Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ruFd6nXCq46dCmYZtdEILRZ5Ub4.roa
File:                     ruFd6nXCq46dCmYZtdEILRZ5Ub4.roa (raw, json)
Hash identifier:          OWJKIHCgqJv+J4qdHWcTo//1pBsytchSZV5lgURrq/A=
Subject key identifier:   AE:E1:5D:EA:75:C2:AB:8E:9D:0A:66:19:B5:D1:08:2D:16:79:51:BE
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       0190C47C3D784959713BC3BD5DCBD2866E26
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ruFd6nXCq46dCmYZtdEILRZ5Ub4.roa
Signing time:             Thu 18 Jul 2024 06:16:34 +0000
ROA not before:           Thu 18 Jul 2024 06:16:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205113
IP address blocks:        86.240.128.0/22 maxlen: 24
                          86.240.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c4:7c:3d:78:49:59:71:3b:c3:bd:5d:cb:d2:86:6e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jul 18 06:16:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aee15dea75c2ab8e9d0a6619b5d1082d167951be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:85:3c:dc:ac:a3:3f:91:2e:dc:b4:69:4f:
                    07:a4:60:4b:c6:7e:ac:f0:01:b3:42:d2:40:71:20:
                    de:a7:f5:99:8d:4f:a0:4a:ab:75:18:52:ba:52:a4:
                    6b:7f:e8:fe:89:40:ad:19:04:c1:02:b3:57:3e:b8:
                    6a:61:59:56:33:31:64:7e:aa:3f:d2:92:7a:45:35:
                    d6:e1:fd:e3:d5:e5:74:3a:54:3c:7c:4a:c1:e9:b4:
                    d4:2c:4c:55:d9:19:45:cc:3a:2d:95:3f:a4:19:49:
                    b7:27:e8:22:f0:df:fb:2c:0b:a8:91:ff:f5:f8:51:
                    2c:72:56:4a:09:55:5e:5c:59:8d:1d:e4:aa:8c:57:
                    f3:81:76:0a:a7:6a:90:e7:aa:43:b8:1d:5e:24:a0:
                    3c:52:4e:b8:7c:18:a4:c7:9a:aa:7f:03:41:5a:cc:
                    7c:0c:2a:c9:e8:bc:34:29:f5:c0:89:90:12:72:99:
                    44:8f:e4:e1:da:01:bc:ff:6d:68:32:49:65:34:17:
                    63:34:79:46:94:a8:bf:5b:82:f6:f6:16:54:2c:b3:
                    d2:54:46:19:30:06:4a:be:4f:22:cd:16:d0:be:1d:
                    20:12:ce:02:55:71:42:f2:20:43:74:f2:13:3d:48:
                    c2:32:78:2f:b1:fd:6e:a6:d2:3a:63:cf:3d:48:cc:
                    7b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E1:5D:EA:75:C2:AB:8E:9D:0A:66:19:B5:D1:08:2D:16:79:51:BE
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ruFd6nXCq46dCmYZtdEILRZ5Ub4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.240.128.0/22
                  86.240.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:05:9c:a6:02:5d:7a:48:47:f0:eb:90:52:7d:7f:93:7c:00:
         fd:92:ea:70:5e:9a:3c:1d:5e:43:43:db:0f:40:3d:f0:f5:fd:
         28:ca:f2:f6:2d:e4:12:53:81:e1:3e:4d:34:62:58:d8:a4:58:
         dc:52:0b:0d:cf:5e:63:26:49:de:00:1f:b7:67:4f:36:33:45:
         0b:f2:c0:29:a0:6c:1f:79:c4:cf:19:c5:2b:54:4c:4f:9c:d1:
         1b:b7:ca:6e:84:4b:9f:bf:d6:ae:54:dc:7e:bc:23:5e:97:94:
         cf:a7:ca:e8:8a:a9:de:5c:77:12:3f:61:96:39:9a:c1:1a:89:
         1c:01:de:13:c7:a0:81:f7:ac:3f:70:e2:b7:af:7d:e0:07:e7:
         10:14:fb:46:5f:ad:63:93:28:6a:cd:b7:80:23:a2:a6:73:f6:
         81:d1:ef:13:e1:84:fb:ec:d7:8c:ec:af:7e:6e:d6:e9:95:3b:
         c0:90:ac:65:66:39:3d:2a:d2:85:76:5f:c8:46:64:52:86:ba:
         21:67:4a:26:63:64:c6:da:52:9a:9e:d5:e8:99:16:21:6a:c6:
         61:2e:02:4e:60:fe:68:4a:0d:eb:32:b4:bb:2e:6e:3a:4a:68:
         ad:b7:e7:03:92:cc:6a:7f:52:74:5c:5d:02:7f:dd:9b:36:b8:
         ca:2e:cf:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDEfD14SVlxO8O9XcvShm4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNzE4MDYxNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWUxNWRlYTc1YzJhYjhlOWQwYTY2MTliNWQxMDgyZDE2Nzk1MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjyFPNysoz+RLty0aU8HpGBLxn6s
8AGzQtJAcSDep/WZjU+gSqt1GFK6UqRrf+j+iUCtGQTBArNXPrhqYVlWMzFkfqo/
0pJ6RTXW4f3j1eV0OlQ8fErB6bTULExV2RlFzDotlT+kGUm3J+gi8N/7LAuokf/1
+FEsclZKCVVeXFmNHeSqjFfzgXYKp2qQ56pDuB1eJKA8Uk64fBikx5qqfwNBWsx8
DCrJ6Lw0KfXAiZAScplEj+Th2gG8/21oMkllNBdjNHlGlKi/W4L29hZULLPSVEYZ
MAZKvk8izRbQvh0gEs4CVXFC8iBDdPITPUjCMngvsf1uptI6Y889SMx7KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK7hXep1wquOnQpmGbXRCC0WeVG+MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcnVGZDZuWENxNDZkQ21ZWnRkRUlMUlo1VWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVvCAAwQA
VvDwMA0GCSqGSIb3DQEBCwUAA4IBAQBGBZymAl16SEfw65BSfX+TfAD9kupwXpo8
HV5DQ9sPQD3w9f0oyvL2LeQSU4HhPk00YljYpFjcUgsNz15jJkneAB+3Z082M0UL
8sApoGwfecTPGcUrVExPnNEbt8puhEufv9auVNx+vCNel5TPp8roiqneXHcSP2GW
OZrBGokcAd4Tx6CB96w/cOK3r33gB+cQFPtGX61jkyhqzbeAI6Kmc/aB0e8T4YT7
7NeM7K9+btbplTvAkKxlZjk9KtKFdl/IRmRShrohZ0omY2TG2lKantXomRYhasZh
LgJOYP5oSg3rMrS7Lm46Smitt+cDksxqf1J0XF0Cf92bNrjKLs9j
-----END CERTIFICATE-----