Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yTvOKTm6r7RFWjcT4vnsCgvrZdA.roa
File:                     yTvOKTm6r7RFWjcT4vnsCgvrZdA.roa (raw, json)
Hash identifier:          CJ7ZGVPoqF4mU8C+3KDL3lkNIK7IaM0kXipzvKznz4k=
Subject key identifier:   C9:3B:CE:29:39:BA:AF:B4:45:5A:37:13:E2:F9:EC:0A:0B:EB:65:D0
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0192E6E72873CDB694C6018EEF1FFD8FF42D
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yTvOKTm6r7RFWjcT4vnsCgvrZdA.roa
Signing time:             Fri 01 Nov 2024 08:46:01 +0000
ROA not before:           Fri 01 Nov 2024 08:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207967
IP address blocks:        193.233.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e6:e7:28:73:cd:b6:94:c6:01:8e:ef:1f:fd:8f:f4:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov  1 08:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c93bce2939baafb4455a3713e2f9ec0a0beb65d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:17:71:49:86:91:93:f8:cf:86:f5:b6:9d:d2:
                    17:46:fb:65:9c:85:23:77:0d:07:db:91:ea:e7:8a:
                    22:1a:09:09:7d:eb:76:e6:83:50:92:18:18:fa:07:
                    e5:96:0a:38:5d:07:e1:bc:94:b2:d6:b3:1a:f1:49:
                    2d:20:cd:8f:c1:32:4d:a0:7e:81:a1:2a:76:1a:9d:
                    1f:7c:1b:7f:56:12:76:82:b5:3d:e4:3e:0b:1f:24:
                    76:7e:0a:05:1b:c8:56:60:fd:59:02:78:ac:37:6b:
                    46:a3:1b:d2:96:ca:06:2f:c8:a1:78:7a:3c:64:78:
                    c4:28:8f:52:d2:40:47:8d:1c:88:1f:64:c3:11:7a:
                    7b:72:ef:5a:bb:3f:04:1e:39:8a:ad:16:82:fb:61:
                    ac:69:f4:94:41:f0:48:44:e7:50:78:c5:5b:0d:30:
                    b7:f7:a5:b6:13:60:2d:a5:5c:56:e0:82:4f:da:ce:
                    61:80:b0:4c:28:cd:8d:8c:8a:3f:e4:53:2b:d9:72:
                    16:51:cf:b6:36:bd:65:ea:04:4d:b0:56:c2:95:28:
                    74:e3:87:cb:05:84:31:5c:6a:f7:b0:cf:92:43:3e:
                    bd:c3:9c:3b:7d:80:8e:f4:6e:55:49:a0:98:80:b0:
                    c1:9d:ca:23:5d:6a:f5:82:75:69:df:0f:5b:95:a4:
                    0a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3B:CE:29:39:BA:AF:B4:45:5A:37:13:E2:F9:EC:0A:0B:EB:65:D0
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yTvOKTm6r7RFWjcT4vnsCgvrZdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:72:eb:3c:72:03:ca:8b:52:7d:98:84:a5:9c:af:5b:28:b1:
         86:83:c8:b7:dc:70:eb:e5:c5:c5:6d:d2:86:8a:81:26:21:a8:
         63:90:13:72:38:7e:75:dd:68:ca:05:38:64:a1:35:0a:dc:cb:
         11:ef:9d:5c:8b:dc:50:7c:aa:0f:0c:60:e5:31:22:29:1c:61:
         1d:c3:a4:ad:6e:4e:19:4d:39:f6:e5:65:9a:fb:c0:11:bf:90:
         0e:d6:3f:19:09:5a:86:23:25:dc:93:9b:0d:50:8d:e8:d5:f5:
         89:5e:f7:a0:8b:95:dc:6f:2b:49:34:fe:be:7d:77:6c:92:f8:
         c5:28:4b:e9:dc:5d:e6:dd:11:90:ee:72:06:5a:04:a0:23:ed:
         a2:ea:f8:35:7a:24:51:89:15:3a:d8:71:f4:12:08:02:4c:a7:
         ad:c8:4d:68:a0:0b:9e:c8:d5:63:b6:8e:b3:44:f9:c9:f1:04:
         d9:6b:ba:c1:e9:07:39:54:ab:6c:ab:f1:58:87:54:a1:36:f5:
         8e:80:6c:8e:58:80:93:c7:f2:0f:e3:ca:bb:43:7c:4c:4e:c6:
         ce:69:05:23:6d:fa:d4:8c:cf:40:63:67:1f:19:38:75:e0:82:
         43:c3:29:20:dd:66:69:45:bf:45:d5:9e:b9:8a:46:82:95:7a:
         ff:d1:6c:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLm5yhzzbaUxgGO7x/9j/QtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQxMTAxMDg0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNiY2UyOTM5YmFhZmI0NDU1YTM3MTNlMmY5ZWMwYTBiZWI2NWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRdxSYaRk/jPhvW2ndIXRvtlnIUj
dw0H25Hq54oiGgkJfet25oNQkhgY+gfllgo4XQfhvJSy1rMa8UktIM2PwTJNoH6B
oSp2Gp0ffBt/VhJ2grU95D4LHyR2fgoFG8hWYP1ZAnisN2tGoxvSlsoGL8iheHo8
ZHjEKI9S0kBHjRyIH2TDEXp7cu9auz8EHjmKrRaC+2GsafSUQfBIROdQeMVbDTC3
96W2E2AtpVxW4IJP2s5hgLBMKM2NjIo/5FMr2XIWUc+2Nr1l6gRNsFbClSh044fL
BYQxXGr3sM+SQz69w5w7fYCO9G5VSaCYgLDBncojXWr1gnVp3w9blaQKkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk7zik5uq+0RVo3E+L57AoL62XQMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveVR2T0tUbTZyN1JGV2pjVDR2bnNDZ3ZyWmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwel0MA0G
CSqGSIb3DQEBCwUAA4IBAQArcus8cgPKi1J9mISlnK9bKLGGg8i33HDr5cXFbdKG
ioEmIahjkBNyOH513WjKBThkoTUK3MsR751ci9xQfKoPDGDlMSIpHGEdw6Stbk4Z
TTn25WWa+8ARv5AO1j8ZCVqGIyXck5sNUI3o1fWJXvegi5XcbytJNP6+fXdskvjF
KEvp3F3m3RGQ7nIGWgSgI+2i6vg1eiRRiRU62HH0EggCTKetyE1ooAueyNVjto6z
RPnJ8QTZa7rB6Qc5VKtsq/FYh1ShNvWOgGyOWICTx/IP48q7Q3xMTsbOaQUjbfrU
jM9AY2cfGTh14IJDwykg3WZpRb9F1Z65ikaClXr/0WwI
-----END CERTIFICATE-----