Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/0sckWjhwp_hjGVrUPt27XERmGjI.roa
File:                     0sckWjhwp_hjGVrUPt27XERmGjI.roa (raw, json)
Hash identifier:          osnVg78hVWjgzdGE1gZPYukh5r6I4N2Nn6icOIX02/U=
Subject key identifier:   D2:C7:24:5A:38:70:A7:F8:63:19:5A:D4:3E:DD:BB:5C:44:66:1A:32
Certificate issuer:       /CN=f02e3224e3e32928192628d26487d500f2707765
Certificate serial:       018CC56EBAFD89FF17E7C17FC36F3B25ADF2
Authority key identifier: F0:2E:32:24:E3:E3:29:28:19:26:28:D2:64:87:D5:00:F2:70:77:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/0sckWjhwp_hjGVrUPt27XERmGjI.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47599
IP address blocks:        193.203.96.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 02:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ba:fd:89:ff:17:e7:c1:7f:c3:6f:3b:25:ad:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02e3224e3e32928192628d26487d500f2707765
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c7245a3870a7f863195ad43eddbb5c44661a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b7:89:20:8c:b2:9a:e1:9a:bd:62:bf:8a:0e:
                    50:97:fa:fa:91:6c:9f:fa:75:68:38:2b:92:e7:ed:
                    a7:1b:8b:11:cc:7d:8d:1c:8a:9b:40:8c:ac:62:1c:
                    aa:d7:92:e9:04:ef:c5:be:1f:08:dd:56:df:55:37:
                    a4:35:f8:c3:71:86:8e:fc:46:21:53:20:20:ca:fc:
                    c0:69:19:80:23:d2:04:ff:b2:9f:71:87:d7:90:79:
                    4c:d5:cb:0d:2c:73:07:ca:90:80:7a:57:a5:7a:ba:
                    5d:85:85:e3:f6:52:13:ac:30:ef:82:dd:6f:b6:04:
                    64:1f:0e:5c:aa:92:0c:1e:6e:b6:22:0a:f1:26:3f:
                    6b:a7:8f:57:8a:02:54:4b:41:71:7f:04:1f:59:77:
                    4c:1b:ce:ca:bd:ec:db:66:9d:4a:7b:28:ac:10:d7:
                    7b:8a:bf:ea:88:90:29:eb:fa:33:7a:3f:10:1e:e1:
                    fb:5f:7b:2e:07:72:96:3c:6f:1d:7c:e3:a0:cf:0a:
                    e7:4e:66:45:d7:a2:36:b4:5d:72:05:1e:26:24:c7:
                    60:83:06:80:04:13:0e:10:60:88:51:03:81:c2:63:
                    a2:73:83:12:f4:55:4b:95:16:2f:1e:78:ca:43:6d:
                    50:91:01:17:ea:4f:7e:d7:e2:f4:e8:42:45:2e:f5:
                    ba:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C7:24:5A:38:70:A7:F8:63:19:5A:D4:3E:DD:BB:5C:44:66:1A:32
            X509v3 Authority Key Identifier:
                keyid:F0:2E:32:24:E3:E3:29:28:19:26:28:D2:64:87:D5:00:F2:70:77:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C4yJOPjKSgZJijSZIfVAPJwd2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/0sckWjhwp_hjGVrUPt27XERmGjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/268890-d509-451e-b9ee-fb9953c07f15/1/8C4yJOPjKSgZJijSZIfVAPJwd2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:19:49:8e:4e:66:c4:08:a9:e2:4f:79:e8:f9:61:e1:30:ee:
         51:92:b9:89:9e:cb:f9:81:4f:f9:4c:21:04:17:43:9b:b4:43:
         44:83:de:61:58:6d:d5:8f:74:29:db:3e:c5:c7:61:0e:29:6d:
         d7:ff:78:31:8d:8d:e9:e3:e6:f5:bc:49:da:d4:03:a5:a8:4b:
         c1:9f:20:73:ee:99:04:e4:f8:2a:85:17:ae:0f:d0:8d:27:4d:
         97:c6:55:b9:2d:9f:88:c8:77:31:88:f9:b0:21:3b:65:7c:59:
         e9:5b:ba:d5:40:3b:79:56:41:b2:53:8d:7a:99:7d:f7:2d:a6:
         70:68:c5:56:ba:b4:3d:6a:72:71:6d:a1:c5:9c:2d:ca:f6:36:
         f6:97:7c:8f:aa:a0:aa:e8:c9:98:bb:de:50:eb:48:50:96:32:
         c7:8d:5c:92:eb:c2:f3:d3:47:91:48:ed:ec:e3:bd:8a:04:33:
         5d:40:e3:05:02:92:2d:5a:b3:e7:2b:80:93:c7:5b:76:94:d4:
         f9:2e:9e:b4:2e:9c:34:87:18:75:16:21:49:64:0d:82:18:ce:
         96:2f:44:1c:db:03:9a:5a:04:9d:6a:e0:b1:07:27:91:ee:c2:
         2b:2f:ee:14:e4:ef:14:de:44:93:b2:c6:01:5d:e1:f0:96:c5:
         ee:20:66:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrr9if8X58F/w287Ja3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmUzMjI0ZTNlMzI5MjgxOTI2MjhkMjY0ODdkNTAwZjI3
MDc3NjUwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM3MjQ1YTM4NzBhN2Y4NjMxOTVhZDQzZWRkYmI1YzQ0NjYxYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLeJIIyymuGavWK/ig5Ql/r6kWyf
+nVoOCuS5+2nG4sRzH2NHIqbQIysYhyq15LpBO/Fvh8I3VbfVTekNfjDcYaO/EYh
UyAgyvzAaRmAI9IE/7KfcYfXkHlM1csNLHMHypCAelelerpdhYXj9lITrDDvgt1v
tgRkHw5cqpIMHm62IgrxJj9rp49XigJUS0FxfwQfWXdMG87KvezbZp1KeyisENd7
ir/qiJAp6/ozej8QHuH7X3suB3KWPG8dfOOgzwrnTmZF16I2tF1yBR4mJMdggwaA
BBMOEGCIUQOBwmOic4MS9FVLlRYvHnjKQ21QkQEX6k9+1+L06EJFLvW6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLHJFo4cKf4Yxla1D7du1xEZhoyMB8GA1UdIwQY
MBaAFPAuMiTj4ykoGSYo0mSH1QDycHdlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEM0eUpPUGpLU2daSmlqU1pJZlZBUEp3ZDJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yNjg4OTAtZDUwOS00NTFlLWI5ZWUt
ZmI5OTUzYzA3ZjE1LzEvMHNja1dqaHdwX2hqR1ZyVVB0MjdYRVJtR2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yNjg4OTAtZDUwOS00NTFlLWI5ZWUtZmI5OTUzYzA3ZjE1
LzEvOEM0eUpPUGpLU2daSmlqU1pJZlZBUEp3ZDJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwctgMA0G
CSqGSIb3DQEBCwUAA4IBAQAhGUmOTmbECKniT3no+WHhMO5RkrmJnsv5gU/5TCEE
F0ObtENEg95hWG3Vj3Qp2z7Fx2EOKW3X/3gxjY3p4+b1vEna1AOlqEvBnyBz7pkE
5PgqhReuD9CNJ02XxlW5LZ+IyHcxiPmwITtlfFnpW7rVQDt5VkGyU416mX33LaZw
aMVWurQ9anJxbaHFnC3K9jb2l3yPqqCq6MmYu95Q60hQljLHjVyS68Lz00eRSO3s
472KBDNdQOMFApItWrPnK4CTx1t2lNT5Lp60Lpw0hxh1FiFJZA2CGM6WL0Qc2wOa
WgSdauCxByeR7sIrL+4U5O8U3kSTssYBXeHwlsXuIGYU
-----END CERTIFICATE-----