Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/bEeqMQNoQJ6qCtW7oDnAsal5Y4Q.roa
File:                     bEeqMQNoQJ6qCtW7oDnAsal5Y4Q.roa (raw, json)
Hash identifier:          Lm6h0giBLIk835O7bd+cvHrcXhlCLh7W2Q+/8X9xH+Y=
Subject key identifier:   6C:47:AA:31:03:68:40:9E:AA:0A:D5:BB:A0:39:C0:B1:A9:79:63:84
Certificate issuer:       /CN=9863354a111af6d5e1ad10da38ad8144b6be868e
Certificate serial:       018CC727312A74CF7DF9EB10B783C1D10B66
Authority key identifier: 98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/bEeqMQNoQJ6qCtW7oDnAsal5Y4Q.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212368
IP address blocks:        193.135.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:2a:74:cf:7d:f9:eb:10:b7:83:c1:d1:0b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9863354a111af6d5e1ad10da38ad8144b6be868e
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c47aa310368409eaa0ad5bba039c0b1a9796384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fe:39:95:f2:f0:72:32:82:65:fa:e7:95:a3:
                    26:b4:51:82:b2:83:c8:4f:43:fb:05:8c:18:a5:1b:
                    f5:d5:88:d6:eb:2a:3f:d0:c7:68:0a:5c:cb:b7:bc:
                    ce:3f:8c:79:f2:3e:82:56:09:2a:a0:65:c1:2c:54:
                    cc:ef:40:f4:3f:45:87:44:d1:58:e5:06:96:5a:b1:
                    46:65:48:20:59:04:a9:29:74:3c:63:c7:38:5d:63:
                    a2:9b:df:d6:06:1e:ca:db:ab:92:dc:84:6a:5c:49:
                    c5:8d:83:91:ea:8a:47:6e:9c:60:2f:fe:ff:e9:d6:
                    c9:64:a1:c6:b9:25:e5:97:72:0c:4d:d8:40:1f:be:
                    1c:aa:27:f3:b3:76:d9:80:36:b7:04:53:21:2c:f8:
                    31:7e:84:3e:60:09:ee:44:d0:af:01:99:15:0d:a2:
                    bd:f1:f8:88:e0:41:d1:90:da:d6:3b:3c:85:ad:04:
                    7c:89:58:6e:41:a0:e2:f0:ea:e8:5c:41:46:9c:81:
                    f1:c4:84:0d:d8:02:26:de:99:ba:63:c8:3f:53:18:
                    64:c5:b8:47:c1:f9:28:3e:26:de:a0:c7:6a:e4:dc:
                    7e:57:c2:b4:93:3f:99:81:f8:5d:d5:fc:5b:ed:62:
                    6f:c0:bb:da:ed:8a:5e:e2:35:b3:8b:9c:36:3d:95:
                    26:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:47:AA:31:03:68:40:9E:AA:0A:D5:BB:A0:39:C0:B1:A9:79:63:84
            X509v3 Authority Key Identifier:
                keyid:98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/bEeqMQNoQJ6qCtW7oDnAsal5Y4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e8:af:4d:28:37:70:44:06:80:af:1e:38:78:bd:c9:df:86:
         3b:d2:3f:2b:f2:51:27:f5:4d:12:43:6a:65:d8:5a:f0:bd:77:
         f4:b4:12:25:25:d5:16:0d:09:6f:67:58:f2:db:82:93:e4:3e:
         87:f5:97:2e:67:fa:82:24:b6:c5:1b:37:10:65:1d:9a:f9:dd:
         df:21:61:b2:45:1f:8e:90:6f:4a:84:a4:b0:df:a1:56:e1:99:
         6d:07:c7:40:9c:9e:3e:39:53:cc:d1:14:a1:15:12:1f:8f:9e:
         4a:b2:7d:8a:00:29:f4:7d:36:61:21:f5:54:8f:af:be:78:13:
         21:cd:7c:bd:b6:1b:a8:11:9e:25:33:12:89:1d:85:e8:cb:ee:
         61:37:37:85:ac:74:d1:bd:e0:71:c7:bb:56:8c:80:22:a2:95:
         55:98:0e:85:5a:2d:89:ae:4d:27:93:49:39:da:80:e0:2c:38:
         af:62:dd:ee:eb:66:f9:ce:f9:98:01:4d:88:3c:bf:a0:84:9d:
         46:6a:92:0c:ee:d8:71:41:be:bd:bf:c7:fb:f8:68:72:b3:55:
         fc:03:06:b5:8c:a4:3a:44:a9:a6:f5:2f:e0:7b:2e:b9:c5:82:
         90:77:35:48:88:f9:3a:52:5a:5c:80:3b:82:ec:a8:a0:0a:5b:
         6f:39:2b:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzEqdM99+esQt4PB0QtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjMzNTRhMTExYWY2ZDVlMWFkMTBkYTM4YWQ4MTQ0YjZi
ZTg2OGUwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ3YWEzMTAzNjg0MDllYWEwYWQ1YmJhMDM5YzBiMWE5Nzk2Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif45lfLwcjKCZfrnlaMmtFGCsoPI
T0P7BYwYpRv11YjW6yo/0MdoClzLt7zOP4x58j6CVgkqoGXBLFTM70D0P0WHRNFY
5QaWWrFGZUggWQSpKXQ8Y8c4XWOim9/WBh7K26uS3IRqXEnFjYOR6opHbpxgL/7/
6dbJZKHGuSXll3IMTdhAH74cqifzs3bZgDa3BFMhLPgxfoQ+YAnuRNCvAZkVDaK9
8fiI4EHRkNrWOzyFrQR8iVhuQaDi8OroXEFGnIHxxIQN2AIm3pm6Y8g/UxhkxbhH
wfkoPibeoMdq5Nx+V8K0kz+Zgfhd1fxb7WJvwLva7Ype4jWzi5w2PZUm/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxHqjEDaECeqgrVu6A5wLGpeWOEMB8GA1UdIwQY
MBaAFJhjNUoRGvbV4a0Q2jitgUS2voaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGIt
NTNmNTc1MDRlZjM1LzEvYkVlcU1RTm9RSjZxQ3RXN29EbkFzYWw1WTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGItNTNmNTc1MDRlZjM1
LzEvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYdlMA0G
CSqGSIb3DQEBCwUAA4IBAQCM6K9NKDdwRAaArx44eL3J34Y70j8r8lEn9U0SQ2pl
2FrwvXf0tBIlJdUWDQlvZ1jy24KT5D6H9ZcuZ/qCJLbFGzcQZR2a+d3fIWGyRR+O
kG9KhKSw36FW4ZltB8dAnJ4+OVPM0RShFRIfj55Ksn2KACn0fTZhIfVUj6++eBMh
zXy9thuoEZ4lMxKJHYXoy+5hNzeFrHTRveBxx7tWjIAiopVVmA6FWi2Jrk0nk0k5
2oDgLDivYt3u62b5zvmYAU2IPL+ghJ1GapIM7thxQb69v8f7+Ghys1X8Awa1jKQ6
RKmm9S/gey65xYKQdzVIiPk6UlpcgDuC7KigCltvOSvi
-----END CERTIFICATE-----