Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6XsJ_LfViYv5QTeP1Y33BoKJ9_c.roa
File:                     6XsJ_LfViYv5QTeP1Y33BoKJ9_c.roa (raw, json)
Hash identifier:          wGmkc95ek2A2Eb+AWQ50DROXorQ65xHZ5EtUnrh/Nos=
Subject key identifier:   E9:7B:09:FC:B7:D5:89:8B:F9:41:37:8F:D5:8D:F7:06:82:89:F7:F7
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420683D89874160A8977EDA8399B2EADA
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6XsJ_LfViYv5QTeP1Y33BoKJ9_c.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42007
IP address blocks:        193.233.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3d:89:87:41:60:a8:97:7e:da:83:99:b2:ea:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e97b09fcb7d5898bf941378fd58df7068289f7f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e3:d6:1e:5e:9d:2c:4d:9d:4e:de:54:15:d5:
                    93:52:00:8d:2d:b3:90:66:6a:8a:c1:ca:61:4f:64:
                    4c:59:78:f6:bd:41:6d:10:d5:a6:96:3d:65:d1:bc:
                    58:50:6f:8b:91:8d:c8:3c:09:ea:19:0a:13:5d:13:
                    c1:64:13:9d:bf:21:35:82:7f:88:e0:b5:ba:05:1f:
                    40:60:b8:0f:2e:f4:fd:7f:92:0f:d2:cc:b4:d5:02:
                    13:15:17:4b:c7:f6:8b:9c:fd:05:8e:be:1f:04:ce:
                    e4:99:ca:81:2b:20:a3:ad:3e:aa:75:61:31:7d:ba:
                    aa:2f:b4:b0:89:b5:c8:18:8f:79:7b:e4:76:ce:af:
                    eb:bb:5b:ff:43:c9:af:04:50:f3:f3:20:09:7a:b7:
                    a0:c2:d6:5b:16:1f:4b:a5:8a:4b:b0:de:f7:83:fe:
                    c8:38:f6:fa:7f:e4:02:f7:0e:18:bd:76:1d:9d:7a:
                    7c:50:09:e1:25:94:fe:99:47:68:9c:c1:51:66:79:
                    0a:4d:67:e0:82:df:78:19:89:79:7a:6a:ee:38:ee:
                    43:3f:15:cc:19:9e:a5:e1:aa:44:35:f8:ee:59:6a:
                    da:6f:6b:f2:66:47:79:ff:89:95:31:90:84:27:3d:
                    6a:08:31:58:f4:f4:57:38:3f:1b:fb:0a:7d:25:5e:
                    fb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:7B:09:FC:B7:D5:89:8B:F9:41:37:8F:D5:8D:F7:06:82:89:F7:F7
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6XsJ_LfViYv5QTeP1Y33BoKJ9_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:4c:0e:25:39:8e:14:62:f7:53:45:ef:4c:3b:48:e4:69:27:
         30:bf:3b:75:c5:83:26:a1:01:b1:7d:49:ad:21:8f:26:38:59:
         31:27:aa:79:63:e7:ab:03:17:3e:c6:0e:91:94:16:e2:d9:82:
         a4:d9:77:f8:4c:71:bc:9a:dd:0a:c4:e6:29:d8:88:2b:3a:a7:
         17:2d:4c:83:3e:df:b8:eb:64:43:cd:d0:1b:12:01:6d:fc:f8:
         47:2e:0e:6d:67:8a:81:ea:a2:ab:9f:92:c9:3e:f0:d0:ad:aa:
         b0:f1:1e:75:5a:d5:5e:f7:9c:69:b8:cc:59:de:3d:80:64:bf:
         53:af:54:97:11:81:43:63:b2:32:ed:79:42:a1:7d:7f:f5:39:
         0c:a4:9d:de:e9:04:c1:64:a2:7d:ed:20:cb:ac:8b:c7:b4:af:
         8e:f5:a3:b3:4e:37:ad:69:11:c0:2c:a0:8f:a6:bb:4f:b8:d4:
         00:cf:81:80:e4:60:23:56:1c:b1:25:f3:92:35:12:0a:e4:f2:
         2b:9c:1f:4a:09:d4:91:2b:a2:c5:c6:fe:4d:6c:eb:f8:79:93:
         67:8b:d1:48:ba:01:cf:a2:31:7c:c9:4a:60:ec:fa:fa:3d:89:
         61:48:88:8e:03:c4:b0:ce:09:e8:e1:8d:a6:f7:3d:ba:8b:59:
         14:1d:9a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaD2Jh0FgqJd+2oOZsuraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTdiMDlmY2I3ZDU4OThiZjk0MTM3OGZkNThkZjcwNjgyODlmN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+PWHl6dLE2dTt5UFdWTUgCNLbOQ
ZmqKwcphT2RMWXj2vUFtENWmlj1l0bxYUG+LkY3IPAnqGQoTXRPBZBOdvyE1gn+I
4LW6BR9AYLgPLvT9f5IP0sy01QITFRdLx/aLnP0Fjr4fBM7kmcqBKyCjrT6qdWEx
fbqqL7SwibXIGI95e+R2zq/ru1v/Q8mvBFDz8yAJeregwtZbFh9LpYpLsN73g/7I
OPb6f+QC9w4YvXYdnXp8UAnhJZT+mUdonMFRZnkKTWfggt94GYl5emruOO5DPxXM
GZ6l4apENfjuWWrab2vyZkd5/4mVMZCEJz1qCDFY9PRXOD8b+wp9JV77rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOl7Cfy31YmL+UE3j9WN9waCiff3MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNlhzSl9MZlZpWXY1UVRlUDFZMzNCb0tKOV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwekgMA0G
CSqGSIb3DQEBCwUAA4IBAQCMTA4lOY4UYvdTRe9MO0jkaScwvzt1xYMmoQGxfUmt
IY8mOFkxJ6p5Y+erAxc+xg6RlBbi2YKk2Xf4THG8mt0KxOYp2IgrOqcXLUyDPt+4
62RDzdAbEgFt/PhHLg5tZ4qB6qKrn5LJPvDQraqw8R51WtVe95xpuMxZ3j2AZL9T
r1SXEYFDY7Iy7XlCoX1/9TkMpJ3e6QTBZKJ97SDLrIvHtK+O9aOzTjetaRHALKCP
prtPuNQAz4GA5GAjVhyxJfOSNRIK5PIrnB9KCdSRK6LFxv5NbOv4eZNni9FIugHP
ojF8yUpg7Pr6PYlhSIiOA8Swzgno4Y2m9z26i1kUHZox
-----END CERTIFICATE-----