Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/RUchl6RJ-QP8M_bpG2X71JadwEs.roa
File:                     RUchl6RJ-QP8M_bpG2X71JadwEs.roa (raw, json)
Hash identifier:          D0oeXmYRGX4rGGFs7jME4gZ5roQHPt9hUvWdIvPcVs4=
Subject key identifier:   45:47:21:97:A4:49:F9:03:FC:33:F6:E9:1B:65:FB:D4:96:9D:C0:4B
Certificate issuer:       /CN=ec757603b171af34e1c6231e5e82e77f2d589db9
Certificate serial:       018CC94CA9B1E25CEAE51532D83428BB37C0
Authority key identifier: EC:75:76:03:B1:71:AF:34:E1:C6:23:1E:5E:82:E7:7F:2D:58:9D:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/RUchl6RJ-QP8M_bpG2X71JadwEs.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202635
IP address blocks:        193.3.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 20:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a9:b1:e2:5c:ea:e5:15:32:d8:34:28:bb:37:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec757603b171af34e1c6231e5e82e77f2d589db9
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45472197a449f903fc33f6e91b65fbd4969dc04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:72:38:1e:64:c0:7b:d0:17:e8:42:eb:56:6a:
                    5c:79:82:71:41:d2:0e:4f:4d:81:8e:74:93:c0:bd:
                    6d:02:2e:d8:2e:a5:f0:2c:80:78:be:55:54:8f:c8:
                    c5:be:b1:06:ef:2e:d0:f2:53:d9:e9:ad:e4:19:60:
                    11:f0:48:8d:c8:68:3b:9b:82:f1:4a:e5:43:27:16:
                    a7:65:25:99:e8:4e:9e:ee:d5:ab:03:3b:ab:93:05:
                    a4:3d:c6:b9:ad:cc:37:ce:4c:d4:56:6a:4c:17:6c:
                    b7:8c:72:9d:ed:a9:ff:29:f2:03:52:a0:ba:f7:a8:
                    62:81:48:dc:7d:d2:ba:a3:96:aa:2e:14:40:b2:6b:
                    8f:70:54:ac:46:4f:4e:ca:19:b0:24:e3:d8:56:76:
                    e4:15:49:4a:02:d1:a3:e7:cd:ea:fa:71:4e:b8:35:
                    e4:81:4f:52:34:d1:00:4a:b7:8f:4f:41:fd:5d:b0:
                    f3:8e:1e:00:d3:bc:69:be:32:08:91:f8:12:89:d9:
                    9d:79:68:10:53:9b:17:bc:ea:05:33:8c:70:32:be:
                    b6:70:0a:ae:a1:6b:b5:ef:03:95:47:6f:b8:34:4f:
                    73:73:f5:32:fe:3d:95:7f:4a:fa:a5:a1:f0:08:4a:
                    f9:58:e3:4b:a1:7f:1e:69:98:da:25:4d:6f:8d:d9:
                    85:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:47:21:97:A4:49:F9:03:FC:33:F6:E9:1B:65:FB:D4:96:9D:C0:4B
            X509v3 Authority Key Identifier:
                keyid:EC:75:76:03:B1:71:AF:34:E1:C6:23:1E:5E:82:E7:7F:2D:58:9D:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/RUchl6RJ-QP8M_bpG2X71JadwEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b6:f3:22:46:cb:c2:73:5c:36:ed:58:b6:b2:de:59:5b:d2:
         77:35:d4:23:f8:ff:c6:89:f9:67:0e:78:5c:7d:fa:fd:1c:72:
         b4:21:36:54:ff:32:0e:89:0f:c4:ba:2a:15:01:ab:32:fa:c7:
         47:50:34:4c:33:cb:bb:89:1d:03:59:ca:fa:5e:96:e5:77:b0:
         3e:32:b8:dc:17:1c:4e:c5:62:2c:0f:bc:3d:6d:d9:d8:e1:ba:
         1a:a4:6b:1f:46:48:a2:e5:de:52:8d:58:12:c4:41:5e:c8:83:
         bc:e7:eb:25:67:e3:5b:d1:87:f4:af:cc:e1:e1:aa:a1:2a:d1:
         a3:74:32:32:36:fa:aa:ea:42:e9:cb:7d:29:91:34:17:ab:d7:
         0c:b8:a5:85:fb:d8:49:d2:e8:74:d6:17:22:98:bd:09:a9:b3:
         91:7b:00:33:61:3f:f1:f7:0b:f8:07:73:82:97:54:84:08:0c:
         9d:7d:9c:75:c3:6c:19:cf:23:77:97:e5:73:f0:36:9c:8b:70:
         a0:36:38:bf:d0:94:4f:97:1d:39:bc:46:5f:27:d6:16:ae:98:
         e5:30:7e:ad:da:7f:64:af:4f:c9:14:72:02:9f:25:5b:06:67:
         6c:3d:56:b3:7a:13:72:e4:2d:6c:bc:34:09:cc:8b:37:15:e2:
         e2:f3:dd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKmx4lzq5RUy2DQouzfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzU3NjAzYjE3MWFmMzRlMWM2MjMxZTVlODJlNzdmMmQ1
ODlkYjkwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQ3MjE5N2E0NDlmOTAzZmMzM2Y2ZTkxYjY1ZmJkNDk2OWRjMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonI4HmTAe9AX6ELrVmpceYJxQdIO
T02BjnSTwL1tAi7YLqXwLIB4vlVUj8jFvrEG7y7Q8lPZ6a3kGWAR8EiNyGg7m4Lx
SuVDJxanZSWZ6E6e7tWrAzurkwWkPca5rcw3zkzUVmpMF2y3jHKd7an/KfIDUqC6
96higUjcfdK6o5aqLhRAsmuPcFSsRk9OyhmwJOPYVnbkFUlKAtGj583q+nFOuDXk
gU9SNNEASrePT0H9XbDzjh4A07xpvjIIkfgSidmdeWgQU5sXvOoFM4xwMr62cAqu
oWu17wOVR2+4NE9zc/Uy/j2Vf0r6paHwCEr5WONLoX8eaZjaJU1vjdmF7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVHIZekSfkD/DP26Rtl+9SWncBLMB8GA1UdIwQY
MBaAFOx1dgOxca804cYjHl6C538tWJ25MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hWMkE3RnhyelRoeGlNZVhvTG5meTFZbmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84YzM3ZjAtYWYzYS00MDI0LTgwNDMt
ZDMwY2VmOTExNGI3LzEvUlVjaGw2UkotUVA4TV9icEcyWDcxSmFkd0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84YzM3ZjAtYWYzYS00MDI0LTgwNDMtZDMwY2VmOTExNGI3
LzEvN0hWMkE3RnhyelRoeGlNZVhvTG5meTFZbmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMeMA0G
CSqGSIb3DQEBCwUAA4IBAQB9tvMiRsvCc1w27Vi2st5ZW9J3NdQj+P/GiflnDnhc
ffr9HHK0ITZU/zIOiQ/EuioVAasy+sdHUDRMM8u7iR0DWcr6Xpbld7A+MrjcFxxO
xWIsD7w9bdnY4boapGsfRkii5d5SjVgSxEFeyIO85+slZ+Nb0Yf0r8zh4aqhKtGj
dDIyNvqq6kLpy30pkTQXq9cMuKWF+9hJ0uh01hcimL0JqbORewAzYT/x9wv4B3OC
l1SECAydfZx1w2wZzyN3l+Vz8Daci3CgNji/0JRPlx05vEZfJ9YWrpjlMH6t2n9k
r0/JFHICnyVbBmdsPVazehNy5C1svDQJzIs3FeLi892e
-----END CERTIFICATE-----