Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/gKb8uk1G68e1uJEfcRBeuBCuzXQ.roa
File:                     gKb8uk1G68e1uJEfcRBeuBCuzXQ.roa (raw, json)
Hash identifier:          3Ak6NVs0IkrUoYVdVFdWPgldY9h8ZHwpzdF/qDsDHBc=
Subject key identifier:   80:A6:FC:BA:4D:46:EB:C7:B5:B8:91:1F:71:10:5E:B8:10:AE:CD:74
Certificate issuer:       /CN=53eaa19ca27a6f57f2cbb4e463720b436af17dea
Certificate serial:       018CEE5E3660983BEB6987FA58761C8BF9F9
Authority key identifier: 53:EA:A1:9C:A2:7A:6F:57:F2:CB:B4:E4:63:72:0B:43:6A:F1:7D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/gKb8uk1G68e1uJEfcRBeuBCuzXQ.roa
Signing time:             Tue 09 Jan 2024 13:16:40 +0000
ROA not before:           Tue 09 Jan 2024 13:16:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1835
IP address blocks:        193.163.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:5e:36:60:98:3b:eb:69:87:fa:58:76:1c:8b:f9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53eaa19ca27a6f57f2cbb4e463720b436af17dea
        Validity
            Not Before: Jan  9 13:16:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80a6fcba4d46ebc7b5b8911f71105eb810aecd74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:88:d8:93:42:22:ea:59:cb:cc:59:13:00:49:
                    b2:4b:8e:ba:4d:01:c1:b8:e7:34:1e:e2:e4:3a:6c:
                    14:21:54:15:cb:be:af:3e:0d:1e:b1:d9:f3:e8:13:
                    4b:8c:9f:a2:c2:c3:99:39:29:ea:be:3c:ac:7f:a1:
                    12:8d:ba:04:b1:00:64:34:45:ea:bf:88:82:ed:0b:
                    24:45:b0:d3:8e:3a:7a:73:f3:78:ab:53:b4:49:32:
                    1b:4d:cc:6d:f3:a5:3e:2c:0a:5c:d4:23:4b:68:3a:
                    85:1d:3b:42:39:06:4f:2b:94:df:70:ba:eb:03:ab:
                    1c:a2:d5:0c:2d:a6:a6:98:0d:25:3c:61:63:89:da:
                    3f:cd:46:ed:4a:f9:54:f7:e3:3d:c4:19:7e:dd:8b:
                    47:9c:4d:96:34:6a:08:e5:9b:9f:3d:5a:92:74:5e:
                    1f:aa:51:4a:35:4e:e2:9c:78:d0:9e:e8:ed:50:8a:
                    76:0b:06:da:9b:e3:4e:c6:8b:30:77:08:13:82:50:
                    6d:0a:53:6e:97:d4:11:cf:a6:13:ec:8a:13:ff:fe:
                    b8:86:12:cc:43:a3:1c:b1:26:b3:f1:e1:dd:c3:0b:
                    2d:6b:62:3a:8c:2e:ed:17:c9:79:a7:bc:7f:eb:3e:
                    14:f0:a5:54:4a:85:b7:05:06:77:9e:05:42:71:4f:
                    85:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A6:FC:BA:4D:46:EB:C7:B5:B8:91:1F:71:10:5E:B8:10:AE:CD:74
            X509v3 Authority Key Identifier:
                keyid:53:EA:A1:9C:A2:7A:6F:57:F2:CB:B4:E4:63:72:0B:43:6A:F1:7D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/gKb8uk1G68e1uJEfcRBeuBCuzXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/0d3b2b-e304-4d61-b6d0-27e8f4f1c684/1/U-qhnKJ6b1fyy7TkY3ILQ2rxfeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:6f:0f:af:51:24:b5:c7:15:f5:37:55:40:53:0a:a4:86:21:
         df:59:e0:d1:82:8e:9b:87:0a:1b:85:99:93:ec:5f:92:ac:c7:
         f3:c7:64:a9:37:16:2d:4c:f6:28:78:f4:af:9d:ca:41:55:60:
         af:4c:b0:49:a6:8b:8c:5e:13:f3:c4:db:e2:5f:29:b7:28:dd:
         85:1e:2e:2b:66:c6:1c:05:51:d9:3f:30:6b:e7:c3:31:41:84:
         88:58:fd:da:49:8f:b4:ce:5b:e9:10:ed:e0:f1:9c:08:71:c7:
         bc:f6:b3:05:4c:fb:4c:a4:20:e9:bd:c5:86:46:cc:31:6d:6b:
         82:a8:ef:2e:a5:bc:bd:4c:30:ad:9f:16:ab:ce:19:03:26:8d:
         c7:54:7e:87:f7:a3:4b:d5:43:a9:6b:aa:f4:92:91:08:32:25:
         72:c1:a5:ab:74:c7:60:81:d7:c3:98:89:96:89:de:62:00:49:
         08:4d:1b:b2:13:ed:b6:95:7b:7d:f7:e4:93:75:31:65:ba:fc:
         6f:73:6f:97:7f:63:ca:ce:8b:63:ec:1a:89:ea:17:fa:83:26:
         bb:87:3c:4e:73:95:ea:b3:8b:c7:fe:7c:40:3c:78:37:8f:a0:
         de:3d:dd:d4:06:e0:85:0b:e7:f9:75:ed:5a:d8:d9:6e:38:db:
         59:80:bc:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuXjZgmDvraYf6WHYci/n5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZWFhMTljYTI3YTZmNTdmMmNiYjRlNDYzNzIwYjQzNmFm
MTdkZWEwHhcNMjQwMTA5MTMxNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE2ZmNiYTRkNDZlYmM3YjViODkxMWY3MTEwNWViODEwYWVjZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIjYk0Ii6lnLzFkTAEmyS466TQHB
uOc0HuLkOmwUIVQVy76vPg0esdnz6BNLjJ+iwsOZOSnqvjysf6ESjboEsQBkNEXq
v4iC7QskRbDTjjp6c/N4q1O0STIbTcxt86U+LApc1CNLaDqFHTtCOQZPK5TfcLrr
A6scotUMLaammA0lPGFjido/zUbtSvlU9+M9xBl+3YtHnE2WNGoI5ZufPVqSdF4f
qlFKNU7inHjQnujtUIp2Cwbam+NOxoswdwgTglBtClNul9QRz6YT7IoT//64hhLM
Q6McsSaz8eHdwwsta2I6jC7tF8l5p7x/6z4U8KVUSoW3BQZ3ngVCcU+FZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICm/LpNRuvHtbiRH3EQXrgQrs10MB8GA1UdIwQY
MBaAFFPqoZyiem9X8su05GNyC0Nq8X3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVS1xaG5LSjZiMWZ5eTdUa1kzSUxRMnJ4ZmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8wZDNiMmItZTMwNC00ZDYxLWI2ZDAt
MjdlOGY0ZjFjNjg0LzEvZ0tiOHVrMUc2OGUxdUpFZmNSQmV1QkN1elhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8wZDNiMmItZTMwNC00ZDYxLWI2ZDAtMjdlOGY0ZjFjNjg0
LzEvVS1xaG5LSjZiMWZ5eTdUa1kzSUxRMnJ4ZmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMuMA0G
CSqGSIb3DQEBCwUAA4IBAQBgbw+vUSS1xxX1N1VAUwqkhiHfWeDRgo6bhwobhZmT
7F+SrMfzx2SpNxYtTPYoePSvncpBVWCvTLBJpouMXhPzxNviXym3KN2FHi4rZsYc
BVHZPzBr58MxQYSIWP3aSY+0zlvpEO3g8ZwIcce89rMFTPtMpCDpvcWGRswxbWuC
qO8upby9TDCtnxarzhkDJo3HVH6H96NL1UOpa6r0kpEIMiVywaWrdMdggdfDmImW
id5iAEkITRuyE+22lXt99+STdTFluvxvc2+Xf2PKzotj7BqJ6hf6gya7hzxOc5Xq
s4vH/nxAPHg3j6DePd3UBuCFC+f5de1a2NluONtZgLwR
-----END CERTIFICATE-----