Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/au8TxxZE6AX5QD8tHwgldL1Xg0A.roa
File:                     au8TxxZE6AX5QD8tHwgldL1Xg0A.roa (raw, json)
Hash identifier:          +GPhhQbsZFsa9Gp/T77sVruMUW0Ns2CuFIvF4qV1DkM=
Subject key identifier:   6A:EF:13:C7:16:44:E8:05:F9:40:3F:2D:1F:08:25:74:BD:57:83:40
Certificate issuer:       /CN=ccd35790830ce7469a94c59b2e2ccbbf5e36d13f
Certificate serial:       018CC7268CAB93E40FAADF262E5FC40BEE11
Authority key identifier: CC:D3:57:90:83:0C:E7:46:9A:94:C5:9B:2E:2C:CB:BF:5E:36:D1:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/au8TxxZE6AX5QD8tHwgldL1Xg0A.roa
Signing time:             Mon 01 Jan 2024 22:30:41 +0000
ROA not before:           Mon 01 Jan 2024 22:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.47.187.0/24 maxlen: 24
                          193.200.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:8c:ab:93:e4:0f:aa:df:26:2e:5f:c4:0b:ee:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd35790830ce7469a94c59b2e2ccbbf5e36d13f
        Validity
            Not Before: Jan  1 22:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aef13c71644e805f9403f2d1f082574bd578340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:26:1e:04:7e:0d:eb:4e:0c:de:00:a2:0d:44:
                    69:57:2e:3e:11:e4:63:9b:88:f7:2f:e5:a8:ca:e2:
                    d5:13:29:0c:97:d5:5a:5f:cc:8c:cd:8f:d5:98:2f:
                    f2:54:2e:fe:ca:e5:dd:10:a9:e4:e7:8d:1c:32:4c:
                    ac:b9:f2:f4:ef:72:c3:92:85:c1:c2:61:e9:29:92:
                    6c:cf:4d:d1:2c:4e:a4:9c:cc:e3:d5:bb:87:5f:58:
                    02:74:9d:8a:7d:af:9e:10:8f:19:d2:59:4b:f6:81:
                    2f:3f:2a:dc:9f:bf:5d:7d:92:b0:43:b0:43:1a:ec:
                    d6:39:3f:e5:eb:82:6e:cd:80:35:a9:fa:9e:39:43:
                    34:95:56:cf:91:11:df:32:ea:2f:86:a4:0b:7b:98:
                    fd:fc:23:aa:01:56:4c:05:b5:68:54:1d:62:c1:9f:
                    e5:7b:bd:5a:ba:87:f8:d9:8d:47:b9:de:f6:c3:ae:
                    dd:c1:b3:2a:bb:74:15:8e:23:ac:c6:b2:e7:e0:53:
                    43:64:ea:c3:93:b9:af:1b:9c:49:9e:7c:84:62:c2:
                    f6:44:02:c1:bc:a8:dc:0e:f3:4f:1f:27:a7:fc:d0:
                    58:1e:76:0d:e4:e2:9e:ff:4b:6a:cd:63:4d:a4:d2:
                    e3:54:46:a8:d1:04:38:3a:ce:bc:3e:34:f5:bf:df:
                    40:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:EF:13:C7:16:44:E8:05:F9:40:3F:2D:1F:08:25:74:BD:57:83:40
            X509v3 Authority Key Identifier:
                keyid:CC:D3:57:90:83:0C:E7:46:9A:94:C5:9B:2E:2C:CB:BF:5E:36:D1:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/au8TxxZE6AX5QD8tHwgldL1Xg0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.187.0/24
                  193.200.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:69:18:0e:33:49:25:8d:c9:0f:5a:9f:7d:b1:27:35:c2:83:
         13:10:a6:bb:96:c9:b1:7b:7e:6d:1f:1d:03:b9:17:4f:43:02:
         92:30:c1:67:f9:5b:d2:31:a2:6d:2c:10:44:fb:dd:67:ce:3b:
         f1:f3:9d:49:53:45:69:aa:95:93:6f:fc:06:0f:a1:90:35:b2:
         00:d0:24:98:c7:51:ab:a7:22:2e:6d:ea:b9:22:f8:e8:0a:34:
         44:47:cf:a6:6e:a6:c6:c8:0a:1a:e0:3a:7d:01:d5:36:cc:4d:
         45:a7:68:b9:c1:11:a9:17:56:a7:81:87:9e:54:a2:c1:19:42:
         0c:f2:80:e4:a5:7c:71:4e:1e:de:97:ef:83:23:94:f1:fc:d2:
         48:9c:f5:fb:6b:02:45:d6:b9:3b:5a:52:d1:85:95:8a:8e:e5:
         02:a3:45:fe:2f:8a:da:c6:24:b3:16:60:a3:b0:9c:3f:59:69:
         a7:0d:ae:66:64:b4:b5:3d:d4:e6:57:8b:a8:b6:4a:85:36:b1:
         c2:f9:25:7c:16:49:ec:28:a9:92:f0:ab:63:d3:32:ce:d5:e9:
         6a:b4:19:b6:f8:95:01:ad:70:31:bd:0c:73:74:6d:fe:3a:4a:
         76:c9:49:a0:ff:06:17:7f:2f:87:79:18:a9:56:f1:49:d0:0c:
         e6:75:3f:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJoyrk+QPqt8mLl/EC+4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDM1NzkwODMwY2U3NDY5YTk0YzU5YjJlMmNjYmJmNWUz
NmQxM2YwHhcNMjQwMTAxMjIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWVmMTNjNzE2NDRlODA1Zjk0MDNmMmQxZjA4MjU3NGJkNTc4MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyYeBH4N604M3gCiDURpVy4+EeRj
m4j3L+WoyuLVEykMl9VaX8yMzY/VmC/yVC7+yuXdEKnk540cMkysufL073LDkoXB
wmHpKZJsz03RLE6knMzj1buHX1gCdJ2Kfa+eEI8Z0llL9oEvPyrcn79dfZKwQ7BD
GuzWOT/l64JuzYA1qfqeOUM0lVbPkRHfMuovhqQLe5j9/COqAVZMBbVoVB1iwZ/l
e71auof42Y1Hud72w67dwbMqu3QVjiOsxrLn4FNDZOrDk7mvG5xJnnyEYsL2RALB
vKjcDvNPHyen/NBYHnYN5OKe/0tqzWNNpNLjVEao0QQ4Os68PjT1v99AowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGrvE8cWROgF+UA/LR8IJXS9V4NAMB8GA1UdIwQY
MBaAFMzTV5CDDOdGmpTFmy4sy79eNtE/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5OWGtJTU01MGFhbE1XYkxpekx2MTQyMFQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xZmNiNTktNDA1ZS00MGMzLWE2MzAt
YzVkMTNlODhlNGRlLzEvYXU4VHh4WkU2QVg1UUQ4dEh3Z2xkTDFYZzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xZmNiNTktNDA1ZS00MGMzLWE2MzAtYzVkMTNlODhlNGRl
LzEvek5OWGtJTU01MGFhbE1XYkxpekx2MTQyMFQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS+7AwQA
wcicMA0GCSqGSIb3DQEBCwUAA4IBAQA5aRgOM0kljckPWp99sSc1woMTEKa7lsmx
e35tHx0DuRdPQwKSMMFn+VvSMaJtLBBE+91nzjvx851JU0VpqpWTb/wGD6GQNbIA
0CSYx1GrpyIubeq5IvjoCjRER8+mbqbGyAoa4Dp9AdU2zE1Fp2i5wRGpF1angYee
VKLBGUIM8oDkpXxxTh7el++DI5Tx/NJInPX7awJF1rk7WlLRhZWKjuUCo0X+L4ra
xiSzFmCjsJw/WWmnDa5mZLS1PdTmV4uotkqFNrHC+SV8FknsKKmS8Ktj0zLO1elq
tBm2+JUBrXAxvQxzdG3+Okp2yUmg/wYXfy+HeRipVvFJ0AzmdT8U
-----END CERTIFICATE-----