Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/r75s4uT9YA4GmcYg-7oEuNYVVeA.roa
File:                     r75s4uT9YA4GmcYg-7oEuNYVVeA.roa (raw, json)
Hash identifier:          Va8Pe+ozwdUSt/pAkrxXyie4d6HtCVKoB1SRyzQIZh0=
Subject key identifier:   AF:BE:6C:E2:E4:FD:60:0E:06:99:C6:20:FB:BA:04:B8:D6:15:55:E0
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B9333CD7D277332DB84F73E6C69BC1
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/r75s4uT9YA4GmcYg-7oEuNYVVeA.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43417
IP address blocks:        213.194.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:33:3c:d7:d2:77:33:2d:b8:4f:73:e6:c6:9b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afbe6ce2e4fd600e0699c620fbba04b8d61555e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cc:4d:9b:df:eb:ec:2c:a1:b8:9d:cf:aa:0b:
                    22:c8:b3:49:d9:0c:72:97:86:a1:09:5b:6d:22:81:
                    2f:7a:7d:54:55:e5:db:6a:ac:66:d4:8b:01:e2:43:
                    fd:c6:a9:90:6d:a0:5b:98:01:49:5a:22:05:53:63:
                    21:ef:dd:f9:5e:bc:14:24:d3:6d:cd:b8:c2:e2:fc:
                    32:a5:75:29:88:fd:e5:51:17:fd:f4:b3:a6:0b:d4:
                    47:2d:47:bb:f9:61:43:02:a3:1b:bb:d6:46:f3:be:
                    62:2c:e3:11:24:32:66:a1:dc:e3:a8:1f:19:4a:5f:
                    f8:90:91:9e:0a:a4:8a:4a:66:fd:d4:bd:ba:c2:5f:
                    ce:1c:e2:37:c2:d0:27:8d:f5:91:1b:9d:36:4b:4f:
                    ba:7c:bb:90:f7:7c:00:32:74:8f:3e:e7:7c:e6:71:
                    ea:58:5e:ea:d5:db:c9:d1:e8:81:c7:18:98:35:55:
                    28:cd:90:78:cb:96:39:4e:be:4c:b2:79:2c:19:96:
                    20:82:f3:f2:9f:c8:24:ab:0c:22:98:87:13:50:5d:
                    a9:83:fc:8e:00:17:c0:ca:24:53:14:f7:2e:70:6a:
                    20:3e:a9:69:9d:ff:84:25:7f:ee:79:15:19:a8:ae:
                    06:25:bc:19:c6:4c:10:89:f2:ac:38:18:44:1f:dc:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BE:6C:E2:E4:FD:60:0E:06:99:C6:20:FB:BA:04:B8:D6:15:55:E0
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/r75s4uT9YA4GmcYg-7oEuNYVVeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.194.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:12:f8:b1:dc:fe:8d:39:b8:9f:de:06:83:d7:7d:5a:e8:0f:
         3e:47:34:ae:23:a8:d5:cd:2b:f1:6e:96:a0:21:67:4c:62:ce:
         c8:28:67:35:27:12:c4:d0:d7:6a:a2:bd:2f:3f:16:8b:b6:58:
         bd:e1:9f:eb:65:51:57:e6:f7:ee:2c:f3:bc:e4:0e:9d:d3:3c:
         e6:00:6c:49:c3:11:fd:fe:e6:79:92:f7:95:66:a9:37:f3:55:
         48:a5:a0:50:f9:0f:b0:86:74:10:3f:6b:94:8d:1e:e5:32:7f:
         3a:1d:80:37:69:7e:6a:d6:4f:0c:aa:4c:1f:fd:7c:78:3a:ab:
         db:48:e1:84:0a:34:50:6a:32:d7:34:2f:a0:2f:d7:3b:d2:dd:
         10:b8:b1:db:7c:a9:9b:aa:4b:a4:1d:9c:2f:4c:20:ea:67:b1:
         cc:b9:fa:56:79:5e:57:58:37:48:1d:d7:a8:20:80:5e:2e:9e:
         6c:3e:91:53:26:fe:13:49:3d:13:d1:77:23:8d:ad:1e:0d:97:
         c3:47:6a:57:3e:7d:04:60:ce:da:8f:c3:16:94:8e:f6:3e:82:
         20:23:c9:34:e0:8a:7b:78:5d:e1:92:23:68:70:2f:a5:dd:5c:
         fe:2f:ca:72:cc:b1:d6:af:5c:c6:16:7e:3c:07:45:11:27:2f:
         86:0a:37:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTM819J3My24T3PmxpvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJlNmNlMmU0ZmQ2MDBlMDY5OWM2MjBmYmJhMDRiOGQ2MTU1NWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8xNm9/r7CyhuJ3PqgsiyLNJ2Qxy
l4ahCVttIoEven1UVeXbaqxm1IsB4kP9xqmQbaBbmAFJWiIFU2Mh7935XrwUJNNt
zbjC4vwypXUpiP3lURf99LOmC9RHLUe7+WFDAqMbu9ZG875iLOMRJDJmodzjqB8Z
Sl/4kJGeCqSKSmb91L26wl/OHOI3wtAnjfWRG502S0+6fLuQ93wAMnSPPud85nHq
WF7q1dvJ0eiBxxiYNVUozZB4y5Y5Tr5MsnksGZYggvPyn8gkqwwimIcTUF2pg/yO
ABfAyiRTFPcucGogPqlpnf+EJX/ueRUZqK4GJbwZxkwQifKsOBhEH9y0jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK++bOLk/WAOBpnGIPu6BLjWFVXgMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvcjc1czR1VDlZQTRHbWNZZy03b0V1TllWVmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cJsMA0G
CSqGSIb3DQEBCwUAA4IBAQBREvix3P6NObif3gaD131a6A8+RzSuI6jVzSvxbpag
IWdMYs7IKGc1JxLE0Ndqor0vPxaLtli94Z/rZVFX5vfuLPO85A6d0zzmAGxJwxH9
/uZ5kveVZqk381VIpaBQ+Q+whnQQP2uUjR7lMn86HYA3aX5q1k8Mqkwf/Xx4Oqvb
SOGECjRQajLXNC+gL9c70t0QuLHbfKmbqkukHZwvTCDqZ7HMufpWeV5XWDdIHdeo
IIBeLp5sPpFTJv4TST0T0Xcjja0eDZfDR2pXPn0EYM7aj8MWlI72PoIgI8k04Ip7
eF3hkiNocC+l3Vz+L8pyzLHWr1zGFn48B0URJy+GCjdk
-----END CERTIFICATE-----