Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/VQz3eW_dBjkYxTKmAxp_pbegxBo.roa
File:                     VQz3eW_dBjkYxTKmAxp_pbegxBo.roa (raw, json)
Hash identifier:          bq6u53uhZlAtEcWcq1oqpCNaSDkmxdZcAiFCl3OVZiw=
Subject key identifier:   55:0C:F7:79:6F:DD:06:39:18:C5:32:A6:03:1A:7F:A5:B7:A0:C4:1A
Certificate issuer:       /CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Certificate serial:       018CC870A5EA81E76FAC9D0A68F31255D36E
Authority key identifier: DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/VQz3eW_dBjkYxTKmAxp_pbegxBo.roa
Signing time:             Tue 02 Jan 2024 04:31:14 +0000
ROA not before:           Tue 02 Jan 2024 04:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41241
IP address blocks:        193.16.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a5:ea:81:e7:6f:ac:9d:0a:68:f3:12:55:d3:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
        Validity
            Not Before: Jan  2 04:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550cf7796fdd063918c532a6031a7fa5b7a0c41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:83:4a:38:02:dd:a6:9e:fa:43:f5:05:56:e9:
                    a1:61:36:b3:8e:49:25:1f:7f:92:a6:c2:63:68:1b:
                    8a:b5:84:5f:7e:65:af:eb:d1:29:a2:c1:2b:8b:e6:
                    5f:1c:c3:41:27:82:cf:ad:2e:5d:b2:df:a3:38:21:
                    00:e0:c4:f4:61:4e:00:74:e6:06:5e:84:ca:ea:31:
                    1f:75:8e:aa:aa:8e:ba:7a:08:f7:91:55:b3:37:56:
                    b5:1f:a5:2e:64:09:81:2e:df:6a:f5:f4:41:7c:96:
                    c3:f3:a3:0e:75:a9:d0:95:07:16:e0:ed:36:57:18:
                    80:26:cb:e2:b0:ef:01:58:f8:69:76:76:7d:94:27:
                    eb:14:1e:b8:51:2a:2e:2d:57:9d:93:05:eb:ae:90:
                    d7:40:76:f0:66:0d:2f:f0:54:17:97:be:7a:7f:08:
                    67:93:95:a3:cc:1a:35:56:fd:96:3c:7f:ed:f9:6a:
                    db:a4:2a:e2:ab:99:06:32:3a:8d:0b:ef:ff:e6:97:
                    60:f0:1a:96:65:c9:fe:e6:f9:b6:d3:5f:c2:f1:c5:
                    31:e3:cf:16:ef:0f:6b:78:62:5d:a0:8b:33:66:a9:
                    98:c8:82:c1:b9:18:0c:ca:3e:cb:a9:6d:02:db:ff:
                    6b:48:27:16:88:14:79:eb:93:ea:8c:1e:4f:bd:ac:
                    43:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0C:F7:79:6F:DD:06:39:18:C5:32:A6:03:1A:7F:A5:B7:A0:C4:1A
            X509v3 Authority Key Identifier:
                keyid:DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/VQz3eW_dBjkYxTKmAxp_pbegxBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:9d:0b:08:96:7d:e5:77:53:f5:f0:fc:c3:a9:b8:92:21:83:
         f2:58:11:99:85:83:0e:62:79:66:83:4d:8b:c1:39:90:f4:79:
         e1:1a:ec:10:bf:9a:8c:dd:1a:64:54:00:4d:5a:1d:74:77:13:
         67:28:22:c3:ad:1f:b9:d2:94:47:d6:42:11:6c:34:d3:ba:79:
         12:0f:4c:e6:81:e1:c8:0f:0c:de:cd:cb:02:3c:fb:be:85:99:
         87:ba:da:d4:5b:72:65:f1:b1:95:c5:94:9f:76:52:40:a0:9f:
         c5:2a:b9:cb:91:9b:7a:27:5e:06:22:20:df:86:20:22:a6:46:
         ed:ca:88:fa:c2:f8:56:09:da:95:50:0f:1d:5c:e9:34:59:3f:
         42:6f:fa:30:0a:91:b6:d6:43:f5:8e:98:95:b8:ea:07:e3:56:
         dc:af:85:4a:4a:00:eb:ff:60:1a:37:a1:82:89:35:c7:d9:0d:
         0c:7c:c3:e5:72:97:f1:eb:c6:78:1f:3f:d2:8f:d6:33:f1:86:
         18:73:70:2f:a9:d3:92:a1:23:49:eb:f7:ba:b9:5e:4c:29:dd:
         86:df:e8:e6:7b:82:83:01:12:b1:26:93:93:26:97:18:22:e7:
         65:7f:d7:8f:ac:c6:27:54:5a:ac:89:df:8d:5d:bc:99:92:36:
         fd:34:42:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcKXqgedvrJ0KaPMSVdNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2MyYmJhZjNlMGQ0MzQyYTAxNGY4YjcwZjg3M2NlZTlh
OGNhYzUwHhcNMjQwMTAyMDQzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBjZjc3OTZmZGQwNjM5MThjNTMyYTYwMzFhN2ZhNWI3YTBjNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYNKOALdpp76Q/UFVumhYTazjkkl
H3+SpsJjaBuKtYRffmWv69EposEri+ZfHMNBJ4LPrS5dst+jOCEA4MT0YU4AdOYG
XoTK6jEfdY6qqo66egj3kVWzN1a1H6UuZAmBLt9q9fRBfJbD86MOdanQlQcW4O02
VxiAJsvisO8BWPhpdnZ9lCfrFB64USouLVedkwXrrpDXQHbwZg0v8FQXl756fwhn
k5WjzBo1Vv2WPH/t+WrbpCriq5kGMjqNC+//5pdg8BqWZcn+5vm201/C8cUx488W
7w9reGJdoIszZqmYyILBuRgMyj7LqW0C2/9rSCcWiBR565PqjB5PvaxDBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUM93lv3QY5GMUypgMaf6W3oMQaMB8GA1UdIwQY
MBaAFNvMK7rz4NQ0KgFPi3D4c87pqMrFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4Yzkt
ZjRkNWU4NGFjMWRkLzEvVlF6M2VXX2RCamtZeFRLbUF4cF9wYmVneEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4YzktZjRkNWU4NGFjMWRk
LzEvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRDqMA0G
CSqGSIb3DQEBCwUAA4IBAQBwnQsIln3ld1P18PzDqbiSIYPyWBGZhYMOYnlmg02L
wTmQ9HnhGuwQv5qM3RpkVABNWh10dxNnKCLDrR+50pRH1kIRbDTTunkSD0zmgeHI
DwzezcsCPPu+hZmHutrUW3Jl8bGVxZSfdlJAoJ/FKrnLkZt6J14GIiDfhiAipkbt
yoj6wvhWCdqVUA8dXOk0WT9Cb/owCpG21kP1jpiVuOoH41bcr4VKSgDr/2AaN6GC
iTXH2Q0MfMPlcpfx68Z4Hz/Sj9Yz8YYYc3AvqdOSoSNJ6/e6uV5MKd2G3+jme4KD
ARKxJpOTJpcYIudlf9ePrMYnVFqsid+NXbyZkjb9NEJ0
-----END CERTIFICATE-----