Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/0aD7ArBrDYdAtQRayjUX6fl4_JE.roa
File:                     0aD7ArBrDYdAtQRayjUX6fl4_JE.roa (raw, json)
Hash identifier:          t3b7BFm2fbyeOuJvxKoqjZzcgaVzdel6HCe42y5lHTI=
Subject key identifier:   D1:A0:FB:02:B0:6B:0D:87:40:B5:04:5A:CA:35:17:E9:F9:78:FC:91
Certificate issuer:       /CN=6f57eb49196dd2e0606d5977c2b74b101b79bc0b
Certificate serial:       018CC8010A852888533676AF73695183EB8A
Authority key identifier: 6F:57:EB:49:19:6D:D2:E0:60:6D:59:77:C2:B7:4B:10:1B:79:BC:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b1frSRlt0uBgbVl3wrdLEBt5vAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/0aD7ArBrDYdAtQRayjUX6fl4_JE.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201967
IP address blocks:        193.104.143.0/24 maxlen: 24
                          2a0c:2380::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/b1frSRlt0uBgbVl3wrdLEBt5vAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/b1frSRlt0uBgbVl3wrdLEBt5vAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b1frSRlt0uBgbVl3wrdLEBt5vAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0a:85:28:88:53:36:76:af:73:69:51:83:eb:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f57eb49196dd2e0606d5977c2b74b101b79bc0b
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1a0fb02b06b0d8740b5045aca3517e9f978fc91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:26:ec:f6:dd:3d:52:3e:15:14:f3:c0:01:64:
                    2c:2e:67:a8:ad:97:9b:2d:d8:e6:9f:a7:e3:69:25:
                    0e:86:c7:45:a2:8e:ee:0b:4d:e3:f1:d8:84:4f:0b:
                    b3:3a:9c:27:b3:5e:d4:58:fd:c5:7c:43:52:e3:8b:
                    1a:77:75:63:9d:ce:f8:14:09:3e:01:09:d1:7f:c1:
                    a0:53:03:10:16:8a:a1:70:27:00:4a:9c:a2:a9:17:
                    d7:8f:f0:d1:a7:bf:aa:69:dd:6b:ec:6b:17:97:f3:
                    cd:aa:dd:68:eb:02:ae:c2:4f:bd:1b:b7:d6:23:5a:
                    d4:dc:04:e4:7d:8d:d0:c2:be:c6:62:39:f4:36:34:
                    84:8e:4b:74:ba:c9:47:23:93:b4:7c:bd:f1:f2:c4:
                    4f:90:08:08:55:3a:a2:4f:44:08:d4:e6:f3:94:91:
                    3a:5d:f5:10:00:43:6d:27:2f:d6:1a:c8:60:3a:da:
                    86:80:68:a2:29:aa:a5:cc:6f:af:87:d5:08:1e:72:
                    36:10:8c:3d:a3:7f:e9:ce:1b:92:6c:5a:3c:7d:e1:
                    e2:77:6d:12:e5:7e:f5:4f:30:91:43:6b:84:7f:02:
                    a3:81:1f:6d:8b:d0:a0:c1:8f:aa:fa:e0:94:af:97:
                    eb:d6:5e:ae:23:11:8f:b4:f5:b5:6f:d2:16:a3:68:
                    58:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A0:FB:02:B0:6B:0D:87:40:B5:04:5A:CA:35:17:E9:F9:78:FC:91
            X509v3 Authority Key Identifier:
                keyid:6F:57:EB:49:19:6D:D2:E0:60:6D:59:77:C2:B7:4B:10:1B:79:BC:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1frSRlt0uBgbVl3wrdLEBt5vAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/0aD7ArBrDYdAtQRayjUX6fl4_JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c7bf4a-da97-4b5b-8719-37b3e244c063/1/b1frSRlt0uBgbVl3wrdLEBt5vAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.143.0/24
                IPv6:
                  2a0c:2380::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:4d:7f:ba:83:77:fb:7f:61:7f:9c:80:5c:bc:89:a1:19:e9:
         50:ff:dc:e4:ae:bf:23:d0:38:36:59:52:10:52:cd:9d:02:9a:
         54:2c:3a:99:be:38:df:42:80:44:af:c5:cc:95:b0:ae:ba:84:
         e5:ab:f8:a8:5a:6d:5d:a7:46:a8:48:d7:6e:35:2c:25:bb:a5:
         96:c6:60:21:ce:b5:7e:04:4c:fa:64:c2:1c:ae:2e:6e:f1:c5:
         a8:29:49:45:1f:44:b9:a1:a4:4e:9d:25:11:d6:c6:8a:01:c4:
         05:5c:64:68:bb:08:97:a3:23:c0:95:dd:06:42:f8:b7:9e:c4:
         58:ec:cb:a8:ae:43:c3:86:30:87:63:ee:e7:38:ac:cb:b9:c6:
         e1:90:3a:38:76:34:0f:b4:b1:27:bc:1f:bb:6d:75:1d:f9:6c:
         17:41:fe:62:28:0b:92:82:f0:83:12:cb:ec:4e:58:66:66:9b:
         e2:a5:23:70:e4:e2:c4:3a:44:e7:3f:78:b5:9d:d6:23:05:5b:
         07:7b:13:9f:81:d2:36:56:31:c3:1a:8a:a1:06:c7:13:93:3b:
         ad:13:0b:d3:8d:e1:f1:00:ca:1e:ab:d4:8c:92:32:7e:a0:a9:
         88:ea:d1:03:96:f0:34:b5:28:08:bd:a2:c7:3c:73:84:a1:fa:
         ef:d8:c5:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAQqFKIhTNnavc2lRg+uKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNTdlYjQ5MTk2ZGQyZTA2MDZkNTk3N2MyYjc0YjEwMWI3
OWJjMGIwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWEwZmIwMmIwNmIwZDg3NDBiNTA0NWFjYTM1MTdlOWY5NzhmYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCbs9t09Uj4VFPPAAWQsLmeorZeb
Ldjmn6fjaSUOhsdFoo7uC03j8diETwuzOpwns17UWP3FfENS44sad3Vjnc74FAk+
AQnRf8GgUwMQFoqhcCcASpyiqRfXj/DRp7+qad1r7GsXl/PNqt1o6wKuwk+9G7fW
I1rU3ATkfY3Qwr7GYjn0NjSEjkt0uslHI5O0fL3x8sRPkAgIVTqiT0QI1ObzlJE6
XfUQAENtJy/WGshgOtqGgGiiKaqlzG+vh9UIHnI2EIw9o3/pzhuSbFo8feHid20S
5X71TzCRQ2uEfwKjgR9ti9CgwY+q+uCUr5fr1l6uIxGPtPW1b9IWo2hYGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNGg+wKwaw2HQLUEWso1F+n5ePyRMB8GA1UdIwQY
MBaAFG9X60kZbdLgYG1Zd8K3SxAbebwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjFmclNSbHQwdUJnYlZsM3dyZExFQnQ1dkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jN2JmNGEtZGE5Ny00YjViLTg3MTkt
MzdiM2UyNDRjMDYzLzEvMGFEN0FyQnJEWWRBdFFSYXlqVVg2Zmw0X0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jN2JmNGEtZGE5Ny00YjViLTg3MTktMzdiM2UyNDRjMDYz
LzEvYjFmclNSbHQwdUJnYlZsM3dyZExFQnQ1dkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWiPMA0E
AgACMAcDBQMqDCOAMA0GCSqGSIb3DQEBCwUAA4IBAQCnTX+6g3f7f2F/nIBcvImh
GelQ/9zkrr8j0Dg2WVIQUs2dAppULDqZvjjfQoBEr8XMlbCuuoTlq/ioWm1dp0ao
SNduNSwlu6WWxmAhzrV+BEz6ZMIcri5u8cWoKUlFH0S5oaROnSUR1saKAcQFXGRo
uwiXoyPAld0GQvi3nsRY7MuorkPDhjCHY+7nOKzLucbhkDo4djQPtLEnvB+7bXUd
+WwXQf5iKAuSgvCDEsvsTlhmZpvipSNw5OLEOkTnP3i1ndYjBVsHexOfgdI2VjHD
GoqhBscTkzutEwvTjeHxAMoeq9SMkjJ+oKmI6tEDlvA0tSgIvaLHPHOEofrv2MXT
-----END CERTIFICATE-----