Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/ls09SLbJF8oRlhhxYa071cLLPCk.roa
File:                     ls09SLbJF8oRlhhxYa071cLLPCk.roa (raw, json)
Hash identifier:          mFXYiKZlwiRsxhT1L8dqnSGqORUTkcqR3iHw8ia+WIY=
Subject key identifier:   96:CD:3D:48:B6:C9:17:CA:11:96:18:71:61:AD:3B:D5:C2:CB:3C:29
Certificate issuer:       /CN=58a763f0c467abaa701d968c3749c6dad03489b0
Certificate serial:       018CC7957875AE34D31B51393F75AB6A4C2A
Authority key identifier: 58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/ls09SLbJF8oRlhhxYa071cLLPCk.roa
Signing time:             Tue 02 Jan 2024 00:31:50 +0000
ROA not before:           Tue 02 Jan 2024 00:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15935
IP address blocks:        193.228.234.0/24 maxlen: 24
                          2001:67c:1314::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:78:75:ae:34:d3:1b:51:39:3f:75:ab:6a:4c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a763f0c467abaa701d968c3749c6dad03489b0
        Validity
            Not Before: Jan  2 00:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96cd3d48b6c917ca1196187161ad3bd5c2cb3c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:77:1c:e9:13:c4:3e:b9:3c:9b:94:11:da:
                    e2:ee:59:a6:19:1e:b7:17:1b:f3:8a:e1:4a:22:9d:
                    34:c5:8b:a2:08:6b:ae:3b:d0:71:ac:11:f7:21:45:
                    79:68:70:02:0c:a6:e2:bc:89:46:f1:1b:f6:39:d8:
                    0a:64:c8:a6:76:33:92:48:26:f7:51:d9:5e:5e:73:
                    85:5e:f0:cf:0b:c8:f9:d6:c5:d5:0f:6c:a4:5e:ea:
                    e3:5b:57:2d:01:f0:7b:aa:e0:32:f8:84:35:12:37:
                    c8:fd:d7:ac:9c:4f:35:65:94:aa:d0:18:5b:a6:e0:
                    d6:97:1e:24:0a:30:ae:ea:11:a0:5d:3f:0f:32:a4:
                    bb:e8:b4:b4:4e:aa:5c:dc:e7:af:40:1a:2c:f9:bf:
                    63:00:53:6c:c3:54:b5:4d:02:07:e2:ca:aa:ef:70:
                    75:7c:23:9e:38:3d:17:26:12:18:db:e2:a6:6d:12:
                    e5:12:50:62:f5:cc:f3:75:37:36:11:d5:7c:1e:b7:
                    69:92:08:3d:b1:bb:18:18:e0:e8:1f:7b:e0:83:87:
                    e3:8e:67:0d:1b:e1:04:a8:d1:fd:f9:cf:e2:40:ca:
                    9a:4e:d0:14:83:e5:85:2f:44:73:4f:0b:5b:21:b8:
                    9d:91:f3:92:79:cf:c5:ef:db:04:02:02:08:bf:93:
                    50:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:CD:3D:48:B6:C9:17:CA:11:96:18:71:61:AD:3B:D5:C2:CB:3C:29
            X509v3 Authority Key Identifier:
                keyid:58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/ls09SLbJF8oRlhhxYa071cLLPCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.234.0/24
                IPv6:
                  2001:67c:1314::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:54:5d:dc:4e:e7:f1:05:a3:56:7f:34:cf:9c:59:80:d5:43:
         ab:b4:9b:bd:f8:b7:72:c0:c8:78:e7:bf:6a:ba:d8:1e:a2:1d:
         61:60:ab:5b:95:2c:05:29:be:3f:12:35:67:f8:be:90:ce:75:
         e8:3e:99:01:ed:8d:a8:aa:ee:5d:9f:e8:eb:80:82:8c:7a:49:
         d2:20:31:5b:e4:48:03:5a:6c:e6:d7:ca:5c:b5:9b:3d:1d:9b:
         77:e1:f7:7c:71:7c:0a:81:af:9e:74:05:24:cb:12:e1:cd:6c:
         96:22:7d:15:8d:79:83:84:e8:6b:74:69:b7:3c:0d:db:b8:ca:
         18:ee:7b:c3:85:36:11:75:c2:13:25:a2:c3:91:39:d9:6f:d7:
         de:17:86:85:6f:d3:01:4b:5f:5b:9f:e6:2d:86:53:d7:be:e8:
         4f:8a:20:05:94:cb:e5:df:f7:62:bf:42:f3:46:71:af:4a:08:
         9d:60:02:d1:92:65:25:00:84:97:ca:a7:ae:c2:e9:6e:76:39:
         5b:b6:c7:04:ea:a1:14:e3:5d:40:64:ee:53:bd:df:0c:6e:d0:
         88:3c:ca:a2:dc:d6:96:5a:fe:01:cf:c8:b0:5d:22:88:25:25:
         0a:54:2b:ba:c4:18:31:e0:2c:d1:f9:8f:38:0a:0b:a5:f0:b1:
         1e:1c:6d:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlXh1rjTTG1E5P3WrakwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTc2M2YwYzQ2N2FiYWE3MDFkOTY4YzM3NDljNmRhZDAz
NDg5YjAwHhcNMjQwMTAyMDAzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmNkM2Q0OGI2YzkxN2NhMTE5NjE4NzE2MWFkM2JkNWMyY2IzYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimF3HOkTxD65PJuUEdri7lmmGR63
FxvziuFKIp00xYuiCGuuO9BxrBH3IUV5aHACDKbivIlG8Rv2OdgKZMimdjOSSCb3
UdleXnOFXvDPC8j51sXVD2ykXurjW1ctAfB7quAy+IQ1EjfI/desnE81ZZSq0Bhb
puDWlx4kCjCu6hGgXT8PMqS76LS0Tqpc3OevQBos+b9jAFNsw1S1TQIH4sqq73B1
fCOeOD0XJhIY2+KmbRLlElBi9czzdTc2EdV8Hrdpkgg9sbsYGODoH3vgg4fjjmcN
G+EEqNH9+c/iQMqaTtAUg+WFL0RzTwtbIbidkfOSec/F79sEAgIIv5NQ0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJbNPUi2yRfKEZYYcWGtO9XCyzwpMB8GA1UdIwQY
MBaAFFinY/DEZ6uqcB2WjDdJxtrQNImwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMt
MDk4ZjdjNWZkOTc1LzEvbHMwOVNMYkpGOG9SbGhoeFlhMDcxY0xMUENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMtMDk4ZjdjNWZkOTc1
LzEvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweTqMA8E
AgACMAkDBwAgAQZ8ExQwDQYJKoZIhvcNAQELBQADggEBAHdUXdxO5/EFo1Z/NM+c
WYDVQ6u0m734t3LAyHjnv2q62B6iHWFgq1uVLAUpvj8SNWf4vpDOdeg+mQHtjaiq
7l2f6OuAgox6SdIgMVvkSANabObXyly1mz0dm3fh93xxfAqBr550BSTLEuHNbJYi
fRWNeYOE6Gt0abc8Ddu4yhjue8OFNhF1whMlosOROdlv194XhoVv0wFLX1uf5i2G
U9e+6E+KIAWUy+Xf92K/QvNGca9KCJ1gAtGSZSUAhJfKp67C6W52OVu2xwTqoRTj
XUBk7lO93wxu0Ig8yqLc1pZa/gHPyLBdIoglJQpUK7rEGDHgLNH5jzgKC6XwsR4c
bQU=
-----END CERTIFICATE-----