Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/f6bmA-XeGIYnGGfLpY5kWix6T78.roa
File:                     f6bmA-XeGIYnGGfLpY5kWix6T78.roa (raw, json)
Hash identifier:          eJNzKegZ9qQR4bWSg/skdI+vSVe09co07v8IVpT1wlU=
Subject key identifier:   7F:A6:E6:03:E5:DE:18:86:27:18:67:CB:A5:8E:64:5A:2C:7A:4F:BF
Certificate issuer:       /CN=d62ea92ecc9b0d354b5fd702e0991f150a309fe4
Certificate serial:       018CC8DF859B70B6E22C4907EB03C17EE743
Authority key identifier: D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/f6bmA-XeGIYnGGfLpY5kWix6T78.roa
Signing time:             Tue 02 Jan 2024 06:32:21 +0000
ROA not before:           Tue 02 Jan 2024 06:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49010
IP address blocks:        193.0.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:85:9b:70:b6:e2:2c:49:07:eb:03:c1:7e:e7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d62ea92ecc9b0d354b5fd702e0991f150a309fe4
        Validity
            Not Before: Jan  2 06:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fa6e603e5de1886271867cba58e645a2c7a4fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:48:fb:cd:0c:ce:7c:62:c8:39:8e:75:b1:75:
                    e5:97:e0:e3:73:b2:e9:b2:19:69:1e:34:b8:21:d5:
                    f7:9d:a4:9b:ce:a6:d3:5e:4d:4a:63:77:e9:c7:88:
                    53:6f:2d:51:c7:f9:bd:2e:c2:45:0e:7f:1c:48:0c:
                    43:49:92:83:d2:44:15:36:d4:b9:bd:9b:3d:32:f6:
                    7d:54:21:fe:2e:7d:d5:79:06:62:46:f9:57:c9:a6:
                    bf:c7:16:4f:80:4e:92:b7:44:e3:a9:fe:90:12:d5:
                    4e:c2:03:e4:ca:dc:b3:cd:b5:44:2b:9b:62:83:70:
                    bc:8b:5f:aa:7a:18:dd:44:2a:76:6a:ed:8b:e2:4f:
                    ec:f3:37:13:93:8d:2e:3a:16:2a:1b:27:95:24:0c:
                    45:c4:08:7d:d0:c5:dd:bc:83:b4:20:a1:33:a5:19:
                    20:a5:66:25:90:3a:f3:c0:1a:2e:b9:04:bc:fc:6d:
                    37:10:12:e1:e3:1b:c6:6f:90:a4:a2:70:12:9c:46:
                    f2:a1:38:da:d4:69:bd:4b:97:b5:dc:b9:af:9b:82:
                    e5:ab:69:18:09:4a:22:73:a6:a3:4a:ca:69:ca:3d:
                    45:58:58:a9:1f:a3:eb:be:09:21:8a:29:c3:c4:22:
                    5a:38:46:b0:97:d6:08:8a:0d:e4:83:cb:52:91:c3:
                    ca:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A6:E6:03:E5:DE:18:86:27:18:67:CB:A5:8E:64:5A:2C:7A:4F:BF
            X509v3 Authority Key Identifier:
                keyid:D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/f6bmA-XeGIYnGGfLpY5kWix6T78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e7:ce:83:2f:45:d8:f4:72:ad:80:88:b7:2a:58:7e:f4:9b:
         73:d5:70:25:54:bd:4c:f5:83:51:94:43:48:06:45:62:e4:53:
         65:82:59:cb:20:d5:93:81:09:76:b4:fa:7e:e5:89:22:70:12:
         33:65:5e:02:c9:62:23:b4:1c:b0:de:7f:ba:55:c6:6f:df:3c:
         1f:9a:1e:8c:74:e3:56:70:ef:99:4b:9b:9b:47:3c:70:98:18:
         3e:7c:cc:a3:60:fb:51:99:19:d7:c6:e2:27:1c:0c:f7:e7:33:
         55:21:35:db:1b:6a:6b:ed:98:91:50:35:2e:3b:a9:9d:a9:53:
         2b:01:18:8f:ee:b8:9a:ba:d2:5f:b4:94:44:e1:43:73:a7:d1:
         59:62:3a:eb:25:90:e9:ad:2f:62:ae:a0:cb:dc:33:8a:f2:12:
         eb:5e:f7:8b:89:c9:53:0c:bb:3c:89:8c:4d:8d:cc:4a:be:cc:
         4b:a1:2a:cf:e1:69:e6:c3:48:d4:ad:6c:41:7e:05:19:5e:66:
         2a:1d:00:e7:fa:8e:37:0d:ee:5b:9e:c6:e5:ba:e4:7e:dc:8f:
         31:12:35:97:68:26:b8:65:3f:dd:f3:a1:54:5b:c9:f3:11:36:
         d0:65:4d:74:2d:c2:6f:44:40:22:a2:58:de:09:b9:c5:67:3c:
         6c:a2:08:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34WbcLbiLEkH6wPBfudDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MmVhOTJlY2M5YjBkMzU0YjVmZDcwMmUwOTkxZjE1MGEz
MDlmZTQwHhcNMjQwMTAyMDYzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmE2ZTYwM2U1ZGUxODg2MjcxODY3Y2JhNThlNjQ1YTJjN2E0ZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0j7zQzOfGLIOY51sXXll+Djc7Lp
shlpHjS4IdX3naSbzqbTXk1KY3fpx4hTby1Rx/m9LsJFDn8cSAxDSZKD0kQVNtS5
vZs9MvZ9VCH+Ln3VeQZiRvlXyaa/xxZPgE6St0Tjqf6QEtVOwgPkytyzzbVEK5ti
g3C8i1+qehjdRCp2au2L4k/s8zcTk40uOhYqGyeVJAxFxAh90MXdvIO0IKEzpRkg
pWYlkDrzwBouuQS8/G03EBLh4xvGb5CkonASnEbyoTja1Gm9S5e13Lmvm4Llq2kY
CUoic6ajSsppyj1FWFipH6PrvgkhiinDxCJaOEawl9YIig3kg8tSkcPKhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+m5gPl3hiGJxhny6WOZFosek+/MB8GA1UdIwQY
MBaAFNYuqS7Mmw01S1/XAuCZHxUKMJ/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWk2cExzeWJEVFZMWDljQzRKa2ZGUW93bi1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83YjU4MTQtN2M3Ni00OTVjLWE2ZTct
NTQ1OTQ3OTVlZWEyLzEvZjZibUEtWGVHSVluR0dmTHBZNWtXaXg2VDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83YjU4MTQtN2M3Ni00OTVjLWE2ZTctNTQ1OTQ3OTVlZWEy
LzEvMWk2cExzeWJEVFZMWDljQzRKa2ZGUW93bi1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQChMA0G
CSqGSIb3DQEBCwUAA4IBAQCs586DL0XY9HKtgIi3Klh+9Jtz1XAlVL1M9YNRlENI
BkVi5FNlglnLINWTgQl2tPp+5YkicBIzZV4CyWIjtByw3n+6VcZv3zwfmh6MdONW
cO+ZS5ubRzxwmBg+fMyjYPtRmRnXxuInHAz35zNVITXbG2pr7ZiRUDUuO6mdqVMr
ARiP7riautJftJRE4UNzp9FZYjrrJZDprS9irqDL3DOK8hLrXveLiclTDLs8iYxN
jcxKvsxLoSrP4Wnmw0jUrWxBfgUZXmYqHQDn+o43De5bnsbluuR+3I8xEjWXaCa4
ZT/d86FUW8nzETbQZU10LcJvREAioljeCbnFZzxsogjT
-----END CERTIFICATE-----