Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nEBkqLJn53UgM7P0WvUOuLvoW1U.roa
File:                     nEBkqLJn53UgM7P0WvUOuLvoW1U.roa (raw, json)
Hash identifier:          at2cSaJOKRmjdB2urnUmYTs/vnBXeiatEMjwy40cLOg=
Subject key identifier:   9C:40:64:A8:B2:67:E7:75:20:33:B3:F4:5A:F5:0E:B8:BB:E8:5B:55
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79535A160F5E03F6C138DF068D00EE5
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nEBkqLJn53UgM7P0WvUOuLvoW1U.roa
Signing time:             Tue 02 Jan 2024 00:31:33 +0000
ROA not before:           Tue 02 Jan 2024 00:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207447
IP address blocks:        193.233.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:35:a1:60:f5:e0:3f:6c:13:8d:f0:68:d0:0e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4064a8b267e7752033b3f45af50eb8bbe85b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:00:6f:8e:fa:df:32:dd:3b:32:a0:16:2c:13:
                    70:33:bf:be:a0:b8:ea:18:47:63:d1:b2:57:06:04:
                    55:2a:7a:4b:d6:4b:cb:b7:56:da:86:9e:40:55:ce:
                    8a:9d:eb:d1:80:df:1d:b6:7a:b3:4a:c1:93:7c:69:
                    68:3a:29:df:79:2f:95:1a:93:a2:2c:a9:ee:45:b8:
                    b5:5d:31:07:88:69:70:7e:04:66:e7:7b:3e:12:06:
                    38:fc:c7:20:40:5f:0b:e3:24:40:c8:db:42:76:23:
                    af:c2:83:3c:92:0d:f7:95:34:09:fc:7a:8e:18:80:
                    ea:54:e7:ca:60:f5:c9:50:e5:8f:d6:8e:ac:31:2e:
                    81:c0:b8:9c:54:90:d3:0c:60:00:a5:a5:79:a6:37:
                    91:9f:cf:c6:d6:c3:96:0c:8f:01:fc:ac:88:2b:87:
                    83:c4:7f:4c:86:ac:a3:72:7c:21:36:3d:7a:2d:98:
                    e2:6f:22:87:4e:64:c3:aa:f5:d4:f5:36:ef:d5:71:
                    b4:a9:e0:dd:b2:d4:86:10:5f:d3:74:0f:2e:50:88:
                    71:ee:b4:b4:6d:a0:d6:38:60:41:b0:80:a7:3a:48:
                    a8:14:c2:2e:e5:a7:21:ec:51:01:2b:10:11:36:f8:
                    22:36:34:f7:d4:36:7c:a1:80:8d:e4:d1:dd:df:54:
                    82:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:40:64:A8:B2:67:E7:75:20:33:B3:F4:5A:F5:0E:B8:BB:E8:5B:55
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nEBkqLJn53UgM7P0WvUOuLvoW1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:c8:0d:52:03:42:08:99:42:12:06:df:2d:9b:cf:d4:07:a3:
         cb:cb:67:f1:95:79:3b:90:12:da:65:82:83:1d:ae:e1:b9:73:
         ae:96:e2:70:6f:7c:a1:dc:be:b7:45:85:51:ef:89:ba:2f:3e:
         d8:f7:77:71:08:54:7f:0c:ee:23:86:5d:63:73:37:51:7b:0b:
         fb:94:1c:60:fc:c9:9a:b1:06:b1:75:36:e8:55:a8:d6:64:d4:
         7f:17:b9:98:24:78:f5:6e:09:89:ce:9d:cd:4c:b4:0a:cd:51:
         22:b0:fe:a0:91:1a:e4:86:a7:ec:96:6e:0d:17:dc:86:03:78:
         47:80:5c:68:7a:42:bd:6b:c4:f4:31:8c:d0:84:a2:09:0f:c1:
         53:23:12:a7:fc:c2:ea:e9:19:8d:94:ff:d8:0f:8b:d4:74:6f:
         1e:c9:5f:f0:8b:1e:2c:9b:91:ca:64:6c:6b:bd:84:9e:e0:cf:
         03:83:a4:3a:29:92:9f:e7:3c:4c:28:a0:f5:07:b4:17:f9:02:
         dc:00:6a:36:49:b8:ff:62:21:d0:f3:83:23:65:93:7f:41:c6:
         b8:d9:d8:28:07:bf:4b:52:80:ca:c5:b9:be:33:5d:09:1b:6a:
         3f:f6:23:e9:25:7d:2d:53:4d:f0:87:ba:66:9c:40:7d:cc:b8:
         df:1d:34:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTWhYPXgP2wTjfBo0A7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQwNjRhOGIyNjdlNzc1MjAzM2IzZjQ1YWY1MGViOGJiZTg1YjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggBvjvrfMt07MqAWLBNwM7++oLjq
GEdj0bJXBgRVKnpL1kvLt1bahp5AVc6KnevRgN8dtnqzSsGTfGloOinfeS+VGpOi
LKnuRbi1XTEHiGlwfgRm53s+EgY4/McgQF8L4yRAyNtCdiOvwoM8kg33lTQJ/HqO
GIDqVOfKYPXJUOWP1o6sMS6BwLicVJDTDGAApaV5pjeRn8/G1sOWDI8B/KyIK4eD
xH9MhqyjcnwhNj16LZjibyKHTmTDqvXU9Tbv1XG0qeDdstSGEF/TdA8uUIhx7rS0
baDWOGBBsICnOkioFMIu5ach7FEBKxARNvgiNjT31DZ8oYCN5NHd31SCQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxAZKiyZ+d1IDOz9Fr1Dri76FtVMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbkVCa3FMSm41M1VnTTdQMFd2VU91THZvVzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwek0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsyA1SA0IImUISBt8tm8/UB6PLy2fxlXk7kBLaZYKD
Ha7huXOuluJwb3yh3L63RYVR74m6Lz7Y93dxCFR/DO4jhl1jczdRewv7lBxg/Mma
sQaxdTboVajWZNR/F7mYJHj1bgmJzp3NTLQKzVEisP6gkRrkhqfslm4NF9yGA3hH
gFxoekK9a8T0MYzQhKIJD8FTIxKn/MLq6RmNlP/YD4vUdG8eyV/wix4sm5HKZGxr
vYSe4M8Dg6Q6KZKf5zxMKKD1B7QX+QLcAGo2Sbj/YiHQ84MjZZN/Qca42dgoB79L
UoDKxbm+M10JG2o/9iPpJX0tU03wh7pmnEB9zLjfHTR2
-----END CERTIFICATE-----