Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/Ls7ao08Q1H0G804fwEiRXOIpDXI.roa
File:                     Ls7ao08Q1H0G804fwEiRXOIpDXI.roa (raw, json)
Hash identifier:          nbA0FgF9/oeKHXyw4r5fHr3r8qPxf5Qh7Dn41/PjH3M=
Subject key identifier:   2E:CE:DA:A3:4F:10:D4:7D:06:F3:4E:1F:C0:48:91:5C:E2:29:0D:72
Certificate issuer:       /CN=a089c7211eb0cba0fd93ce316b389538ce1acb00
Certificate serial:       018CC64B092525D24701A7194501C037E391
Authority key identifier: A0:89:C7:21:1E:B0:CB:A0:FD:93:CE:31:6B:38:95:38:CE:1A:CB:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oInHIR6wy6D9k84xaziVOM4aywA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/Ls7ao08Q1H0G804fwEiRXOIpDXI.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200852
IP address blocks:        193.239.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/oInHIR6wy6D9k84xaziVOM4aywA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/oInHIR6wy6D9k84xaziVOM4aywA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oInHIR6wy6D9k84xaziVOM4aywA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:09:25:25:d2:47:01:a7:19:45:01:c0:37:e3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a089c7211eb0cba0fd93ce316b389538ce1acb00
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ecedaa34f10d47d06f34e1fc048915ce2290d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4d:81:d8:ad:0f:27:1b:14:b2:31:41:e4:32:
                    fe:37:f8:ae:03:e9:85:85:f1:ff:be:d7:45:b8:4e:
                    48:af:31:c6:4a:b0:37:02:1f:fd:ab:a3:f2:8a:da:
                    e0:85:13:1a:1d:b8:b3:6e:59:99:16:07:4a:5e:59:
                    b3:cd:ee:fb:c5:c5:b7:6c:a1:80:a7:64:28:90:18:
                    64:b4:39:c2:08:84:a6:43:a5:a3:f7:e2:ef:bb:1e:
                    76:d2:d3:5a:a0:73:78:3c:b9:61:30:f2:b5:6f:b0:
                    48:a7:36:97:51:f2:80:e3:8f:c4:a7:a4:f0:11:43:
                    ba:16:d8:a9:d3:bd:b8:ff:a8:20:cf:5d:bf:00:d4:
                    4d:63:1f:c9:0f:d9:35:23:39:9d:55:60:6b:4b:0e:
                    15:c7:29:3c:8f:9a:53:fb:4d:1c:09:98:23:0f:b0:
                    be:b0:f6:e6:89:4f:3c:e7:d4:b7:28:3f:2e:6f:01:
                    cf:3d:32:d4:7a:f8:7c:10:9e:1a:bd:e1:23:ca:a2:
                    50:b9:39:26:40:c6:68:cb:9c:22:5e:01:47:18:41:
                    6e:2a:71:0f:d3:d0:5f:eb:cd:ab:1a:96:92:24:54:
                    59:24:ad:f7:ee:5f:25:cd:bf:a0:2d:b6:15:99:3a:
                    d2:ce:92:74:bb:44:50:3d:e5:60:18:df:dd:ec:58:
                    61:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CE:DA:A3:4F:10:D4:7D:06:F3:4E:1F:C0:48:91:5C:E2:29:0D:72
            X509v3 Authority Key Identifier:
                keyid:A0:89:C7:21:1E:B0:CB:A0:FD:93:CE:31:6B:38:95:38:CE:1A:CB:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oInHIR6wy6D9k84xaziVOM4aywA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/Ls7ao08Q1H0G804fwEiRXOIpDXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8e1204-4a03-4c97-a03f-97e080e2a910/1/oInHIR6wy6D9k84xaziVOM4aywA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:94:2d:c2:e2:78:e3:2e:f1:6a:46:40:d1:ba:ec:c8:10:d5:
         18:bc:4c:8e:69:5c:d4:f2:22:45:7f:d8:1e:a7:f4:c1:24:16:
         75:4b:e5:44:0f:cd:32:19:a9:8f:57:c0:96:16:86:ca:d0:17:
         e7:9d:fb:bd:79:e1:2d:18:05:ea:ff:60:bf:64:37:c4:cd:1a:
         8c:4b:57:9a:c1:f1:db:ea:c6:5f:3d:1e:be:89:19:fd:58:90:
         89:42:d5:40:b0:f0:d5:d3:82:fe:d1:a6:28:c6:1c:b1:99:93:
         88:65:d4:9a:49:4a:9f:4a:04:12:47:f3:8e:08:1e:0c:08:ce:
         4d:b1:7d:1a:a3:86:23:dd:e6:ac:c4:74:0b:1a:c4:b1:b6:4e:
         8f:cf:e7:19:d6:97:37:68:07:11:28:cc:2b:7b:bd:b1:c5:bd:
         06:c9:42:bd:a8:68:7e:52:a2:81:4a:d6:87:c9:89:b2:88:d6:
         79:75:e2:db:60:5d:c1:1d:23:d8:e4:cd:24:55:05:4f:37:94:
         be:3d:d6:61:b5:19:0a:1f:bc:f6:a9:c4:fd:49:5e:f4:ad:f6:
         85:fa:a0:ec:01:6f:82:0e:e1:9a:4e:ad:39:d2:08:e9:a7:62:
         67:a0:0a:d1:c2:a2:87:f5:95:1f:2b:60:0b:98:f2:2e:a0:39:
         3c:33:ea:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwklJdJHAacZRQHAN+ORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODljNzIxMWViMGNiYTBmZDkzY2UzMTZiMzg5NTM4Y2Ux
YWNiMDAwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWNlZGFhMzRmMTBkNDdkMDZmMzRlMWZjMDQ4OTE1Y2UyMjkwZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhE2B2K0PJxsUsjFB5DL+N/iuA+mF
hfH/vtdFuE5IrzHGSrA3Ah/9q6PyitrghRMaHbizblmZFgdKXlmzze77xcW3bKGA
p2QokBhktDnCCISmQ6Wj9+Lvux520tNaoHN4PLlhMPK1b7BIpzaXUfKA44/Ep6Tw
EUO6Ftip0724/6ggz12/ANRNYx/JD9k1IzmdVWBrSw4Vxyk8j5pT+00cCZgjD7C+
sPbmiU8859S3KD8ubwHPPTLUevh8EJ4aveEjyqJQuTkmQMZoy5wiXgFHGEFuKnEP
09Bf682rGpaSJFRZJK337l8lzb+gLbYVmTrSzpJ0u0RQPeVgGN/d7Fhh2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7O2qNPENR9BvNOH8BIkVziKQ1yMB8GA1UdIwQY
MBaAFKCJxyEesMug/ZPOMWs4lTjOGssAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0luSElSNnd5NkQ5azg0eGF6aVZPTTRheXdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS84ZTEyMDQtNGEwMy00Yzk3LWEwM2Yt
OTdlMDgwZTJhOTEwLzEvTHM3YW8wOFExSDBHODA0ZndFaVJYT0lwRFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS84ZTEyMDQtNGEwMy00Yzk3LWEwM2YtOTdlMDgwZTJhOTEw
LzEvb0luSElSNnd5NkQ5azg0eGF6aVZPTTRheXdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe/QMA0G
CSqGSIb3DQEBCwUAA4IBAQB4lC3C4njjLvFqRkDRuuzIENUYvEyOaVzU8iJFf9ge
p/TBJBZ1S+VED80yGamPV8CWFobK0Bfnnfu9eeEtGAXq/2C/ZDfEzRqMS1eawfHb
6sZfPR6+iRn9WJCJQtVAsPDV04L+0aYoxhyxmZOIZdSaSUqfSgQSR/OOCB4MCM5N
sX0ao4Yj3easxHQLGsSxtk6Pz+cZ1pc3aAcRKMwre72xxb0GyUK9qGh+UqKBStaH
yYmyiNZ5deLbYF3BHSPY5M0kVQVPN5S+PdZhtRkKH7z2qcT9SV70rfaF+qDsAW+C
DuGaTq050gjpp2JnoArRwqKH9ZUfK2ALmPIuoDk8M+rK
-----END CERTIFICATE-----