Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/s0CxskOevCC_li4wVr8931bXdFI.roa
File:                     s0CxskOevCC_li4wVr8931bXdFI.roa (raw, json)
Hash identifier:          c2vQIcif22hKbc+AwCvGIU8hB52HBbIBglxb4oBC6nM=
Subject key identifier:   B3:40:B1:B2:43:9E:BC:20:BF:96:2E:30:56:BF:3D:DF:56:D7:74:52
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8C9C6551AF76203C7FB484A76D947
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/s0CxskOevCC_li4wVr8931bXdFI.roa
Signing time:             Mon 01 Jan 2024 20:30:48 +0000
ROA not before:           Mon 01 Jan 2024 20:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209474
IP address blocks:        193.111.78.0/24 maxlen: 24
                          193.17.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c9:c6:55:1a:f7:62:03:c7:fb:48:4a:76:d9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b340b1b2439ebc20bf962e3056bf3ddf56d77452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e6:66:27:52:f1:e3:db:99:5b:83:4a:a4:9e:
                    4a:f4:e9:ec:63:f5:1c:59:6b:e9:58:48:93:94:ab:
                    b5:38:ec:6e:96:87:77:5d:74:66:d8:92:52:84:5f:
                    ac:49:97:ae:b2:4c:20:55:7a:32:22:4a:0b:3a:12:
                    ed:00:8c:a1:59:c9:dd:c8:df:f3:72:b5:a1:7a:19:
                    17:eb:ec:92:3d:1b:f6:ad:da:56:88:00:32:c1:dc:
                    a1:83:19:35:c3:fc:f3:02:bb:5e:85:66:f7:31:92:
                    57:5b:6f:75:a6:62:59:66:7e:30:58:51:8c:a9:f6:
                    ec:a7:da:63:9b:5e:75:c6:01:91:00:0c:01:25:d3:
                    d0:04:92:34:fd:6a:77:68:69:c3:fe:ef:7a:9b:6f:
                    3d:95:0d:fc:91:43:04:ae:cb:37:b7:89:e2:d0:bc:
                    cd:fa:9a:e4:65:46:97:dc:2a:4e:b8:3d:f1:e9:c7:
                    39:c8:6b:19:42:4c:dc:c4:a2:c3:90:b6:fe:3d:99:
                    c2:9c:3e:5b:fd:82:85:3e:e8:63:62:b3:16:64:74:
                    11:ad:10:0c:36:fd:e0:3b:81:41:50:a4:4c:71:4d:
                    0e:50:e6:5b:9b:56:c9:ce:62:54:27:d0:28:fe:d5:
                    6d:32:78:85:55:92:43:f4:df:02:bc:41:94:da:00:
                    d7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:40:B1:B2:43:9E:BC:20:BF:96:2E:30:56:BF:3D:DF:56:D7:74:52
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/s0CxskOevCC_li4wVr8931bXdFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.6.0/24
                  193.111.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:0b:15:3f:a0:de:9c:3c:32:05:ad:e3:94:5c:dc:53:8e:df:
         f8:42:95:9a:0a:d1:64:7c:0b:6d:fa:b6:bf:9b:a6:57:d0:f7:
         0f:2f:c6:53:c5:83:46:8a:a0:41:7d:78:6e:26:47:54:d5:81:
         cf:2f:34:74:4c:88:5f:58:db:d7:56:f6:52:65:2f:cd:df:02:
         91:ee:86:48:08:63:4b:2a:d7:d2:d6:9d:db:47:e5:f2:0f:1b:
         e5:b3:0a:52:a5:1e:28:8f:50:47:b4:fb:91:45:17:32:9a:7c:
         a7:99:eb:4e:92:9e:10:54:b6:0f:7d:2b:96:26:44:74:17:bd:
         fb:58:50:70:1c:d0:8d:c4:57:5e:aa:71:8e:7e:1c:e0:70:bc:
         00:47:45:26:5c:0d:40:0a:30:e7:a4:8e:da:d9:2c:80:7e:04:
         11:f1:44:ce:c6:c3:01:03:3b:6c:d6:d9:cb:e6:ca:69:18:40:
         2c:89:b3:29:a3:6b:01:8f:1d:0d:17:bf:d5:5e:cd:a4:25:b0:
         76:3d:03:f0:92:b4:2a:b5:9d:89:82:41:26:37:98:72:34:ca:
         e7:6a:a8:ad:15:3b:c6:1c:3e:b9:af:eb:3d:66:77:8d:a2:87:
         fb:6e:f6:97:dc:ba:ca:71:98:e2:73:2b:18:de:24:69:d5:ad:
         12:64:37:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuMnGVRr3YgPH+0hKdtlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQwYjFiMjQzOWViYzIwYmY5NjJlMzA1NmJmM2RkZjU2ZDc3NDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOZmJ1Lx49uZW4NKpJ5K9OnsY/Uc
WWvpWEiTlKu1OOxulod3XXRm2JJShF+sSZeuskwgVXoyIkoLOhLtAIyhWcndyN/z
crWhehkX6+ySPRv2rdpWiAAywdyhgxk1w/zzArtehWb3MZJXW291pmJZZn4wWFGM
qfbsp9pjm151xgGRAAwBJdPQBJI0/Wp3aGnD/u96m289lQ38kUMErss3t4ni0LzN
+prkZUaX3CpOuD3x6cc5yGsZQkzcxKLDkLb+PZnCnD5b/YKFPuhjYrMWZHQRrRAM
Nv3gO4FBUKRMcU0OUOZbm1bJzmJUJ9Ao/tVtMniFVZJD9N8CvEGU2gDX6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLNAsbJDnrwgv5YuMFa/Pd9W13RSMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvczBDeHNrT2V2Q0NfbGk0d1ZyODkzMWJYZEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwREGAwQA
wW9OMA0GCSqGSIb3DQEBCwUAA4IBAQCUCxU/oN6cPDIFreOUXNxTjt/4QpWaCtFk
fAtt+ra/m6ZX0PcPL8ZTxYNGiqBBfXhuJkdU1YHPLzR0TIhfWNvXVvZSZS/N3wKR
7oZICGNLKtfS1p3bR+XyDxvlswpSpR4oj1BHtPuRRRcymnynmetOkp4QVLYPfSuW
JkR0F737WFBwHNCNxFdeqnGOfhzgcLwAR0UmXA1ACjDnpI7a2SyAfgQR8UTOxsMB
Azts1tnL5sppGEAsibMpo2sBjx0NF7/VXs2kJbB2PQPwkrQqtZ2JgkEmN5hyNMrn
aqitFTvGHD65r+s9ZneNoof7bvaX3LrKcZjicysY3iRp1a0SZDdy
-----END CERTIFICATE-----