Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/CCEh6ok2oDyS_aJQ-oUkMgX8ep0.roa
File:                     CCEh6ok2oDyS_aJQ-oUkMgX8ep0.roa (raw, json)
Hash identifier:          pfpv9fJ1fKgdz2HKkdFS4PLsqoal++dllCd2LKCKI5s=
Subject key identifier:   08:21:21:EA:89:36:A0:3C:92:FD:A2:50:FA:85:24:32:05:FC:7A:9D
Certificate issuer:       /CN=9863354a111af6d5e1ad10da38ad8144b6be868e
Certificate serial:       0191F60FAF326A2D85C9FB7C7A4796C0BC02
Authority key identifier: 98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/CCEh6ok2oDyS_aJQ-oUkMgX8ep0.roa
Signing time:             Sun 15 Sep 2024 14:21:48 +0000
ROA not before:           Sun 15 Sep 2024 14:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.134.253.0/24 maxlen: 24
                          193.135.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f6:0f:af:32:6a:2d:85:c9:fb:7c:7a:47:96:c0:bc:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9863354a111af6d5e1ad10da38ad8144b6be868e
        Validity
            Not Before: Sep 15 14:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=082121ea8936a03c92fda250fa85243205fc7a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6e:d7:a4:f6:9f:8a:4b:26:d4:b9:59:04:b9:
                    51:80:99:36:5c:e9:87:8e:eb:5f:3b:8d:55:32:ce:
                    b6:f8:b2:53:02:37:12:2a:bf:78:8f:51:53:ed:fd:
                    0b:77:1f:b1:f2:0d:e7:b8:d8:c3:18:12:1b:08:b0:
                    9e:77:c0:d5:8d:c8:3e:1c:6a:18:68:2f:ed:34:78:
                    71:60:60:e7:2e:12:cc:91:f4:dd:c8:3f:4f:47:ff:
                    ab:19:18:6d:91:22:6a:a2:fa:78:ba:a4:43:91:a0:
                    d7:dd:7d:61:c0:8d:de:16:2d:e2:d3:c6:a2:78:33:
                    6e:a8:11:d4:2f:ea:07:44:bb:66:09:f1:fb:3e:ab:
                    b5:31:cb:88:5a:11:ba:0a:c3:2a:36:50:d1:f3:02:
                    dd:08:18:de:0d:1c:11:5f:51:ac:ca:8e:81:0a:cf:
                    8d:2a:0e:dc:f3:7f:28:73:f9:50:f3:8d:2f:e8:c3:
                    06:e0:0b:41:41:b2:e9:f9:05:16:2f:e8:b3:31:ee:
                    27:c9:a7:25:16:af:4e:1e:f4:c0:1f:c7:e2:5e:10:
                    3b:2a:61:f4:53:af:f7:c5:83:d2:d7:a3:7c:48:f6:
                    f3:ee:5b:f8:55:93:69:3f:b6:49:63:98:ce:4f:9e:
                    cc:b9:0c:a3:86:17:98:ee:4f:82:91:27:00:50:09:
                    47:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:21:21:EA:89:36:A0:3C:92:FD:A2:50:FA:85:24:32:05:FC:7A:9D
            X509v3 Authority Key Identifier:
                keyid:98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/CCEh6ok2oDyS_aJQ-oUkMgX8ep0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.253.0/24
                  193.135.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:6d:62:a7:49:53:23:3d:81:3c:5b:c6:2b:d9:f9:1d:28:79:
         16:1d:2e:00:52:b3:8d:da:78:81:fe:b1:45:4f:6d:bc:93:69:
         64:b4:af:0a:07:45:5a:d6:87:95:ed:df:e3:34:40:41:c6:fa:
         70:08:04:a2:a0:25:fc:a4:21:75:c8:98:b9:55:ba:a9:0f:5a:
         76:ae:44:e7:38:8a:86:13:cc:55:67:2a:84:f2:83:30:a9:74:
         ce:eb:0a:e8:78:b2:f0:29:f3:22:9c:84:72:e6:57:39:95:d9:
         c1:c3:a4:ac:a7:3c:f2:7b:8c:1b:75:db:83:9d:aa:33:d2:b6:
         72:26:b4:77:5b:17:85:d3:a0:63:49:19:d9:a1:ca:c8:1b:65:
         0e:7c:fb:67:c6:6f:e1:29:ba:fd:6d:27:f3:a5:89:b6:24:f1:
         dd:d3:81:7e:11:36:db:10:cb:d5:88:37:d7:a1:51:7f:fc:96:
         97:2d:a5:ee:73:6e:2a:c0:42:24:6b:d4:9e:7f:11:29:8d:87:
         5e:3d:81:35:30:48:39:0a:13:b4:73:25:fa:85:7a:0f:8e:15:
         33:90:3c:d8:6b:3f:e6:ac:81:12:79:d7:96:d9:e1:c2:6d:fa:
         7b:90:7c:19:01:c0:c3:42:ee:99:d6:cd:49:4d:a4:a1:b1:6d:
         3a:fc:7d:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH2D68yai2Fyft8ekeWwLwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjMzNTRhMTExYWY2ZDVlMWFkMTBkYTM4YWQ4MTQ0YjZi
ZTg2OGUwHhcNMjQwOTE1MTQyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODIxMjFlYTg5MzZhMDNjOTJmZGEyNTBmYTg1MjQzMjA1ZmM3YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW7XpPafiksm1LlZBLlRgJk2XOmH
jutfO41VMs62+LJTAjcSKr94j1FT7f0Ldx+x8g3nuNjDGBIbCLCed8DVjcg+HGoY
aC/tNHhxYGDnLhLMkfTdyD9PR/+rGRhtkSJqovp4uqRDkaDX3X1hwI3eFi3i08ai
eDNuqBHUL+oHRLtmCfH7Pqu1McuIWhG6CsMqNlDR8wLdCBjeDRwRX1Gsyo6BCs+N
Kg7c838oc/lQ840v6MMG4AtBQbLp+QUWL+izMe4nyaclFq9OHvTAH8fiXhA7KmH0
U6/3xYPS16N8SPbz7lv4VZNpP7ZJY5jOT57MuQyjhheY7k+CkScAUAlHvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAghIeqJNqA8kv2iUPqFJDIF/HqdMB8GA1UdIwQY
MBaAFJhjNUoRGvbV4a0Q2jitgUS2voaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGIt
NTNmNTc1MDRlZjM1LzEvQ0NFaDZvazJvRHlTX2FKUS1vVWtNZ1g4ZXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGItNTNmNTc1MDRlZjM1
LzEvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwYb9AwQA
wYdlMA0GCSqGSIb3DQEBCwUAA4IBAQAUbWKnSVMjPYE8W8Yr2fkdKHkWHS4AUrON
2niB/rFFT228k2lktK8KB0Va1oeV7d/jNEBBxvpwCASioCX8pCF1yJi5VbqpD1p2
rkTnOIqGE8xVZyqE8oMwqXTO6wroeLLwKfMinIRy5lc5ldnBw6Sspzzye4wbdduD
naoz0rZyJrR3WxeF06BjSRnZocrIG2UOfPtnxm/hKbr9bSfzpYm2JPHd04F+ETbb
EMvViDfXoVF//JaXLaXuc24qwEIka9SefxEpjYdePYE1MEg5ChO0cyX6hXoPjhUz
kDzYaz/mrIESedeW2eHCbfp7kHwZAcDDQu6Z1s1JTaShsW06/H2U
-----END CERTIFICATE-----