Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/RWeFxFPV3hM9CwC4oJ8iu7XON40.roa
File:                     RWeFxFPV3hM9CwC4oJ8iu7XON40.roa (raw, json)
Hash identifier:          rS64+IvHs0j4X6wqsMVcOGZ/Dz5xP6Sn32Qc5b8VgvU=
Subject key identifier:   45:67:85:C4:53:D5:DE:13:3D:0B:00:B8:A0:9F:22:BB:B5:CE:37:8D
Certificate issuer:       /CN=b60b574f03d988155f44ba2cb07bc7dfb457cf0f
Certificate serial:       018CC9BC3F6FCB0E6DD87DE6A9AD9EE98EE5
Authority key identifier: B6:0B:57:4F:03:D9:88:15:5F:44:BA:2C:B0:7B:C7:DF:B4:57:CF:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgtXTwPZiBVfRLossHvH37RXzw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/RWeFxFPV3hM9CwC4oJ8iu7XON40.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44018
IP address blocks:        193.104.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/tgtXTwPZiBVfRLossHvH37RXzw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/tgtXTwPZiBVfRLossHvH37RXzw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgtXTwPZiBVfRLossHvH37RXzw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3f:6f:cb:0e:6d:d8:7d:e6:a9:ad:9e:e9:8e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60b574f03d988155f44ba2cb07bc7dfb457cf0f
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=456785c453d5de133d0b00b8a09f22bbb5ce378d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:21:8a:76:cb:92:b0:df:50:d0:41:5b:26:e9:
                    14:48:02:8b:6f:e0:5e:05:d0:e0:24:26:9b:5f:ae:
                    19:91:71:07:c2:b4:bf:a4:6e:c2:f9:33:ca:28:01:
                    2c:ad:69:fc:2d:18:20:71:d3:1f:dc:00:d2:78:00:
                    20:e1:1d:80:8b:66:0f:5a:3b:4d:cc:12:4b:9c:08:
                    74:c8:bd:ba:75:00:85:0e:b7:9c:f7:68:62:8a:91:
                    5f:fd:7c:f1:34:2f:b6:b4:68:fe:c8:de:5b:aa:7f:
                    06:b0:73:5f:b0:d9:9e:c2:ab:54:88:71:a6:67:50:
                    95:60:73:60:d2:b4:5a:86:a7:fd:a2:bc:45:ef:fe:
                    22:e6:1a:1e:72:22:c3:08:f0:de:af:65:47:11:d0:
                    23:3d:24:66:25:e2:04:d1:93:37:cb:5f:43:c0:0a:
                    31:66:8e:b1:86:6a:f3:d7:4c:b2:43:41:0f:1c:0e:
                    5e:b4:2e:88:43:48:01:39:d3:9b:6d:eb:62:6d:02:
                    bf:12:f6:90:7e:0f:52:4a:33:a1:32:a8:9e:77:a6:
                    0a:22:e5:1b:50:ad:82:cb:3e:88:ab:34:01:49:49:
                    0a:ed:96:bf:02:b1:4c:95:c7:45:40:2c:d4:43:22:
                    be:d4:00:16:45:71:2d:eb:cf:ef:2b:c9:50:d5:8c:
                    9a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:67:85:C4:53:D5:DE:13:3D:0B:00:B8:A0:9F:22:BB:B5:CE:37:8D
            X509v3 Authority Key Identifier:
                keyid:B6:0B:57:4F:03:D9:88:15:5F:44:BA:2C:B0:7B:C7:DF:B4:57:CF:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgtXTwPZiBVfRLossHvH37RXzw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/RWeFxFPV3hM9CwC4oJ8iu7XON40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d95b2c-1e02-4e4e-8438-bbcae0df1f2f/1/tgtXTwPZiBVfRLossHvH37RXzw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:0c:6a:95:15:7f:aa:1a:f3:79:a5:17:e6:fd:6c:c6:a9:2f:
         6c:ba:d1:4d:d7:6c:50:23:9c:31:0b:19:70:d3:33:15:94:af:
         bc:8d:85:e9:73:c5:31:d8:e1:60:ee:03:36:12:65:c6:0f:4c:
         0d:f1:51:88:74:e0:60:e1:04:53:e1:5a:5e:e9:28:95:8f:18:
         18:b0:0c:e2:89:7d:f5:7c:85:67:ba:97:e1:d1:c4:75:03:c1:
         1d:96:a1:81:8b:cd:0b:d8:b0:ce:00:21:41:a4:ff:50:e5:a1:
         5a:f1:a1:0d:51:2f:2c:85:7c:38:41:ba:65:45:2b:a1:db:fe:
         18:c3:b4:75:29:59:29:6c:26:09:ca:75:1d:bc:bf:aa:4f:ec:
         26:79:2d:d7:92:aa:69:ce:c3:75:62:e4:33:fc:8e:62:cd:08:
         91:b1:8d:85:0f:4d:f8:3d:d6:53:6a:9e:c8:57:8e:8d:04:77:
         56:9f:b1:9e:64:19:c9:ea:1b:85:8c:61:52:01:66:08:1d:7c:
         3d:c7:ad:d5:68:de:f4:e5:0b:21:8b:e1:6f:5c:82:f9:22:2d:
         28:61:c4:25:0a:59:75:21:bf:1a:47:23:f7:0e:3b:32:38:8c:
         1a:16:0d:e8:b6:40:36:11:18:19:9a:73:ca:de:3d:11:63:68:
         ca:47:cf:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvD9vyw5t2H3mqa2e6Y7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MGI1NzRmMDNkOTg4MTU1ZjQ0YmEyY2IwN2JjN2RmYjQ1
N2NmMGYwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTY3ODVjNDUzZDVkZTEzM2QwYjAwYjhhMDlmMjJiYmI1Y2UzNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCGKdsuSsN9Q0EFbJukUSAKLb+Be
BdDgJCabX64ZkXEHwrS/pG7C+TPKKAEsrWn8LRggcdMf3ADSeAAg4R2Ai2YPWjtN
zBJLnAh0yL26dQCFDrec92hiipFf/XzxNC+2tGj+yN5bqn8GsHNfsNmewqtUiHGm
Z1CVYHNg0rRahqf9orxF7/4i5hoeciLDCPDer2VHEdAjPSRmJeIE0ZM3y19DwAox
Zo6xhmrz10yyQ0EPHA5etC6IQ0gBOdObbetibQK/EvaQfg9SSjOhMqied6YKIuUb
UK2Cyz6IqzQBSUkK7Za/ArFMlcdFQCzUQyK+1AAWRXEt68/vK8lQ1YyaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVnhcRT1d4TPQsAuKCfIru1zjeNMB8GA1UdIwQY
MBaAFLYLV08D2YgVX0S6LLB7x9+0V88PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGd0WFR3UFppQlZmUkxvc3NIdkgzN1JYenc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kOTViMmMtMWUwMi00ZTRlLTg0Mzgt
YmJjYWUwZGYxZjJmLzEvUldlRnhGUFYzaE05Q3dDNG9KOGl1N1hPTjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kOTViMmMtMWUwMi00ZTRlLTg0MzgtYmJjYWUwZGYxZjJm
LzEvdGd0WFR3UFppQlZmUkxvc3NIdkgzN1JYenc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiSMA0G
CSqGSIb3DQEBCwUAA4IBAQAKDGqVFX+qGvN5pRfm/WzGqS9sutFN12xQI5wxCxlw
0zMVlK+8jYXpc8Ux2OFg7gM2EmXGD0wN8VGIdOBg4QRT4Vpe6SiVjxgYsAziiX31
fIVnupfh0cR1A8EdlqGBi80L2LDOACFBpP9Q5aFa8aENUS8shXw4QbplRSuh2/4Y
w7R1KVkpbCYJynUdvL+qT+wmeS3XkqppzsN1YuQz/I5izQiRsY2FD034PdZTap7I
V46NBHdWn7GeZBnJ6huFjGFSAWYIHXw9x63VaN705Qshi+FvXIL5Ii0oYcQlCll1
Ib8aRyP3DjsyOIwaFg3otkA2ERgZmnPK3j0RY2jKR88d
-----END CERTIFICATE-----