Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/v8hsr7q1xhZylTAnYAd-4BYfL-Y.roa
File:                     v8hsr7q1xhZylTAnYAd-4BYfL-Y.roa (raw, json)
Hash identifier:          zDCazJKA2KJ4gsMA1l6SaZFgkMA6aLKvczpxSXLhSHE=
Subject key identifier:   BF:C8:6C:AF:BA:B5:C6:16:72:95:30:27:60:07:7E:E0:16:1F:2F:E6
Certificate issuer:       /CN=6fa48e96197426e4c5eeb423e0fd9c2e952c4177
Certificate serial:       018CC727632D09BE770C75CF8326F7161E96
Authority key identifier: 6F:A4:8E:96:19:74:26:E4:C5:EE:B4:23:E0:FD:9C:2E:95:2C:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/v8hsr7q1xhZylTAnYAd-4BYfL-Y.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        193.163.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:63:2d:09:be:77:0c:75:cf:83:26:f7:16:1e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa48e96197426e4c5eeb423e0fd9c2e952c4177
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfc86cafbab5c6167295302760077ee0161f2fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f3:d3:ac:24:a9:d7:3c:88:d6:19:c7:2e:b8:
                    a3:92:06:52:f9:ce:d7:00:7c:c7:d1:da:4a:29:b9:
                    52:a9:1b:d8:66:de:8b:97:00:19:89:a6:6f:ff:72:
                    17:78:1b:37:89:fa:f5:4e:13:3c:9d:67:a2:cc:17:
                    2b:75:d2:7f:b5:0a:a6:0d:7d:3f:0d:c2:05:9d:c2:
                    21:19:ba:7b:85:d2:f2:7a:ff:bd:64:cc:71:27:12:
                    2e:47:db:f3:1a:5a:a9:e3:68:d1:5d:ca:7d:19:fa:
                    ee:62:ab:a0:f8:90:a6:b4:10:35:69:ab:88:a4:9f:
                    6c:98:ef:98:30:54:95:09:05:2b:46:6d:5c:ca:4f:
                    ad:70:6f:dd:fe:ae:4f:48:b7:6c:75:96:71:bc:23:
                    ab:e6:d5:3b:6f:f8:b3:60:23:1f:cb:24:6d:39:90:
                    77:f4:df:6f:50:67:66:04:65:a4:97:a0:fa:7e:8b:
                    d9:54:de:59:8c:05:ee:9b:a2:6a:cb:1e:1f:1e:d8:
                    ef:0b:e5:1b:82:23:90:65:e6:52:fb:40:21:b9:0f:
                    36:bb:b1:b1:77:30:ce:fa:06:fd:61:a0:d9:8f:11:
                    a7:30:e3:7e:5a:1a:ee:ae:5f:8b:59:c6:eb:0c:94:
                    39:94:56:1e:5d:87:f4:8e:9d:fa:54:90:07:5e:97:
                    d8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C8:6C:AF:BA:B5:C6:16:72:95:30:27:60:07:7E:E0:16:1F:2F:E6
            X509v3 Authority Key Identifier:
                keyid:6F:A4:8E:96:19:74:26:E4:C5:EE:B4:23:E0:FD:9C:2E:95:2C:41:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/v8hsr7q1xhZylTAnYAd-4BYfL-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:19:b8:05:33:3a:fe:ea:2e:15:90:89:fb:f8:55:44:9e:ca:
         90:e0:0f:91:2f:a1:95:b3:b3:e6:bd:ce:fe:db:d6:59:80:a7:
         7b:a0:d4:2b:b5:35:85:16:ad:6e:a9:e2:80:0e:ce:db:34:61:
         95:0e:3d:4f:bd:5e:d1:ce:5a:88:fb:85:ef:29:4f:82:6e:27:
         01:ee:65:86:b9:30:06:f2:08:73:9c:0b:12:c9:0b:c1:ab:0a:
         6d:52:3d:22:fb:0d:87:02:b8:62:75:5e:22:66:a2:68:e4:20:
         a1:4c:26:9e:94:8d:42:33:87:a7:03:8b:2e:d8:c8:98:1d:e0:
         ff:25:3e:56:b2:2b:e2:b9:29:f2:fa:eb:2e:21:b4:45:0f:41:
         3f:72:fd:4e:84:84:ab:d6:b8:25:be:a4:0c:9c:4e:ef:c0:87:
         1a:1e:7b:0c:ce:7b:12:78:5b:a6:f7:6d:8e:3f:40:9a:8a:17:
         e8:fd:1f:cf:9e:7c:40:f3:d3:f2:f0:ef:c2:3d:58:fe:ff:62:
         67:ef:b8:25:78:af:d7:08:3a:4d:97:c8:12:a7:dc:05:ba:da:
         4b:37:ed:45:27:30:b7:c9:43:30:81:3e:75:f4:9f:22:1f:87:
         f6:c5:14:75:a0:73:47:7e:91:39:ac:fe:44:bc:f1:88:8b:df:
         df:69:bb:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2MtCb53DHXPgyb3Fh6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTQ4ZTk2MTk3NDI2ZTRjNWVlYjQyM2UwZmQ5YzJlOTUy
YzQxNzcwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmM4NmNhZmJhYjVjNjE2NzI5NTMwMjc2MDA3N2VlMDE2MWYyZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPPTrCSp1zyI1hnHLrijkgZS+c7X
AHzH0dpKKblSqRvYZt6LlwAZiaZv/3IXeBs3ifr1ThM8nWeizBcrddJ/tQqmDX0/
DcIFncIhGbp7hdLyev+9ZMxxJxIuR9vzGlqp42jRXcp9GfruYqug+JCmtBA1aauI
pJ9smO+YMFSVCQUrRm1cyk+tcG/d/q5PSLdsdZZxvCOr5tU7b/izYCMfyyRtOZB3
9N9vUGdmBGWkl6D6fovZVN5ZjAXum6Jqyx4fHtjvC+UbgiOQZeZS+0AhuQ82u7Gx
dzDO+gb9YaDZjxGnMON+Whrurl+LWcbrDJQ5lFYeXYf0jp36VJAHXpfYSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/IbK+6tcYWcpUwJ2AHfuAWHy/mMB8GA1UdIwQY
MBaAFG+kjpYZdCbkxe60I+D9nC6VLEF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZTT2xobDBKdVRGN3JRajRQMmNMcFVzUVhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84YzViYzctNTVmYS00MDQ0LTg4ZGEt
NjgxODVmZGI5MDAzLzEvdjhoc3I3cTF4aFp5bFRBbllBZC00QllmTC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84YzViYzctNTVmYS00MDQ0LTg4ZGEtNjgxODVmZGI5MDAz
LzEvYjZTT2xobDBKdVRGN3JRajRQMmNMcFVzUVhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAbGbgFMzr+6i4VkIn7+FVEnsqQ4A+RL6GVs7Pmvc7+
29ZZgKd7oNQrtTWFFq1uqeKADs7bNGGVDj1PvV7RzlqI+4XvKU+CbicB7mWGuTAG
8ghznAsSyQvBqwptUj0i+w2HArhidV4iZqJo5CChTCaelI1CM4enA4su2MiYHeD/
JT5WsiviuSny+usuIbRFD0E/cv1OhISr1rglvqQMnE7vwIcaHnsMznsSeFum922O
P0Caihfo/R/PnnxA89Py8O/CPVj+/2Jn77gleK/XCDpNl8gSp9wFutpLN+1FJzC3
yUMwgT519J8iH4f2xRR1oHNHfpE5rP5EvPGIi9/fabv9
-----END CERTIFICATE-----