Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/a8IWvVYt-IEw8XM3uGUPqLc6lOw.roa
File:                     a8IWvVYt-IEw8XM3uGUPqLc6lOw.roa (raw, json)
Hash identifier:          oTLQXrG8NguD/30n4W0d83yIxDPyoVV6uQkolLmE9as=
Subject key identifier:   6B:C2:16:BD:56:2D:F8:81:30:F1:73:37:B8:65:0F:A8:B7:3A:94:EC
Certificate issuer:       /CN=38ead5deb53500f2548ae1812c087e32a47fc8b4
Certificate serial:       018CC64B01315B62692B65239A3ACD9E6752
Authority key identifier: 38:EA:D5:DE:B5:35:00:F2:54:8A:E1:81:2C:08:7E:32:A4:7F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OOrV3rU1APJUiuGBLAh-MqR_yLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/a8IWvVYt-IEw8XM3uGUPqLc6lOw.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9085
IP address blocks:        193.42.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/OOrV3rU1APJUiuGBLAh-MqR_yLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/OOrV3rU1APJUiuGBLAh-MqR_yLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OOrV3rU1APJUiuGBLAh-MqR_yLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:01:31:5b:62:69:2b:65:23:9a:3a:cd:9e:67:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ead5deb53500f2548ae1812c087e32a47fc8b4
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bc216bd562df88130f17337b8650fa8b73a94ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a6:ec:2d:32:9f:a0:6d:f3:2c:39:e0:70:c6:
                    22:15:1a:e4:ec:99:e5:4a:e0:ff:c9:6b:0a:6f:40:
                    2d:74:e1:68:79:b5:ac:b7:f0:ab:a5:80:e9:4f:06:
                    9d:dc:1b:10:ba:a4:f1:9e:c2:a7:4b:ee:29:4d:21:
                    2d:82:30:9b:5a:cd:19:ac:39:2c:b8:40:fe:39:20:
                    65:a9:1c:87:1a:cb:a3:64:3c:6f:53:30:9a:49:01:
                    0b:c7:27:5d:d0:e1:fd:cb:4d:d9:f2:96:2d:76:7a:
                    05:a3:ea:c0:9b:e0:e3:e1:06:b6:96:ef:39:22:97:
                    50:6a:d1:10:54:0b:03:67:e8:ed:3c:bb:52:6b:13:
                    38:4a:1e:05:0e:65:ca:8e:a8:f3:dc:77:62:78:01:
                    ad:c9:ab:3a:b0:8b:2a:55:d8:37:74:b6:14:ae:14:
                    2d:9a:d1:eb:a0:c6:d3:fc:2c:3a:ff:cb:d2:5e:c1:
                    de:4c:57:df:2f:19:41:d0:ac:ae:9f:5a:01:ee:09:
                    33:b4:1b:9c:fb:08:19:6d:1b:77:85:b7:e8:72:0b:
                    0d:e4:c8:bf:7a:26:7d:28:08:9e:41:6e:2b:79:2d:
                    a8:79:e6:30:58:7c:87:d4:26:ae:c4:7c:4b:d4:4a:
                    7c:83:b1:d2:9e:6a:8f:52:d5:7b:07:61:ed:32:f9:
                    2c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C2:16:BD:56:2D:F8:81:30:F1:73:37:B8:65:0F:A8:B7:3A:94:EC
            X509v3 Authority Key Identifier:
                keyid:38:EA:D5:DE:B5:35:00:F2:54:8A:E1:81:2C:08:7E:32:A4:7F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OOrV3rU1APJUiuGBLAh-MqR_yLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/a8IWvVYt-IEw8XM3uGUPqLc6lOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3516a1-fd9d-4e29-add3-d446f1f83ae9/1/OOrV3rU1APJUiuGBLAh-MqR_yLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:e2:07:71:9b:22:49:a6:a0:5e:cd:18:1c:0d:23:25:47:7a:
         12:3b:b9:0e:51:ca:22:18:64:f6:a5:08:f8:50:81:74:8f:c2:
         da:82:6e:7c:94:80:05:06:9f:7f:9e:25:f1:05:6b:e2:56:fd:
         1f:f1:4b:bd:66:82:41:6a:b8:c0:30:18:1e:fd:ff:6c:eb:21:
         df:ca:62:e4:48:0f:fa:10:1a:1c:22:1b:48:89:b5:9b:ef:47:
         95:fd:33:a8:23:f1:3b:bd:ea:76:0a:be:29:d5:1f:b7:b2:98:
         6f:64:e2:33:25:4c:b6:b3:ff:62:d8:ee:e5:90:0b:d3:48:ba:
         65:dd:2a:33:0e:65:5d:58:f6:8b:35:01:14:be:fb:36:b1:cb:
         a1:37:11:c8:7e:18:9d:e0:ff:53:c4:a3:1b:3f:4a:dd:bf:1e:
         e3:c8:8e:77:da:ac:7f:a7:ef:ed:d3:ea:33:46:85:e4:ec:08:
         c7:ab:7a:a1:a8:15:98:8f:1b:90:d7:96:c9:72:d3:f0:a0:4f:
         30:59:ef:56:b9:b9:35:eb:4f:d3:e3:1a:d5:d0:19:40:c4:27:
         3f:d0:5c:b9:43:3d:26:11:9e:95:0d:1d:93:9a:cd:59:8c:0e:
         25:96:99:f3:a9:92:7c:8b:ab:85:ba:96:54:a0:b6:6d:e6:5a:
         46:59:3f:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwExW2JpK2UjmjrNnmdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZWFkNWRlYjUzNTAwZjI1NDhhZTE4MTJjMDg3ZTMyYTQ3
ZmM4YjQwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmMyMTZiZDU2MmRmODgxMzBmMTczMzdiODY1MGZhOGI3M2E5NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKbsLTKfoG3zLDngcMYiFRrk7Jnl
SuD/yWsKb0AtdOFoebWst/CrpYDpTwad3BsQuqTxnsKnS+4pTSEtgjCbWs0ZrDks
uED+OSBlqRyHGsujZDxvUzCaSQELxydd0OH9y03Z8pYtdnoFo+rAm+Dj4Qa2lu85
IpdQatEQVAsDZ+jtPLtSaxM4Sh4FDmXKjqjz3HdieAGtyas6sIsqVdg3dLYUrhQt
mtHroMbT/Cw6/8vSXsHeTFffLxlB0Kyun1oB7gkztBuc+wgZbRt3hbfocgsN5Mi/
eiZ9KAieQW4reS2oeeYwWHyH1CauxHxL1Ep8g7HSnmqPUtV7B2HtMvksyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvCFr1WLfiBMPFzN7hlD6i3OpTsMB8GA1UdIwQY
MBaAFDjq1d61NQDyVIrhgSwIfjKkf8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT09yVjNyVTFBUEpVaXVHQkxBaC1NcVJfeUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8zNTE2YTEtZmQ5ZC00ZTI5LWFkZDMt
ZDQ0NmYxZjgzYWU5LzEvYThJV3ZWWXQtSUV3OFhNM3VHVVBxTGM2bE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8zNTE2YTEtZmQ5ZC00ZTI5LWFkZDMtZDQ0NmYxZjgzYWU5
LzEvT09yVjNyVTFBUEpVaXVHQkxBaC1NcVJfeUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSrTMA0G
CSqGSIb3DQEBCwUAA4IBAQCu4gdxmyJJpqBezRgcDSMlR3oSO7kOUcoiGGT2pQj4
UIF0j8Lagm58lIAFBp9/niXxBWviVv0f8Uu9ZoJBarjAMBge/f9s6yHfymLkSA/6
EBocIhtIibWb70eV/TOoI/E7vep2Cr4p1R+3sphvZOIzJUy2s/9i2O7lkAvTSLpl
3SozDmVdWPaLNQEUvvs2scuhNxHIfhid4P9TxKMbP0rdvx7jyI532qx/p+/t0+oz
RoXk7AjHq3qhqBWYjxuQ15bJctPwoE8wWe9Wubk160/T4xrV0BlAxCc/0Fy5Qz0m
EZ6VDR2Tms1ZjA4llpnzqZJ8i6uFupZUoLZt5lpGWT8j
-----END CERTIFICATE-----