Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/G2uYqyKdzHx8Ts-CoIv7al2Q3RY.roa
File:                     G2uYqyKdzHx8Ts-CoIv7al2Q3RY.roa (raw, json)
Hash identifier:          ReXyvqIbYYC4U0IB3LS0BjlhdA3A6DRbPO3zdzNEV4g=
Subject key identifier:   1B:6B:98:AB:22:9D:CC:7C:7C:4E:CF:82:A0:8B:FB:6A:5D:90:DD:16
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BDFC968AAB685FE3DA6D82237FE89
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/G2uYqyKdzHx8Ts-CoIv7al2Q3RY.roa
Signing time:             Tue 02 Jan 2024 12:35:22 +0000
ROA not before:           Tue 02 Jan 2024 12:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209732
IP address blocks:        193.151.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:df:c9:68:aa:b6:85:fe:3d:a6:d8:22:37:fe:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b6b98ab229dcc7c7c4ecf82a08bfb6a5d90dd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:db:e2:0a:f3:5e:fd:38:0a:69:b5:c2:ef:1a:
                    9c:b5:32:01:b3:7d:7e:4a:60:c8:96:71:90:c6:54:
                    57:0d:06:4d:12:dd:2b:69:1f:33:ca:b6:88:5e:e5:
                    8e:ad:be:62:fd:80:e6:28:85:0e:d4:53:8e:a8:1c:
                    c3:07:03:3e:03:0d:63:d9:ce:ff:73:fd:93:58:c2:
                    86:0f:ea:22:7d:e8:e2:11:61:ec:ce:e2:c7:a1:48:
                    ec:5f:33:c9:ad:32:0b:32:89:ca:ca:24:52:0c:75:
                    86:ba:6b:fd:b2:b4:2e:27:59:54:db:ec:f7:25:5f:
                    44:b9:2f:c1:65:b2:db:60:06:68:ec:85:3d:6e:80:
                    f7:2b:ff:44:58:2c:5c:be:8f:5a:85:2f:1e:ed:58:
                    55:59:7c:50:fa:d2:b7:61:b7:52:c7:43:03:7f:f9:
                    62:45:1c:3f:eb:13:30:b6:c0:d9:3a:a1:59:87:09:
                    e4:df:ef:67:3c:55:03:76:4a:ff:54:73:a7:f9:3f:
                    0e:33:80:2f:55:63:3f:49:dc:41:e0:67:3a:6f:ad:
                    cb:f6:3a:2b:5c:8c:9f:db:a1:de:5e:b7:0c:55:07:
                    b2:f7:f6:73:8b:5d:f1:50:94:3e:32:fb:1f:07:42:
                    d7:fb:1a:4e:91:86:c8:c8:fa:c2:46:ce:3e:c4:73:
                    4a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6B:98:AB:22:9D:CC:7C:7C:4E:CF:82:A0:8B:FB:6A:5D:90:DD:16
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/G2uYqyKdzHx8Ts-CoIv7al2Q3RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:e7:88:58:3e:97:b5:83:66:7d:15:3f:d1:77:84:97:23:67:
         99:dd:9e:80:bd:b3:18:9c:a1:d5:9e:d3:12:e9:e4:ba:ef:8a:
         22:4f:40:3a:02:95:e5:00:1f:df:ec:c5:95:bf:33:0c:61:cd:
         56:f8:59:09:3e:d4:d0:12:df:f2:b0:7b:08:5f:bc:66:ca:55:
         fa:c3:37:4a:4b:41:19:35:2b:44:c7:f6:c2:72:82:75:52:93:
         41:f2:a5:d7:fc:39:cf:f0:12:f7:98:38:8e:11:d6:76:80:ef:
         32:5e:d9:f4:f5:40:e4:cf:f3:2f:08:0d:80:2f:4a:58:50:22:
         4a:55:c8:6b:58:20:73:0c:99:1c:fc:70:1a:04:43:0a:e2:61:
         e3:72:82:9f:5e:69:bd:19:11:5a:ae:99:2d:64:94:c4:a9:dc:
         27:0c:1e:6c:cb:0c:28:47:2b:32:eb:3f:50:f2:5d:75:c4:74:
         e1:ca:73:6e:5d:9b:19:02:74:cf:66:a2:2d:8e:e6:fd:5b:5e:
         7b:73:dd:dc:1b:23:9b:c9:77:c7:6f:4a:58:c1:28:f5:22:3c:
         c7:26:24:70:db:87:01:2a:af:7a:16:7d:f0:d9:0b:5a:93:54:
         f5:89:72:0f:82:a6:0c:17:a9:0f:8d:3b:44:f6:c7:28:42:9a:
         62:2d:10:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9/JaKq2hf49ptgiN/6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZiOThhYjIyOWRjYzdjN2M0ZWNmODJhMDhiZmI2YTVkOTBkZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNviCvNe/TgKabXC7xqctTIBs31+
SmDIlnGQxlRXDQZNEt0raR8zyraIXuWOrb5i/YDmKIUO1FOOqBzDBwM+Aw1j2c7/
c/2TWMKGD+oifejiEWHszuLHoUjsXzPJrTILMonKyiRSDHWGumv9srQuJ1lU2+z3
JV9EuS/BZbLbYAZo7IU9boD3K/9EWCxcvo9ahS8e7VhVWXxQ+tK3YbdSx0MDf/li
RRw/6xMwtsDZOqFZhwnk3+9nPFUDdkr/VHOn+T8OM4AvVWM/SdxB4Gc6b63L9jor
XIyf26HeXrcMVQey9/Zzi13xUJQ+MvsfB0LX+xpOkYbIyPrCRs4+xHNK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtrmKsincx8fE7PgqCL+2pdkN0WMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvRzJ1WXF5S2R6SHg4VHMtQ29JdjdhbDJRM1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZelMA0G
CSqGSIb3DQEBCwUAA4IBAQA/54hYPpe1g2Z9FT/Rd4SXI2eZ3Z6AvbMYnKHVntMS
6eS674oiT0A6ApXlAB/f7MWVvzMMYc1W+FkJPtTQEt/ysHsIX7xmylX6wzdKS0EZ
NStEx/bCcoJ1UpNB8qXX/DnP8BL3mDiOEdZ2gO8yXtn09UDkz/MvCA2AL0pYUCJK
VchrWCBzDJkc/HAaBEMK4mHjcoKfXmm9GRFarpktZJTEqdwnDB5sywwoRysy6z9Q
8l11xHThynNuXZsZAnTPZqItjub9W157c93cGyObyXfHb0pYwSj1IjzHJiRw24cB
Kq96Fn3w2Qtak1T1iXIPgqYMF6kPjTtE9scoQppiLRDZ
-----END CERTIFICATE-----