Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/beYgKBiDXgvJA_GKQ2Io4kSdH40.roa
File:                     beYgKBiDXgvJA_GKQ2Io4kSdH40.roa (raw, json)
Hash identifier:          g7xyRwuX2ywCmE346kbvzkSyGKK/G4BfQMenU93JDQo=
Subject key identifier:   6D:E6:20:28:18:83:5E:0B:C9:03:F1:8A:43:62:28:E2:44:9D:1F:8D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018EAE2C2DA60F27F804FC48DB4E09FE3737
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/beYgKBiDXgvJA_GKQ2Io4kSdH40.roa
Signing time:             Fri 05 Apr 2024 12:11:54 +0000
ROA not before:           Fri 05 Apr 2024 12:11:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215206
IP address blocks:        193.233.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:2c:2d:a6:0f:27:f8:04:fc:48:db:4e:09:fe:37:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr  5 12:11:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6de6202818835e0bc903f18a436228e2449d1f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:36:a6:1e:71:4b:39:d4:53:09:9a:5f:af:16:
                    87:ac:c7:61:52:56:76:2e:c3:42:3c:dc:8f:9b:cc:
                    07:4d:7e:5e:d6:6d:5c:e1:6d:35:a9:94:30:2d:6f:
                    33:d2:dd:02:8c:b4:70:5b:c8:ac:75:55:3c:d1:69:
                    1e:72:89:65:40:6f:56:a2:ed:c7:f5:19:a9:89:f1:
                    ac:d0:d5:aa:41:c3:d9:09:3d:8c:8d:0f:b4:e1:88:
                    77:80:3e:92:ff:a1:cb:80:c7:ec:98:46:2d:31:7e:
                    47:3e:64:0d:d7:00:1b:5b:5c:00:58:22:37:68:fc:
                    96:fd:ac:f0:db:6e:1b:9e:7a:7e:14:10:43:4e:6b:
                    ab:20:ea:86:b9:f8:5d:cc:e0:8b:6c:81:b2:11:10:
                    d8:36:a6:f1:ba:be:b1:63:3e:d6:55:0a:66:08:d7:
                    f7:6e:4b:42:ec:9c:46:30:c3:35:ff:23:5c:38:ab:
                    ec:4e:e3:9b:7d:13:48:62:13:f9:b2:5b:a2:55:91:
                    55:97:23:aa:20:93:4f:43:54:6c:c3:45:1f:af:2d:
                    2c:2d:fa:2a:d6:d0:57:9f:37:d0:cf:c9:bd:27:3d:
                    99:8b:be:8d:02:96:be:e1:3f:18:af:71:e7:b7:4e:
                    10:00:c8:b5:ac:bf:5c:e8:dc:d6:81:94:91:6d:59:
                    30:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E6:20:28:18:83:5E:0B:C9:03:F1:8A:43:62:28:E2:44:9D:1F:8D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/beYgKBiDXgvJA_GKQ2Io4kSdH40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:e5:d3:cb:e9:21:3f:2c:78:3d:37:3a:65:d5:71:6f:a6:4a:
         60:a1:8b:a4:f6:cd:e1:7a:1d:81:c3:83:a0:22:66:e9:8c:c2:
         a6:24:64:56:4e:ec:63:ef:be:5d:49:64:67:cd:d5:5e:93:78:
         fd:4b:81:58:48:aa:cb:ff:2c:62:be:ed:d6:f5:a1:c0:db:a9:
         6e:76:bb:27:e4:15:96:7a:5d:40:52:a4:71:0e:c8:c5:a3:d7:
         21:77:ca:8e:7c:4a:d3:d9:1e:d4:4b:d2:52:bc:8c:df:63:12:
         97:41:6b:57:49:f0:75:8f:34:de:5b:33:b6:2d:eb:a2:8d:95:
         84:d1:ae:d3:82:93:97:2f:ea:63:f2:6e:46:11:1d:0d:08:d2:
         31:cc:ce:29:2a:ca:bc:d7:1e:ad:6f:12:18:f4:32:84:50:f2:
         77:60:0e:53:e7:1c:11:7e:77:36:ac:18:94:4d:89:0e:e2:8e:
         69:0f:e9:43:1d:54:1b:29:88:67:fe:1e:8c:d1:0c:b2:d5:b8:
         5b:3e:01:c3:d4:8e:31:1b:16:af:79:c3:88:56:75:96:94:67:
         e1:5c:ac:f1:40:c3:1a:b8:d9:69:36:25:cc:fd:48:aa:bd:7e:
         f6:79:7a:c7:ef:31:1e:c9:f2:0b:02:dc:69:68:a2:4e:7b:b1:
         a3:9f:ad:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6uLC2mDyf4BPxI204J/jc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDA1MTIxMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGU2MjAyODE4ODM1ZTBiYzkwM2YxOGE0MzYyMjhlMjQ0OWQxZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzamHnFLOdRTCZpfrxaHrMdhUlZ2
LsNCPNyPm8wHTX5e1m1c4W01qZQwLW8z0t0CjLRwW8isdVU80WkecollQG9Wou3H
9RmpifGs0NWqQcPZCT2MjQ+04Yh3gD6S/6HLgMfsmEYtMX5HPmQN1wAbW1wAWCI3
aPyW/azw224bnnp+FBBDTmurIOqGufhdzOCLbIGyERDYNqbxur6xYz7WVQpmCNf3
bktC7JxGMMM1/yNcOKvsTuObfRNIYhP5sluiVZFVlyOqIJNPQ1Rsw0Ufry0sLfoq
1tBXnzfQz8m9Jz2Zi76NApa+4T8Yr3Hnt04QAMi1rL9c6NzWgZSRbVkw0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3mICgYg14LyQPxikNiKOJEnR+NMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvYmVZZ0tCaURYZ3ZKQV9HS1EySW80a1NkSDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemHMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ5dPL6SE/LHg9Nzpl1XFvpkpgoYuk9s3heh2Bw4Og
ImbpjMKmJGRWTuxj775dSWRnzdVek3j9S4FYSKrL/yxivu3W9aHA26ludrsn5BWW
el1AUqRxDsjFo9chd8qOfErT2R7US9JSvIzfYxKXQWtXSfB1jzTeWzO2LeuijZWE
0a7TgpOXL+pj8m5GER0NCNIxzM4pKsq81x6tbxIY9DKEUPJ3YA5T5xwRfnc2rBiU
TYkO4o5pD+lDHVQbKYhn/h6M0Qyy1bhbPgHD1I4xGxavecOIVnWWlGfhXKzxQMMa
uNlpNiXM/UiqvX72eXrH7zEeyfILAtxpaKJOe7Gjn612
-----END CERTIFICATE-----