Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/cmtBdOCILkEpeMQ7nTtedr-YqAw.roa
File:                     cmtBdOCILkEpeMQ7nTtedr-YqAw.roa (raw, json)
Hash identifier:          kTdG4fUvrCgfxX5To7+gyq5P7Zn1jeDSWBCTvCz7GNo=
Subject key identifier:   72:6B:41:74:E0:88:2E:41:29:78:C4:3B:9D:3B:5E:76:BF:98:A8:0C
Certificate issuer:       /CN=74a8d8472906c2038aaec84c7b3e56c2096be860
Certificate serial:       018CC64B81C3B7CD35A31EA162E71556BA02
Authority key identifier: 74:A8:D8:47:29:06:C2:03:8A:AE:C8:4C:7B:3E:56:C2:09:6B:E8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/cmtBdOCILkEpeMQ7nTtedr-YqAw.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212493
IP address blocks:        193.163.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:c3:b7:cd:35:a3:1e:a1:62:e7:15:56:ba:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74a8d8472906c2038aaec84c7b3e56c2096be860
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=726b4174e0882e412978c43b9d3b5e76bf98a80c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a3:c7:e0:fc:65:af:16:0a:6a:df:65:a7:65:
                    9b:84:d5:25:c8:63:d7:7a:26:d3:1e:d5:6e:da:01:
                    60:09:3c:72:b5:b6:de:94:df:01:06:ec:22:a6:4f:
                    1a:05:c0:ea:f0:7e:23:dd:0d:61:0d:83:57:f2:bb:
                    10:86:95:de:0e:2e:3f:23:37:1c:ad:cb:d1:ec:fb:
                    2e:1a:3b:79:aa:b8:67:8f:3f:27:6d:17:bb:50:41:
                    cf:ec:26:6a:13:e4:4f:d6:32:37:6f:0f:50:56:5c:
                    ea:11:6f:9a:5f:cd:19:a8:3b:62:a4:8a:47:dc:dd:
                    f1:9b:ac:71:70:2e:7b:96:69:58:a6:d2:e1:10:c1:
                    9a:cc:18:60:da:db:5e:ab:e8:b2:c3:ba:84:6b:6a:
                    22:9b:d9:99:38:7d:a4:6a:c6:90:54:05:a9:c7:2f:
                    d8:b6:cb:ab:f1:48:fd:e6:b4:8c:69:a0:d7:41:31:
                    71:fd:67:83:9c:c2:91:7e:53:19:65:ce:cd:e2:6a:
                    35:ca:09:d5:8c:ad:9d:c1:d8:cf:c8:d0:d3:f4:e4:
                    0d:2c:57:6a:98:66:74:cd:43:72:ed:05:eb:1c:a7:
                    2d:94:ac:5a:7b:78:7f:ff:37:20:00:01:d9:0c:cf:
                    92:9a:74:77:89:31:ad:12:b1:8f:9e:b9:95:f0:0a:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6B:41:74:E0:88:2E:41:29:78:C4:3B:9D:3B:5E:76:BF:98:A8:0C
            X509v3 Authority Key Identifier:
                keyid:74:A8:D8:47:29:06:C2:03:8A:AE:C8:4C:7B:3E:56:C2:09:6B:E8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/cmtBdOCILkEpeMQ7nTtedr-YqAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e5:b6:03:bc:64:f2:84:7c:f5:7e:f9:3a:20:90:04:d0:1b:
         5d:1f:82:0a:a1:ff:f2:d7:8f:e4:21:b8:0b:ba:9b:03:43:88:
         4c:27:e9:33:bb:8d:a4:5b:1d:e7:5c:8a:73:56:21:97:2b:b5:
         33:53:37:48:ee:74:e2:d3:fb:b1:ae:a7:c9:4b:04:a1:a6:e2:
         0e:0a:54:f5:dd:aa:5c:ad:44:fb:85:07:36:cc:64:58:fa:1e:
         5d:fc:0c:e3:e8:91:61:15:e3:e7:26:cf:ab:f1:45:94:ec:1f:
         af:1e:d8:41:bf:d4:fd:e3:76:b8:c5:5a:5d:fd:fe:bd:14:de:
         79:d3:f6:d8:59:7d:6c:a3:e9:59:5d:92:84:71:f8:c9:75:38:
         c4:f4:45:d8:51:0f:45:7b:ac:c8:fc:ea:0c:6e:04:1b:ca:e0:
         a7:a5:84:e8:fd:45:77:aa:12:66:21:c8:15:ba:3c:fc:64:2a:
         0d:5b:a0:f5:ab:ce:44:bf:ba:0d:2e:43:09:69:0c:7a:ba:23:
         09:58:69:5e:3a:65:34:ff:63:8e:32:2c:c1:c5:3b:66:ba:da:
         c8:fb:cf:bf:d0:f0:b5:97:8c:eb:8f:6c:d1:29:65:4a:2b:b2:
         7f:24:44:dd:b6:8b:0e:58:02:7f:13:8c:e1:62:e1:01:a5:ac:
         21:bd:d1:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4HDt801ox6hYucVVroCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YThkODQ3MjkwNmMyMDM4YWFlYzg0YzdiM2U1NmMyMDk2
YmU4NjAwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjZiNDE3NGUwODgyZTQxMjk3OGM0M2I5ZDNiNWU3NmJmOThhODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6PH4PxlrxYKat9lp2WbhNUlyGPX
eibTHtVu2gFgCTxytbbelN8BBuwipk8aBcDq8H4j3Q1hDYNX8rsQhpXeDi4/Izcc
rcvR7PsuGjt5qrhnjz8nbRe7UEHP7CZqE+RP1jI3bw9QVlzqEW+aX80ZqDtipIpH
3N3xm6xxcC57lmlYptLhEMGazBhg2tteq+iyw7qEa2oim9mZOH2kasaQVAWpxy/Y
tsur8Uj95rSMaaDXQTFx/WeDnMKRflMZZc7N4mo1ygnVjK2dwdjPyNDT9OQNLFdq
mGZ0zUNy7QXrHKctlKxae3h//zcgAAHZDM+SmnR3iTGtErGPnrmV8AppxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJrQXTgiC5BKXjEO507Xna/mKgMMB8GA1UdIwQY
MBaAFHSo2EcpBsIDiq7ITHs+VsIJa+hgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtqWVJ5a0d3Z09LcnNoTWV6NVd3Z2xyNkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kNGQ1MTktZTc3NC00MTVhLTkzYWIt
Mzk1NmU1NmMxODM1LzEvY210QmRPQ0lMa0VwZU1RN25UdGVkci1ZcUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kNGQ1MTktZTc3NC00MTVhLTkzYWItMzk1NmU1NmMxODM1
LzEvZEtqWVJ5a0d3Z09LcnNoTWV6NVd3Z2xyNkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMxMA0G
CSqGSIb3DQEBCwUAA4IBAQAN5bYDvGTyhHz1fvk6IJAE0BtdH4IKof/y14/kIbgL
upsDQ4hMJ+kzu42kWx3nXIpzViGXK7UzUzdI7nTi0/uxrqfJSwShpuIOClT13apc
rUT7hQc2zGRY+h5d/Azj6JFhFePnJs+r8UWU7B+vHthBv9T943a4xVpd/f69FN55
0/bYWX1so+lZXZKEcfjJdTjE9EXYUQ9Fe6zI/OoMbgQbyuCnpYTo/UV3qhJmIcgV
ujz8ZCoNW6D1q85Ev7oNLkMJaQx6uiMJWGleOmU0/2OOMizBxTtmutrI+8+/0PC1
l4zrj2zRKWVKK7J/JETdtosOWAJ/E4zhYuEBpawhvdES
-----END CERTIFICATE-----