Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/p04TmaTLaGkMxr5iLmazMYCdp4Y.roa
File:                     p04TmaTLaGkMxr5iLmazMYCdp4Y.roa (raw, json)
Hash identifier:          6ivnYohkNBsqSTEC+L7bqQoi+CO6muzFUbk3b1Zmcd0=
Subject key identifier:   A7:4E:13:99:A4:CB:68:69:0C:C6:BE:62:2E:66:B3:31:80:9D:A7:86
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018F2AFC8A88C7EE41CBFA93B99259A7C82A
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/p04TmaTLaGkMxr5iLmazMYCdp4Y.roa
Signing time:             Mon 29 Apr 2024 17:52:24 +0000
ROA not before:           Mon 29 Apr 2024 17:52:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215081
IP address blocks:        193.22.157.0/24 maxlen: 32
                          193.22.158.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:fc:8a:88:c7:ee:41:cb:fa:93:b9:92:59:a7:c8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Apr 29 17:52:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74e1399a4cb68690cc6be622e66b331809da786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:91:3c:82:12:c4:0d:2d:cb:01:f4:ad:33:
                    12:9d:68:de:1d:c9:31:18:09:c4:65:87:82:48:c2:
                    5a:c1:8e:76:69:99:7e:98:77:67:4d:80:91:8d:a7:
                    00:52:74:5d:21:f1:3c:33:99:17:27:1d:16:21:bd:
                    ea:f2:ea:64:21:6a:4a:52:e8:56:1e:03:3b:c4:34:
                    f4:f3:b0:da:ce:b3:24:69:ae:7c:8c:19:bf:e1:07:
                    4f:5f:3f:6c:bb:45:a7:e7:a9:ef:f0:54:71:86:a3:
                    92:89:ab:5b:11:a3:7b:66:93:cb:60:1d:06:c0:12:
                    b0:fa:ec:3c:5f:12:06:03:4a:3d:7d:19:31:05:37:
                    6c:4a:07:74:5a:94:09:d6:a7:07:39:42:e9:ba:6a:
                    30:6e:7b:75:47:fc:e4:4e:56:80:c6:6a:f0:fa:2f:
                    bd:f0:bb:f7:65:5c:5a:6c:ff:37:57:66:c8:86:5f:
                    1c:40:85:04:af:41:56:29:ef:d3:2f:24:32:ae:d0:
                    8b:3e:d8:ce:f0:b1:61:06:18:dc:b9:9f:ed:89:64:
                    44:f6:1d:8f:a4:8b:d1:ca:71:13:f0:d0:81:fb:1e:
                    3f:7f:f6:ac:fd:98:f5:e5:b3:7e:45:9e:e4:f7:58:
                    ab:80:be:eb:75:33:1e:3f:62:cb:32:9b:31:dd:84:
                    0d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4E:13:99:A4:CB:68:69:0C:C6:BE:62:2E:66:B3:31:80:9D:A7:86
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/p04TmaTLaGkMxr5iLmazMYCdp4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.157.0-193.22.158.255

    Signature Algorithm: sha256WithRSAEncryption
         3f:7d:72:29:a9:ef:2d:ce:a5:a3:77:8b:d8:3b:1c:71:e6:bb:
         85:7e:d1:55:7d:f7:a2:c0:5c:34:e4:e5:b0:2c:aa:3b:12:65:
         20:70:8d:72:0d:60:85:8d:82:a9:24:6c:69:f3:e9:50:3d:5a:
         f1:40:7a:f3:d2:be:35:02:2b:13:74:c7:4c:28:0c:a3:f7:33:
         12:ab:7b:11:91:3e:1b:eb:d2:0e:34:1b:81:9f:cc:dc:51:2d:
         49:5c:d5:94:8e:ec:dc:9d:f3:cf:c6:59:73:5a:2e:cc:b9:c7:
         70:50:cf:6b:ee:f8:fb:f6:34:4d:a8:c4:20:2f:74:45:98:71:
         77:79:8a:a0:de:9d:c1:b1:4a:e2:ba:7c:73:12:d0:c4:47:5b:
         b0:1d:cb:bc:db:9e:f8:96:10:80:60:8f:1c:0c:99:43:6f:9b:
         a6:6d:b9:e1:1c:13:24:4e:d3:da:89:26:4e:99:1b:ac:8f:a8:
         bf:1a:a3:23:ba:55:76:b1:6e:d0:81:3d:02:e4:b0:b5:88:00:
         ca:99:91:85:d4:1b:94:18:84:c3:f2:a1:a8:80:be:79:d9:91:
         6e:47:38:52:1d:f0:ca:5c:99:1e:0b:1f:5f:94:a3:24:14:4b:
         14:e2:ac:b0:c4:1f:22:eb:0a:a1:4c:1a:cb:d6:c0:9a:e6:74:
         20:0c:b5:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8q/IqIx+5By/qTuZJZp8gqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwNDI5MTc1MjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRlMTM5OWE0Y2I2ODY5MGNjNmJlNjIyZTY2YjMzMTgwOWRhNzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthiRPIISxA0tywH0rTMSnWjeHckx
GAnEZYeCSMJawY52aZl+mHdnTYCRjacAUnRdIfE8M5kXJx0WIb3q8upkIWpKUuhW
HgM7xDT087DazrMkaa58jBm/4QdPXz9su0Wn56nv8FRxhqOSiatbEaN7ZpPLYB0G
wBKw+uw8XxIGA0o9fRkxBTdsSgd0WpQJ1qcHOULpumowbnt1R/zkTlaAxmrw+i+9
8Lv3ZVxabP83V2bIhl8cQIUEr0FWKe/TLyQyrtCLPtjO8LFhBhjcuZ/tiWRE9h2P
pIvRynET8NCB+x4/f/as/Zj15bN+RZ7k91irgL7rdTMeP2LLMpsx3YQNtwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKdOE5mky2hpDMa+Yi5mszGAnaeGMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvcDA0VG1hVExhR2tNeHI1aUxtYXpNWUNkcDRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBFp0D
BADBFp4wDQYJKoZIhvcNAQELBQADggEBAD99cimp7y3OpaN3i9g7HHHmu4V+0VV9
96LAXDTk5bAsqjsSZSBwjXINYIWNgqkkbGnz6VA9WvFAevPSvjUCKxN0x0woDKP3
MxKrexGRPhvr0g40G4GfzNxRLUlc1ZSO7Nyd88/GWXNaLsy5x3BQz2vu+Pv2NE2o
xCAvdEWYcXd5iqDencGxSuK6fHMS0MRHW7Ady7zbnviWEIBgjxwMmUNvm6ZtueEc
EyRO09qJJk6ZG6yPqL8aoyO6VXaxbtCBPQLksLWIAMqZkYXUG5QYhMPyoaiAvnnZ
kW5HOFId8MpcmR4LH1+UoyQUSxTirLDEHyLrCqFMGsvWwJrmdCAMtU8=
-----END CERTIFICATE-----