Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/xdObqc4C4XdcURtHTYFpTFSQNd0.roa
File:                     xdObqc4C4XdcURtHTYFpTFSQNd0.roa (raw, json)
Hash identifier:          zKw8GAEvJjyEOtYkeb9mjmRi1dTSmjJoDOMlI/xabpY=
Subject key identifier:   C5:D3:9B:A9:CE:02:E1:77:5C:51:1B:47:4D:81:69:4C:54:90:35:DD
Certificate issuer:       /CN=9c8a1876fddc2b63748b457b770b79a7e66e793c
Certificate serial:       018CC8DED22F6417D9FEC40C8F95D8CC8C11
Authority key identifier: 9C:8A:18:76:FD:DC:2B:63:74:8B:45:7B:77:0B:79:A7:E6:6E:79:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/xdObqc4C4XdcURtHTYFpTFSQNd0.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209585
IP address blocks:        193.16.97.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d2:2f:64:17:d9:fe:c4:0c:8f:95:d8:cc:8c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c8a1876fddc2b63748b457b770b79a7e66e793c
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5d39ba9ce02e1775c511b474d81694c549035dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:31:f0:b6:ad:7e:23:c8:6f:9e:c5:14:af:8b:
                    15:21:07:07:bb:0b:5e:e3:a8:a1:0a:9c:21:74:ef:
                    9c:b4:ae:82:a3:d5:e5:16:96:63:aa:54:36:a6:1e:
                    5e:a4:60:e3:ac:95:5b:3c:4e:ab:11:e7:36:f4:89:
                    c4:41:f5:38:37:c4:95:72:bd:f7:6f:6c:36:52:f8:
                    fd:15:b8:98:ba:2d:5d:2d:37:7b:df:5e:b4:1b:d5:
                    04:ed:ff:4d:96:96:95:18:10:a9:42:de:34:e9:aa:
                    4a:23:66:0f:ca:0d:01:fe:67:9c:4c:37:b9:92:7e:
                    ed:8b:1a:b6:88:4a:86:de:06:02:29:4c:f6:62:37:
                    eb:74:7a:72:0c:0c:dc:b6:53:54:bc:26:83:5c:b9:
                    a9:ff:be:1f:ba:16:a7:e9:67:ae:d4:8c:be:51:b9:
                    2e:e5:d7:60:6b:8d:f9:84:3d:4d:4c:fd:21:d5:b6:
                    18:b8:24:9a:bf:1b:f7:57:e8:ac:6b:72:81:bc:4d:
                    64:8b:34:f7:f1:21:8a:60:8e:54:26:fa:e3:57:12:
                    fb:e4:a5:84:83:91:97:7b:8c:55:f0:f1:f6:b4:98:
                    d5:eb:e6:1a:0f:48:4c:fe:20:ef:07:9c:50:31:dd:
                    f0:2c:97:5c:2c:c7:7a:f0:9c:ff:91:aa:fa:cf:04:
                    ab:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D3:9B:A9:CE:02:E1:77:5C:51:1B:47:4D:81:69:4C:54:90:35:DD
            X509v3 Authority Key Identifier:
                keyid:9C:8A:18:76:FD:DC:2B:63:74:8B:45:7B:77:0B:79:A7:E6:6E:79:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/xdObqc4C4XdcURtHTYFpTFSQNd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:3f:e3:ca:95:92:9e:0d:c3:01:53:0e:e2:45:7b:46:e8:17:
         14:39:07:82:7b:6e:26:48:e3:d5:50:94:76:02:5c:1f:da:1d:
         1d:fc:ac:d9:41:eb:6d:b1:10:4e:02:b3:de:a4:70:c8:04:b7:
         e2:cf:91:4b:08:b4:fa:25:d5:46:28:a6:75:c2:a9:63:d4:0f:
         17:d1:16:91:be:21:be:07:20:93:1b:d0:58:71:f9:9e:d4:44:
         fa:d2:68:9d:f9:40:80:5a:92:d1:60:46:38:22:08:f6:84:45:
         13:0d:2c:82:d1:27:21:8e:13:ef:12:b2:79:29:8b:00:db:6f:
         8b:1b:8e:5c:a0:3a:7f:76:b1:36:ec:9b:c5:75:cf:83:1a:ba:
         c0:ca:76:4f:0a:af:3e:d0:27:4f:bd:e2:27:2b:0f:da:38:dd:
         da:2b:95:e2:a4:41:d3:7e:43:78:4d:34:dd:32:36:7a:79:76:
         ff:37:0b:b1:b9:2d:86:6e:db:bb:41:1f:ba:83:19:c6:3c:20:
         e9:ff:6e:0d:86:43:2f:61:63:16:ae:6e:ec:a7:a3:98:10:ae:
         a6:9e:c0:f1:c3:ea:93:c3:57:2f:db:ee:63:d1:6f:63:73:3e:
         94:18:47:94:0b:b7:02:e6:36:d2:46:9c:9c:ca:46:d4:14:b1:
         d4:3d:32:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tIvZBfZ/sQMj5XYzIwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOGExODc2ZmRkYzJiNjM3NDhiNDU3Yjc3MGI3OWE3ZTY2
ZTc5M2MwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQzOWJhOWNlMDJlMTc3NWM1MTFiNDc0ZDgxNjk0YzU0OTAzNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzHwtq1+I8hvnsUUr4sVIQcHuwte
46ihCpwhdO+ctK6Co9XlFpZjqlQ2ph5epGDjrJVbPE6rEec29InEQfU4N8SVcr33
b2w2Uvj9FbiYui1dLTd73160G9UE7f9NlpaVGBCpQt406apKI2YPyg0B/mecTDe5
kn7tixq2iEqG3gYCKUz2YjfrdHpyDAzctlNUvCaDXLmp/74fuhan6Weu1Iy+Ubku
5ddga435hD1NTP0h1bYYuCSavxv3V+isa3KBvE1kizT38SGKYI5UJvrjVxL75KWE
g5GXe4xV8PH2tJjV6+YaD0hM/iDvB5xQMd3wLJdcLMd68Jz/kar6zwSrIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXTm6nOAuF3XFEbR02BaUxUkDXdMB8GA1UdIwQY
MBaAFJyKGHb93CtjdItFe3cLeafmbnk8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbklvWWR2M2NLMk4waTBWN2R3dDVwLVp1ZVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85ZWE2OGYtNzQzZC00N2RhLWI3MWMt
NzA5ZmJlODRjZGZiLzEveGRPYnFjNEM0WGRjVVJ0SFRZRnBURlNRTmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85ZWE2OGYtNzQzZC00N2RhLWI3MWMtNzA5ZmJlODRjZGZi
LzEvbklvWWR2M2NLMk4waTBWN2R3dDVwLVp1ZVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBhMA0G
CSqGSIb3DQEBCwUAA4IBAQA5P+PKlZKeDcMBUw7iRXtG6BcUOQeCe24mSOPVUJR2
Alwf2h0d/KzZQettsRBOArPepHDIBLfiz5FLCLT6JdVGKKZ1wqlj1A8X0RaRviG+
ByCTG9BYcfme1ET60mid+UCAWpLRYEY4Igj2hEUTDSyC0SchjhPvErJ5KYsA22+L
G45coDp/drE27JvFdc+DGrrAynZPCq8+0CdPveInKw/aON3aK5XipEHTfkN4TTTd
MjZ6eXb/NwuxuS2Gbtu7QR+6gxnGPCDp/24NhkMvYWMWrm7sp6OYEK6mnsDxw+qT
w1cv2+5j0W9jcz6UGEeUC7cC5jbSRpycykbUFLHUPTK0
-----END CERTIFICATE-----