Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/08Xj6P3LiBkWV-XyPE1sfuebHwg.roa
File:                     08Xj6P3LiBkWV-XyPE1sfuebHwg.roa (raw, json)
Hash identifier:          GOb53BquANot8lO8WUgTLWPiXo2ewEYSLTJKkoVM5kk=
Subject key identifier:   D3:C5:E3:E8:FD:CB:88:19:16:57:E5:F2:3C:4D:6C:7E:E7:9B:1F:08
Certificate issuer:       /CN=769d5c52c3157e5945e663b92ed4402c60616e3b
Certificate serial:       019421B20CAEEC28E15FECD9F5AFF0CCEFF8
Authority key identifier: 76:9D:5C:52:C3:15:7E:59:45:E6:63:B9:2E:D4:40:2C:60:61:6E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/08Xj6P3LiBkWV-XyPE1sfuebHwg.roa
Signing time:             Wed 01 Jan 2025 11:48:24 +0000
ROA not before:           Wed 01 Jan 2025 11:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2116
IP address blocks:        193.161.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0c:ae:ec:28:e1:5f:ec:d9:f5:af:f0:cc:ef:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=769d5c52c3157e5945e663b92ed4402c60616e3b
        Validity
            Not Before: Jan  1 11:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3c5e3e8fdcb88191657e5f23c4d6c7ee79b1f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:44:84:f3:c0:ab:dc:f6:e3:8e:f6:54:21:0c:
                    6e:93:18:db:f6:08:bd:6e:c3:94:9d:23:db:5c:13:
                    ce:f5:18:c4:2b:c1:db:ea:98:8f:1d:29:f4:62:64:
                    6f:89:dc:84:76:5e:fd:69:4e:87:4b:7f:08:9f:bd:
                    dc:df:a1:d7:dc:1e:af:e7:32:94:38:e0:67:c6:f4:
                    86:c6:94:77:b2:95:6b:22:64:f6:02:d8:43:39:d3:
                    4f:b3:1f:ea:e0:2c:f4:8a:ab:f8:0a:f8:e1:1b:f2:
                    b4:4d:0d:e6:63:74:02:c9:e6:d8:2f:93:2c:bf:bf:
                    10:11:72:5e:0d:14:17:c5:38:8b:91:af:17:45:4f:
                    02:99:1b:fa:3e:0d:c4:ba:6f:32:49:0c:50:95:ab:
                    ee:63:80:8a:e3:ac:45:c2:50:ee:c9:87:8c:d5:52:
                    f5:23:04:7d:8b:b2:f0:44:bf:6e:1b:17:d3:77:b3:
                    96:c0:7e:e3:e8:9f:07:7c:87:9b:ae:a6:cd:63:28:
                    81:1c:2d:ee:15:cd:37:7b:05:0f:5e:20:28:9f:d1:
                    c9:c9:76:48:5d:df:6b:7c:ac:63:39:80:1f:2b:b4:
                    c8:00:44:96:78:1d:bd:df:c2:42:91:b6:75:6c:20:
                    11:12:37:c9:6d:e9:b7:f5:38:b8:d8:10:e2:13:39:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C5:E3:E8:FD:CB:88:19:16:57:E5:F2:3C:4D:6C:7E:E7:9B:1F:08
            X509v3 Authority Key Identifier:
                keyid:76:9D:5C:52:C3:15:7E:59:45:E6:63:B9:2E:D4:40:2C:60:61:6E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/08Xj6P3LiBkWV-XyPE1sfuebHwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d6:6a:1c:68:9b:26:e4:26:a0:b4:80:13:6d:fb:74:81:c6:
         92:98:29:ed:96:30:5c:20:99:bc:23:c1:1d:2f:18:d2:82:18:
         71:f3:82:2f:d7:ab:63:1d:f2:42:73:96:f7:f5:f1:63:ff:56:
         54:64:ad:8b:7e:41:98:ed:54:84:09:f3:d2:f4:c5:36:4e:4c:
         f9:e1:da:52:93:9f:f5:1c:b2:5f:b7:87:f7:b0:10:0a:53:41:
         a2:3f:d8:99:1b:28:ae:ae:d5:90:61:89:05:3e:ad:2b:81:3e:
         69:84:9a:17:fd:39:41:be:11:82:5b:78:3f:1c:e2:46:2c:54:
         fc:43:4f:73:71:7a:db:ce:bb:c5:ec:9d:35:6f:7d:8e:91:a8:
         d4:62:73:4d:47:b8:79:4f:96:6b:b1:a4:9a:d3:f1:e7:3f:a4:
         c6:d5:50:fc:05:31:69:1b:96:2d:a2:48:18:40:35:bf:cd:56:
         1d:eb:cb:eb:08:c9:ad:de:25:b9:cd:96:51:ae:be:59:99:8f:
         1c:c6:26:5c:20:3c:cb:f9:c3:12:2a:a9:78:41:21:83:75:b2:
         fa:5d:05:73:a0:54:ac:da:9e:77:cf:18:7c:10:08:e3:88:1e:
         7a:2b:c5:04:fd:fe:0c:16:ba:d4:a6:ba:aa:b4:42:6f:7b:6d:
         84:b3:06:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgyu7CjhX+zZ9a/wzO/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OWQ1YzUyYzMxNTdlNTk0NWU2NjNiOTJlZDQ0MDJjNjA2
MTZlM2IwHhcNMjUwMTAxMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M1ZTNlOGZkY2I4ODE5MTY1N2U1ZjIzYzRkNmM3ZWU3OWIxZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskSE88Cr3PbjjvZUIQxukxjb9gi9
bsOUnSPbXBPO9RjEK8Hb6piPHSn0YmRvidyEdl79aU6HS38In73c36HX3B6v5zKU
OOBnxvSGxpR3spVrImT2AthDOdNPsx/q4Cz0iqv4CvjhG/K0TQ3mY3QCyebYL5Ms
v78QEXJeDRQXxTiLka8XRU8CmRv6Pg3Eum8ySQxQlavuY4CK46xFwlDuyYeM1VL1
IwR9i7LwRL9uGxfTd7OWwH7j6J8HfIebrqbNYyiBHC3uFc03ewUPXiAon9HJyXZI
Xd9rfKxjOYAfK7TIAESWeB2938JCkbZ1bCAREjfJbem39Ti42BDiEzm5NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPF4+j9y4gZFlfl8jxNbH7nmx8IMB8GA1UdIwQY
MBaAFHadXFLDFX5ZReZjuS7UQCxgYW47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHAxY1VzTVZmbGxGNW1PNUx0UkFMR0JoYmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jYzY2YjItMTI2Ny00NTE2LWEzOWYt
Mzc2YjQ5ZDUyZDdlLzEvMDhYajZQM0xpQmtXVi1YeVBFMXNmdWViSHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jYzY2YjItMTI2Ny00NTE2LWEzOWYtMzc2YjQ5ZDUyZDdl
LzEvZHAxY1VzTVZmbGxGNW1PNUx0UkFMR0JoYmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaGRMA0G
CSqGSIb3DQEBCwUAA4IBAQAa1mocaJsm5CagtIATbft0gcaSmCntljBcIJm8I8Ed
LxjSghhx84Iv16tjHfJCc5b39fFj/1ZUZK2LfkGY7VSECfPS9MU2Tkz54dpSk5/1
HLJft4f3sBAKU0GiP9iZGyiurtWQYYkFPq0rgT5phJoX/TlBvhGCW3g/HOJGLFT8
Q09zcXrbzrvF7J01b32OkajUYnNNR7h5T5ZrsaSa0/HnP6TG1VD8BTFpG5YtokgY
QDW/zVYd68vrCMmt3iW5zZZRrr5ZmY8cxiZcIDzL+cMSKql4QSGDdbL6XQVzoFSs
2p53zxh8EAjjiB56K8UE/f4MFrrUprqqtEJve22EswYb
-----END CERTIFICATE-----