Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/6uxtS7Pj5vlRYMjoipgDL_azXCs.roa
File:                     6uxtS7Pj5vlRYMjoipgDL_azXCs.roa (raw, json)
Hash identifier:          cMs/I1CjwURo/lsfjoW8Vo5R9rGrGArD14LHEdBzHCc=
Subject key identifier:   EA:EC:6D:4B:B3:E3:E6:F9:51:60:C8:E8:8A:98:03:2F:F6:B3:5C:2B
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019353AC223A4776F020DAEF506FA24189E0
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/6uxtS7Pj5vlRYMjoipgDL_azXCs.roa
Signing time:             Fri 22 Nov 2024 11:40:10 +0000
ROA not before:           Fri 22 Nov 2024 11:40:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207252
IP address blocks:        193.168.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:ac:22:3a:47:76:f0:20:da:ef:50:6f:a2:41:89:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov 22 11:40:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaec6d4bb3e3e6f95160c8e88a98032ff6b35c2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8f:0b:b4:bc:53:99:5a:1e:7f:de:bf:b5:24:
                    10:6f:6b:e3:6d:43:c8:e4:30:d0:1d:80:76:70:33:
                    9e:cf:cc:a5:d3:76:b4:43:05:0c:3b:ab:76:d3:65:
                    bc:09:a5:38:c1:0a:8a:f5:15:dc:eb:0d:25:e6:55:
                    2b:aa:52:79:26:69:b8:e8:69:06:48:5f:82:ad:85:
                    3c:59:20:a5:62:da:1e:08:5e:94:fb:e2:da:63:93:
                    1c:b8:36:20:fa:d7:29:88:ae:3d:f6:4c:bf:a1:70:
                    87:5b:32:9d:ad:3c:b1:83:a4:17:70:a6:7e:15:d8:
                    5b:c7:f7:93:a8:fd:2a:66:4b:8b:3e:45:6f:ab:82:
                    a0:bf:d0:d7:29:f7:d3:c4:81:55:68:dd:91:d4:09:
                    45:7d:f2:e7:9d:06:73:58:91:25:3e:e3:47:9f:68:
                    9d:7a:34:ec:21:73:89:ba:e0:b8:3f:e9:a7:15:9f:
                    e3:43:2d:5c:23:5f:91:e5:81:f7:88:ca:59:b5:4c:
                    99:ab:61:08:bc:5d:e3:4c:75:ad:2a:9e:ec:3b:e2:
                    9d:56:aa:41:0f:63:58:ad:37:2f:2b:fc:92:ea:c4:
                    1d:7a:39:e5:41:8b:2b:6f:99:e1:8b:85:85:1e:94:
                    4a:d2:1f:cf:53:b2:e7:a3:49:47:0c:23:41:ab:dd:
                    96:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EC:6D:4B:B3:E3:E6:F9:51:60:C8:E8:8A:98:03:2F:F6:B3:5C:2B
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/6uxtS7Pj5vlRYMjoipgDL_azXCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:a2:3d:f4:8d:f1:80:ad:f0:8e:6b:11:8d:7f:ab:0c:ed:0a:
         78:ac:2a:c4:c2:2d:78:4b:a8:90:e0:58:67:d1:bd:d3:a0:c1:
         6b:8f:c7:54:34:d5:9b:58:79:89:6b:7b:bd:fd:f4:f3:76:dc:
         ab:79:8e:0a:97:36:fb:d4:63:da:23:e8:73:74:73:e5:23:c2:
         da:7c:b2:b7:e1:5d:e7:0f:ca:e9:63:a9:44:28:1d:59:22:7c:
         02:e4:93:fb:bf:31:aa:7b:e4:5e:3f:0d:bd:3b:d6:e0:2f:b8:
         76:91:16:71:2d:60:92:42:a0:b0:09:e9:09:0e:b6:ec:93:5b:
         41:e9:eb:af:e6:07:dd:7f:59:69:05:06:9a:92:3b:ae:87:48:
         7f:ef:f0:bc:21:71:fa:cd:b5:ef:0c:39:e8:d8:a3:a9:4c:9b:
         2c:27:1b:b4:36:0a:72:88:44:fa:57:f6:15:a3:b2:b1:a0:f8:
         b3:c3:19:71:b8:41:e4:08:61:6f:4c:28:cc:e4:f9:d1:22:5a:
         65:ed:5a:de:18:40:23:a8:fc:6c:ad:75:b5:fc:c1:6a:df:4e:
         58:29:a5:62:dc:00:84:ac:4d:b4:2a:77:2b:00:49:9b:03:3b:
         f2:8e:82:3e:ec:ba:56:d9:97:55:a0:37:1a:bf:0a:ce:03:33:
         46:f0:f7:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNTrCI6R3bwINrvUG+iQYngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMTIyMTE0MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWVjNmQ0YmIzZTNlNmY5NTE2MGM4ZTg4YTk4MDMyZmY2YjM1YzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA248LtLxTmVoef96/tSQQb2vjbUPI
5DDQHYB2cDOez8yl03a0QwUMO6t202W8CaU4wQqK9RXc6w0l5lUrqlJ5Jmm46GkG
SF+CrYU8WSClYtoeCF6U++LaY5McuDYg+tcpiK499ky/oXCHWzKdrTyxg6QXcKZ+
Fdhbx/eTqP0qZkuLPkVvq4Kgv9DXKffTxIFVaN2R1AlFffLnnQZzWJElPuNHn2id
ejTsIXOJuuC4P+mnFZ/jQy1cI1+R5YH3iMpZtUyZq2EIvF3jTHWtKp7sO+KdVqpB
D2NYrTcvK/yS6sQdejnlQYsrb5nhi4WFHpRK0h/PU7Lno0lHDCNBq92WpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrsbUuz4+b5UWDI6IqYAy/2s1wrMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvNnV4dFM3UGo1dmxSWU1qb2lwZ0RMX2F6WENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwajIMA0G
CSqGSIb3DQEBCwUAA4IBAQCXoj30jfGArfCOaxGNf6sM7Qp4rCrEwi14S6iQ4Fhn
0b3ToMFrj8dUNNWbWHmJa3u9/fTzdtyreY4Klzb71GPaI+hzdHPlI8LafLK34V3n
D8rpY6lEKB1ZInwC5JP7vzGqe+RePw29O9bgL7h2kRZxLWCSQqCwCekJDrbsk1tB
6euv5gfdf1lpBQaakjuuh0h/7/C8IXH6zbXvDDno2KOpTJssJxu0NgpyiET6V/YV
o7KxoPizwxlxuEHkCGFvTCjM5PnRIlpl7VreGEAjqPxsrXW1/MFq305YKaVi3ACE
rE20KncrAEmbAzvyjoI+7LpW2ZdVoDcavwrOAzNG8Peg
-----END CERTIFICATE-----