Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Pdgz22qvnD-PjESCFeU8WiDZCE.roa
File:                     6Pdgz22qvnD-PjESCFeU8WiDZCE.roa (raw, json)
Hash identifier:          q5XEqVj/hufFQOMT5DoeYM+KA7VjgqWKZmuIqiyu6rc=
Subject key identifier:   E8:F7:60:CF:6D:AA:BE:70:FE:3E:31:12:08:57:94:F1:68:83:64:21
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952B634E8B1CB456D1ED9592198AA9
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Pdgz22qvnD-PjESCFeU8WiDZCE.roa
Signing time:             Tue 02 Jan 2024 00:31:31 +0000
ROA not before:           Tue 02 Jan 2024 00:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56340
IP address blocks:        193.233.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2b:63:4e:8b:1c:b4:56:d1:ed:95:92:19:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8f760cf6daabe70fe3e3112085794f168836421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:78:84:ff:0c:c7:ec:c6:9b:d1:e7:ad:a1:74:
                    e2:b5:7a:74:45:b9:3b:42:04:75:01:65:a0:5c:b7:
                    1b:07:6d:ec:c2:d3:47:0b:85:f2:3b:df:5f:57:ff:
                    20:68:bb:1f:6f:89:d8:6b:3a:6b:6c:6c:1a:70:4f:
                    77:25:57:8c:e5:ba:c1:40:1b:79:c1:6a:8c:f9:d5:
                    59:9e:05:28:fe:7c:0b:f1:35:61:fe:16:c2:ed:3b:
                    f3:fd:70:3f:58:55:ac:60:99:14:b9:3c:ca:72:26:
                    ff:51:12:ad:96:4c:41:9a:45:fe:33:87:54:bc:1c:
                    f3:ea:f5:8c:b7:31:85:93:80:5e:ea:a4:78:b1:e5:
                    0c:dd:ec:5c:c4:14:97:b0:25:6c:ca:e5:00:ac:ea:
                    c9:2a:59:97:2c:28:aa:d4:20:65:c3:78:89:5a:2e:
                    8a:6f:df:4c:5e:c5:03:9d:b5:a0:68:bd:69:ab:70:
                    e4:ae:39:06:fe:ca:5b:1d:1f:f7:ee:07:52:94:60:
                    0e:31:55:bd:05:c0:c9:15:86:e9:b3:9d:29:7b:61:
                    ed:d6:94:8b:9c:00:82:8c:9c:d6:d2:b6:c9:75:a7:
                    64:3d:d1:f7:a8:ca:1d:c6:00:79:ce:15:e3:84:e0:
                    d2:7e:ca:21:0c:57:75:29:ef:da:a3:98:49:59:6b:
                    27:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F7:60:CF:6D:AA:BE:70:FE:3E:31:12:08:57:94:F1:68:83:64:21
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6Pdgz22qvnD-PjESCFeU8WiDZCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:91:84:6c:b7:b3:70:9a:f3:a6:b4:b6:19:af:ad:44:2f:8c:
         fc:6d:c3:2b:6e:cd:6a:b8:f1:ed:d3:b1:d6:52:c5:04:1b:28:
         3b:95:72:4c:43:12:3e:06:9c:41:9d:e4:fc:8e:47:23:e9:24:
         cb:d2:6b:25:80:a7:23:31:05:14:6f:41:69:93:db:ab:44:f9:
         3e:e9:54:25:3c:53:3a:38:91:a9:75:3b:98:0c:89:3b:25:44:
         e0:5a:bf:5e:fd:aa:cf:d7:0d:80:1c:eb:a5:68:d1:3e:a4:2a:
         b1:d9:ae:5a:a0:17:45:ee:89:11:e4:e3:89:a2:bd:4b:01:45:
         aa:64:0b:5c:64:aa:07:0a:98:c4:f1:94:17:8a:28:10:1e:44:
         19:23:eb:dd:c3:93:a2:33:33:ec:19:70:e1:1b:1d:3d:c6:3e:
         85:36:5d:fc:6d:60:c3:49:af:26:ee:f7:b4:38:1a:2e:a2:cc:
         4b:3b:b5:dc:eb:b2:11:d5:35:42:ef:fc:6b:50:31:e8:8d:95:
         10:b9:59:c3:57:07:de:ee:7e:ea:93:44:0d:6d:ee:34:ef:36:
         67:62:20:b8:ce:08:a9:72:2c:ac:59:38:ee:33:9f:c6:9b:0b:
         97:19:1c:a5:48:b1:e3:52:7e:7e:46:b9:37:c4:68:54:a7:33:
         55:cc:59:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlStjTosctFbR7ZWSGYqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGY3NjBjZjZkYWFiZTcwZmUzZTMxMTIwODU3OTRmMTY4ODM2NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHiE/wzH7Mab0eetoXTitXp0Rbk7
QgR1AWWgXLcbB23swtNHC4XyO99fV/8gaLsfb4nYazprbGwacE93JVeM5brBQBt5
wWqM+dVZngUo/nwL8TVh/hbC7Tvz/XA/WFWsYJkUuTzKcib/URKtlkxBmkX+M4dU
vBzz6vWMtzGFk4Be6qR4seUM3excxBSXsCVsyuUArOrJKlmXLCiq1CBlw3iJWi6K
b99MXsUDnbWgaL1pq3DkrjkG/spbHR/37gdSlGAOMVW9BcDJFYbps50pe2Ht1pSL
nACCjJzW0rbJdadkPdH3qModxgB5zhXjhODSfsohDFd1Ke/ao5hJWWsn0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOj3YM9tqr5w/j4xEghXlPFog2QhMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNlBkZ3oyMnF2bkQtUGpFU0NGZVU4V2lEWkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwelgMA0G
CSqGSIb3DQEBCwUAA4IBAQAykYRst7NwmvOmtLYZr61EL4z8bcMrbs1quPHt07HW
UsUEGyg7lXJMQxI+BpxBneT8jkcj6STL0mslgKcjMQUUb0Fpk9urRPk+6VQlPFM6
OJGpdTuYDIk7JUTgWr9e/arP1w2AHOulaNE+pCqx2a5aoBdF7okR5OOJor1LAUWq
ZAtcZKoHCpjE8ZQXiigQHkQZI+vdw5OiMzPsGXDhGx09xj6FNl38bWDDSa8m7ve0
OBouosxLO7Xc67IR1TVC7/xrUDHojZUQuVnDVwfe7n7qk0QNbe407zZnYiC4zgip
ciysWTjuM5/GmwuXGRylSLHjUn5+Rrk3xGhUpzNVzFnx
-----END CERTIFICATE-----