Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/M8D2oWoLzCo50h7HrDot1bF5bAo.roa
File:                     M8D2oWoLzCo50h7HrDot1bF5bAo.roa (raw, json)
Hash identifier:          EIrlUtOWD7Fb/1whKOk42NdU2qs74s+uzlzQPeYk1D8=
Subject key identifier:   33:C0:F6:A1:6A:0B:CC:2A:39:D2:1E:C7:AC:3A:2D:D5:B1:79:6C:0A
Certificate issuer:       /CN=64aec8024caa103a8412696c7e72f77803cd8695
Certificate serial:       018CC86F0CDD5F65059C7586F6B05BE37755
Authority key identifier: 64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/M8D2oWoLzCo50h7HrDot1bF5bAo.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15525
IP address blocks:        193.43.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0c:dd:5f:65:05:9c:75:86:f6:b0:5b:e3:77:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64aec8024caa103a8412696c7e72f77803cd8695
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33c0f6a16a0bcc2a39d21ec7ac3a2dd5b1796c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ca:08:44:09:12:d6:dc:80:46:bf:51:c7:51:
                    a1:ea:50:c8:16:86:24:3f:62:18:a9:3d:2f:83:e7:
                    dd:cf:2f:88:bc:e2:a1:8e:91:14:e9:fd:da:4f:71:
                    6f:ec:8c:5c:a0:0f:71:38:04:43:c0:0b:f9:c1:9d:
                    23:c7:1a:2f:e0:ba:da:46:c7:1a:5e:11:16:5a:5e:
                    01:8b:83:0a:4a:bb:2d:2c:b8:ae:ce:54:c0:eb:c7:
                    ca:dc:0c:51:22:8a:c0:85:1b:db:d0:45:e1:bd:36:
                    78:f6:37:bc:ff:8a:e2:04:1e:e8:54:a7:97:36:4b:
                    95:b1:97:5d:17:71:f4:41:1c:3d:48:b0:d4:70:8e:
                    07:73:a3:aa:f8:06:63:9a:c0:c2:52:83:79:a3:61:
                    97:da:13:c5:81:54:3a:5a:c7:e5:73:2c:3b:46:e4:
                    74:2f:0b:af:42:58:0f:57:0f:3a:50:1b:b8:3d:b4:
                    c8:1a:5f:94:95:c6:a5:4e:c9:4f:05:49:9b:06:f2:
                    5e:b6:7e:d4:8d:69:86:25:7d:69:8a:f3:6a:44:63:
                    94:90:8c:03:5d:f5:3b:99:3e:b5:8b:41:11:eb:a8:
                    15:8c:74:41:b9:5e:2f:3e:2c:b5:35:13:f3:ad:9d:
                    36:56:96:11:83:f9:37:9c:07:39:54:be:cd:ba:5b:
                    cc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C0:F6:A1:6A:0B:CC:2A:39:D2:1E:C7:AC:3A:2D:D5:B1:79:6C:0A
            X509v3 Authority Key Identifier:
                keyid:64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/M8D2oWoLzCo50h7HrDot1bF5bAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:6d:7d:76:9f:ee:8e:a5:26:3e:c1:85:28:43:c8:36:86:ee:
         77:5b:c9:60:02:7b:09:b8:88:8b:6b:25:23:87:d7:54:15:15:
         0f:9d:d2:40:c3:4f:2c:15:3a:ab:03:d8:53:d6:dc:2e:51:e6:
         73:da:00:0d:f3:72:35:68:9f:b1:f6:b6:53:d7:20:a7:9a:a1:
         6e:34:df:80:d2:54:c8:63:ca:e3:e4:cd:ef:81:82:65:55:59:
         21:66:0f:51:26:05:d8:58:06:67:ba:be:46:c9:ee:b9:6f:10:
         80:c6:13:d0:e3:d6:07:d8:c4:5a:08:30:b3:53:df:ad:ab:02:
         73:35:89:57:a3:48:5a:59:58:4d:18:23:f1:d2:d0:17:c8:2b:
         4f:70:ac:69:35:61:f3:22:e3:e6:b6:a7:62:8f:af:ff:50:40:
         d2:1a:81:e3:c0:94:68:2e:f1:bf:a9:67:8c:37:3c:03:13:7e:
         20:3c:72:14:17:8b:94:61:95:e6:e5:c8:94:26:87:9b:c5:81:
         d7:7a:fd:7e:aa:aa:01:82:37:ec:6e:a2:b5:fb:45:a0:f9:90:
         06:22:a9:e8:64:c2:ac:ae:bb:c5:ca:0a:ef:73:fc:1b:31:2b:
         ad:7f:5d:2a:df:25:f1:f0:f5:f4:a9:14:26:ef:31:38:48:9c:
         2c:24:54:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwzdX2UFnHWG9rBb43dVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YWVjODAyNGNhYTEwM2E4NDEyNjk2YzdlNzJmNzc4MDNj
ZDg2OTUwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2MwZjZhMTZhMGJjYzJhMzlkMjFlYzdhYzNhMmRkNWIxNzk2YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsoIRAkS1tyARr9Rx1Gh6lDIFoYk
P2IYqT0vg+fdzy+IvOKhjpEU6f3aT3Fv7IxcoA9xOARDwAv5wZ0jxxov4LraRsca
XhEWWl4Bi4MKSrstLLiuzlTA68fK3AxRIorAhRvb0EXhvTZ49je8/4riBB7oVKeX
NkuVsZddF3H0QRw9SLDUcI4Hc6Oq+AZjmsDCUoN5o2GX2hPFgVQ6Wsflcyw7RuR0
LwuvQlgPVw86UBu4PbTIGl+UlcalTslPBUmbBvJetn7UjWmGJX1pivNqRGOUkIwD
XfU7mT61i0ER66gVjHRBuV4vPiy1NRPzrZ02VpYRg/k3nAc5VL7NulvM/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPA9qFqC8wqOdIex6w6LdWxeWwKMB8GA1UdIwQY
MBaAFGSuyAJMqhA6hBJpbH5y93gDzYaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWks3SUFreXFFRHFFRW1sc2ZuTDNlQVBOaHBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8wZjI0ZGQtZWY0YS00ZGJmLWIyMGQt
YjAzOWMyNGI5OWNhLzEvTThEMm9Xb0x6Q281MGg3SHJEb3QxYkY1YkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8wZjI0ZGQtZWY0YS00ZGJmLWIyMGQtYjAzOWMyNGI5OWNh
LzEvWks3SUFreXFFRHFFRW1sc2ZuTDNlQVBOaHBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSsoMA0G
CSqGSIb3DQEBCwUAA4IBAQBUbX12n+6OpSY+wYUoQ8g2hu53W8lgAnsJuIiLayUj
h9dUFRUPndJAw08sFTqrA9hT1twuUeZz2gAN83I1aJ+x9rZT1yCnmqFuNN+A0lTI
Y8rj5M3vgYJlVVkhZg9RJgXYWAZnur5Gye65bxCAxhPQ49YH2MRaCDCzU9+tqwJz
NYlXo0haWVhNGCPx0tAXyCtPcKxpNWHzIuPmtqdij6//UEDSGoHjwJRoLvG/qWeM
NzwDE34gPHIUF4uUYZXm5ciUJoebxYHXev1+qqoBgjfsbqK1+0Wg+ZAGIqnoZMKs
rrvFygrvc/wbMSutf10q3yXx8PX0qRQm7zE4SJwsJFRY
-----END CERTIFICATE-----