Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/APXJT-qn0FwQwZaLjHgyTCKuYr8.roa
File:                     APXJT-qn0FwQwZaLjHgyTCKuYr8.roa (raw, json)
Hash identifier:          JldmhMz768+crWFoUgswBz1tdBwbmPoKxUgum6cbOkQ=
Subject key identifier:   00:F5:C9:4F:EA:A7:D0:5C:10:C1:96:8B:8C:78:32:4C:22:AE:62:BF
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018F9599EFE3614E071544FDB74852227D29
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/APXJT-qn0FwQwZaLjHgyTCKuYr8.roa
Signing time:             Mon 20 May 2024 10:44:04 +0000
ROA not before:           Mon 20 May 2024 10:44:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        188.191.96.0/24 maxlen: 24
                          193.3.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:99:ef:e3:61:4e:07:15:44:fd:b7:48:52:22:7d:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: May 20 10:44:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00f5c94feaa7d05c10c1968b8c78324c22ae62bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:55:4f:96:de:65:2c:c3:59:21:41:4c:63:b1:
                    63:d8:04:dd:15:02:93:20:46:be:86:4b:bc:e0:eb:
                    43:7a:d2:0c:34:7d:09:a3:93:e3:91:25:64:65:26:
                    5d:3a:9a:a3:47:e2:47:f8:3a:7e:1d:81:43:7a:d9:
                    82:e9:ab:c7:8c:8d:e6:b2:7d:e7:7d:0c:f7:1d:d5:
                    33:54:a0:a9:35:e6:18:e4:d4:6b:13:93:90:d7:4b:
                    67:83:83:78:59:04:64:af:6f:e1:0d:7b:47:81:69:
                    51:55:18:f9:58:ca:59:a6:08:99:1c:c2:04:63:c3:
                    c6:c4:fc:a6:9b:66:a7:1d:29:b4:43:de:2e:bd:f2:
                    57:db:76:83:f0:a0:fa:c5:9e:54:14:33:95:63:34:
                    79:27:e1:60:fd:f1:61:00:7c:9d:e2:6b:64:01:ab:
                    2d:32:84:85:2f:3a:b4:4b:4d:d5:69:f0:db:03:06:
                    e3:ac:e0:22:34:07:b4:5f:a9:e6:fa:27:cd:67:c5:
                    22:54:f1:12:a2:10:b5:eb:ce:ae:48:48:51:ae:94:
                    4f:bd:b9:f2:68:65:13:75:7e:e0:96:c6:86:1d:48:
                    d5:96:35:ad:a4:a5:87:45:3b:37:0a:a5:91:27:ca:
                    cb:8b:11:88:3f:e1:ff:cd:58:aa:ba:0d:3e:82:8f:
                    af:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F5:C9:4F:EA:A7:D0:5C:10:C1:96:8B:8C:78:32:4C:22:AE:62:BF
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/APXJT-qn0FwQwZaLjHgyTCKuYr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.96.0/24
                  193.3.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:18:f2:88:7c:50:7a:7c:d4:64:34:d7:6d:fb:fc:23:cc:78:
         03:74:d1:91:14:8c:25:15:50:83:d1:ec:00:1e:7a:c5:72:2c:
         00:5e:94:84:1b:14:d3:63:8d:00:57:41:ea:11:15:b8:32:b2:
         ef:c6:c9:65:fb:39:2b:05:4e:d5:0a:d1:d3:40:7d:bb:4a:a2:
         07:98:6d:64:05:54:d7:d2:b8:6c:70:21:10:af:59:29:e8:af:
         4d:8b:d3:77:78:ef:45:e8:5a:c5:19:0d:05:04:9f:33:08:d2:
         53:9e:65:18:2f:16:db:3a:44:e0:60:9e:73:45:62:df:dd:34:
         e2:8f:62:02:4f:5d:7a:8f:7c:71:cf:ed:71:2c:0b:42:c8:b7:
         1f:d5:0d:3e:fb:81:e2:c2:e5:34:ae:30:a2:b4:60:87:56:7c:
         03:0b:9c:05:8a:5b:50:38:cd:ce:8d:0d:6d:11:7c:c0:d0:bd:
         1c:6f:9f:4a:d9:00:b9:96:cf:c8:7d:13:fa:35:2a:c3:51:78:
         53:02:af:67:03:de:1d:d2:1e:96:2d:aa:52:c8:5b:55:3c:33:
         cb:71:0f:ab:fb:ac:bd:08:16:73:80:03:8f:f4:77:62:51:9e:
         74:af:88:4d:ba:33:6c:e1:0c:1c:c8:da:84:64:13:3d:76:eb:
         c4:cd:66:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+Vme/jYU4HFUT9t0hSIn0pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwNTIwMTA0NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY1Yzk0ZmVhYTdkMDVjMTBjMTk2OGI4Yzc4MzI0YzIyYWU2MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VVPlt5lLMNZIUFMY7Fj2ATdFQKT
IEa+hku84OtDetIMNH0Jo5PjkSVkZSZdOpqjR+JH+Dp+HYFDetmC6avHjI3msn3n
fQz3HdUzVKCpNeYY5NRrE5OQ10tng4N4WQRkr2/hDXtHgWlRVRj5WMpZpgiZHMIE
Y8PGxPymm2anHSm0Q94uvfJX23aD8KD6xZ5UFDOVYzR5J+Fg/fFhAHyd4mtkAast
MoSFLzq0S03VafDbAwbjrOAiNAe0X6nm+ifNZ8UiVPESohC1686uSEhRrpRPvbny
aGUTdX7glsaGHUjVljWtpKWHRTs3CqWRJ8rLixGIP+H/zViqug0+go+vcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAD1yU/qp9BcEMGWi4x4MkwirmK/MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvQVBYSlQtcW4wRndRd1phTGpIZ3lUQ0t1WXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvL9gAwQA
wQMUMA0GCSqGSIb3DQEBCwUAA4IBAQB6GPKIfFB6fNRkNNdt+/wjzHgDdNGRFIwl
FVCD0ewAHnrFciwAXpSEGxTTY40AV0HqERW4MrLvxsll+zkrBU7VCtHTQH27SqIH
mG1kBVTX0rhscCEQr1kp6K9Ni9N3eO9F6FrFGQ0FBJ8zCNJTnmUYLxbbOkTgYJ5z
RWLf3TTij2ICT116j3xxz+1xLAtCyLcf1Q0++4HiwuU0rjCitGCHVnwDC5wFiltQ
OM3OjQ1tEXzA0L0cb59K2QC5ls/IfRP6NSrDUXhTAq9nA94d0h6WLapSyFtVPDPL
cQ+r+6y9CBZzgAOP9HdiUZ50r4hNujNs4QwcyNqEZBM9duvEzWbE
-----END CERTIFICATE-----