Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/1-9SeZ9RYKfbjwKce4mRmIJXHLhg.roa
File:                     1-9SeZ9RYKfbjwKce4mRmIJXHLhg.roa (raw, json)
Hash identifier:          8FCGkP6Xo9WT81+2Y+S9kzO3e8Zbo2+DSohlaYde5s8=
Subject key identifier:   FB:D4:9E:67:D4:58:29:F6:E3:C0:A7:1E:E2:64:66:20:95:C7:2E:18
Certificate issuer:       /CN=004718e7a263ebe45e7706739241ec6d6ae58e74
Certificate serial:       018D2FEF99B2210ACC26BD5A333A02E07F49
Authority key identifier: 00:47:18:E7:A2:63:EB:E4:5E:77:06:73:92:41:EC:6D:6A:E5:8E:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/1-9SeZ9RYKfbjwKce4mRmIJXHLhg.roa
Signing time:             Mon 22 Jan 2024 06:50:48 +0000
ROA not before:           Mon 22 Jan 2024 06:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28907
IP address blocks:        193.107.200.0/22 maxlen: 24
                          193.107.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2f:ef:99:b2:21:0a:cc:26:bd:5a:33:3a:02:e0:7f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=004718e7a263ebe45e7706739241ec6d6ae58e74
        Validity
            Not Before: Jan 22 06:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbd49e67d45829f6e3c0a71ee264662095c72e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:5d:22:11:69:79:1b:e4:02:69:23:12:6e:
                    fe:80:64:90:04:08:2d:53:b0:9a:5a:2b:81:5c:d2:
                    5f:4e:78:af:61:60:86:12:59:42:b3:08:42:56:2e:
                    cf:87:88:3b:74:3d:fb:51:5a:fd:69:8a:99:9f:a3:
                    ee:b3:10:ce:18:96:30:a1:c6:a9:66:d0:44:57:be:
                    ee:2d:6d:04:a8:ce:17:62:f5:79:b7:76:9b:6b:37:
                    47:37:86:6b:5f:fd:d5:a4:1d:91:6a:1f:62:ec:a8:
                    bf:50:2b:c3:77:4f:bb:ea:ca:6b:15:20:c9:d3:f5:
                    d2:b1:ee:4f:72:f8:51:c3:8f:f1:53:61:29:25:b6:
                    07:25:4a:89:7c:ea:b4:ae:e9:4f:6f:21:c5:ce:36:
                    8a:aa:6f:35:d2:4d:85:52:60:b4:0e:a4:72:d2:bb:
                    da:79:db:2e:1e:83:a2:d7:1e:9e:fd:73:a0:a0:0f:
                    af:33:ca:b2:bb:9c:82:70:a0:32:29:77:74:48:3d:
                    4a:28:c6:d1:2b:21:dd:4c:64:b5:b7:74:6a:12:35:
                    bd:24:34:35:19:50:5b:89:c7:5d:6d:86:08:66:03:
                    63:28:a4:5e:b0:02:ac:ed:a3:f8:d2:c4:36:a5:fd:
                    e0:17:86:91:42:c5:39:87:24:a9:65:7f:51:47:85:
                    95:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D4:9E:67:D4:58:29:F6:E3:C0:A7:1E:E2:64:66:20:95:C7:2E:18
            X509v3 Authority Key Identifier:
                keyid:00:47:18:E7:A2:63:EB:E4:5E:77:06:73:92:41:EC:6D:6A:E5:8E:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/1-9SeZ9RYKfbjwKce4mRmIJXHLhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:96:e7:34:43:2e:a9:d1:57:22:12:c4:21:1f:82:1c:40:e6:
         36:7a:98:ac:69:be:8d:18:67:7c:4f:86:90:2d:b1:91:66:cf:
         56:39:e3:55:c4:22:3d:37:c5:b0:46:79:0e:74:73:60:b2:b5:
         5a:9e:67:65:e7:31:5f:0c:f0:6e:ca:03:5f:21:ac:80:3e:16:
         7d:c9:ed:ca:3d:6b:37:df:65:3f:5b:1c:e2:9e:de:3f:79:4d:
         0d:cd:cf:04:33:d5:b6:4e:65:f9:31:9b:ca:00:13:4e:15:ad:
         80:82:ec:e5:8f:63:6d:37:f6:bc:1e:39:d0:85:88:84:3b:e0:
         b3:df:a6:8c:5e:a3:b4:7c:8e:14:55:da:61:12:c6:71:a6:11:
         0c:5f:a8:e1:4e:49:84:60:10:0e:c7:10:2e:63:22:8e:08:04:
         94:12:2b:8d:41:f5:23:43:51:ef:b8:dc:34:8a:83:ca:14:35:
         aa:c9:c6:d7:40:d2:f1:61:37:af:f5:ae:54:41:9e:62:b7:2f:
         b6:82:7c:9b:93:4f:e4:14:6f:bd:9c:56:44:83:85:b0:34:95:
         1f:c1:3d:13:17:a8:a5:b9:e4:b0:50:2b:79:a6:c2:1e:ba:c3:
         1c:e6:ad:fb:42:3b:74:36:7c:93:80:2a:90:52:b7:a2:5c:82:
         d2:f0:7f:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0v75myIQrMJr1aMzoC4H9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNDcxOGU3YTI2M2ViZTQ1ZTc3MDY3MzkyNDFlYzZkNmFl
NThlNzQwHhcNMjQwMTIyMDY1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ0OWU2N2Q0NTgyOWY2ZTNjMGE3MWVlMjY0NjYyMDk1YzcyZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuZdIhFpeRvkAmkjEm7+gGSQBAgt
U7CaWiuBXNJfTnivYWCGEllCswhCVi7Ph4g7dD37UVr9aYqZn6PusxDOGJYwocap
ZtBEV77uLW0EqM4XYvV5t3abazdHN4ZrX/3VpB2Rah9i7Ki/UCvDd0+76sprFSDJ
0/XSse5PcvhRw4/xU2EpJbYHJUqJfOq0rulPbyHFzjaKqm810k2FUmC0DqRy0rva
edsuHoOi1x6e/XOgoA+vM8qyu5yCcKAyKXd0SD1KKMbRKyHdTGS1t3RqEjW9JDQ1
GVBbicddbYYIZgNjKKResAKs7aP40sQ2pf3gF4aRQsU5hySpZX9RR4WVZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvUnmfUWCn248CnHuJkZiCVxy4YMB8GA1UdIwQY
MBaAFABHGOeiY+vkXncGc5JB7G1q5Y50MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVjWTU2Smo2LVJlZHdaemtrSHNiV3Jsam5RLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8zZWVjZjgtZWIwNC00MWNlLWE5ZjYt
M2E5MWE2MTNhNDA3LzEvMS05U2VaOVJZS2ZiandLY2U0bVJtSUpYSExoZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDQvM2VlY2Y4LWViMDQtNDFjZS1hOWY2LTNhOTFhNjEzYTQw
Ny8xL0FFY1k1NkpqNi1SZWR3Wnpra0hzYldybGpuUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsFryDAN
BgkqhkiG9w0BAQsFAAOCAQEAmJbnNEMuqdFXIhLEIR+CHEDmNnqYrGm+jRhnfE+G
kC2xkWbPVjnjVcQiPTfFsEZ5DnRzYLK1Wp5nZecxXwzwbsoDXyGsgD4Wfcntyj1r
N99lP1sc4p7eP3lNDc3PBDPVtk5l+TGbygATThWtgILs5Y9jbTf2vB450IWIhDvg
s9+mjF6jtHyOFFXaYRLGcaYRDF+o4U5JhGAQDscQLmMijggElBIrjUH1I0NR77jc
NIqDyhQ1qsnG10DS8WE3r/WuVEGeYrcvtoJ8m5NP5BRvvZxWRIOFsDSVH8E9Exeo
pbnksFAreabCHrrDHOat+0I7dDZ8k4AqkFK3olyC0vB/TQ==
-----END CERTIFICATE-----