Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/VYfwi5M-qyeYip8EjFAjg4xpAYE.roa
File:                     VYfwi5M-qyeYip8EjFAjg4xpAYE.roa (raw, json)
Hash identifier:          x0hP3vnERMt2+HGlhOmcoXir4DxWBHTMAygYzZ0hN+Y=
Subject key identifier:   55:87:F0:8B:93:3E:AB:27:98:8A:9F:04:8C:50:23:83:8C:69:01:81
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7953ADDBB7FCAF58BB5580625D37FD6
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/VYfwi5M-qyeYip8EjFAjg4xpAYE.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216319
IP address blocks:        193.233.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3a:dd:bb:7f:ca:f5:8b:b5:58:06:25:d3:7f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5587f08b933eab27988a9f048c5023838c690181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c2:cb:7e:6e:e3:cb:7d:03:93:61:7b:9d:df:
                    e2:66:9d:4b:49:75:2e:5e:0e:c3:94:d2:88:34:50:
                    d3:4c:b3:ce:c2:2d:aa:93:18:43:e3:6a:72:86:c5:
                    40:94:6e:d5:a5:17:e0:39:6b:b7:96:da:5e:61:ae:
                    e2:55:77:bc:a9:6f:92:70:a6:aa:dc:7d:f7:89:a5:
                    d1:4d:59:9d:24:9c:fa:39:e3:3e:f0:5d:18:f0:63:
                    dd:2e:06:31:3b:ef:4a:37:9d:6a:fe:de:db:02:1e:
                    69:87:9d:15:7d:1c:b1:95:1e:49:29:ca:20:67:0f:
                    8d:d2:21:4b:cc:18:b9:9b:32:28:13:f9:ba:30:42:
                    e6:6e:8b:56:80:fe:8b:43:1d:cd:38:78:24:e4:f6:
                    ae:a9:3f:cf:76:29:ed:10:8a:1b:58:b8:05:77:de:
                    a9:27:c7:21:e5:09:bb:ad:89:7f:57:ca:3c:4d:2a:
                    44:21:bd:34:0f:6f:bb:ed:e9:bf:fb:86:df:5e:a0:
                    0e:c0:18:7d:6e:f3:27:8e:cf:41:fa:e2:84:22:84:
                    ba:c1:d7:18:6b:96:cb:97:b0:78:44:f8:5c:1c:52:
                    99:06:95:15:f4:17:56:1b:64:e8:28:ad:be:28:4e:
                    2a:52:fb:65:32:c1:9e:cb:74:f6:17:38:36:0f:36:
                    1a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:87:F0:8B:93:3E:AB:27:98:8A:9F:04:8C:50:23:83:8C:69:01:81
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/VYfwi5M-qyeYip8EjFAjg4xpAYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:d5:a1:c6:91:48:77:8f:36:2a:5e:8a:d1:00:5b:77:ce:4d:
         98:5e:52:c0:99:48:2f:16:9c:fc:d3:0d:40:fc:b2:07:28:59:
         cc:b2:2f:7a:d4:30:74:89:9e:e6:20:bc:ee:dc:c8:08:27:a1:
         91:7f:e2:af:25:f7:f8:99:32:25:65:01:ba:2f:93:ef:fb:3d:
         07:d1:89:ed:98:73:de:fb:e0:7d:47:09:83:a1:3e:fc:c6:a2:
         42:eb:b9:dd:2e:82:02:01:14:5a:a3:f0:b8:34:24:62:a7:23:
         0e:01:37:22:43:22:c0:2d:b6:25:35:fc:36:1a:d2:f0:98:63:
         a8:48:25:e9:1c:f1:f2:74:85:bc:a4:08:d8:ce:03:d9:13:d5:
         9b:2f:ef:c5:e2:d1:b4:60:71:31:19:ae:6e:0e:9a:98:58:a3:
         6f:0a:27:9d:e3:1f:48:50:de:17:73:6c:23:e1:45:2d:52:f8:
         d8:aa:28:da:96:c5:2b:cb:04:2f:8f:8e:99:96:01:66:7d:00:
         30:1c:4a:1f:9d:05:86:f7:ad:a9:b7:c5:62:ad:5d:31:d6:5e:
         b4:f5:de:b7:ff:4c:58:d6:8d:d4:cc:f0:bc:02:69:35:29:8a:
         0b:85:2c:1e:87:87:f7:a1:bd:82:db:d2:42:b4:b7:73:5f:4e:
         3f:a4:43:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTrdu3/K9Yu1WAYl03/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTg3ZjA4YjkzM2VhYjI3OTg4YTlmMDQ4YzUwMjM4MzhjNjkwMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsLLfm7jy30Dk2F7nd/iZp1LSXUu
Xg7DlNKINFDTTLPOwi2qkxhD42pyhsVAlG7VpRfgOWu3ltpeYa7iVXe8qW+ScKaq
3H33iaXRTVmdJJz6OeM+8F0Y8GPdLgYxO+9KN51q/t7bAh5ph50VfRyxlR5JKcog
Zw+N0iFLzBi5mzIoE/m6MELmbotWgP6LQx3NOHgk5PauqT/PdintEIobWLgFd96p
J8ch5Qm7rYl/V8o8TSpEIb00D2+77em/+4bfXqAOwBh9bvMnjs9B+uKEIoS6wdcY
a5bLl7B4RPhcHFKZBpUV9BdWG2ToKK2+KE4qUvtlMsGey3T2Fzg2DzYaQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWH8IuTPqsnmIqfBIxQI4OMaQGBMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvVllmd2k1TS1xeWVZaXA4RWpGQWpnNHhwQVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemEMA0G
CSqGSIb3DQEBCwUAA4IBAQAp1aHGkUh3jzYqXorRAFt3zk2YXlLAmUgvFpz80w1A
/LIHKFnMsi961DB0iZ7mILzu3MgIJ6GRf+KvJff4mTIlZQG6L5Pv+z0H0YntmHPe
++B9RwmDoT78xqJC67ndLoICARRao/C4NCRipyMOATciQyLALbYlNfw2GtLwmGOo
SCXpHPHydIW8pAjYzgPZE9WbL+/F4tG0YHExGa5uDpqYWKNvCied4x9IUN4Xc2wj
4UUtUvjYqijalsUrywQvj46ZlgFmfQAwHEofnQWG962pt8VirV0x1l609d63/0xY
1o3UzPC8Amk1KYoLhSweh4f3ob2C29JCtLdzX04/pEN7
-----END CERTIFICATE-----