Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/0Z4UINo-i0OZ4wqEf6tHWZlgKes.roa
File:                     0Z4UINo-i0OZ4wqEf6tHWZlgKes.roa (raw, json)
Hash identifier:          5EprPere+U89zcZoAWOvap77HYO2+2uiFZsuqKvvfHc=
Subject key identifier:   D1:9E:14:20:DA:3E:8B:43:99:E3:0A:84:7F:AB:47:59:99:60:29:EB
Certificate issuer:       /CN=306134bcf59f581d6b76630cfa87867876a29215
Certificate serial:       018E74E6C77BE09EE21FD9392B1450EB6DFA
Authority key identifier: 30:61:34:BC:F5:9F:58:1D:6B:76:63:0C:FA:87:86:78:76:A2:92:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGE0vPWfWB1rdmMM-oeGeHaikhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/0Z4UINo-i0OZ4wqEf6tHWZlgKes.roa
Signing time:             Mon 25 Mar 2024 09:17:45 +0000
ROA not before:           Mon 25 Mar 2024 09:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5500
IP address blocks:        193.93.203.0/24 maxlen: 24
                          2a02:56c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/MGE0vPWfWB1rdmMM-oeGeHaikhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/MGE0vPWfWB1rdmMM-oeGeHaikhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGE0vPWfWB1rdmMM-oeGeHaikhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:e6:c7:7b:e0:9e:e2:1f:d9:39:2b:14:50:eb:6d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=306134bcf59f581d6b76630cfa87867876a29215
        Validity
            Not Before: Mar 25 09:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d19e1420da3e8b4399e30a847fab4759996029eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:37:07:1f:12:9c:0d:31:3e:63:28:cb:d8:9d:
                    41:9c:bf:ca:64:35:66:f2:9d:17:b2:8a:fd:27:cf:
                    00:78:f1:f6:1e:73:46:d7:15:43:d8:a6:04:e7:92:
                    6b:77:32:d2:a2:e9:f1:48:37:2e:b6:da:00:3c:8d:
                    14:6b:c5:58:9a:fa:0e:fb:c4:21:78:a8:dc:8d:19:
                    ec:4e:51:94:54:36:3b:b2:77:7e:63:87:5c:fe:ca:
                    70:e2:8d:af:8e:9a:be:89:3f:61:8b:38:63:65:93:
                    6c:95:27:6f:3c:5a:40:d2:06:ed:bf:2b:a1:67:e4:
                    ba:5a:5a:9a:c2:71:1f:83:be:b3:f2:48:36:69:ba:
                    e1:4b:9d:be:b4:b7:6e:2a:7f:50:b6:25:f8:fe:9a:
                    a4:70:a1:f0:d6:79:61:8c:25:39:0a:ce:a4:c0:3c:
                    70:59:ce:97:b7:6d:e4:85:61:96:22:3b:50:b9:bc:
                    6e:c1:9e:12:ac:7f:49:f6:b2:c2:06:27:a1:1c:1e:
                    50:78:c2:fc:b2:b3:d1:0c:2e:c5:d1:3b:d9:6d:15:
                    58:03:36:7c:b9:85:9a:31:42:1e:9e:37:31:5b:8d:
                    cf:47:8e:4b:fe:ff:ba:e2:71:04:ec:bc:c8:14:7d:
                    2a:a8:21:1f:1e:34:f5:bb:f5:77:a6:dc:a8:80:fe:
                    6a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9E:14:20:DA:3E:8B:43:99:E3:0A:84:7F:AB:47:59:99:60:29:EB
            X509v3 Authority Key Identifier:
                keyid:30:61:34:BC:F5:9F:58:1D:6B:76:63:0C:FA:87:86:78:76:A2:92:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGE0vPWfWB1rdmMM-oeGeHaikhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/0Z4UINo-i0OZ4wqEf6tHWZlgKes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/MGE0vPWfWB1rdmMM-oeGeHaikhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.203.0/24
                IPv6:
                  2a02:56c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:28:7c:95:1a:8b:21:da:fe:50:f7:33:5b:86:d5:b5:7d:18:
         8f:ff:b1:ab:da:ce:44:b6:39:97:0d:f3:39:d6:69:c2:3a:49:
         68:28:d2:78:bd:53:17:e8:37:c3:7b:94:6f:52:08:d0:c5:6e:
         7a:a7:f6:9d:47:30:c2:91:9a:ec:48:f0:45:7e:fd:11:63:92:
         e4:fe:40:e0:76:e4:fc:40:c6:c7:38:c4:84:92:34:1a:55:96:
         b6:a0:f7:3e:74:3a:a7:ed:a2:62:98:4a:8b:93:4e:d9:b6:ea:
         fe:ea:bc:05:50:e5:c6:c9:ca:c0:3e:88:a9:80:e4:69:ab:0d:
         57:86:33:4a:21:ec:ba:96:d2:66:ad:45:66:a2:d2:11:d9:b8:
         47:86:5d:4a:a9:a7:bb:2c:0e:a7:5f:74:1a:ef:ca:8e:6f:9f:
         c0:ab:4e:07:54:da:ef:b7:b3:f6:a0:e9:b4:e9:01:42:65:4f:
         59:45:33:d8:94:57:55:82:58:21:3f:bc:0d:1b:38:28:0f:ce:
         14:bb:06:a8:d2:91:7b:76:9c:8c:e9:62:e0:0e:47:d6:60:e2:
         dd:cb:a6:58:58:55:d4:4f:73:16:3a:41:1e:0a:73:ef:74:d7:
         18:33:ee:c5:fb:76:b7:aa:e1:c1:44:ff:68:84:01:8c:67:a7:
         b6:ba:b8:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY505sd74J7iH9k5KxRQ6236MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjEzNGJjZjU5ZjU4MWQ2Yjc2NjMwY2ZhODc4Njc4NzZh
MjkyMTUwHhcNMjQwMzI1MDkxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTllMTQyMGRhM2U4YjQzOTllMzBhODQ3ZmFiNDc1OTk5NjAyOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTcHHxKcDTE+YyjL2J1BnL/KZDVm
8p0Xsor9J88AePH2HnNG1xVD2KYE55JrdzLSounxSDcuttoAPI0Ua8VYmvoO+8Qh
eKjcjRnsTlGUVDY7snd+Y4dc/spw4o2vjpq+iT9hizhjZZNslSdvPFpA0gbtvyuh
Z+S6WlqawnEfg76z8kg2abrhS52+tLduKn9QtiX4/pqkcKHw1nlhjCU5Cs6kwDxw
Wc6Xt23khWGWIjtQubxuwZ4SrH9J9rLCBiehHB5QeML8srPRDC7F0TvZbRVYAzZ8
uYWaMUIenjcxW43PR45L/v+64nEE7LzIFH0qqCEfHjT1u/V3ptyogP5q/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNGeFCDaPotDmeMKhH+rR1mZYCnrMB8GA1UdIwQY
MBaAFDBhNLz1n1gda3ZjDPqHhnh2opIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdFMHZQV2ZXQjFyZG1NTS1vZUdlSGFpa2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hODk0MWEtNzI1MC00OGVjLWFhZjgt
NmQ4ZWE5ZDFjZDczLzEvMFo0VUlOby1pME9aNHdxRWY2dEhXWmxnS2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hODk0MWEtNzI1MC00OGVjLWFhZjgtNmQ4ZWE5ZDFjZDcz
LzEvTUdFMHZQV2ZXQjFyZG1NTS1vZUdlSGFpa2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwV3LMA0E
AgACMAcDBQAqAlbAMA0GCSqGSIb3DQEBCwUAA4IBAQAdKHyVGosh2v5Q9zNbhtW1
fRiP/7Gr2s5EtjmXDfM51mnCOkloKNJ4vVMX6DfDe5RvUgjQxW56p/adRzDCkZrs
SPBFfv0RY5Lk/kDgduT8QMbHOMSEkjQaVZa2oPc+dDqn7aJimEqLk07Ztur+6rwF
UOXGycrAPoipgORpqw1XhjNKIey6ltJmrUVmotIR2bhHhl1Kqae7LA6nX3Qa78qO
b5/Aq04HVNrvt7P2oOm06QFCZU9ZRTPYlFdVglghP7wNGzgoD84Uuwao0pF7dpyM
6WLgDkfWYOLdy6ZYWFXUT3MWOkEeCnPvdNcYM+7F+3a3quHBRP9ohAGMZ6e2urhS
-----END CERTIFICATE-----