Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/96O7F1Bb0L12YEnrk3qha-YHXM0.roa
File:                     96O7F1Bb0L12YEnrk3qha-YHXM0.roa (raw, json)
Hash identifier:          K//ZF9Q/QZEp46PvOnPMpfqG4Mby5x3+s/ahPTOLSDI=
Subject key identifier:   F7:A3:BB:17:50:5B:D0:BD:76:60:49:EB:93:7A:A1:6B:E6:07:5C:CD
Certificate issuer:       /CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
Certificate serial:       018CC56EEE86AA88B46DE51462BD72E90CFB
Authority key identifier: EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/96O7F1Bb0L12YEnrk3qha-YHXM0.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.17.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:86:aa:88:b4:6d:e5:14:62:bd:72:e9:0c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7a3bb17505bd0bd766049eb937aa16be6075ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:56:0b:5e:a5:a8:3d:84:c7:23:41:21:d4:ff:
                    a9:85:01:70:7e:75:17:7a:94:f5:9a:54:3d:4b:68:
                    ef:fa:27:1b:a8:47:40:f6:84:0b:ca:ec:db:80:3c:
                    39:45:74:f7:34:f0:ef:0f:73:a3:22:86:55:f8:b5:
                    1a:a6:af:f3:35:17:bf:ca:ac:c4:0f:26:7f:4a:53:
                    d9:4c:bd:b9:b0:8d:25:f7:8e:1c:7b:a3:f6:57:75:
                    87:3d:3e:ad:c1:38:dd:49:b1:af:bb:72:84:09:08:
                    4c:08:66:4f:78:9f:b7:13:9f:3a:bd:30:a7:13:dd:
                    a5:35:ad:f3:71:0b:89:9e:c4:bf:29:50:66:9e:25:
                    52:44:6d:98:68:af:47:b2:de:7a:ce:aa:4a:64:8c:
                    18:c4:ff:72:01:56:23:31:35:11:63:ef:a3:ee:c6:
                    fa:2e:11:bb:f6:45:5e:c7:9c:83:27:0a:6a:a2:14:
                    de:82:87:9e:c2:8f:7b:0c:51:90:a5:db:3f:9c:1b:
                    fa:83:9b:79:18:b1:59:5f:d5:e7:1c:04:2a:07:79:
                    48:00:a6:21:b8:70:a1:02:f1:20:62:d1:e5:8f:2b:
                    80:2b:67:4c:2e:dd:dd:2d:6b:d6:c8:de:1c:34:b1:
                    1f:65:09:2b:d9:e5:75:f7:9a:dd:08:5e:81:31:81:
                    a0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A3:BB:17:50:5B:D0:BD:76:60:49:EB:93:7A:A1:6B:E6:07:5C:CD
            X509v3 Authority Key Identifier:
                keyid:EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/96O7F1Bb0L12YEnrk3qha-YHXM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:55:07:78:65:b5:c9:9b:fc:8e:ff:50:cd:06:bb:7c:e1:ed:
         cf:c3:5d:00:6b:a9:d0:f1:72:34:b9:f7:94:c9:0d:b7:3b:c7:
         ea:1c:d6:70:9a:95:7b:40:24:a9:87:84:2c:70:3c:e1:43:6a:
         4e:8e:35:19:69:34:b2:c3:09:d9:8c:b3:12:74:6d:98:77:79:
         76:0b:03:d4:13:ca:1f:f3:51:34:ec:68:68:67:6b:41:52:dc:
         2e:e2:9a:ff:55:4b:8c:fe:50:27:a1:be:f4:27:8a:e0:27:c9:
         d6:ed:4d:90:ee:58:90:dc:ff:da:d3:97:4a:da:14:b8:a5:64:
         70:47:22:be:c7:b5:98:c7:8a:9b:3e:e5:f7:45:bf:52:2c:d3:
         ba:e0:ab:b2:fa:3a:39:91:84:4a:7e:53:c9:a6:d2:cc:64:97:
         40:c3:c1:45:93:fb:6f:22:c6:9c:85:ba:ce:d1:55:9a:82:67:
         2e:1b:32:c5:78:ac:45:07:e5:fc:c7:ea:cf:77:84:b7:68:d3:
         04:23:2f:b8:7a:1e:35:9b:80:b7:4a:8a:d4:ec:9f:51:3b:e2:
         0d:b4:e0:dc:d2:73:31:e4:28:e0:08:39:64:44:4c:2d:59:d8:
         70:e4:65:9d:7c:8e:2c:b6:db:a4:74:6b:82:a1:71:32:c0:b7:
         e0:49:4a:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbu6Gqoi0beUUYr1y6Qz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNDc3Y2EzYjQ0OWJiYzQxMjQ3ZThjOTIxZTRjOGRhYmZj
MWFmYWUwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2EzYmIxNzUwNWJkMGJkNzY2MDQ5ZWI5MzdhYTE2YmU2MDc1Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1YLXqWoPYTHI0Eh1P+phQFwfnUX
epT1mlQ9S2jv+icbqEdA9oQLyuzbgDw5RXT3NPDvD3OjIoZV+LUapq/zNRe/yqzE
DyZ/SlPZTL25sI0l944ce6P2V3WHPT6twTjdSbGvu3KECQhMCGZPeJ+3E586vTCn
E92lNa3zcQuJnsS/KVBmniVSRG2YaK9Hst56zqpKZIwYxP9yAVYjMTURY++j7sb6
LhG79kVex5yDJwpqohTegoeewo97DFGQpds/nBv6g5t5GLFZX9XnHAQqB3lIAKYh
uHChAvEgYtHljyuAK2dMLt3dLWvWyN4cNLEfZQkr2eV195rdCF6BMYGg9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPejuxdQW9C9dmBJ65N6oWvmB1zNMB8GA1UdIwQY
MBaAFO9HfKO0SbvEEkfoySHkyNq/wa+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUt
NjAzYWExZjIwOWQ4LzEvOTZPN0YxQmIwTDEyWUVucmszcWhhLVlIWE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUtNjAzYWExZjIwOWQ4
LzEvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHOMA0G
CSqGSIb3DQEBCwUAA4IBAQBRVQd4ZbXJm/yO/1DNBrt84e3Pw10Aa6nQ8XI0ufeU
yQ23O8fqHNZwmpV7QCSph4QscDzhQ2pOjjUZaTSywwnZjLMSdG2Yd3l2CwPUE8of
81E07GhoZ2tBUtwu4pr/VUuM/lAnob70J4rgJ8nW7U2Q7liQ3P/a05dK2hS4pWRw
RyK+x7WYx4qbPuX3Rb9SLNO64Kuy+jo5kYRKflPJptLMZJdAw8FFk/tvIsachbrO
0VWagmcuGzLFeKxFB+X8x+rPd4S3aNMEIy+4eh41m4C3SorU7J9RO+INtODc0nMx
5CjgCDlkREwtWdhw5GWdfI4sttukdGuCoXEywLfgSUqm
-----END CERTIFICATE-----