Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/iUODcSrGtjJvDdAU4OtjCtxu8t8.roa
File:                     iUODcSrGtjJvDdAU4OtjCtxu8t8.roa (raw, json)
Hash identifier:          LRjLpCMI/ZidDzOJLtgCuQpJ5zxc5P8icayolBSu3JA=
Subject key identifier:   89:43:83:71:2A:C6:B6:32:6F:0D:D0:14:E0:EB:63:0A:DC:6E:F2:DF
Certificate issuer:       /CN=d5c65cda4b630f72bf640d16b41f72f5a0f9d751
Certificate serial:       018CC4939DB1530B39D598C08AEAF0D5153B
Authority key identifier: D5:C6:5C:DA:4B:63:0F:72:BF:64:0D:16:B4:1F:72:F5:A0:F9:D7:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cZc2ktjD3K_ZA0WtB9y9aD511E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/iUODcSrGtjJvDdAU4OtjCtxu8t8.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34964
IP address blocks:        193.189.146.0/24 maxlen: 24
                          2001:67c:21f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/1cZc2ktjD3K_ZA0WtB9y9aD511E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/1cZc2ktjD3K_ZA0WtB9y9aD511E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1cZc2ktjD3K_ZA0WtB9y9aD511E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9d:b1:53:0b:39:d5:98:c0:8a:ea:f0:d5:15:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c65cda4b630f72bf640d16b41f72f5a0f9d751
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=894383712ac6b6326f0dd014e0eb630adc6ef2df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f7:c9:10:00:de:ba:bf:00:71:eb:c8:c6:18:
                    5d:32:cd:0a:f8:3d:b7:0e:f7:c7:a0:5f:17:33:68:
                    7c:58:ba:ce:9f:91:00:49:05:55:50:44:43:2f:e5:
                    d9:fb:68:51:b7:9b:85:0d:1c:0f:8b:a6:1b:97:ac:
                    4c:ad:78:62:f9:d2:d7:04:17:de:26:8a:ab:c0:68:
                    24:ff:8d:69:36:c8:eb:4b:4f:19:95:f4:74:78:99:
                    c3:de:73:3f:35:16:70:e4:4c:eb:a5:cf:1d:37:95:
                    d4:fe:1c:ef:6e:b3:f1:b6:4d:50:97:c6:0c:75:0a:
                    77:10:29:09:40:d8:65:a8:73:df:26:e2:c7:9f:72:
                    d2:1d:60:e7:75:35:db:44:ee:fb:71:dd:40:c7:c0:
                    0f:b6:e5:2a:b2:da:b1:9c:7e:d2:f5:24:67:e4:06:
                    e3:86:53:3d:17:15:1c:d5:f1:05:df:4a:81:d2:fb:
                    33:d3:5c:96:a7:cb:23:1a:fc:b0:51:cc:61:a1:77:
                    7a:5b:33:d5:72:02:e6:eb:40:0c:c7:44:83:ab:33:
                    a9:76:8e:77:42:24:af:f7:20:17:2c:be:5b:ea:b0:
                    a4:93:fc:36:75:de:30:55:ee:db:2f:18:94:c3:44:
                    e4:c5:41:4c:61:77:1e:4f:73:94:38:94:b7:89:49:
                    12:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:43:83:71:2A:C6:B6:32:6F:0D:D0:14:E0:EB:63:0A:DC:6E:F2:DF
            X509v3 Authority Key Identifier:
                keyid:D5:C6:5C:DA:4B:63:0F:72:BF:64:0D:16:B4:1F:72:F5:A0:F9:D7:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cZc2ktjD3K_ZA0WtB9y9aD511E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/iUODcSrGtjJvDdAU4OtjCtxu8t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/6387c8-c248-425f-ba40-cd6555fcd82e/1/1cZc2ktjD3K_ZA0WtB9y9aD511E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.146.0/24
                IPv6:
                  2001:67c:21f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:6e:23:4c:86:1f:81:cc:9f:a9:a3:f5:b9:90:ef:cc:55:b8:
         f8:4b:6c:93:42:3a:16:b4:75:b3:a7:d2:3e:bc:3e:92:5f:5a:
         19:d5:2f:58:90:43:e6:2f:08:59:6a:0f:71:d4:67:42:6b:6a:
         94:e3:6d:34:f9:ed:92:a5:e5:61:c6:3b:07:43:1f:24:ef:7b:
         e5:28:e4:0a:85:78:10:11:17:7c:93:ef:b6:f7:83:87:4e:51:
         ba:54:ef:9c:89:a2:05:ba:5c:04:5d:10:ae:22:88:f1:a2:c2:
         d1:d5:0b:0b:b6:94:e7:a6:0f:e3:f4:12:b5:de:86:8a:14:f2:
         11:db:b3:ea:ae:1f:1a:eb:51:10:1d:50:ad:34:3c:a3:97:5c:
         78:d9:d8:ef:c1:71:78:74:08:5c:9c:4b:52:37:eb:b5:77:a8:
         21:f5:14:5c:d9:a0:1c:02:13:4f:84:a1:e5:d9:66:37:b8:79:
         7c:68:9f:dd:25:65:0d:e4:6f:8d:d1:ef:73:29:b5:ea:6a:9c:
         33:ed:ec:7d:d1:c2:2c:e8:15:fa:17:e3:f9:79:60:18:3a:4d:
         cd:ec:94:6d:4a:a1:b7:46:2e:57:ea:29:e7:41:81:c2:2d:5d:
         7c:c9:57:a7:16:a5:87:c5:59:1e:f0:08:74:d8:c6:a5:1a:8d:
         c1:d4:e7:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk52xUws51ZjAiurw1RU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YzY1Y2RhNGI2MzBmNzJiZjY0MGQxNmI0MWY3MmY1YTBm
OWQ3NTEwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQzODM3MTJhYzZiNjMyNmYwZGQwMTRlMGViNjMwYWRjNmVmMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/fJEADeur8AcevIxhhdMs0K+D23
DvfHoF8XM2h8WLrOn5EASQVVUERDL+XZ+2hRt5uFDRwPi6Ybl6xMrXhi+dLXBBfe
JoqrwGgk/41pNsjrS08ZlfR0eJnD3nM/NRZw5Ezrpc8dN5XU/hzvbrPxtk1Ql8YM
dQp3ECkJQNhlqHPfJuLHn3LSHWDndTXbRO77cd1Ax8APtuUqstqxnH7S9SRn5Abj
hlM9FxUc1fEF30qB0vsz01yWp8sjGvywUcxhoXd6WzPVcgLm60AMx0SDqzOpdo53
QiSv9yAXLL5b6rCkk/w2dd4wVe7bLxiUw0TkxUFMYXceT3OUOJS3iUkSKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIlDg3EqxrYybw3QFODrYwrcbvLfMB8GA1UdIwQY
MBaAFNXGXNpLYw9yv2QNFrQfcvWg+ddRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWNaYzJrdGpEM0tfWkEwV3RCOXk5YUQ1MTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi82Mzg3YzgtYzI0OC00MjVmLWJhNDAt
Y2Q2NTU1ZmNkODJlLzEvaVVPRGNTckd0akp2RGRBVTRPdGpDdHh1OHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi82Mzg3YzgtYzI0OC00MjVmLWJhNDAtY2Q2NTU1ZmNkODJl
LzEvMWNaYzJrdGpEM0tfWkEwV3RCOXk5YUQ1MTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwb2SMA8E
AgACMAkDBwAgAQZ8IfgwDQYJKoZIhvcNAQELBQADggEBACxuI0yGH4HMn6mj9bmQ
78xVuPhLbJNCOha0dbOn0j68PpJfWhnVL1iQQ+YvCFlqD3HUZ0JrapTjbTT57ZKl
5WHGOwdDHyTve+Uo5AqFeBARF3yT77b3g4dOUbpU75yJogW6XARdEK4iiPGiwtHV
Cwu2lOemD+P0ErXehooU8hHbs+quHxrrURAdUK00PKOXXHjZ2O/BcXh0CFycS1I3
67V3qCH1FFzZoBwCE0+EoeXZZje4eXxon90lZQ3kb43R73MptepqnDPt7H3Rwizo
FfoX4/l5YBg6Tc3slG1KobdGLlfqKedBgcItXXzJV6cWpYfFWR7wCHTYxqUajcHU
564=
-----END CERTIFICATE-----