Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Hbz4buvL_3V4hzwhgWnqZwLC_o.roa
File:                     6Hbz4buvL_3V4hzwhgWnqZwLC_o.roa (raw, json)
Hash identifier:          A6+4Wee3/D0N6f4OseNzs05BrMpo8xnpYX68oKp0MsQ=
Subject key identifier:   E8:76:F3:E1:BB:AF:2F:FD:D5:E2:1C:F0:86:05:A7:A9:9C:0B:0B:FA
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018FA53C49840C6AE5D62D790FD350136442
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Hbz4buvL_3V4hzwhgWnqZwLC_o.roa
Signing time:             Thu 23 May 2024 11:35:42 +0000
ROA not before:           Thu 23 May 2024 11:35:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26042
IP address blocks:        193.233.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:3c:49:84:0c:6a:e5:d6:2d:79:0f:d3:50:13:64:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 23 11:35:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e876f3e1bbaf2ffdd5e21cf08605a7a99c0b0bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:51:a9:95:dd:21:c9:cb:99:62:cb:36:a9:
                    b1:23:91:54:09:9e:8a:65:57:72:8f:52:8f:47:c0:
                    a6:11:42:e4:8b:f0:be:61:85:4c:72:18:31:32:3a:
                    5c:71:39:c4:75:27:ce:5e:ca:3a:e0:98:47:c7:e0:
                    4e:7c:a2:39:83:e5:b2:64:2e:a1:02:88:d0:6c:18:
                    a9:e2:ed:f1:17:c0:66:e7:aa:ca:ec:5b:22:dd:ce:
                    70:2c:04:c4:18:df:82:ca:e7:6f:9c:e6:70:63:d3:
                    4b:e4:ad:98:3d:e3:a4:78:d1:4f:5c:38:8e:43:de:
                    e9:c3:b9:1f:ab:ab:6e:25:c8:b3:ce:61:08:1b:f7:
                    7f:82:31:53:d7:c8:e3:2d:37:0b:80:1d:b2:06:88:
                    89:9a:fd:ce:da:c1:36:56:29:50:e1:32:e9:d3:b9:
                    93:f2:21:4d:ea:0a:01:f7:ca:b2:c9:9e:1b:3a:b0:
                    91:47:9e:a6:7f:7f:02:a5:62:f6:37:b4:74:7b:07:
                    ee:03:db:3c:9d:b7:20:50:ab:75:f7:62:46:22:f9:
                    33:31:77:18:16:fc:a5:66:5b:7b:0a:a1:76:45:a8:
                    26:a5:4d:4e:53:56:e8:f6:a9:e3:1b:4f:1a:1e:be:
                    70:b7:a1:d6:c8:07:89:15:cc:b3:16:f3:5e:3b:e8:
                    e4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:76:F3:E1:BB:AF:2F:FD:D5:E2:1C:F0:86:05:A7:A9:9C:0B:0B:FA
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Hbz4buvL_3V4hzwhgWnqZwLC_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:2c:53:81:16:a0:a4:82:cb:52:ab:60:09:70:78:2a:9e:e2:
         3d:01:cf:79:c7:22:11:d5:93:92:04:ed:a7:4c:07:dd:5c:25:
         24:04:72:6b:92:a2:3a:0f:7c:64:f2:9e:03:48:e6:e4:a0:fc:
         b5:a0:7b:d7:28:00:d2:f3:90:f2:05:b9:54:28:3f:75:e9:e8:
         c3:3f:2f:1b:7d:7d:61:41:00:a1:02:8d:59:1e:2c:9a:89:5b:
         f2:73:09:89:5e:81:2f:c5:75:61:6f:d3:1e:d5:6f:7c:7a:67:
         12:1a:bd:f8:b0:63:5c:97:30:5e:21:ac:c0:d2:a1:d9:c9:80:
         98:95:fc:e3:0e:07:74:27:4d:d1:1a:29:93:00:a2:37:45:05:
         27:ea:f9:56:cf:1d:62:60:df:95:32:70:07:95:a4:1e:e8:a0:
         34:7b:2f:5b:3f:8a:74:43:e7:1f:85:09:c0:cb:2c:6e:d5:f7:
         3e:8c:f5:9e:32:d9:20:2e:1a:89:23:34:80:e5:d5:55:6e:f7:
         89:b2:f7:77:60:de:3b:c1:ec:0f:50:7a:33:3c:c8:15:5b:ac:
         80:95:bf:8f:fd:18:ac:ad:1d:3b:d7:68:d8:62:01:eb:a9:20:
         28:ed:91:ca:e8:57:8a:b5:ce:57:77:23:2a:e9:72:58:24:f4:
         f6:b4:88:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+lPEmEDGrl1i15D9NQE2RCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNTIzMTEzNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODc2ZjNlMWJiYWYyZmZkZDVlMjFjZjA4NjA1YTdhOTljMGIwYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYhRqZXdIcnLmWLLNqmxI5FUCZ6K
ZVdyj1KPR8CmEULki/C+YYVMchgxMjpccTnEdSfOXso64JhHx+BOfKI5g+WyZC6h
AojQbBip4u3xF8Bm56rK7Fsi3c5wLATEGN+CyudvnOZwY9NL5K2YPeOkeNFPXDiO
Q97pw7kfq6tuJcizzmEIG/d/gjFT18jjLTcLgB2yBoiJmv3O2sE2VilQ4TLp07mT
8iFN6goB98qyyZ4bOrCRR56mf38CpWL2N7R0ewfuA9s8nbcgUKt192JGIvkzMXcY
FvylZlt7CqF2RagmpU1OU1bo9qnjG08aHr5wt6HWyAeJFcyzFvNeO+jkbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOh28+G7ry/91eIc8IYFp6mcCwv6MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNkhiejRidXZMXzNWNGh6d2hnV25xWndMQ19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwenGMA0G
CSqGSIb3DQEBCwUAA4IBAQAZLFOBFqCkgstSq2AJcHgqnuI9Ac95xyIR1ZOSBO2n
TAfdXCUkBHJrkqI6D3xk8p4DSObkoPy1oHvXKADS85DyBblUKD916ejDPy8bfX1h
QQChAo1ZHiyaiVvycwmJXoEvxXVhb9Me1W98emcSGr34sGNclzBeIazA0qHZyYCY
lfzjDgd0J03RGimTAKI3RQUn6vlWzx1iYN+VMnAHlaQe6KA0ey9bP4p0Q+cfhQnA
yyxu1fc+jPWeMtkgLhqJIzSA5dVVbveJsvd3YN47wewPUHozPMgVW6yAlb+P/Ris
rR0712jYYgHrqSAo7ZHK6FeKtc5XdyMq6XJYJPT2tIgj
-----END CERTIFICATE-----