Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/L2WDG0M4vZB1RAwUwcOCu0w0TBM.roa
File:                     L2WDG0M4vZB1RAwUwcOCu0w0TBM.roa (raw, json)
Hash identifier:          tOJ5h8use5oJSvvQIpWOgcEee6RPkP9tLrp6Oc+hRtA=
Subject key identifier:   2F:65:83:1B:43:38:BD:90:75:44:0C:14:C1:C3:82:BB:4C:34:4C:13
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       018CC7934EAFBD8B2240A4CB9BF6B0621A7A
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/L2WDG0M4vZB1RAwUwcOCu0w0TBM.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208794
IP address blocks:        193.43.139.0/24 maxlen: 24
                          2a0e:b280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:4e:af:bd:8b:22:40:a4:cb:9b:f6:b0:62:1a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f65831b4338bd9075440c14c1c382bb4c344c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fa:77:71:aa:3a:a7:b4:43:3d:35:c5:bb:10:
                    eb:53:fb:91:76:8d:f3:10:76:05:17:91:64:ff:e7:
                    b7:fa:4e:10:d3:55:ed:ed:7e:f3:3b:97:fc:0d:d2:
                    90:40:16:17:b8:11:12:a2:a2:3b:3b:c0:af:c7:e1:
                    95:31:d5:9c:6d:57:8f:7c:a9:16:9e:54:3f:97:85:
                    9b:46:53:6f:de:02:a3:72:6a:46:21:be:0a:eb:a8:
                    38:b7:f6:03:c4:4a:b6:67:d2:cb:d7:cf:7c:5f:44:
                    1d:be:fe:66:73:39:25:3e:2d:ee:97:c5:ef:5d:b5:
                    78:5e:72:3e:3c:de:ec:6c:59:e5:20:98:6f:c6:4c:
                    17:58:b7:5a:b1:fb:5d:0a:2c:7c:e8:e1:43:4c:df:
                    67:c7:ff:16:0b:ed:0d:7d:06:4e:b8:a5:90:4f:d5:
                    ab:20:41:15:6c:f4:a5:e3:16:75:dd:50:3b:c2:ba:
                    5e:b7:e9:7b:da:bd:24:da:10:03:ab:1d:0b:e7:cf:
                    99:71:31:5d:ee:59:df:f5:9c:44:cf:c8:7b:57:a8:
                    bc:31:b6:88:20:6b:98:30:9a:6d:e6:67:36:40:b6:
                    f8:c0:46:ed:92:d4:71:d1:80:a4:c4:72:0d:6a:cb:
                    6d:03:02:e3:1b:e8:d8:63:94:54:68:22:7d:3a:2b:
                    d3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:65:83:1B:43:38:BD:90:75:44:0C:14:C1:C3:82:BB:4C:34:4C:13
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/L2WDG0M4vZB1RAwUwcOCu0w0TBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.139.0/24
                IPv6:
                  2a0e:b280::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:f2:aa:cc:bf:52:7a:11:70:79:80:8e:54:62:5e:84:1c:39:
         8f:f5:5e:4c:9f:3e:46:2d:17:d3:fc:40:af:72:55:a1:50:0a:
         f2:54:36:ad:0f:56:82:10:a7:65:57:46:be:de:af:63:cc:97:
         a9:3a:b3:af:fd:c6:d9:97:63:df:0c:75:db:a3:db:a7:6f:42:
         6e:51:5b:cb:df:c5:09:09:19:28:59:b0:7f:51:0a:aa:b9:ab:
         c9:04:de:77:00:92:a8:b8:39:8a:a7:6d:17:87:36:09:1e:2b:
         89:b2:57:94:97:09:38:01:18:c6:78:9b:51:7e:ae:37:94:24:
         28:67:8d:83:1c:67:e6:44:c9:53:c8:fc:65:e6:5c:53:4f:ee:
         96:c6:88:a4:99:95:e9:63:51:91:67:f6:34:56:29:3c:72:5d:
         4d:6a:c6:6c:3e:51:99:b7:df:a7:51:0e:c7:f9:51:e5:62:12:
         34:0d:8c:f0:ef:c9:4d:d1:60:90:32:04:d9:ea:02:81:3e:8e:
         6e:df:8c:86:04:d5:4a:60:32:2c:d2:23:a2:7e:4f:17:63:59:
         5f:c9:4e:10:05:08:29:87:41:07:19:61:82:c3:6d:d4:e5:d5:
         9a:61:9e:06:fe:10:9d:3b:d0:cd:4b:13:42:e2:f0:61:8e:83:
         3f:8a:76:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk06vvYsiQKTLm/awYhp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY1ODMxYjQzMzhiZDkwNzU0NDBjMTRjMWMzODJiYjRjMzQ0YzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfp3cao6p7RDPTXFuxDrU/uRdo3z
EHYFF5Fk/+e3+k4Q01Xt7X7zO5f8DdKQQBYXuBESoqI7O8Cvx+GVMdWcbVePfKkW
nlQ/l4WbRlNv3gKjcmpGIb4K66g4t/YDxEq2Z9LL1898X0Qdvv5mczklPi3ul8Xv
XbV4XnI+PN7sbFnlIJhvxkwXWLdasftdCix86OFDTN9nx/8WC+0NfQZOuKWQT9Wr
IEEVbPSl4xZ13VA7wrpet+l72r0k2hADqx0L58+ZcTFd7lnf9ZxEz8h7V6i8MbaI
IGuYMJpt5mc2QLb4wEbtktRx0YCkxHINasttAwLjG+jYY5RUaCJ9OivTHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC9lgxtDOL2QdUQMFMHDgrtMNEwTMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvTDJXREcwTTR2WkIxUkF3VXdjT0N1MHcwVEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSuLMA0E
AgACMAcDBQMqDrKAMA0GCSqGSIb3DQEBCwUAA4IBAQB48qrMv1J6EXB5gI5UYl6E
HDmP9V5Mnz5GLRfT/ECvclWhUAryVDatD1aCEKdlV0a+3q9jzJepOrOv/cbZl2Pf
DHXbo9unb0JuUVvL38UJCRkoWbB/UQqquavJBN53AJKouDmKp20XhzYJHiuJsleU
lwk4ARjGeJtRfq43lCQoZ42DHGfmRMlTyPxl5lxTT+6WxoikmZXpY1GRZ/Y0Vik8
cl1NasZsPlGZt9+nUQ7H+VHlYhI0DYzw78lN0WCQMgTZ6gKBPo5u34yGBNVKYDIs
0iOifk8XY1lfyU4QBQgph0EHGWGCw23U5dWaYZ4G/hCdO9DNSxNC4vBhjoM/inZI
-----END CERTIFICATE-----