Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/_fVXRZZVGe2ekCXelOxjeimpddA.roa
File:                     _fVXRZZVGe2ekCXelOxjeimpddA.roa (raw, json)
Hash identifier:          omxDviT30Ax+sFu/uNtdSYGCUeDbmPiyrWHwzMiFnxE=
Subject key identifier:   FD:F5:57:45:96:55:19:ED:9E:90:25:DE:94:EC:63:7A:29:A9:75:D0
Certificate issuer:       /CN=93d43d499868091bbdc47d95aee1c9099f005620
Certificate serial:       018CC9BC933397AF82E9676AC003441A9C2D
Authority key identifier: 93:D4:3D:49:98:68:09:1B:BD:C4:7D:95:AE:E1:C9:09:9F:00:56:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9Q9SZhoCRu9xH2VruHJCZ8AViA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/_fVXRZZVGe2ekCXelOxjeimpddA.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6707
IP address blocks:        193.28.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/k9Q9SZhoCRu9xH2VruHJCZ8AViA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/k9Q9SZhoCRu9xH2VruHJCZ8AViA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9Q9SZhoCRu9xH2VruHJCZ8AViA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:93:33:97:af:82:e9:67:6a:c0:03:44:1a:9c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93d43d499868091bbdc47d95aee1c9099f005620
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdf55745965519ed9e9025de94ec637a29a975d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f0:dc:f3:1c:f6:f9:d8:c4:0a:81:b5:0b:19:
                    42:07:69:e0:8c:6d:5d:c5:ea:38:fc:96:16:60:d6:
                    2f:38:ac:a2:cb:b9:9b:0c:85:79:36:de:1b:dc:e3:
                    13:6a:c8:1c:31:65:45:9a:32:4d:0d:cc:ea:11:20:
                    02:cc:78:a5:11:2d:f1:39:6e:61:d7:86:c3:4c:77:
                    0a:ab:8a:0e:90:8b:f3:64:28:38:3f:25:97:92:75:
                    c6:6a:97:1c:2c:fd:30:1f:87:5b:a3:c4:ea:df:72:
                    f7:44:b9:3b:37:d2:37:75:37:49:8f:87:99:f2:0a:
                    b4:dc:5b:ab:5b:d1:a2:d9:62:de:bf:6a:76:f1:8f:
                    2c:60:1d:3b:66:b7:18:5c:61:2c:7e:b5:8a:54:4f:
                    25:f7:e0:e9:1f:65:03:cb:1f:68:6b:6a:db:64:f3:
                    62:c9:71:e1:43:e2:ff:73:05:3b:fa:d5:c7:d7:26:
                    26:a1:88:d8:7b:4d:31:19:7d:30:b0:46:e9:7c:3f:
                    39:5d:ba:21:d9:fc:2a:d8:a5:40:88:a7:25:2e:89:
                    8a:74:32:38:0c:53:8e:cc:ae:49:78:03:46:e8:4f:
                    6a:3d:0e:3e:a3:9f:ec:aa:0f:53:f1:42:9b:f3:72:
                    7f:fc:f8:4e:36:8b:b0:5f:5b:7e:06:f2:d6:94:5a:
                    a6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F5:57:45:96:55:19:ED:9E:90:25:DE:94:EC:63:7A:29:A9:75:D0
            X509v3 Authority Key Identifier:
                keyid:93:D4:3D:49:98:68:09:1B:BD:C4:7D:95:AE:E1:C9:09:9F:00:56:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9Q9SZhoCRu9xH2VruHJCZ8AViA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/_fVXRZZVGe2ekCXelOxjeimpddA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6b08c2-5c3a-4288-844b-7fe42ff4dcd8/1/k9Q9SZhoCRu9xH2VruHJCZ8AViA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:36:8f:a8:5f:0a:28:af:d4:dc:66:be:db:5f:fa:1a:25:73:
         d7:06:04:30:84:74:6c:e1:9a:9c:43:61:63:eb:10:70:3b:6a:
         d1:b1:86:b9:dd:91:29:58:e5:b0:74:f3:9e:b1:8e:13:18:55:
         e2:a1:0c:55:66:b6:bf:3f:60:5a:6a:23:ae:93:ab:95:64:f7:
         a5:fa:e7:8b:f5:88:04:a0:10:84:f9:88:f7:d7:98:b8:9b:83:
         cc:d4:6a:ab:4e:a9:16:9a:dc:78:92:81:29:0b:53:b7:1b:df:
         78:78:35:94:2f:24:23:71:45:a4:a1:7c:a6:7e:ad:68:2c:66:
         bc:8e:03:30:33:0b:41:e4:e3:76:00:4f:bb:0d:e4:32:c0:6a:
         b7:5f:9a:76:99:b8:d5:42:f4:57:ef:fb:ba:bc:16:2e:07:6d:
         3b:55:a0:2f:d4:0a:a9:28:96:ad:d9:ad:01:a6:ec:b8:d6:d4:
         ad:ea:29:20:72:bb:0d:ba:2a:c8:1a:2a:97:83:33:5d:82:09:
         62:0e:c0:4b:c6:6a:fa:0c:7b:d5:35:84:e3:c2:e6:71:5c:3f:
         52:59:3a:52:fc:f7:de:a0:aa:a4:5b:1e:5f:3a:78:0b:30:21:
         d6:e7:27:9f:b7:06:02:f1:a8:bd:a8:34:3a:ac:6a:f7:ac:33:
         28:ed:33:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJMzl6+C6WdqwANEGpwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZDQzZDQ5OTg2ODA5MWJiZGM0N2Q5NWFlZTFjOTA5OWYw
MDU2MjAwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGY1NTc0NTk2NTUxOWVkOWU5MDI1ZGU5NGVjNjM3YTI5YTk3NWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPDc8xz2+djECoG1CxlCB2ngjG1d
xeo4/JYWYNYvOKyiy7mbDIV5Nt4b3OMTasgcMWVFmjJNDczqESACzHilES3xOW5h
14bDTHcKq4oOkIvzZCg4PyWXknXGapccLP0wH4dbo8Tq33L3RLk7N9I3dTdJj4eZ
8gq03FurW9Gi2WLev2p28Y8sYB07ZrcYXGEsfrWKVE8l9+DpH2UDyx9oa2rbZPNi
yXHhQ+L/cwU7+tXH1yYmoYjYe00xGX0wsEbpfD85Xboh2fwq2KVAiKclLomKdDI4
DFOOzK5JeANG6E9qPQ4+o5/sqg9T8UKb83J//PhONouwX1t+BvLWlFqmTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP31V0WWVRntnpAl3pTsY3opqXXQMB8GA1UdIwQY
MBaAFJPUPUmYaAkbvcR9la7hyQmfAFYgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazlROVNaaG9DUnU5eEgyVnJ1SEpDWjhBVmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC82YjA4YzItNWMzYS00Mjg4LTg0NGIt
N2ZlNDJmZjRkY2Q4LzEvX2ZWWFJaWlZHZTJla0NYZWxPeGplaW1wZGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC82YjA4YzItNWMzYS00Mjg4LTg0NGItN2ZlNDJmZjRkY2Q4
LzEvazlROVNaaG9DUnU5eEgyVnJ1SEpDWjhBVmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRzhMA0G
CSqGSIb3DQEBCwUAA4IBAQAcNo+oXwoor9TcZr7bX/oaJXPXBgQwhHRs4ZqcQ2Fj
6xBwO2rRsYa53ZEpWOWwdPOesY4TGFXioQxVZra/P2BaaiOuk6uVZPel+ueL9YgE
oBCE+Yj315i4m4PM1GqrTqkWmtx4koEpC1O3G994eDWULyQjcUWkoXymfq1oLGa8
jgMwMwtB5ON2AE+7DeQywGq3X5p2mbjVQvRX7/u6vBYuB207VaAv1AqpKJat2a0B
puy41tSt6ikgcrsNuirIGiqXgzNdggliDsBLxmr6DHvVNYTjwuZxXD9SWTpS/Pfe
oKqkWx5fOngLMCHW5yeftwYC8ai9qDQ6rGr3rDMo7TNl
-----END CERTIFICATE-----