Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/bPGVmwC5wVAJLJY_VqBl6LkbGl4.roa
File:                     bPGVmwC5wVAJLJY_VqBl6LkbGl4.roa (raw, json)
Hash identifier:          bQFYpZP0FaCpt2r9gHDSzWGF2kjGlh8i3ok1643W9vI=
Subject key identifier:   6C:F1:95:9B:00:B9:C1:50:09:2C:96:3F:56:A0:65:E8:B9:1B:1A:5E
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018EC28E59103CEE6358D47A82B60BF406B6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/bPGVmwC5wVAJLJY_VqBl6LkbGl4.roa
Signing time:             Tue 09 Apr 2024 11:11:32 +0000
ROA not before:           Tue 09 Apr 2024 11:11:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        193.108.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 10:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:8e:59:10:3c:ee:63:58:d4:7a:82:b6:0b:f4:06:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Apr  9 11:11:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cf1959b00b9c150092c963f56a065e8b91b1a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9c:cc:ea:dc:60:7b:65:de:30:7a:0f:c3:bc:
                    14:7b:d2:b6:6c:4e:52:a5:09:84:5c:93:70:98:8a:
                    75:df:63:fe:de:04:d1:0e:b7:af:33:79:17:16:a3:
                    6f:a9:bf:71:ac:60:59:29:17:f2:d7:2f:ac:1e:df:
                    fc:b9:29:f9:fa:8f:ca:42:8a:88:e7:23:67:d1:68:
                    1f:47:30:24:80:0d:7a:3d:3e:83:46:2a:73:5a:9f:
                    10:8b:bb:2c:bd:ff:4c:16:ec:d5:1e:ee:ef:e8:8e:
                    1d:16:12:f3:64:94:5f:76:c3:e3:ec:bb:5d:7e:4d:
                    a3:51:1c:3b:47:54:d2:d7:22:74:5d:9c:f7:3a:b7:
                    68:8b:b9:4e:e9:d7:37:b3:e3:b2:51:bf:24:58:85:
                    18:c4:7f:4a:3f:90:37:7b:40:b5:68:87:80:10:c3:
                    2a:8a:7c:f3:8d:d2:c2:2c:94:08:2d:c4:ca:69:ab:
                    8d:83:ee:c9:82:ca:69:ea:57:d5:c9:9e:31:2f:11:
                    08:c8:bd:66:56:e2:9b:fc:98:c8:4a:69:e9:b3:cb:
                    cb:97:84:c9:91:93:a5:1a:fc:f0:83:af:7a:d8:66:
                    93:c9:1b:e5:a2:af:2f:b7:f4:64:85:86:27:19:b3:
                    4f:6a:d8:20:d3:6b:d8:fe:85:28:8a:03:b5:02:b0:
                    fd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F1:95:9B:00:B9:C1:50:09:2C:96:3F:56:A0:65:E8:B9:1B:1A:5E
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/bPGVmwC5wVAJLJY_VqBl6LkbGl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:70:47:a0:21:29:dd:b5:96:32:af:45:ac:6c:9b:98:d0:f0:
         83:e6:ed:a9:19:85:03:a7:b1:ed:b0:a8:3c:7e:c3:fd:fd:27:
         4b:36:cc:aa:02:05:a2:91:72:a9:e8:4a:49:a6:ac:22:d9:c0:
         7c:06:da:b6:9e:ed:fe:d6:36:1a:d5:94:33:d3:95:8b:2d:88:
         36:7f:62:c1:cf:ae:ff:9e:e2:5f:38:5e:aa:d4:23:b7:cc:9e:
         5a:26:df:ba:a4:fe:cd:d2:d9:28:ea:d2:fc:b6:77:b8:d9:45:
         47:5c:b0:e2:6c:28:ce:2f:db:44:dc:2e:ef:17:67:a9:31:63:
         3a:aa:fd:52:03:5d:82:16:bc:dd:51:88:0a:58:ea:2f:b8:c7:
         00:e4:8d:79:71:ad:73:2a:9a:03:2f:74:bb:37:76:79:da:09:
         af:81:ae:88:d8:b0:bc:d8:99:cf:2f:82:09:30:c7:b8:6d:35:
         a5:7b:3e:5a:c5:25:11:ff:d4:1b:53:74:8d:12:55:4a:80:5c:
         c2:8e:75:2e:da:bc:b7:3d:5b:a1:d7:dd:de:a0:bd:ba:a5:78:
         6b:61:82:7d:cd:d1:f1:3f:9e:b5:5e:05:9d:69:e3:22:c7:10:
         86:3c:5f:f4:4a:a5:9f:f4:43:53:d4:b3:99:a7:94:49:0d:84:
         58:b7:1d:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7CjlkQPO5jWNR6grYL9Aa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwNDA5MTExMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2YxOTU5YjAwYjljMTUwMDkyYzk2M2Y1NmEwNjVlOGI5MWIxYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZzM6txge2XeMHoPw7wUe9K2bE5S
pQmEXJNwmIp132P+3gTRDrevM3kXFqNvqb9xrGBZKRfy1y+sHt/8uSn5+o/KQoqI
5yNn0WgfRzAkgA16PT6DRipzWp8Qi7ssvf9MFuzVHu7v6I4dFhLzZJRfdsPj7Ltd
fk2jURw7R1TS1yJ0XZz3Ordoi7lO6dc3s+OyUb8kWIUYxH9KP5A3e0C1aIeAEMMq
inzzjdLCLJQILcTKaauNg+7Jgspp6lfVyZ4xLxEIyL1mVuKb/JjISmnps8vLl4TJ
kZOlGvzwg6962GaTyRvloq8vt/RkhYYnGbNPatgg02vY/oUoigO1ArD9TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzxlZsAucFQCSyWP1agZei5GxpeMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvYlBHVm13QzV3VkFKTEpZX1ZxQmw2TGtiR2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw4MA0G
CSqGSIb3DQEBCwUAA4IBAQAecEegISndtZYyr0WsbJuY0PCD5u2pGYUDp7HtsKg8
fsP9/SdLNsyqAgWikXKp6EpJpqwi2cB8Btq2nu3+1jYa1ZQz05WLLYg2f2LBz67/
nuJfOF6q1CO3zJ5aJt+6pP7N0tko6tL8tne42UVHXLDibCjOL9tE3C7vF2epMWM6
qv1SA12CFrzdUYgKWOovuMcA5I15ca1zKpoDL3S7N3Z52gmvga6I2LC82JnPL4IJ
MMe4bTWlez5axSUR/9QbU3SNElVKgFzCjnUu2ry3PVuh193eoL26pXhrYYJ9zdHx
P561XgWdaeMixxCGPF/0SqWf9ENT1LOZp5RJDYRYtx3q
-----END CERTIFICATE-----