Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/rd9hutk4jRx6jd3zGof52fquTMI.roa
File:                     rd9hutk4jRx6jd3zGof52fquTMI.roa (raw, json)
Hash identifier:          0wlnyo9WnaOA5YVzg9FwUu88/hJCaAI7/wm0MqVGyHE=
Subject key identifier:   AD:DF:61:BA:D9:38:8D:1C:7A:8D:DD:F3:1A:87:F9:D9:FA:AE:4C:C2
Certificate issuer:       /CN=f27ee18c4639eeaa16a61908ccb45c7a98d5dd6b
Certificate serial:       018CC26D30C1A4165DCD39664B269E26AEC4
Authority key identifier: F2:7E:E1:8C:46:39:EE:AA:16:A6:19:08:CC:B4:5C:7A:98:D5:DD:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8n7hjEY57qoWphkIzLRcepjV3Ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/rd9hutk4jRx6jd3zGof52fquTMI.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50036
IP address blocks:        193.104.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/8n7hjEY57qoWphkIzLRcepjV3Ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/8n7hjEY57qoWphkIzLRcepjV3Ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8n7hjEY57qoWphkIzLRcepjV3Ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:c1:a4:16:5d:cd:39:66:4b:26:9e:26:ae:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f27ee18c4639eeaa16a61908ccb45c7a98d5dd6b
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=addf61bad9388d1c7a8dddf31a87f9d9faae4cc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:45:ef:d8:3a:99:62:f4:bd:b4:4b:22:62:3a:
                    69:bf:88:43:a8:11:7f:81:26:38:2c:e5:3b:33:71:
                    d5:71:90:a7:30:d8:7c:aa:1f:08:84:f6:38:b4:46:
                    47:65:57:fa:5b:38:ef:8a:03:e2:0d:f4:4a:08:2e:
                    b1:e3:1a:f0:20:0f:58:0a:8e:38:18:a1:0a:d8:93:
                    d1:17:5f:64:81:c9:5c:4c:aa:5e:0f:3f:98:77:9e:
                    d7:10:3d:16:57:07:e8:35:ee:c2:7d:f0:21:8a:53:
                    10:0c:c5:85:84:cd:52:f7:cc:ce:d7:46:dc:88:28:
                    93:e1:50:7f:94:c8:5c:02:16:94:a8:c6:31:20:0c:
                    a5:2c:6c:63:65:41:2b:19:b2:59:d6:3d:88:37:cf:
                    20:f6:4d:e9:96:73:93:13:3a:60:eb:20:cf:dd:6f:
                    8f:7f:91:bd:c2:ef:96:6f:66:80:b7:63:3f:e3:e1:
                    66:4a:21:d6:ed:e4:92:6c:83:da:cc:f8:64:12:5d:
                    68:0d:3c:1d:90:fb:49:36:b8:94:9a:0e:7f:e8:36:
                    2a:a1:0a:ec:c9:c8:bc:d9:9e:bf:2f:4b:cf:36:1f:
                    5f:d4:bd:13:cb:69:99:02:b7:de:c7:26:48:e3:6c:
                    7a:84:91:17:37:39:b4:2b:a7:f0:20:b8:d8:85:b4:
                    ed:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:DF:61:BA:D9:38:8D:1C:7A:8D:DD:F3:1A:87:F9:D9:FA:AE:4C:C2
            X509v3 Authority Key Identifier:
                keyid:F2:7E:E1:8C:46:39:EE:AA:16:A6:19:08:CC:B4:5C:7A:98:D5:DD:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8n7hjEY57qoWphkIzLRcepjV3Ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/rd9hutk4jRx6jd3zGof52fquTMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f58a2a-0f25-4831-bb09-a0dd3b5f15f8/1/8n7hjEY57qoWphkIzLRcepjV3Ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:1f:f4:1f:8c:63:05:eb:3c:41:49:b0:55:e8:24:1e:81:c7:
         96:3b:74:c7:4c:36:69:b9:d9:30:30:84:6e:f9:d2:65:73:8d:
         98:d2:ce:fd:f8:48:80:3d:60:0c:7c:06:4d:b1:8b:e2:3a:16:
         60:30:2c:95:5e:ad:94:e3:30:3b:fe:4b:4d:9f:f7:e8:cf:1e:
         6f:23:30:de:47:bb:6b:7a:05:03:6d:ee:60:12:89:61:98:b1:
         55:f4:08:78:04:70:3c:d7:0d:e9:6d:37:6c:49:ea:9f:4e:bf:
         6a:67:f6:00:0f:ba:9c:e8:9d:27:62:e2:62:49:4e:5a:60:bb:
         c9:e9:50:67:6b:79:f1:39:54:a7:c6:01:8b:7c:79:6f:ee:a2:
         67:3e:74:7c:cf:73:0a:bb:51:ba:f8:10:89:65:61:bc:af:ec:
         0b:60:f7:1c:5d:c0:a2:46:68:98:d9:11:bb:df:b0:c6:3e:6d:
         a9:84:3c:68:34:ed:f8:9f:5c:3a:77:8e:f6:70:77:a0:16:0f:
         fa:b5:a3:80:a9:8f:5b:11:0f:f1:77:fd:98:03:c3:6d:ee:48:
         39:47:f6:d8:1e:ac:28:43:33:39:f1:be:23:1f:0d:09:1f:98:
         df:9c:ec:68:10:fd:1b:9e:c1:8c:5a:60:53:5e:26:76:11:6a:
         20:ca:f5:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTDBpBZdzTlmSyaeJq7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyN2VlMThjNDYzOWVlYWExNmE2MTkwOGNjYjQ1YzdhOThk
NWRkNmIwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGRmNjFiYWQ5Mzg4ZDFjN2E4ZGRkZjMxYTg3ZjlkOWZhYWU0Y2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEXv2DqZYvS9tEsiYjppv4hDqBF/
gSY4LOU7M3HVcZCnMNh8qh8IhPY4tEZHZVf6WzjvigPiDfRKCC6x4xrwIA9YCo44
GKEK2JPRF19kgclcTKpeDz+Yd57XED0WVwfoNe7CffAhilMQDMWFhM1S98zO10bc
iCiT4VB/lMhcAhaUqMYxIAylLGxjZUErGbJZ1j2IN88g9k3plnOTEzpg6yDP3W+P
f5G9wu+Wb2aAt2M/4+FmSiHW7eSSbIPazPhkEl1oDTwdkPtJNriUmg5/6DYqoQrs
yci82Z6/L0vPNh9f1L0Ty2mZArfexyZI42x6hJEXNzm0K6fwILjYhbTtLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3fYbrZOI0ceo3d8xqH+dn6rkzCMB8GA1UdIwQY
MBaAFPJ+4YxGOe6qFqYZCMy0XHqY1d1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG43aGpFWTU3cW9XcGhrSXpMUmNlcGpWM1dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNThhMmEtMGYyNS00ODMxLWJiMDkt
YTBkZDNiNWYxNWY4LzEvcmQ5aHV0azRqUng2amQzekdvZjUyZnF1VE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNThhMmEtMGYyNS00ODMxLWJiMDktYTBkZDNiNWYxNWY4
LzEvOG43aGpFWTU3cW9XcGhrSXpMUmNlcGpWM1dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhIMA0G
CSqGSIb3DQEBCwUAA4IBAQBFH/QfjGMF6zxBSbBV6CQegceWO3THTDZpudkwMIRu
+dJlc42Y0s79+EiAPWAMfAZNsYviOhZgMCyVXq2U4zA7/ktNn/fozx5vIzDeR7tr
egUDbe5gEolhmLFV9Ah4BHA81w3pbTdsSeqfTr9qZ/YAD7qc6J0nYuJiSU5aYLvJ
6VBna3nxOVSnxgGLfHlv7qJnPnR8z3MKu1G6+BCJZWG8r+wLYPccXcCiRmiY2RG7
37DGPm2phDxoNO34n1w6d472cHegFg/6taOAqY9bEQ/xd/2YA8Nt7kg5R/bYHqwo
QzM58b4jHw0JH5jfnOxoEP0bnsGMWmBTXiZ2EWogyvWt
-----END CERTIFICATE-----