Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/0Xugtl_duHCCFAaqEHQ2XU5ScHc.roa
File:                     0Xugtl_duHCCFAaqEHQ2XU5ScHc.roa (raw, json)
Hash identifier:          gNTI4UxZPXWqUE8C9wkHBRzgfLTer6cMo55RwDi6phM=
Subject key identifier:   D1:7B:A0:B6:5F:DD:B8:70:82:14:06:AA:10:74:36:5D:4E:52:70:77
Certificate issuer:       /CN=ac9cb5a756cf54f694640c11f8e0bd19b2793da9
Certificate serial:       018CC8DF98933730591640BCAA526BEEF84E
Authority key identifier: AC:9C:B5:A7:56:CF:54:F6:94:64:0C:11:F8:E0:BD:19:B2:79:3D:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/0Xugtl_duHCCFAaqEHQ2XU5ScHc.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51790
IP address blocks:        193.3.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:98:93:37:30:59:16:40:bc:aa:52:6b:ee:f8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9cb5a756cf54f694640c11f8e0bd19b2793da9
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d17ba0b65fddb870821406aa1074365d4e527077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:28:08:2f:f4:91:b2:66:8e:5a:6f:68:45:5f:
                    37:f7:33:9b:1b:f4:3e:fb:ab:e0:3b:9e:47:df:1f:
                    d6:01:6d:01:dd:cb:a0:87:86:97:fb:45:55:31:ae:
                    27:0a:68:3d:43:44:6b:df:b7:8c:e5:9a:48:4f:5f:
                    3f:11:1c:4f:75:f2:9d:63:54:55:d1:34:ba:61:1e:
                    8d:62:e8:6e:c9:70:88:84:1b:56:b7:8d:19:50:36:
                    5b:b9:fc:6e:c6:e4:2f:ed:c8:19:b6:02:7a:1b:3b:
                    a5:0a:85:80:11:24:03:f9:71:4b:08:61:f6:e2:4b:
                    26:54:e6:22:ef:3a:e9:4e:dd:c7:21:f2:bc:81:26:
                    31:60:38:db:1d:b4:5e:06:cc:bc:fa:e1:32:5d:4a:
                    c1:01:f4:47:b5:88:8e:e6:3d:dd:00:0a:8e:65:24:
                    86:34:21:f3:29:6a:5f:a1:da:5d:0a:94:44:fb:44:
                    41:07:b5:0f:0c:00:de:60:e1:99:7a:d3:7b:f9:02:
                    de:8e:7b:69:33:57:b9:f3:a9:32:db:9d:e9:cb:9b:
                    7d:fd:a8:fd:01:e9:94:61:48:49:d6:9e:2a:f8:f7:
                    d5:21:95:73:cb:42:bd:a8:99:9f:cd:51:42:1e:c5:
                    90:6e:3c:94:c6:0b:77:36:46:3b:42:ef:47:55:2a:
                    87:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:7B:A0:B6:5F:DD:B8:70:82:14:06:AA:10:74:36:5D:4E:52:70:77
            X509v3 Authority Key Identifier:
                keyid:AC:9C:B5:A7:56:CF:54:F6:94:64:0C:11:F8:E0:BD:19:B2:79:3D:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/0Xugtl_duHCCFAaqEHQ2XU5ScHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:cb:fa:aa:71:1b:6e:b1:f8:ba:51:f2:62:9d:ff:59:2b:1b:
         51:06:b8:e0:1f:b3:bc:da:55:1c:b7:11:5f:33:01:96:b4:22:
         b5:8b:6d:ab:d3:3d:8a:1a:98:8b:92:a0:f2:f2:e4:43:7d:11:
         88:56:92:34:fa:76:75:9f:ac:05:fc:30:72:24:97:69:41:c7:
         aa:97:87:41:ff:a2:67:50:2b:0a:92:ff:c8:44:e6:5a:ad:1a:
         9e:60:94:2f:01:44:c3:8d:1d:ba:31:cb:1a:ed:20:6a:4e:ca:
         6a:15:79:de:ca:d4:41:d3:b1:e8:66:81:26:92:61:7c:ec:6c:
         ed:9d:5c:72:2e:06:13:be:25:83:d1:ab:6a:20:28:79:ba:c6:
         d3:42:93:a1:10:ac:6f:0e:e2:7b:75:de:c8:b7:1a:27:d6:72:
         62:94:7b:56:ed:a2:d0:33:9c:b3:f5:fb:7c:51:0b:1c:c2:96:
         26:d5:2b:29:dd:a1:91:2f:71:07:52:2a:0f:0e:e5:ba:ad:1f:
         35:92:0f:eb:5e:58:32:f9:24:a3:69:55:96:f5:49:b6:f8:58:
         91:0b:ed:29:0e:23:70:f0:8a:dc:c7:84:77:9e:38:af:19:70:
         10:3c:a5:ad:d5:b1:a3:a2:4a:6a:b2:f1:39:3a:e7:1b:c8:b0:
         e2:e7:da:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35iTNzBZFkC8qlJr7vhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWNiNWE3NTZjZjU0ZjY5NDY0MGMxMWY4ZTBiZDE5YjI3
OTNkYTkwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTdiYTBiNjVmZGRiODcwODIxNDA2YWExMDc0MzY1ZDRlNTI3MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCgIL/SRsmaOWm9oRV839zObG/Q+
+6vgO55H3x/WAW0B3cugh4aX+0VVMa4nCmg9Q0Rr37eM5ZpIT18/ERxPdfKdY1RV
0TS6YR6NYuhuyXCIhBtWt40ZUDZbufxuxuQv7cgZtgJ6GzulCoWAESQD+XFLCGH2
4ksmVOYi7zrpTt3HIfK8gSYxYDjbHbReBsy8+uEyXUrBAfRHtYiO5j3dAAqOZSSG
NCHzKWpfodpdCpRE+0RBB7UPDADeYOGZetN7+QLejntpM1e586ky253py5t9/aj9
AemUYUhJ1p4q+PfVIZVzy0K9qJmfzVFCHsWQbjyUxgt3NkY7Qu9HVSqH4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNF7oLZf3bhwghQGqhB0Nl1OUnB3MB8GA1UdIwQY
MBaAFKyctadWz1T2lGQMEfjgvRmyeT2pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckp5MXAxYlBWUGFVWkF3Ui1PQzlHYko1UGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9mNWYyYTktOGZiZS00Mjg2LWJiZGQt
ODI1NjkyNjk1MjExLzEvMFh1Z3RsX2R1SENDRkFhcUVIUTJYVTVTY0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9mNWYyYTktOGZiZS00Mjg2LWJiZGQtODI1NjkyNjk1MjEx
LzEvckp5MXAxYlBWUGFVWkF3Ui1PQzlHYko1UGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQM7MA0G
CSqGSIb3DQEBCwUAA4IBAQApy/qqcRtusfi6UfJinf9ZKxtRBrjgH7O82lUctxFf
MwGWtCK1i22r0z2KGpiLkqDy8uRDfRGIVpI0+nZ1n6wF/DByJJdpQceql4dB/6Jn
UCsKkv/IROZarRqeYJQvAUTDjR26Mcsa7SBqTspqFXneytRB07HoZoEmkmF87Gzt
nVxyLgYTviWD0atqICh5usbTQpOhEKxvDuJ7dd7Itxon1nJilHtW7aLQM5yz9ft8
UQscwpYm1Ssp3aGRL3EHUioPDuW6rR81kg/rXlgy+SSjaVWW9Um2+FiRC+0pDiNw
8Ircx4R3njivGXAQPKWt1bGjokpqsvE5OucbyLDi59o0
-----END CERTIFICATE-----