Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/7l6X42hiC478dmwjqdo9nCkYEy0.roa
File:                     7l6X42hiC478dmwjqdo9nCkYEy0.roa (raw, json)
Hash identifier:          tgxkFfvVfxvYev1unkTL2GRp5pspIiTZnZtzAL0qgyY=
Subject key identifier:   EE:5E:97:E3:68:62:0B:8E:FC:76:6C:23:A9:DA:3D:9C:29:18:13:2D
Certificate issuer:       /CN=8e0c54b3aae251915ffc98bd34a550181ffab49a
Certificate serial:       018CC64B3EBF9D395CDF9D371FE9570512C2
Authority key identifier: 8E:0C:54:B3:AA:E2:51:91:5F:FC:98:BD:34:A5:50:18:1F:FA:B4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/7l6X42hiC478dmwjqdo9nCkYEy0.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        193.221.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3e:bf:9d:39:5c:df:9d:37:1f:e9:57:05:12:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e0c54b3aae251915ffc98bd34a550181ffab49a
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee5e97e368620b8efc766c23a9da3d9c2918132d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:34:da:dd:1f:a5:55:06:33:81:c8:d9:c1:18:
                    c5:0e:3f:97:7e:87:12:33:fd:2f:99:3e:0c:d1:f6:
                    1b:4b:53:af:b2:45:49:49:92:bc:74:24:91:de:3a:
                    97:1a:a1:d4:5b:7d:85:d8:7e:42:82:94:16:2d:ac:
                    dc:4b:8a:7e:c4:ac:9f:92:70:cf:50:cd:11:91:a4:
                    22:1b:9e:92:20:83:8c:89:89:fc:5a:a3:02:6f:9e:
                    b8:d2:33:99:24:e1:c6:7d:fb:2b:66:f5:42:b3:a5:
                    77:0f:43:e3:31:d8:f0:bc:cb:48:9b:ef:6a:35:c9:
                    22:af:6c:32:66:2b:1a:ce:69:13:88:e7:69:12:fc:
                    5a:c4:7d:49:27:ad:fc:cd:a9:38:60:ef:14:69:26:
                    7a:e1:ac:68:b5:47:a0:65:18:fa:4c:fc:fa:b2:68:
                    81:0d:bf:af:eb:4f:c4:af:50:2a:15:e2:92:69:51:
                    02:a1:b0:29:46:78:da:c1:64:26:c4:ac:94:e2:8f:
                    92:d0:12:d2:62:85:3a:cf:0b:db:71:59:67:6e:d1:
                    f4:ef:96:50:e1:56:ff:fb:94:67:de:47:aa:52:77:
                    58:64:a9:dc:ba:df:ec:26:88:ee:0e:7d:7f:67:b3:
                    34:0b:b9:8d:8f:7d:81:27:c1:76:b5:4e:cc:c9:74:
                    59:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:5E:97:E3:68:62:0B:8E:FC:76:6C:23:A9:DA:3D:9C:29:18:13:2D
            X509v3 Authority Key Identifier:
                keyid:8E:0C:54:B3:AA:E2:51:91:5F:FC:98:BD:34:A5:50:18:1F:FA:B4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/7l6X42hiC478dmwjqdo9nCkYEy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:c3:c0:b6:67:60:e7:fb:d3:a7:5b:c4:40:08:d9:8d:87:5a:
         c4:f1:14:52:14:b5:39:79:6f:c5:23:41:be:60:70:be:4c:62:
         e8:8e:d2:a0:7c:9f:c1:42:78:df:ca:86:61:71:dc:4e:0f:b3:
         03:1e:59:a4:52:60:2f:33:f3:98:30:f5:5c:6e:64:d7:cb:ce:
         8f:70:57:2e:4a:45:af:e8:7a:92:36:c9:0b:bd:b8:80:8d:91:
         cf:cd:27:57:f5:8e:6d:ae:ca:c9:fb:23:5d:0b:9d:ac:c1:a0:
         16:80:91:ba:7a:23:68:1e:6c:dd:e2:a2:00:aa:58:a6:5a:ea:
         db:7e:c7:25:c1:83:41:8f:84:22:8e:6e:8c:bf:5c:f7:8f:af:
         ad:28:61:29:07:79:43:cb:ae:0c:fb:2b:29:01:d7:41:66:9c:
         6b:7d:2d:1b:46:a8:66:3e:8f:9b:1f:03:8c:a7:05:31:a6:4e:
         28:b6:90:4a:41:b8:b9:52:f9:71:ff:8b:95:04:bd:b8:eb:65:
         11:25:89:b8:ca:f3:cc:ef:76:20:c3:63:71:ec:76:4e:9f:6e:
         a4:d7:f6:0b:a6:6a:43:9e:df:07:01:ca:08:9c:36:5e:db:46:
         37:65:cc:22:0d:b9:1b:b4:e2:7c:b7:0c:09:40:6e:4f:07:21:
         f5:20:60:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSz6/nTlc3503H+lXBRLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMGM1NGIzYWFlMjUxOTE1ZmZjOThiZDM0YTU1MDE4MWZm
YWI0OWEwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTVlOTdlMzY4NjIwYjhlZmM3NjZjMjNhOWRhM2Q5YzI5MTgxMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTTa3R+lVQYzgcjZwRjFDj+XfocS
M/0vmT4M0fYbS1OvskVJSZK8dCSR3jqXGqHUW32F2H5CgpQWLazcS4p+xKyfknDP
UM0RkaQiG56SIIOMiYn8WqMCb5640jOZJOHGffsrZvVCs6V3D0PjMdjwvMtIm+9q
Nckir2wyZisazmkTiOdpEvxaxH1JJ638zak4YO8UaSZ64axotUegZRj6TPz6smiB
Db+v60/Er1AqFeKSaVECobApRnjawWQmxKyU4o+S0BLSYoU6zwvbcVlnbtH075ZQ
4Vb/+5Rn3keqUndYZKncut/sJojuDn1/Z7M0C7mNj32BJ8F2tU7MyXRZJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5el+NoYguO/HZsI6naPZwpGBMtMB8GA1UdIwQY
MBaAFI4MVLOq4lGRX/yYvTSlUBgf+rSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamd4VXM2cmlVWkZmX0ppOU5LVlFHQl82dEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9iNjI1MGMtZTA2Mi00MDM3LWI4ZjMt
YmYxZTFkZTJlYTYzLzEvN2w2WDQyaGlDNDc4ZG13anFkbzluQ2tZRXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9iNjI1MGMtZTA2Mi00MDM3LWI4ZjMtYmYxZTFkZTJlYTYz
LzEvamd4VXM2cmlVWkZmX0ppOU5LVlFHQl82dEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd12MA0G
CSqGSIb3DQEBCwUAA4IBAQBrw8C2Z2Dn+9OnW8RACNmNh1rE8RRSFLU5eW/FI0G+
YHC+TGLojtKgfJ/BQnjfyoZhcdxOD7MDHlmkUmAvM/OYMPVcbmTXy86PcFcuSkWv
6HqSNskLvbiAjZHPzSdX9Y5trsrJ+yNdC52swaAWgJG6eiNoHmzd4qIAqlimWurb
fsclwYNBj4Qijm6Mv1z3j6+tKGEpB3lDy64M+yspAddBZpxrfS0bRqhmPo+bHwOM
pwUxpk4otpBKQbi5Uvlx/4uVBL2462URJYm4yvPM73Ygw2Nx7HZOn26k1/YLpmpD
nt8HAcoInDZe20Y3ZcwiDbkbtOJ8twwJQG5PByH1IGBs
-----END CERTIFICATE-----