Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rYaP4r2w1jZ3pLx_q-MLYpd7FM8.roa
File:                     rYaP4r2w1jZ3pLx_q-MLYpd7FM8.roa (raw, json)
Hash identifier:          3SWMilsvwxmt2llUehPUmRRmEP+hVyrVrYWs8r2bg48=
Subject key identifier:   AD:86:8F:E2:BD:B0:D6:36:77:A4:BC:7F:AB:E3:0B:62:97:7B:14:CF
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018EAE9AF54A0C18E68B1D9658E774434676
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rYaP4r2w1jZ3pLx_q-MLYpd7FM8.roa
Signing time:             Fri 05 Apr 2024 14:12:54 +0000
ROA not before:           Fri 05 Apr 2024 14:12:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200195
IP address blocks:        193.233.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:9a:f5:4a:0c:18:e6:8b:1d:96:58:e7:74:43:46:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr  5 14:12:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad868fe2bdb0d63677a4bc7fabe30b62977b14cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:32:42:28:aa:74:57:7f:6a:fc:90:1d:3d:e1:
                    d1:08:12:7f:50:64:49:58:9e:90:fd:42:58:4f:e0:
                    57:91:4e:cf:06:11:2b:97:ed:ae:7c:2d:81:2f:aa:
                    5b:f1:8e:41:21:e5:36:6b:c0:ac:0d:6e:c9:f3:bd:
                    7c:de:1a:1d:0d:9a:b8:6c:dd:e7:3c:3c:bd:59:03:
                    d1:5b:73:58:c3:96:92:f8:9a:ce:b5:c2:07:d9:c1:
                    d8:0f:58:fd:45:35:31:e6:95:a1:73:0a:b6:63:11:
                    a3:98:32:12:9a:26:8d:44:63:ac:7c:5a:6b:15:4b:
                    1a:58:4c:b2:a3:ba:99:3b:c0:67:a6:7d:83:3e:8f:
                    32:68:16:49:96:0e:f0:ee:c9:0f:2f:d5:7d:c5:ac:
                    42:d1:36:fe:54:4c:10:a2:93:ad:71:62:18:1c:24:
                    26:37:73:29:73:d1:97:a3:ba:66:69:41:9a:a4:15:
                    99:76:19:9e:da:c2:0d:13:11:4b:01:ee:91:96:3f:
                    65:af:04:da:91:46:b2:22:af:53:a3:1d:51:01:9d:
                    c4:e9:aa:20:cc:d9:c0:81:f9:4c:05:4c:a0:b1:73:
                    6d:eb:12:e2:c7:e8:dd:22:b6:d4:cf:d9:3f:75:c4:
                    13:c1:f3:98:22:d3:58:6c:31:53:0c:d9:89:39:40:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:86:8F:E2:BD:B0:D6:36:77:A4:BC:7F:AB:E3:0B:62:97:7B:14:CF
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rYaP4r2w1jZ3pLx_q-MLYpd7FM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:04:69:bf:68:b9:fb:c6:84:5f:83:d4:71:8d:54:c5:54:36:
         98:1f:3a:a8:99:ac:d6:a5:37:d0:30:b3:99:ce:6a:c7:8b:e3:
         1f:57:e5:d7:6c:1f:17:1f:ba:21:92:29:bc:04:32:40:f2:16:
         2d:6c:17:bc:3c:29:c5:0f:87:b2:00:dc:be:aa:15:71:52:55:
         0d:49:1d:da:a3:e5:52:c9:24:07:75:65:e4:60:39:6e:25:84:
         c5:d9:31:2a:ec:93:1c:83:e2:04:93:7b:08:34:97:74:5c:a0:
         9f:fc:65:ac:97:27:62:3e:fc:2e:28:0f:3a:b3:7e:92:5b:b0:
         f2:fe:81:bb:8c:d6:ed:07:b3:6b:d2:bd:11:d5:a6:d7:bc:30:
         5f:4a:23:ea:56:27:08:de:e5:4f:f1:be:e4:99:c1:b6:b1:b3:
         79:e9:20:d7:f4:2d:1e:b1:1c:f5:f6:54:4d:9e:da:59:b3:28:
         c8:22:f0:37:84:c3:02:ee:a4:62:6a:12:3b:ce:54:50:a5:b0:
         7b:6c:be:2e:db:cf:fe:5c:67:9b:d8:bb:94:b8:c6:04:5d:c9:
         bd:78:54:a0:42:d0:06:32:c5:ab:98:ac:e3:c7:e1:2a:44:e5:
         ae:da:08:4b:84:b6:90:bc:90:5b:61:d2:25:10:f7:d8:7d:a8:
         c8:22:47:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6umvVKDBjmix2WWOd0Q0Z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDA1MTQxMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDg2OGZlMmJkYjBkNjM2NzdhNGJjN2ZhYmUzMGI2Mjk3N2IxNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzJCKKp0V39q/JAdPeHRCBJ/UGRJ
WJ6Q/UJYT+BXkU7PBhErl+2ufC2BL6pb8Y5BIeU2a8CsDW7J87183hodDZq4bN3n
PDy9WQPRW3NYw5aS+JrOtcIH2cHYD1j9RTUx5pWhcwq2YxGjmDISmiaNRGOsfFpr
FUsaWEyyo7qZO8Bnpn2DPo8yaBZJlg7w7skPL9V9xaxC0Tb+VEwQopOtcWIYHCQm
N3Mpc9GXo7pmaUGapBWZdhme2sINExFLAe6Rlj9lrwTakUayIq9Tox1RAZ3E6aog
zNnAgflMBUygsXNt6xLix+jdIrbUz9k/dcQTwfOYItNYbDFTDNmJOUDHkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2Gj+K9sNY2d6S8f6vjC2KXexTPMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcllhUDRyMncxalozcEx4X3EtTUxZcGQ3Rk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemHMA0G
CSqGSIb3DQEBCwUAA4IBAQAOBGm/aLn7xoRfg9RxjVTFVDaYHzqomazWpTfQMLOZ
zmrHi+MfV+XXbB8XH7ohkim8BDJA8hYtbBe8PCnFD4eyANy+qhVxUlUNSR3ao+VS
ySQHdWXkYDluJYTF2TEq7JMcg+IEk3sINJd0XKCf/GWslydiPvwuKA86s36SW7Dy
/oG7jNbtB7Nr0r0R1abXvDBfSiPqVicI3uVP8b7kmcG2sbN56SDX9C0esRz19lRN
ntpZsyjIIvA3hMMC7qRiahI7zlRQpbB7bL4u28/+XGeb2LuUuMYEXcm9eFSgQtAG
MsWrmKzjx+EqROWu2ghLhLaQvJBbYdIlEPfYfajIIkel
-----END CERTIFICATE-----