Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/dsLG2j4EWWmiv7tptAS2-fkcXU0.roa
File:                     dsLG2j4EWWmiv7tptAS2-fkcXU0.roa (raw, json)
Hash identifier:          ADLTdWLJS9zEs/uQjjxNH0vaJWWshki3RYpjC8+gtcU=
Subject key identifier:   76:C2:C6:DA:3E:04:59:69:A2:BF:BB:69:B4:04:B6:F9:F9:1C:5D:4D
Certificate issuer:       /CN=08fcf0ed5b5677c1155f2b784c6d73d8093af1aa
Certificate serial:       01942520B82C91DE9F0E18E31714E83D07B4
Authority key identifier: 08:FC:F0:ED:5B:56:77:C1:15:5F:2B:78:4C:6D:73:D8:09:3A:F1:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/dsLG2j4EWWmiv7tptAS2-fkcXU0.roa
Signing time:             Thu 02 Jan 2025 03:48:08 +0000
ROA not before:           Thu 02 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15763
IP address blocks:        193.28.40.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:b8:2c:91:de:9f:0e:18:e3:17:14:e8:3d:07:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fcf0ed5b5677c1155f2b784c6d73d8093af1aa
        Validity
            Not Before: Jan  2 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76c2c6da3e045969a2bfbb69b404b6f9f91c5d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:b5:79:95:4f:91:72:52:a6:a9:58:89:d3:
                    5c:de:85:ee:7f:b2:39:a8:a9:5a:e6:98:78:70:72:
                    e2:e1:07:eb:0c:e2:51:6c:8c:8e:18:76:7c:a2:db:
                    43:4c:da:b6:2a:c0:57:89:4d:a4:f7:20:6e:87:d5:
                    7e:47:e9:d0:bf:7b:ec:72:13:76:96:cd:d7:90:96:
                    9b:91:fe:1c:b8:ee:e5:cd:64:fe:9b:ef:20:ed:69:
                    7e:34:8f:66:04:f0:51:e1:f4:94:20:36:dc:df:e6:
                    c5:36:07:dc:f6:dc:6e:48:cd:c3:1d:8a:fc:fd:56:
                    00:be:be:49:1b:4e:ab:39:16:19:75:1e:e9:75:e1:
                    2b:3f:02:53:29:68:eb:5a:68:d9:1f:13:52:34:af:
                    2b:0c:ac:00:17:7d:f4:a3:7c:d7:f4:73:fe:4f:f9:
                    e3:c6:d0:76:ed:fc:7c:51:18:39:6c:e2:3a:4e:da:
                    25:d5:5b:95:5b:01:54:a8:a1:43:16:6e:ef:7d:9d:
                    23:19:50:4a:0c:d4:fb:f8:45:e5:e1:a8:15:93:94:
                    cd:aa:d1:10:f6:a9:0d:58:80:fb:0a:0d:3f:80:bf:
                    6a:75:eb:a7:d9:2e:19:a1:dd:1a:09:8a:c1:b8:a3:
                    e4:5e:f3:7c:25:c4:13:4f:80:b8:49:32:8f:20:19:
                    d6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:C2:C6:DA:3E:04:59:69:A2:BF:BB:69:B4:04:B6:F9:F9:1C:5D:4D
            X509v3 Authority Key Identifier:
                keyid:08:FC:F0:ED:5B:56:77:C1:15:5F:2B:78:4C:6D:73:D8:09:3A:F1:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/dsLG2j4EWWmiv7tptAS2-fkcXU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:c9:db:6d:5b:80:bc:a3:40:b3:47:5a:d8:b8:7d:d5:9e:1b:
         f2:71:44:8e:79:a5:aa:3c:c4:bf:f5:ef:25:4b:ef:ee:71:14:
         ed:6e:90:e3:8d:67:3b:5d:4d:8e:7b:7c:e2:23:da:c6:1a:a8:
         2f:69:7d:ba:3f:f2:df:ae:c6:91:69:60:3b:95:19:52:73:ac:
         ce:00:c7:93:d0:22:88:9e:07:56:1a:1b:0f:cb:e5:e4:c1:3c:
         d6:6c:5a:de:38:fc:9d:eb:4b:77:87:04:e4:9a:66:b0:39:72:
         ec:3d:c0:76:4e:24:87:ab:e2:c5:cc:0d:37:e2:c6:2a:3f:72:
         cd:de:a2:aa:66:db:1a:fa:a7:4b:95:ba:68:0b:3b:a9:40:d3:
         78:17:53:62:10:83:3e:8d:87:52:b2:5d:9e:50:3b:c7:cf:27:
         87:06:fc:14:d0:96:61:a5:30:58:c2:76:86:ba:35:42:17:50:
         c2:a4:f3:bf:4a:7a:fa:13:09:2a:e0:3b:b7:c4:bc:f5:ed:d8:
         b2:be:4b:4d:85:9c:24:24:f0:72:67:f7:2d:cd:4e:3d:66:94:
         8a:fa:4b:7a:d2:89:7d:f4:a0:33:b9:55:eb:3f:ec:6a:21:1b:
         82:aa:6e:b1:78:5c:2c:19:72:01:60:6b:72:dc:05:ff:b7:a6:
         4a:b2:55:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlILgskd6fDhjjFxToPQe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNmMGVkNWI1Njc3YzExNTVmMmI3ODRjNmQ3M2Q4MDkz
YWYxYWEwHhcNMjUwMTAyMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmMyYzZkYTNlMDQ1OTY5YTJiZmJiNjliNDA0YjZmOWY5MWM1ZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF61eZVPkXJSpqlYidNc3oXuf7I5
qKla5ph4cHLi4QfrDOJRbIyOGHZ8ottDTNq2KsBXiU2k9yBuh9V+R+nQv3vschN2
ls3XkJabkf4cuO7lzWT+m+8g7Wl+NI9mBPBR4fSUIDbc3+bFNgfc9txuSM3DHYr8
/VYAvr5JG06rORYZdR7pdeErPwJTKWjrWmjZHxNSNK8rDKwAF330o3zX9HP+T/nj
xtB27fx8URg5bOI6Ttol1VuVWwFUqKFDFm7vfZ0jGVBKDNT7+EXl4agVk5TNqtEQ
9qkNWID7Cg0/gL9qdeun2S4Zod0aCYrBuKPkXvN8JcQTT4C4STKPIBnW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbCxto+BFlpor+7abQEtvn5HF1NMB8GA1UdIwQY
MBaAFAj88O1bVnfBFV8reExtc9gJOvGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B6dzdWdFdkOEVWWHl0NFRHMXoyQWs2OGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80OTNiOTgtN2Y1OS00ZjYxLTk5NDUt
MWU4ZGRhZmUzYTE0LzEvZHNMRzJqNEVXV21pdjd0cHRBUzItZmtjWFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80OTNiOTgtN2Y1OS00ZjYxLTk5NDUtMWU4ZGRhZmUzYTE0
LzEvQ1B6dzdWdFdkOEVWWHl0NFRHMXoyQWs2OGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRwoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOydttW4C8o0CzR1rYuH3VnhvycUSOeaWqPMS/9e8l
S+/ucRTtbpDjjWc7XU2Oe3ziI9rGGqgvaX26P/LfrsaRaWA7lRlSc6zOAMeT0CKI
ngdWGhsPy+XkwTzWbFreOPyd60t3hwTkmmawOXLsPcB2TiSHq+LFzA034sYqP3LN
3qKqZtsa+qdLlbpoCzupQNN4F1NiEIM+jYdSsl2eUDvHzyeHBvwU0JZhpTBYwnaG
ujVCF1DCpPO/Snr6Ewkq4Du3xLz17diyvktNhZwkJPByZ/ctzU49ZpSK+kt60ol9
9KAzuVXrP+xqIRuCqm6xeFwsGXIBYGty3AX/t6ZKslXm
-----END CERTIFICATE-----