Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/dijUnIAyYA1OS824Oi2dRxlLZgo.roa
File:                     dijUnIAyYA1OS824Oi2dRxlLZgo.roa (raw, json)
Hash identifier:          xFfjY2Enzjb3iE2PwOtRbukShL5ntZuc/wYbrobBdos=
Subject key identifier:   76:28:D4:9C:80:32:60:0D:4E:4B:CD:B8:3A:2D:9D:47:19:4B:66:0A
Certificate issuer:       /CN=004718e7a263ebe45e7706739241ec6d6ae58e74
Certificate serial:       018CE29C122565259650EBE21BECB7114A93
Authority key identifier: 00:47:18:E7:A2:63:EB:E4:5E:77:06:73:92:41:EC:6D:6A:E5:8E:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/dijUnIAyYA1OS824Oi2dRxlLZgo.roa
Signing time:             Sun 07 Jan 2024 06:28:48 +0000
ROA not before:           Sun 07 Jan 2024 06:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196860
IP address blocks:        193.107.200.0/22 maxlen: 24
                          193.107.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e2:9c:12:25:65:25:96:50:eb:e2:1b:ec:b7:11:4a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=004718e7a263ebe45e7706739241ec6d6ae58e74
        Validity
            Not Before: Jan  7 06:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7628d49c8032600d4e4bcdb83a2d9d47194b660a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fa:27:a8:f6:bc:37:1e:e8:b7:b1:50:cb:c4:
                    e6:a5:8c:10:b7:ed:47:29:3e:cb:03:4f:9a:e5:90:
                    aa:42:9b:bf:ab:24:ec:3b:24:40:45:8d:4c:36:86:
                    0b:97:27:23:1b:ee:7f:f1:f5:68:db:e5:2d:bb:b5:
                    73:45:3e:4f:71:73:db:c8:bf:06:c8:5f:20:97:b1:
                    66:4e:74:56:60:d5:f0:61:a4:03:85:15:7a:bd:28:
                    c5:ce:81:9c:14:92:01:d2:b7:ef:d3:26:02:6e:98:
                    99:bf:f1:1a:e9:20:0d:67:30:7d:9a:37:88:f3:57:
                    c0:71:47:72:02:9d:c9:0c:f7:f7:39:46:1e:dd:d7:
                    ac:f8:67:b3:31:58:00:17:d2:f8:d7:b7:c5:9d:d7:
                    0a:0f:02:f1:6a:19:8e:1e:ed:24:80:18:52:61:5e:
                    c4:47:f5:07:5a:7d:f8:6a:36:86:f5:fd:7d:5f:fb:
                    01:ec:12:67:78:79:45:e9:c3:98:b6:fc:2d:c9:a7:
                    3b:2b:47:2d:85:51:21:4b:ab:b4:71:e7:8b:6a:a3:
                    07:30:5f:69:e9:bd:52:13:10:76:80:9d:0b:8c:02:
                    ad:cd:98:19:40:1f:c6:75:b7:99:05:29:d3:ea:4f:
                    b3:81:b9:07:1e:dd:24:91:e3:5d:79:57:23:29:16:
                    f3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:28:D4:9C:80:32:60:0D:4E:4B:CD:B8:3A:2D:9D:47:19:4B:66:0A
            X509v3 Authority Key Identifier:
                keyid:00:47:18:E7:A2:63:EB:E4:5E:77:06:73:92:41:EC:6D:6A:E5:8E:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEcY56Jj6-RedwZzkkHsbWrljnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/dijUnIAyYA1OS824Oi2dRxlLZgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/3eecf8-eb04-41ce-a9f6-3a91a613a407/1/AEcY56Jj6-RedwZzkkHsbWrljnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:78:5b:82:b4:64:4b:3b:29:1e:75:36:2a:e1:58:db:00:30:
         c3:b0:e3:67:6d:77:c4:fe:27:a9:29:4b:e1:0b:6c:00:3b:89:
         68:cf:20:95:7b:a2:19:20:46:43:04:46:96:51:de:6a:1d:65:
         bc:3d:ec:9b:1a:24:3c:8f:32:fc:80:95:63:4d:db:eb:c8:a3:
         12:8d:b9:4d:d8:e9:36:a0:60:99:ac:49:4f:81:dd:a0:2d:b1:
         f4:73:08:b0:ca:0b:f8:39:71:31:07:f8:71:e8:1f:50:e6:9f:
         15:4f:5c:2c:c1:c0:dc:74:e6:8f:a4:d3:d1:4d:24:5b:be:43:
         a2:b5:3c:f0:1e:86:0a:f4:93:c2:ba:be:98:6c:c2:00:fa:71:
         fa:76:72:b9:49:fb:d6:0b:9d:3e:4a:fe:cc:f0:72:fe:88:1a:
         cc:2f:55:1f:ba:a9:b7:c8:e0:96:02:e5:a3:52:ac:02:9d:83:
         0d:c7:bd:e6:43:d0:28:48:34:75:7f:9b:de:82:49:f3:2c:f1:
         63:b5:dc:f3:2b:d6:a5:e7:25:26:9d:cd:4f:8e:36:63:6b:a3:
         79:7d:0e:e9:9d:e4:8b:76:b0:aa:e4:71:df:88:35:e8:95:ef:
         2a:69:d5:9d:66:3b:c7:84:95:7c:d3:76:e1:33:c3:4f:5d:a6:
         c4:0d:7b:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzinBIlZSWWUOviG+y3EUqTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNDcxOGU3YTI2M2ViZTQ1ZTc3MDY3MzkyNDFlYzZkNmFl
NThlNzQwHhcNMjQwMTA3MDYyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjI4ZDQ5YzgwMzI2MDBkNGU0YmNkYjgzYTJkOWQ0NzE5NGI2NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPonqPa8Nx7ot7FQy8TmpYwQt+1H
KT7LA0+a5ZCqQpu/qyTsOyRARY1MNoYLlycjG+5/8fVo2+Utu7VzRT5PcXPbyL8G
yF8gl7FmTnRWYNXwYaQDhRV6vSjFzoGcFJIB0rfv0yYCbpiZv/Ea6SANZzB9mjeI
81fAcUdyAp3JDPf3OUYe3des+GezMVgAF9L417fFndcKDwLxahmOHu0kgBhSYV7E
R/UHWn34ajaG9f19X/sB7BJneHlF6cOYtvwtyac7K0cthVEhS6u0ceeLaqMHMF9p
6b1SExB2gJ0LjAKtzZgZQB/GdbeZBSnT6k+zgbkHHt0kkeNdeVcjKRbzKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYo1JyAMmANTkvNuDotnUcZS2YKMB8GA1UdIwQY
MBaAFABHGOeiY+vkXncGc5JB7G1q5Y50MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVjWTU2Smo2LVJlZHdaemtrSHNiV3Jsam5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8zZWVjZjgtZWIwNC00MWNlLWE5ZjYt
M2E5MWE2MTNhNDA3LzEvZGlqVW5JQXlZQTFPUzgyNE9pMmRSeGxMWmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8zZWVjZjgtZWIwNC00MWNlLWE5ZjYtM2E5MWE2MTNhNDA3
LzEvQUVjWTU2Smo2LVJlZHdaemtrSHNiV3Jsam5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWvIMA0G
CSqGSIb3DQEBCwUAA4IBAQCDeFuCtGRLOykedTYq4VjbADDDsONnbXfE/iepKUvh
C2wAO4lozyCVe6IZIEZDBEaWUd5qHWW8PeybGiQ8jzL8gJVjTdvryKMSjblN2Ok2
oGCZrElPgd2gLbH0cwiwygv4OXExB/hx6B9Q5p8VT1wswcDcdOaPpNPRTSRbvkOi
tTzwHoYK9JPCur6YbMIA+nH6dnK5SfvWC50+Sv7M8HL+iBrML1Ufuqm3yOCWAuWj
UqwCnYMNx73mQ9AoSDR1f5vegknzLPFjtdzzK9al5yUmnc1PjjZja6N5fQ7pneSL
drCq5HHfiDXole8qadWdZjvHhJV803bhM8NPXabEDXu4
-----END CERTIFICATE-----