Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/cnJm-m5CCQ57-GUI7BKRjEzO7uk.roa
File:                     cnJm-m5CCQ57-GUI7BKRjEzO7uk.roa (raw, json)
Hash identifier:          vb2eiFgEqNSr4JBDYupiUp5xe6Ajj9WNvwTRvi21e7g=
Subject key identifier:   72:72:66:FA:6E:42:09:0E:7B:F8:65:08:EC:12:91:8C:4C:CE:EE:E9
Certificate issuer:       /CN=dc422c24147ec79fa906464ab143fd47e3beb3a1
Certificate serial:       018CC2DAE70FB91C68B45B35856B59A5100B
Authority key identifier: DC:42:2C:24:14:7E:C7:9F:A9:06:46:4A:B1:43:FD:47:E3:BE:B3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EIsJBR-x5-pBkZKsUP9R-O-s6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/cnJm-m5CCQ57-GUI7BKRjEzO7uk.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.47.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/3EIsJBR-x5-pBkZKsUP9R-O-s6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/3EIsJBR-x5-pBkZKsUP9R-O-s6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EIsJBR-x5-pBkZKsUP9R-O-s6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 01:04:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e7:0f:b9:1c:68:b4:5b:35:85:6b:59:a5:10:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc422c24147ec79fa906464ab143fd47e3beb3a1
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=727266fa6e42090e7bf86508ec12918c4cceeee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a9:36:04:d9:1e:9d:1e:3f:bd:c9:17:71:fc:
                    20:c8:b7:b1:a5:c1:0f:d6:55:93:f1:0d:2f:e4:99:
                    57:cd:fb:e0:7d:41:25:f9:7e:96:ff:40:a5:95:72:
                    eb:f9:bc:81:3e:b1:73:4b:95:82:12:8e:6f:2f:4a:
                    ee:d1:e5:d9:33:e5:60:fa:77:57:e5:4b:50:7e:20:
                    7c:38:54:f8:73:b3:a5:11:8d:79:74:11:86:aa:7c:
                    bb:8f:c6:97:73:39:e2:95:01:c7:95:e7:f8:82:89:
                    c2:b7:23:a3:bd:14:ce:19:11:d4:89:5b:8b:6b:a3:
                    81:8e:db:7e:13:a1:0d:86:af:60:2b:17:91:9a:47:
                    44:46:fa:70:a1:11:8b:19:0a:12:f3:41:c3:98:fa:
                    10:f3:61:d7:8b:89:4f:e8:e8:9f:ed:7b:8f:1b:f3:
                    f6:5c:f1:59:24:d1:55:c3:a1:4e:ce:29:a2:e5:c7:
                    d9:3c:d0:a1:75:8a:de:1f:41:c0:ef:b1:d7:df:4f:
                    a7:f5:53:02:e9:63:dc:07:73:3c:7e:60:72:48:87:
                    14:59:12:4b:15:eb:92:38:ed:3d:df:f1:b7:5f:7d:
                    c9:d6:05:13:45:07:6d:6d:18:15:fa:77:04:a4:57:
                    cd:95:af:ff:06:41:2e:66:04:9d:d9:ee:52:a4:fd:
                    52:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:72:66:FA:6E:42:09:0E:7B:F8:65:08:EC:12:91:8C:4C:CE:EE:E9
            X509v3 Authority Key Identifier:
                keyid:DC:42:2C:24:14:7E:C7:9F:A9:06:46:4A:B1:43:FD:47:E3:BE:B3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EIsJBR-x5-pBkZKsUP9R-O-s6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/cnJm-m5CCQ57-GUI7BKRjEzO7uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a66566-7e32-4976-86ec-2165136c9d9a/1/3EIsJBR-x5-pBkZKsUP9R-O-s6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a8:11:f8:93:a7:7a:3c:bb:18:8b:bd:a6:70:be:38:2f:89:
         4f:be:93:c7:44:b3:e6:6e:3e:3f:1b:46:e0:d3:65:12:b9:9e:
         c0:bd:a8:75:2e:54:77:aa:ca:32:ca:f7:95:a7:3b:60:5d:e0:
         15:f5:99:b1:23:a0:0e:b0:c7:48:65:89:92:4c:7d:62:c5:a3:
         ac:b1:1b:ce:93:cf:4b:07:db:ea:fb:b8:00:52:fb:e4:20:d9:
         5c:90:5e:8c:25:de:7f:55:77:6b:17:dd:c3:0f:eb:31:9a:29:
         57:e9:d8:aa:e6:94:a1:19:1e:a2:5e:27:0a:e4:9d:cf:f3:e8:
         5d:26:98:ff:25:9c:c4:33:e3:9d:d7:10:c4:70:15:ca:49:58:
         55:b7:c4:8d:de:73:d8:41:e5:f6:5e:2c:44:5b:51:03:0f:49:
         09:5c:e1:91:a8:53:d3:2a:89:9d:75:fd:8b:c3:0e:75:6a:9c:
         12:02:f1:3c:69:10:6d:3b:13:0e:ec:68:11:3d:be:ff:13:c7:
         5e:7d:57:81:a7:fe:5c:74:15:9e:ad:65:71:e8:6b:dc:b9:d8:
         0b:9b:b0:c3:9d:fc:0f:7e:33:69:88:b3:a3:8a:c9:92:0d:62:
         e8:5d:cd:b3:41:d8:9f:78:8c:a7:3f:4d:c9:62:58:64:ac:05:
         01:f1:d3:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ucPuRxotFs1hWtZpRALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDIyYzI0MTQ3ZWM3OWZhOTA2NDY0YWIxNDNmZDQ3ZTNi
ZWIzYTEwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjcyNjZmYTZlNDIwOTBlN2JmODY1MDhlYzEyOTE4YzRjY2VlZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiak2BNkenR4/vckXcfwgyLexpcEP
1lWT8Q0v5JlXzfvgfUEl+X6W/0CllXLr+byBPrFzS5WCEo5vL0ru0eXZM+Vg+ndX
5UtQfiB8OFT4c7OlEY15dBGGqny7j8aXcznilQHHlef4gonCtyOjvRTOGRHUiVuL
a6OBjtt+E6ENhq9gKxeRmkdERvpwoRGLGQoS80HDmPoQ82HXi4lP6Oif7XuPG/P2
XPFZJNFVw6FOzimi5cfZPNChdYreH0HA77HX30+n9VMC6WPcB3M8fmBySIcUWRJL
FeuSOO093/G3X33J1gUTRQdtbRgV+ncEpFfNla//BkEuZgSd2e5SpP1SvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJyZvpuQgkOe/hlCOwSkYxMzu7pMB8GA1UdIwQY
MBaAFNxCLCQUfsefqQZGSrFD/UfjvrOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VJc0pCUi14NS1wQmtaS3NVUDlSLU8tczZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNjY1NjYtN2UzMi00OTc2LTg2ZWMt
MjE2NTEzNmM5ZDlhLzEvY25KbS1tNUNDUTU3LUdVSTdCS1JqRXpPN3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNjY1NjYtN2UzMi00OTc2LTg2ZWMtMjE2NTEzNmM5ZDlh
LzEvM0VJc0pCUi14NS1wQmtaS3NVUDlSLU8tczZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS9nMA0G
CSqGSIb3DQEBCwUAA4IBAQA4qBH4k6d6PLsYi72mcL44L4lPvpPHRLPmbj4/G0bg
02USuZ7Avah1LlR3qsoyyveVpztgXeAV9ZmxI6AOsMdIZYmSTH1ixaOssRvOk89L
B9vq+7gAUvvkINlckF6MJd5/VXdrF93DD+sxmilX6diq5pShGR6iXicK5J3P8+hd
Jpj/JZzEM+Od1xDEcBXKSVhVt8SN3nPYQeX2XixEW1EDD0kJXOGRqFPTKomddf2L
ww51apwSAvE8aRBtOxMO7GgRPb7/E8defVeBp/5cdBWerWVx6GvcudgLm7DDnfwP
fjNpiLOjismSDWLoXc2zQdifeIynP03JYlhkrAUB8dNr
-----END CERTIFICATE-----