Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/c6sS3FncECU14jdCS4BGN8zDE3s.roa
File:                     c6sS3FncECU14jdCS4BGN8zDE3s.roa (raw, json)
Hash identifier:          tg4kxkmfY2vQbooDMirNRtWJGHWcfsPJREVQQNjJLA8=
Subject key identifier:   73:AB:12:DC:59:DC:10:25:35:E2:37:42:4B:80:46:37:CC:C3:13:7B
Certificate issuer:       /CN=a2c891100e500fb5c64f30f1603fe545dab49016
Certificate serial:       018CC2DB2EE3F80B39B6AE567D7CC6975F51
Authority key identifier: A2:C8:91:10:0E:50:0F:B5:C6:4F:30:F1:60:3F:E5:45:DA:B4:90:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/osiREA5QD7XGTzDxYD_lRdq0kBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/c6sS3FncECU14jdCS4BGN8zDE3s.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49850
IP address blocks:        193.202.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/osiREA5QD7XGTzDxYD_lRdq0kBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/osiREA5QD7XGTzDxYD_lRdq0kBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/osiREA5QD7XGTzDxYD_lRdq0kBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2e:e3:f8:0b:39:b6:ae:56:7d:7c:c6:97:5f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2c891100e500fb5c64f30f1603fe545dab49016
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73ab12dc59dc102535e237424b804637ccc3137b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:8d:9e:3b:d7:1e:f2:9a:1c:7d:22:94:03:
                    ec:75:ec:5a:67:f8:c6:6b:c8:cb:ce:ed:8b:de:0e:
                    54:a2:28:1e:bd:ab:6c:27:e1:4a:3c:9f:44:40:2c:
                    a8:ac:d7:e3:62:a1:22:cb:57:5f:3d:89:94:e0:5d:
                    be:79:d9:a1:6c:d9:8a:89:c4:1a:ba:e8:08:e6:7e:
                    5b:12:25:b7:a4:5b:8b:c4:81:3c:97:29:63:0e:e6:
                    54:df:8d:ae:1c:b8:1e:d0:6c:d0:74:63:49:3b:91:
                    4c:ab:2c:26:79:5e:d1:e5:4e:8d:5b:46:5a:2f:1a:
                    dc:74:92:2b:63:47:8c:f3:9f:2d:7e:62:b8:6a:c1:
                    21:6f:7f:0f:1b:27:3b:03:1b:af:0c:2e:52:88:2b:
                    b0:d6:32:b2:bd:02:67:9e:b8:45:f0:88:96:e3:f6:
                    f1:f9:bd:c4:0f:9b:04:95:cd:2d:86:ab:8d:95:70:
                    62:00:90:ee:3b:b2:64:00:be:f4:47:e9:19:d2:13:
                    aa:51:3e:4f:00:b1:c0:53:f3:d7:bc:87:88:cd:26:
                    a3:a5:87:0a:d0:5c:14:7c:d1:2e:79:8a:62:89:86:
                    66:32:bb:b6:a1:0f:4a:cd:41:4a:3b:f8:77:8e:ea:
                    71:88:28:b5:f2:39:a6:df:24:c3:f1:aa:4c:66:86:
                    51:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:AB:12:DC:59:DC:10:25:35:E2:37:42:4B:80:46:37:CC:C3:13:7B
            X509v3 Authority Key Identifier:
                keyid:A2:C8:91:10:0E:50:0F:B5:C6:4F:30:F1:60:3F:E5:45:DA:B4:90:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/osiREA5QD7XGTzDxYD_lRdq0kBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/c6sS3FncECU14jdCS4BGN8zDE3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/28b56c-6aac-48d7-aba2-8ca0c90f577e/1/osiREA5QD7XGTzDxYD_lRdq0kBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ef:8d:ad:19:dd:75:4c:5f:12:6c:3f:b1:75:07:a4:e9:89:
         f7:d9:f7:f7:52:2d:43:38:66:90:79:0f:b0:a8:29:cf:f4:98:
         0f:01:63:cb:3f:c4:b8:d5:ad:06:3e:b2:d8:1e:7c:f4:40:7e:
         39:06:03:cf:8c:f8:75:85:07:43:9e:6e:2e:79:fd:ac:61:c2:
         2e:75:26:56:4f:97:a4:99:ac:ee:47:b6:55:02:96:90:f7:a9:
         89:03:38:54:e1:9c:ef:c6:64:6b:c6:33:06:b5:41:6f:7b:e8:
         77:6d:ea:38:f7:2e:55:d6:52:54:76:94:1f:09:e5:ce:ac:b6:
         39:b2:2a:95:42:3d:a2:de:3f:e8:d7:71:6f:fd:66:6e:79:b7:
         14:82:72:e7:83:f2:cc:ba:86:8f:86:80:73:62:ae:a2:39:f3:
         f5:a9:21:e2:96:ae:13:3e:cf:94:b5:e3:66:56:0d:83:eb:6d:
         e9:36:65:77:2e:74:da:03:aa:59:e8:87:ec:bc:6e:7f:cb:7b:
         c3:69:5e:56:01:a9:79:23:91:79:68:e0:4e:77:47:92:64:82:
         e8:4e:80:5a:0e:5b:fa:99:f8:dd:09:7e:69:df:61:9e:5c:95:
         cc:8c:b5:98:22:1a:d2:ed:a3:b4:55:4c:a1:7e:c2:84:fa:24:
         e7:18:bc:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2y7j+As5tq5WfXzGl19RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYzg5MTEwMGU1MDBmYjVjNjRmMzBmMTYwM2ZlNTQ1ZGFi
NDkwMTYwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2FiMTJkYzU5ZGMxMDI1MzVlMjM3NDI0YjgwNDYzN2NjYzMxMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VaNnjvXHvKaHH0ilAPsdexaZ/jG
a8jLzu2L3g5UoigevatsJ+FKPJ9EQCyorNfjYqEiy1dfPYmU4F2+edmhbNmKicQa
uugI5n5bEiW3pFuLxIE8lyljDuZU342uHLge0GzQdGNJO5FMqywmeV7R5U6NW0Za
LxrcdJIrY0eM858tfmK4asEhb38PGyc7AxuvDC5SiCuw1jKyvQJnnrhF8IiW4/bx
+b3ED5sElc0thquNlXBiAJDuO7JkAL70R+kZ0hOqUT5PALHAU/PXvIeIzSajpYcK
0FwUfNEueYpiiYZmMru2oQ9KzUFKO/h3jupxiCi18jmm3yTD8apMZoZRgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOrEtxZ3BAlNeI3QkuARjfMwxN7MB8GA1UdIwQY
MBaAFKLIkRAOUA+1xk8w8WA/5UXatJAWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3NpUkVBNVFEN1hHVHpEeFlEX2xSZHEwa0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yOGI1NmMtNmFhYy00OGQ3LWFiYTIt
OGNhMGM5MGY1NzdlLzEvYzZzUzNGbmNFQ1UxNGpkQ1M0QkdOOHpERTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yOGI1NmMtNmFhYy00OGQ3LWFiYTItOGNhMGM5MGY1Nzdl
LzEvb3NpUkVBNVFEN1hHVHpEeFlEX2xSZHEwa0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcpsMA0G
CSqGSIb3DQEBCwUAA4IBAQA5742tGd11TF8SbD+xdQek6Yn32ff3Ui1DOGaQeQ+w
qCnP9JgPAWPLP8S41a0GPrLYHnz0QH45BgPPjPh1hQdDnm4uef2sYcIudSZWT5ek
mazuR7ZVApaQ96mJAzhU4ZzvxmRrxjMGtUFve+h3beo49y5V1lJUdpQfCeXOrLY5
siqVQj2i3j/o13Fv/WZuebcUgnLng/LMuoaPhoBzYq6iOfP1qSHilq4TPs+UteNm
Vg2D623pNmV3LnTaA6pZ6IfsvG5/y3vDaV5WAal5I5F5aOBOd0eSZILoToBaDlv6
mfjdCX5p32GeXJXMjLWYIhrS7aO0VUyhfsKE+iTnGLys
-----END CERTIFICATE-----