Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/j6UeaMhZyAW78buT9jaExqjuHao.roa
File:                     j6UeaMhZyAW78buT9jaExqjuHao.roa (raw, json)
Hash identifier:          RUT9ykd9VcM3fRPwir4rsYlh/mQsH6jVCY7ckwTkoSI=
Subject key identifier:   8F:A5:1E:68:C8:59:C8:05:BB:F1:BB:93:F6:36:84:C6:A8:EE:1D:AA
Certificate issuer:       /CN=f26144c824959711b652d78c18702bf432f2195c
Certificate serial:       018CC3B702564882CEE2C54CC85FBB18585A
Authority key identifier: F2:61:44:C8:24:95:97:11:B6:52:D7:8C:18:70:2B:F4:32:F2:19:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mFEyCSVlxG2UteMGHAr9DLyGVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/j6UeaMhZyAW78buT9jaExqjuHao.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        193.33.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/8mFEyCSVlxG2UteMGHAr9DLyGVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/8mFEyCSVlxG2UteMGHAr9DLyGVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mFEyCSVlxG2UteMGHAr9DLyGVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:02:56:48:82:ce:e2:c5:4c:c8:5f:bb:18:58:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f26144c824959711b652d78c18702bf432f2195c
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fa51e68c859c805bbf1bb93f63684c6a8ee1daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b7:7b:0d:27:08:61:c6:83:ef:d6:5f:92:90:
                    d2:98:90:ea:5a:bf:96:c3:a9:af:2e:32:9c:cb:c8:
                    db:3a:ef:9f:27:ed:1f:4d:5e:5e:3f:1d:60:4e:bc:
                    2b:12:e2:ce:ad:b5:bd:f9:e4:9c:5e:25:71:9b:62:
                    cc:a1:fe:f4:57:44:e3:3a:d6:ed:c2:0d:64:37:39:
                    0e:b7:9d:46:29:3b:95:28:5b:2d:25:f3:68:ee:a3:
                    c5:f3:51:14:58:41:14:70:fc:2f:65:ec:43:86:d4:
                    7d:3c:72:df:6a:e9:96:0b:52:e6:8e:1d:f8:e9:6a:
                    56:07:26:65:97:71:cf:ad:3a:df:ad:4b:94:4d:09:
                    e5:08:8b:7e:49:d2:ce:23:32:93:6b:f7:79:3f:46:
                    c3:69:27:40:f8:d9:63:6e:d0:3f:8f:a5:05:de:2f:
                    d1:ac:10:3f:ba:d4:16:a1:46:23:2a:2f:a6:a6:0a:
                    3f:02:a3:4b:a7:bf:7a:ba:4a:10:78:22:b3:0d:e4:
                    10:ea:29:fd:39:b9:bb:8f:22:0f:97:59:b8:b6:3e:
                    91:60:b0:98:aa:b2:b6:ba:15:4a:88:ba:32:5e:5f:
                    f0:bd:48:95:82:ef:71:04:66:53:05:ee:fa:82:69:
                    0e:39:f0:28:b5:22:c6:bd:2b:0b:15:80:7f:c6:a0:
                    00:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:A5:1E:68:C8:59:C8:05:BB:F1:BB:93:F6:36:84:C6:A8:EE:1D:AA
            X509v3 Authority Key Identifier:
                keyid:F2:61:44:C8:24:95:97:11:B6:52:D7:8C:18:70:2B:F4:32:F2:19:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mFEyCSVlxG2UteMGHAr9DLyGVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/j6UeaMhZyAW78buT9jaExqjuHao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a66c25-2711-4659-b162-35b483bb4c84/1/8mFEyCSVlxG2UteMGHAr9DLyGVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:05:4a:91:17:6b:2c:35:19:5b:f7:bd:95:bb:b2:0b:46:f3:
         f9:2b:5d:fd:2b:a7:76:20:06:8d:1e:d6:24:3c:ed:3d:02:61:
         2b:54:f7:f2:da:97:19:66:22:ce:8a:c3:d9:fe:0d:92:08:a4:
         79:0f:58:d5:42:63:4b:cf:0a:f6:c6:85:b4:0c:46:7c:a6:4a:
         d0:10:15:e2:9e:cf:b5:f0:52:e4:5a:43:b8:b0:e6:14:c3:4e:
         58:8c:bf:39:e8:16:59:fc:eb:ea:ac:8a:1a:b9:7c:35:09:b6:
         2f:25:fa:70:8f:95:ef:92:05:2e:32:a4:01:8c:14:e4:7a:09:
         8f:0c:48:c8:ca:99:fb:f8:46:de:f9:cb:2b:58:6a:2c:eb:48:
         65:ac:52:41:0c:40:a6:c8:fd:9d:89:4f:ef:5a:ab:7a:33:af:
         57:8c:c5:f1:83:7c:07:61:dd:f2:28:fd:2a:09:95:80:04:c9:
         4f:b8:0c:58:b9:4a:91:47:9a:4a:15:a6:ea:ec:c8:ad:92:9d:
         d2:da:29:94:d9:12:61:72:64:11:41:48:11:b9:d7:1a:cd:08:
         73:0e:75:63:d7:34:67:18:e3:c0:e9:42:22:9f:bd:32:46:19:
         6d:fd:02:73:18:48:6f:75:6f:00:2f:55:b0:d5:93:9b:63:cf:
         ea:1a:d2:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwJWSILO4sVMyF+7GFhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjE0NGM4MjQ5NTk3MTFiNjUyZDc4YzE4NzAyYmY0MzJm
MjE5NWMwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmE1MWU2OGM4NTljODA1YmJmMWJiOTNmNjM2ODRjNmE4ZWUxZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLd7DScIYcaD79ZfkpDSmJDqWr+W
w6mvLjKcy8jbOu+fJ+0fTV5ePx1gTrwrEuLOrbW9+eScXiVxm2LMof70V0TjOtbt
wg1kNzkOt51GKTuVKFstJfNo7qPF81EUWEEUcPwvZexDhtR9PHLfaumWC1Lmjh34
6WpWByZll3HPrTrfrUuUTQnlCIt+SdLOIzKTa/d5P0bDaSdA+NljbtA/j6UF3i/R
rBA/utQWoUYjKi+mpgo/AqNLp796ukoQeCKzDeQQ6in9Obm7jyIPl1m4tj6RYLCY
qrK2uhVKiLoyXl/wvUiVgu9xBGZTBe76gmkOOfAotSLGvSsLFYB/xqAA5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+lHmjIWcgFu/G7k/Y2hMao7h2qMB8GA1UdIwQY
MBaAFPJhRMgklZcRtlLXjBhwK/Qy8hlcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1GRXlDU1ZseEcyVXRlTUdIQXI5REx5R1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hNjZjMjUtMjcxMS00NjU5LWIxNjIt
MzViNDgzYmI0Yzg0LzEvajZVZWFNaFp5QVc3OGJ1VDlqYUV4cWp1SGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hNjZjMjUtMjcxMS00NjU5LWIxNjItMzViNDgzYmI0Yzg0
LzEvOG1GRXlDU1ZseEcyVXRlTUdIQXI5REx5R1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSHcMA0G
CSqGSIb3DQEBCwUAA4IBAQATBUqRF2ssNRlb972Vu7ILRvP5K139K6d2IAaNHtYk
PO09AmErVPfy2pcZZiLOisPZ/g2SCKR5D1jVQmNLzwr2xoW0DEZ8pkrQEBXins+1
8FLkWkO4sOYUw05YjL856BZZ/OvqrIoauXw1CbYvJfpwj5XvkgUuMqQBjBTkegmP
DEjIypn7+Ebe+csrWGos60hlrFJBDECmyP2diU/vWqt6M69XjMXxg3wHYd3yKP0q
CZWABMlPuAxYuUqRR5pKFabq7Mitkp3S2imU2RJhcmQRQUgRudcazQhzDnVj1zRn
GOPA6UIin70yRhlt/QJzGEhvdW8AL1Ww1ZObY8/qGtIG
-----END CERTIFICATE-----