Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lkowVe7aAm4PkwcvhjE-QDM0mK4.roa
File:                     lkowVe7aAm4PkwcvhjE-QDM0mK4.roa (raw, json)
Hash identifier:          16GVquWl9b+KhIWa5m1oER2p++JglegXPrJuymMSXR0=
Subject key identifier:   96:4A:30:55:EE:DA:02:6E:0F:93:07:2F:86:31:3E:40:33:34:98:AE
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018EE2FBF5D2E70C34AC00058A9A696CFEF0
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lkowVe7aAm4PkwcvhjE-QDM0mK4.roa
Signing time:             Mon 15 Apr 2024 18:19:07 +0000
ROA not before:           Mon 15 Apr 2024 18:19:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        193.233.22.0/24 maxlen: 24
                          193.233.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e2:fb:f5:d2:e7:0c:34:ac:00:05:8a:9a:69:6c:fe:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr 15 18:19:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=964a3055eeda026e0f93072f86313e40333498ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5e:ff:b7:f6:8d:21:67:7d:39:96:29:bd:ce:
                    ec:ec:21:80:37:37:25:f5:54:dc:6b:30:22:22:67:
                    e2:8d:2b:b2:d6:ee:c1:02:72:b4:ef:74:6d:fa:4f:
                    4c:86:58:b7:39:7a:b3:c1:df:28:fd:f6:27:9b:39:
                    28:50:db:fc:23:28:cf:c3:b7:c6:59:da:9a:43:e8:
                    14:95:f4:55:53:04:e1:bd:4b:1e:62:a3:f6:bb:9d:
                    18:b2:7c:6b:8e:6e:e9:29:69:1c:3d:f0:5a:6b:64:
                    e4:f8:4e:10:53:36:e3:4e:92:12:42:02:c8:29:34:
                    29:db:b8:02:c3:e6:5c:eb:aa:e3:8e:ed:93:c2:1d:
                    ab:6a:d7:92:a3:5b:a3:e8:c4:fd:fa:d4:85:41:1b:
                    a8:54:49:39:c7:50:1c:53:37:c8:b5:55:de:2c:a9:
                    cd:e4:77:e5:44:2d:d8:f9:6d:79:c5:dc:a0:ce:5d:
                    39:4e:19:a9:18:63:fb:25:90:a3:fc:96:06:e8:c7:
                    27:a6:d0:8c:f8:c5:c9:01:c7:58:7b:e2:6a:24:6f:
                    75:05:36:ad:7f:aa:27:c9:24:6c:50:d1:3a:91:85:
                    51:18:ff:77:ca:e2:61:2f:e5:0c:7c:8d:f8:7f:a3:
                    e1:46:cb:3d:17:19:65:72:f2:5c:d6:ee:5f:30:59:
                    73:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:4A:30:55:EE:DA:02:6E:0F:93:07:2F:86:31:3E:40:33:34:98:AE
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lkowVe7aAm4PkwcvhjE-QDM0mK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:37:53:30:18:ea:31:31:c0:3e:00:e8:bb:8b:e2:c4:15:a4:
         f4:61:d2:ba:db:e2:63:cd:42:60:e0:c1:7e:c1:26:5e:9f:fc:
         17:cd:85:51:5a:c5:4d:71:a1:30:ef:c8:d0:ec:a5:a9:24:96:
         e3:e9:32:5f:94:0d:de:dd:b0:90:81:b3:bf:ac:7d:06:9b:29:
         d1:52:bd:93:5c:96:65:f1:d8:42:51:25:24:ae:0d:ea:52:00:
         10:67:f6:2a:f1:34:f2:7e:68:29:a9:c2:49:a9:e4:a0:12:0d:
         e6:3a:4e:fd:ca:8c:75:84:fe:7e:f7:6a:10:02:77:32:59:03:
         d3:d3:78:f4:fe:7f:a1:54:e9:3e:75:30:fc:e6:c6:08:81:10:
         28:df:06:a0:e6:94:68:5e:bf:37:e4:30:ad:75:b2:bd:da:22:
         5e:97:a9:b2:90:c7:23:7b:b1:42:6d:49:a2:07:2f:88:e3:d1:
         12:d2:51:9f:71:07:ef:f4:a3:d8:4f:c6:64:3a:89:50:ea:d7:
         76:64:8b:46:8e:7f:2b:8c:3e:b7:f8:58:31:41:72:c1:cd:c3:
         5d:5e:1b:c3:a7:ea:5d:0c:7e:94:f3:80:d9:04:58:bf:e0:24:
         05:6c:18:7c:5c:11:5d:4b:1a:b4:7d:a2:ff:92:b5:ac:d7:21:
         1c:6a:0a:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7i+/XS5ww0rAAFipppbP7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDE1MTgxOTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjRhMzA1NWVlZGEwMjZlMGY5MzA3MmY4NjMxM2U0MDMzMzQ5OGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF7/t/aNIWd9OZYpvc7s7CGANzcl
9VTcazAiImfijSuy1u7BAnK073Rt+k9Mhli3OXqzwd8o/fYnmzkoUNv8IyjPw7fG
WdqaQ+gUlfRVUwThvUseYqP2u50Ysnxrjm7pKWkcPfBaa2Tk+E4QUzbjTpISQgLI
KTQp27gCw+Zc66rjju2Twh2rateSo1uj6MT9+tSFQRuoVEk5x1AcUzfItVXeLKnN
5HflRC3Y+W15xdygzl05ThmpGGP7JZCj/JYG6McnptCM+MXJAcdYe+JqJG91BTat
f6onySRsUNE6kYVRGP93yuJhL+UMfI34f6PhRss9FxllcvJc1u5fMFlzRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZKMFXu2gJuD5MHL4YxPkAzNJiuMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbGtvd1ZlN2FBbTRQa3djdmhqRS1RRE0wbUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwekWMA0G
CSqGSIb3DQEBCwUAA4IBAQCQN1MwGOoxMcA+AOi7i+LEFaT0YdK62+JjzUJg4MF+
wSZen/wXzYVRWsVNcaEw78jQ7KWpJJbj6TJflA3e3bCQgbO/rH0GmynRUr2TXJZl
8dhCUSUkrg3qUgAQZ/Yq8TTyfmgpqcJJqeSgEg3mOk79yox1hP5+92oQAncyWQPT
03j0/n+hVOk+dTD85sYIgRAo3wag5pRoXr835DCtdbK92iJel6mykMcje7FCbUmi
By+I49ES0lGfcQfv9KPYT8ZkOolQ6td2ZItGjn8rjD63+FgxQXLBzcNdXhvDp+pd
DH6U84DZBFi/4CQFbBh8XBFdSxq0faL/krWs1yEcagqW
-----END CERTIFICATE-----