4SC1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkMMA0G
CSqGSIb3DQEBCwUAA4IBAQCJn5oK6EoqpioABdEuq3H+8QdKUiUMQFdEoQlUXjuV
6/7HrskuFIxVMrGsX5J325znECHvSGmkgVUNTMWKGtbRHJamcxHhJvn7mqshYe04
/lMV66ekM/HVogAGpy1/XiLdYYHKtOZ4I+3Frk2hvw/IekdEXwLoOUYqppsmC7yi
gmxMAIn8F0VMWIJ+eIgmlOMmBEXYWFla0KI38UCWLPfID94EP6PzBnklGNF7eFg6
daurkvLY1SEbONhFxqg+A2IPhZ+xcU6va6ftfQoUzvPfmUmyyeJEriK4BFwsj6vc
k02ixW/tM0AYq4Qhb6fqESUhsCaoo1kBKv5wIpEn8LTN
-----END CERTIFICATE-----