Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yDLmFnjFESz3agmGSyia6K_0gSQ.roa
File:                     yDLmFnjFESz3agmGSyia6K_0gSQ.roa (raw, json)
Hash identifier:          bz5g16FecVtkilNwN/8tNcAX/ryPw7LrnS4ZDz1hb4Q=
Subject key identifier:   C8:32:E6:16:78:C5:11:2C:F7:6A:09:86:4B:28:9A:E8:AF:F4:81:24
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79520744E6ECA94CAB8F04C17DA2187
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yDLmFnjFESz3agmGSyia6K_0gSQ.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        193.233.108.0/22 maxlen: 24
                          193.233.118.0/23 maxlen: 23
                          193.233.116.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:20:74:4e:6e:ca:94:ca:b8:f0:4c:17:da:21:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c832e61678c5112cf76a09864b289ae8aff48124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:38:a4:09:29:dc:8f:bd:ea:22:28:05:53:76:
                    b7:76:07:f3:a7:9c:5d:c0:66:26:33:80:f8:7a:1f:
                    d3:46:9d:34:5f:ce:a5:f8:02:fb:be:06:18:65:08:
                    12:3c:88:76:91:21:72:ed:57:b7:92:81:a2:c7:8b:
                    57:08:30:c8:e4:45:70:1a:17:7e:27:28:9f:60:88:
                    08:0a:74:3b:4b:4b:84:cb:1f:b0:ec:69:3d:36:43:
                    53:02:10:d2:c2:56:ab:d3:81:0e:ec:51:63:1f:c3:
                    3d:8e:ac:42:e3:20:91:8f:9b:42:cc:fc:f3:d0:b2:
                    96:85:ba:a3:ef:64:c7:6d:10:b2:48:00:5a:06:33:
                    8a:be:7d:4e:96:46:56:2c:1f:04:1f:97:12:ef:ce:
                    ea:bd:fe:d1:66:53:e4:a1:e4:45:87:32:06:e6:75:
                    8a:11:07:9a:07:b6:5d:a6:8c:15:91:17:65:ff:47:
                    56:2d:fe:d2:54:01:99:ef:f0:ad:a8:da:c7:aa:1d:
                    5e:49:74:ce:d4:b6:5b:fd:32:a1:4f:63:12:2e:9c:
                    d6:1f:ff:91:f5:ff:39:ff:78:01:db:62:e9:1f:91:
                    b0:8f:26:f1:6d:3e:13:7b:c5:ef:5f:c4:6b:6e:9d:
                    a5:34:b0:3c:78:7d:00:60:cd:a4:8c:b7:e8:03:fd:
                    0b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:32:E6:16:78:C5:11:2C:F7:6A:09:86:4B:28:9A:E8:AF:F4:81:24
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yDLmFnjFESz3agmGSyia6K_0gSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.108.0/22
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:71:15:8a:65:a6:cd:d6:2f:d1:5a:28:46:1a:7e:ce:a2:42:
         17:f1:8a:fa:80:fb:b2:a9:44:ce:8a:a5:38:ce:05:0b:b6:eb:
         bf:37:89:cb:b5:35:ad:44:e2:98:f8:3a:d4:a9:ab:0a:57:3b:
         0f:b5:23:b2:b7:9d:13:3e:22:9a:3b:58:6f:c0:d2:b3:41:ba:
         8d:ad:12:ad:80:c6:6f:f5:e7:01:85:e8:54:5c:58:6a:6f:1c:
         28:b4:8b:b7:94:52:ff:be:7a:ba:b5:36:d7:43:57:5a:28:42:
         82:b0:c6:cb:ef:d6:40:c5:c6:b3:1b:da:e0:fb:3a:08:12:0c:
         eb:ef:67:c7:27:4d:8f:4f:5b:c1:17:17:06:4c:de:6e:e2:89:
         f2:a7:cb:07:e4:79:f2:ee:f2:f2:f4:00:24:ff:f5:73:da:c4:
         f6:b3:8c:c4:fa:03:19:fe:af:ba:f3:b0:70:44:9e:a6:32:04:
         3b:64:57:12:40:59:9b:e0:27:fc:bb:00:fc:16:6d:b0:9c:8f:
         30:c3:28:34:46:31:40:e3:9c:90:fd:67:fc:e2:6c:ce:b4:5f:
         35:20:f8:d7:31:2d:f6:e9:ca:1c:71:20:2b:dc:07:05:46:40:
         37:10:ac:da:8d:1a:09:16:eb:44:40:ad:ee:9e:5d:00:e0:8f:
         5e:05:4b:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlSB0Tm7KlMq48EwX2iGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODMyZTYxNjc4YzUxMTJjZjc2YTA5ODY0YjI4OWFlOGFmZjQ4MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzikCSncj73qIigFU3a3dgfzp5xd
wGYmM4D4eh/TRp00X86l+AL7vgYYZQgSPIh2kSFy7Ve3koGix4tXCDDI5EVwGhd+
JyifYIgICnQ7S0uEyx+w7Gk9NkNTAhDSwlar04EO7FFjH8M9jqxC4yCRj5tCzPzz
0LKWhbqj72THbRCySABaBjOKvn1OlkZWLB8EH5cS787qvf7RZlPkoeRFhzIG5nWK
EQeaB7ZdpowVkRdl/0dWLf7SVAGZ7/CtqNrHqh1eSXTO1LZb/TKhT2MSLpzWH/+R
9f85/3gB22LpH5GwjybxbT4Te8XvX8Rrbp2lNLA8eH0AYM2kjLfoA/0LtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMgy5hZ4xREs92oJhksomuiv9IEkMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveURMbUZuakZFU3ozYWdtR1N5aWE2S18wZ1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwelsAwQC
wel0MA0GCSqGSIb3DQEBCwUAA4IBAQAbcRWKZabN1i/RWihGGn7OokIX8Yr6gPuy
qUTOiqU4zgULtuu/N4nLtTWtROKY+DrUqasKVzsPtSOyt50TPiKaO1hvwNKzQbqN
rRKtgMZv9ecBhehUXFhqbxwotIu3lFL/vnq6tTbXQ1daKEKCsMbL79ZAxcazG9rg
+zoIEgzr72fHJ02PT1vBFxcGTN5u4onyp8sH5Hny7vLy9AAk//Vz2sT2s4zE+gMZ
/q+687BwRJ6mMgQ7ZFcSQFmb4Cf8uwD8Fm2wnI8wwyg0RjFA45yQ/Wf84mzOtF81
IPjXMS326coccSAr3AcFRkA3EKzajRoJFutEQK3unl0A4I9eBUvx
-----END CERTIFICATE-----