Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/l2vpdn086E9_1udPG-fByVtHXKU.roa
File:                     l2vpdn086E9_1udPG-fByVtHXKU.roa (raw, json)
Hash identifier:          4CfUC7GMskW8D8MR0mhj+pMwiuPamK+16qzNZLctbbg=
Subject key identifier:   97:6B:E9:76:7D:3C:E8:4F:7F:D6:E7:4F:1B:E7:C1:C9:5B:47:5C:A5
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0194206838728EE34101030DDFC137147E9B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/l2vpdn086E9_1udPG-fByVtHXKU.roa
Signing time:             Wed 01 Jan 2025 05:48:08 +0000
ROA not before:           Wed 01 Jan 2025 05:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6869
IP address blocks:        193.233.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:38:72:8e:e3:41:01:03:0d:df:c1:37:14:7e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=976be9767d3ce84f7fd6e74f1be7c1c95b475ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:83:6a:5d:70:00:7c:25:32:17:e4:62:a7:
                    89:5b:70:a8:39:fe:c4:23:3e:cc:f1:ac:af:a0:38:
                    eb:32:46:68:a4:d9:a6:de:75:3b:e1:b8:f7:98:3f:
                    5c:39:80:c8:e0:91:97:25:46:8d:f3:a4:93:fd:f6:
                    0c:43:80:0b:3c:2a:0a:00:7c:3b:b2:e3:36:df:17:
                    d7:86:b0:68:9b:0c:75:e3:1b:cf:0b:5e:54:e4:e0:
                    19:d4:a3:ac:bc:44:22:c5:92:fb:2e:36:4e:83:5e:
                    ab:08:ac:58:8d:85:b8:c7:2d:22:58:e6:13:a5:d4:
                    90:7c:b1:9c:3c:2e:e1:b7:ff:c1:f0:94:dd:56:4b:
                    68:f2:1b:b3:a9:a2:ee:f1:7d:9b:bd:93:58:04:08:
                    07:42:cd:79:91:5e:43:3b:77:97:be:62:b0:4b:75:
                    ae:f2:7f:4f:b5:89:9f:06:4c:73:a8:62:5f:99:18:
                    89:02:99:2c:52:db:06:b2:0e:92:3e:c8:d1:a9:f4:
                    1c:67:8c:c3:27:14:99:27:a5:c7:32:9c:a0:99:5e:
                    90:73:55:ae:d5:3a:52:d7:ff:20:b5:2d:7b:53:86:
                    58:d1:c9:36:b9:b2:da:23:41:a3:60:6e:a4:ac:b3:
                    b5:6d:65:b9:18:27:14:a2:a9:26:d6:c9:09:7b:61:
                    a0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6B:E9:76:7D:3C:E8:4F:7F:D6:E7:4F:1B:E7:C1:C9:5B:47:5C:A5
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/l2vpdn086E9_1udPG-fByVtHXKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:99:16:93:a3:9f:e1:12:41:46:88:a9:86:11:ca:2e:57:4b:
         48:2d:d4:15:9c:f2:e8:7a:c6:c1:75:2a:30:7a:56:b2:24:10:
         47:09:76:e5:96:85:f7:63:69:23:23:a3:57:a6:93:33:65:e6:
         13:94:c4:ff:8d:ea:f6:25:8d:44:5d:cb:25:83:26:72:79:2f:
         a4:95:e4:0e:bf:d0:e8:3c:ca:c6:01:27:2f:08:f2:61:42:7c:
         db:93:d0:51:58:22:6a:80:57:3b:38:e6:d9:dc:c6:4c:98:64:
         9b:d0:b0:08:63:c0:21:f8:ca:8a:03:a4:f7:c8:92:e6:43:bf:
         f3:58:74:09:aa:68:ee:7e:3f:5f:1a:07:c9:f0:ff:94:a6:12:
         15:68:17:54:4d:a9:dc:51:f6:09:90:29:a2:37:b2:b7:f2:13:
         fa:51:57:83:02:22:5c:6a:ed:f9:a7:6f:c4:84:41:d3:4c:28:
         fc:0b:49:eb:aa:0a:f3:a7:d5:2b:b6:85:d7:52:1c:b2:e8:ae:
         29:3f:ed:0a:5d:3c:3b:dd:57:a4:17:c6:32:6f:64:28:bd:b1:
         42:e2:3f:52:60:67:06:7a:0a:79:bd:ea:36:9f:15:53:e3:7d:
         84:a7:d1:88:e1:cc:61:24:02:76:bf:15:46:3d:21:89:0a:20:
         40:04:f9:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDhyjuNBAQMN38E3FH6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiZTk3NjdkM2NlODRmN2ZkNmU3NGYxYmU3YzFjOTViNDc1Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6CDal1wAHwlMhfkYqeJW3CoOf7E
Iz7M8ayvoDjrMkZopNmm3nU74bj3mD9cOYDI4JGXJUaN86ST/fYMQ4ALPCoKAHw7
suM23xfXhrBomwx14xvPC15U5OAZ1KOsvEQixZL7LjZOg16rCKxYjYW4xy0iWOYT
pdSQfLGcPC7ht//B8JTdVkto8huzqaLu8X2bvZNYBAgHQs15kV5DO3eXvmKwS3Wu
8n9PtYmfBkxzqGJfmRiJApksUtsGsg6SPsjRqfQcZ4zDJxSZJ6XHMpygmV6Qc1Wu
1TpS1/8gtS17U4ZY0ck2ubLaI0GjYG6krLO1bWW5GCcUoqkm1skJe2GgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdr6XZ9POhPf9bnTxvnwclbR1ylMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbDJ2cGRuMDg2RTlfMXVkUEctZkJ5VnRIWEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemYMA0G
CSqGSIb3DQEBCwUAA4IBAQAzmRaTo5/hEkFGiKmGEcouV0tILdQVnPLoesbBdSow
elayJBBHCXblloX3Y2kjI6NXppMzZeYTlMT/jer2JY1EXcslgyZyeS+kleQOv9Do
PMrGAScvCPJhQnzbk9BRWCJqgFc7OObZ3MZMmGSb0LAIY8Ah+MqKA6T3yJLmQ7/z
WHQJqmjufj9fGgfJ8P+UphIVaBdUTancUfYJkCmiN7K38hP6UVeDAiJcau35p2/E
hEHTTCj8C0nrqgrzp9UrtoXXUhyy6K4pP+0KXTw73VekF8Yyb2QovbFC4j9SYGcG
egp5veo2nxVT432Ep9GI4cxhJAJ2vxVGPSGJCiBABPmA
-----END CERTIFICATE-----