Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/AmUvgbG8Rbfq5F7Hwpc-45h7QVs.roa
File:                     AmUvgbG8Rbfq5F7Hwpc-45h7QVs.roa (raw, json)
Hash identifier:          b5khkDF+d2AmTXaiFBJNQJ/2zXovPPloFL2u2afLLpI=
Subject key identifier:   02:65:2F:81:B1:BC:45:B7:EA:E4:5E:C7:C2:97:3E:E3:98:7B:41:5B
Certificate issuer:       /CN=38e7f47bb9b91657e5726bfcb2def8aad973e268
Certificate serial:       018CC727579C72964369769633491D859BDE
Authority key identifier: 38:E7:F4:7B:B9:B9:16:57:E5:72:6B:FC:B2:DE:F8:AA:D9:73:E2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/AmUvgbG8Rbfq5F7Hwpc-45h7QVs.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56552
IP address blocks:        193.84.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:9c:72:96:43:69:76:96:33:49:1d:85:9b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38e7f47bb9b91657e5726bfcb2def8aad973e268
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02652f81b1bc45b7eae45ec7c2973ee3987b415b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7b:1f:12:88:bc:d5:35:ac:7a:63:cc:30:91:
                    8b:6f:3a:8e:a6:a4:80:b2:2d:ea:b6:cd:9d:72:4a:
                    f9:eb:83:ed:3a:d4:c2:bd:84:50:35:3e:9e:26:cc:
                    43:18:59:88:34:6a:41:98:d4:b7:9f:15:54:80:6f:
                    a5:c9:f7:ff:c2:9e:99:56:b5:85:82:d8:27:d8:f1:
                    a3:5d:23:fe:f1:49:c7:46:86:01:f9:20:03:6f:b9:
                    1d:9d:47:d4:b8:a3:79:f4:70:fd:8a:b6:06:f4:d2:
                    d1:f1:a9:71:2b:67:1c:4f:3c:36:59:2c:bd:64:38:
                    3f:fc:8a:f6:50:07:e7:28:e4:cf:be:99:74:0a:8b:
                    54:57:46:95:da:f7:89:44:86:6a:1f:44:98:bf:6d:
                    68:1b:09:cc:d3:d6:f6:45:55:19:70:86:70:6d:b6:
                    0d:17:52:63:50:85:91:cf:ea:33:c8:ae:ee:28:2b:
                    e4:4e:7c:05:9c:02:b1:b3:b5:4f:a2:08:71:c6:c0:
                    ac:a3:83:ee:f4:81:84:47:ab:aa:1e:38:ce:67:0d:
                    46:3e:b6:6d:a2:09:74:eb:4a:4b:16:18:82:fc:11:
                    82:35:96:88:3c:47:bd:5b:b6:2d:98:8d:71:e9:5b:
                    d9:c5:9b:f6:bd:ba:a2:bf:a2:d1:dc:d1:dc:9b:fd:
                    ee:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:65:2F:81:B1:BC:45:B7:EA:E4:5E:C7:C2:97:3E:E3:98:7B:41:5B
            X509v3 Authority Key Identifier:
                keyid:38:E7:F4:7B:B9:B9:16:57:E5:72:6B:FC:B2:DE:F8:AA:D9:73:E2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/AmUvgbG8Rbfq5F7Hwpc-45h7QVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:cf:50:67:50:1c:82:35:9d:4e:f5:af:6b:ca:95:ac:93:f6:
         f0:d3:66:fb:c7:ab:ea:34:69:e6:ef:f8:62:e1:4d:02:02:11:
         6f:e2:e7:29:98:a1:a0:43:34:cc:63:56:df:b4:1d:a2:06:f8:
         87:5d:10:f0:52:f9:7e:86:6d:6b:ec:96:c7:47:ac:fb:b0:51:
         e8:23:60:d2:54:d6:8c:08:57:6d:46:e5:98:4a:eb:99:11:94:
         da:bb:2f:64:05:8c:50:23:c1:5a:ea:c0:f8:5b:99:55:b9:04:
         51:8a:54:d9:7b:98:2d:1a:b6:2d:05:67:08:85:78:11:25:2b:
         7f:58:89:c2:6b:74:6f:4c:a2:1a:a7:a0:c9:3b:4e:97:cf:50:
         27:47:7b:4f:12:7c:2b:d5:17:a0:a1:22:42:f0:38:ea:7f:ae:
         2e:4f:c3:a3:b0:c7:e2:12:57:1a:7c:73:ec:4f:5a:a6:19:9a:
         f1:c8:0d:87:66:a2:03:1b:09:fc:8c:95:bb:be:94:e2:9a:51:
         46:9a:b3:15:6f:35:92:9f:69:40:d9:fa:d3:ac:1d:52:58:9b:
         bd:fe:f4:63:f5:cd:06:ca:da:5f:89:84:3c:0b:31:47:33:12:
         1e:51:d3:d1:fa:87:52:fa:78:b6:d8:c9:6e:56:14:fb:ef:6c:
         ec:c4:a7:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1eccpZDaXaWM0kdhZveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZTdmNDdiYjliOTE2NTdlNTcyNmJmY2IyZGVmOGFhZDk3
M2UyNjgwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjY1MmY4MWIxYmM0NWI3ZWFlNDVlYzdjMjk3M2VlMzk4N2I0MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnsfEoi81TWsemPMMJGLbzqOpqSA
si3qts2dckr564PtOtTCvYRQNT6eJsxDGFmINGpBmNS3nxVUgG+lyff/wp6ZVrWF
gtgn2PGjXSP+8UnHRoYB+SADb7kdnUfUuKN59HD9irYG9NLR8alxK2ccTzw2WSy9
ZDg//Ir2UAfnKOTPvpl0CotUV0aV2veJRIZqH0SYv21oGwnM09b2RVUZcIZwbbYN
F1JjUIWRz+ozyK7uKCvkTnwFnAKxs7VPoghxxsCso4Pu9IGER6uqHjjOZw1GPrZt
ogl060pLFhiC/BGCNZaIPEe9W7YtmI1x6VvZxZv2vbqiv6LR3NHcm/3u7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJlL4GxvEW36uRex8KXPuOYe0FbMB8GA1UdIwQY
MBaAFDjn9Hu5uRZX5XJr/LLe+KrZc+JoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT09mMGU3bTVGbGZsY212OHN0NzRxdGx6NG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9iYjBlN2ItMmE4MS00OTcwLWIzYmQt
Njg2ZjBhMDYxNmNjLzEvQW1VdmdiRzhSYmZxNUY3SHdwYy00NWg3UVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9iYjBlN2ItMmE4MS00OTcwLWIzYmQtNjg2ZjBhMDYxNmNj
LzEvT09mMGU3bTVGbGZsY212OHN0NzRxdGx6NG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVROMA0G
CSqGSIb3DQEBCwUAA4IBAQDNz1BnUByCNZ1O9a9rypWsk/bw02b7x6vqNGnm7/hi
4U0CAhFv4ucpmKGgQzTMY1bftB2iBviHXRDwUvl+hm1r7JbHR6z7sFHoI2DSVNaM
CFdtRuWYSuuZEZTauy9kBYxQI8Fa6sD4W5lVuQRRilTZe5gtGrYtBWcIhXgRJSt/
WInCa3RvTKIap6DJO06Xz1AnR3tPEnwr1RegoSJC8Djqf64uT8OjsMfiElcafHPs
T1qmGZrxyA2HZqIDGwn8jJW7vpTimlFGmrMVbzWSn2lA2frTrB1SWJu9/vRj9c0G
ytpfiYQ8CzFHMxIeUdPR+odS+ni22MluVhT772zsxKfs
-----END CERTIFICATE-----