Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/t01_Z795Ev4hBhk_FFK1oMcZmcM.roa
File:                     t01_Z795Ev4hBhk_FFK1oMcZmcM.roa (raw, json)
Hash identifier:          evV5VJUHGUyQXRSfYIf28XMGphKGLIjE30vIQEKhsMk=
Subject key identifier:   B7:4D:7F:67:BF:79:12:FE:21:06:19:3F:14:52:B5:A0:C7:19:99:C3
Certificate issuer:       /CN=240e7594aae24a4fd6c38554517d8b9d6fae060d
Certificate serial:       018CC9B990EE57B06477900F4F25402C577B
Authority key identifier: 24:0E:75:94:AA:E2:4A:4F:D6:C3:85:54:51:7D:8B:9D:6F:AE:06:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JA51lKriSk_Ww4VUUX2LnW-uBg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/t01_Z795Ev4hBhk_FFK1oMcZmcM.roa
Signing time:             Tue 02 Jan 2024 10:30:30 +0000
ROA not before:           Tue 02 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        193.47.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/JA51lKriSk_Ww4VUUX2LnW-uBg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/JA51lKriSk_Ww4VUUX2LnW-uBg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JA51lKriSk_Ww4VUUX2LnW-uBg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:90:ee:57:b0:64:77:90:0f:4f:25:40:2c:57:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=240e7594aae24a4fd6c38554517d8b9d6fae060d
        Validity
            Not Before: Jan  2 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74d7f67bf7912fe2106193f1452b5a0c71999c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f4:5f:bc:66:6d:4d:49:06:c6:ab:ce:1c:f7:
                    a3:29:57:d5:09:f0:0f:52:85:d5:c9:9b:95:0d:e5:
                    85:3f:e4:0a:60:e8:19:1e:d4:0e:76:8f:4d:97:ae:
                    53:6c:23:f5:62:c6:1a:72:d0:9c:d7:13:ef:3f:fe:
                    7e:9f:a2:88:1e:d1:03:5f:55:b1:dc:aa:47:78:1d:
                    03:4f:40:d5:18:94:07:f0:6c:2f:3f:40:d5:ca:58:
                    ab:cc:4b:98:92:78:dd:41:9e:fb:77:b0:17:23:21:
                    db:65:d0:7a:1b:06:ce:26:df:ab:e6:6e:1e:93:d0:
                    5e:44:8e:a9:96:a5:9e:d5:14:e5:04:02:15:44:0f:
                    22:5b:65:96:23:c5:4c:70:e4:52:bd:ea:bf:3b:fc:
                    00:15:61:99:c7:31:25:a0:33:8b:be:3d:27:53:7b:
                    1f:5c:d5:78:47:ff:27:67:5a:4e:ea:1b:fc:c5:60:
                    aa:67:49:12:32:e5:06:62:c3:55:41:7a:48:f9:8d:
                    24:dd:99:4c:39:07:0e:f7:10:d9:8c:cd:f6:0d:ff:
                    d0:9e:4e:27:fe:5b:f6:ec:87:57:7b:5b:59:6e:ea:
                    43:80:fa:7e:65:9e:66:6f:1c:a8:82:4d:d7:a8:a2:
                    70:3e:e4:11:79:31:2b:56:b0:9a:07:84:f5:ff:56:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4D:7F:67:BF:79:12:FE:21:06:19:3F:14:52:B5:A0:C7:19:99:C3
            X509v3 Authority Key Identifier:
                keyid:24:0E:75:94:AA:E2:4A:4F:D6:C3:85:54:51:7D:8B:9D:6F:AE:06:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JA51lKriSk_Ww4VUUX2LnW-uBg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/t01_Z795Ev4hBhk_FFK1oMcZmcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5a260e-aec0-4e4a-aa85-4b8df098496d/1/JA51lKriSk_Ww4VUUX2LnW-uBg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:77:e6:05:bc:10:30:ea:2a:2d:c3:81:38:35:ee:f2:d7:00:
         46:82:bd:be:cf:db:c9:ae:bc:be:f4:64:2a:0c:87:d7:c8:15:
         ec:60:bb:13:0b:a6:26:49:14:c0:05:45:68:2e:b4:a6:75:11:
         1f:e0:67:b8:9c:0c:41:11:61:ae:e1:0f:61:95:d0:bf:1c:6d:
         7d:1e:fc:c2:27:33:7e:9e:c4:ab:ee:70:6b:8f:f9:d1:5f:20:
         46:31:d8:1d:ae:a8:db:08:d6:8d:0f:c4:8f:a6:35:19:47:ea:
         ee:ee:8f:4c:b6:5c:bd:87:3f:b2:44:05:d6:03:5d:24:dc:db:
         92:4e:8c:0a:f3:79:87:46:d3:de:17:67:31:11:da:47:db:af:
         1e:a3:89:e5:83:af:2e:c3:ca:db:1d:20:49:6d:eb:92:c4:17:
         f3:4b:f1:5e:20:53:79:2e:0f:6c:c0:65:5e:e1:f4:5d:d0:76:
         12:38:c3:83:87:61:0c:4b:c0:90:0a:f1:94:18:dd:6b:7f:af:
         1d:2e:8f:40:5a:32:8a:9f:ee:bf:2b:39:fc:e9:fa:58:9b:88:
         8c:91:72:23:3a:96:da:79:8a:9f:69:68:7d:28:db:9b:2b:9c:
         65:99:73:6e:9b:ae:b7:f9:1e:11:04:50:c7:32:7b:2e:46:25:
         de:98:87:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuZDuV7Bkd5APTyVALFd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MGU3NTk0YWFlMjRhNGZkNmMzODU1NDUxN2Q4YjlkNmZh
ZTA2MGQwHhcNMjQwMTAyMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRkN2Y2N2JmNzkxMmZlMjEwNjE5M2YxNDUyYjVhMGM3MTk5OWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPRfvGZtTUkGxqvOHPejKVfVCfAP
UoXVyZuVDeWFP+QKYOgZHtQOdo9Nl65TbCP1YsYactCc1xPvP/5+n6KIHtEDX1Wx
3KpHeB0DT0DVGJQH8GwvP0DVylirzEuYknjdQZ77d7AXIyHbZdB6GwbOJt+r5m4e
k9BeRI6plqWe1RTlBAIVRA8iW2WWI8VMcORSveq/O/wAFWGZxzEloDOLvj0nU3sf
XNV4R/8nZ1pO6hv8xWCqZ0kSMuUGYsNVQXpI+Y0k3ZlMOQcO9xDZjM32Df/Qnk4n
/lv27IdXe1tZbupDgPp+ZZ5mbxyogk3XqKJwPuQReTErVrCaB4T1/1abzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdNf2e/eRL+IQYZPxRStaDHGZnDMB8GA1UdIwQY
MBaAFCQOdZSq4kpP1sOFVFF9i51vrgYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkE1MWxLcmlTa19XdzRWVVVYMkxuVy11QmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81YTI2MGUtYWVjMC00ZTRhLWFhODUt
NGI4ZGYwOTg0OTZkLzEvdDAxX1o3OTVFdjRoQmhrX0ZGSzFvTWNabWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81YTI2MGUtYWVjMC00ZTRhLWFhODUtNGI4ZGYwOTg0OTZk
LzEvSkE1MWxLcmlTa19XdzRWVVVYMkxuVy11QmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS9RMA0G
CSqGSIb3DQEBCwUAA4IBAQCPd+YFvBAw6iotw4E4Ne7y1wBGgr2+z9vJrry+9GQq
DIfXyBXsYLsTC6YmSRTABUVoLrSmdREf4Ge4nAxBEWGu4Q9hldC/HG19HvzCJzN+
nsSr7nBrj/nRXyBGMdgdrqjbCNaND8SPpjUZR+ru7o9Mtly9hz+yRAXWA10k3NuS
TowK83mHRtPeF2cxEdpH268eo4nlg68uw8rbHSBJbeuSxBfzS/FeIFN5Lg9swGVe
4fRd0HYSOMODh2EMS8CQCvGUGN1rf68dLo9AWjKKn+6/Kzn86fpYm4iMkXIjOpba
eYqfaWh9KNubK5xlmXNum663+R4RBFDHMnsuRiXemId6
-----END CERTIFICATE-----