Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/IMqCf6ENgsux8kXQJefYZLRk6Cw.roa
File:                     IMqCf6ENgsux8kXQJefYZLRk6Cw.roa (raw, json)
Hash identifier:          0YR6ER8VwbsKCaBeROJv9r0je03EVjahHteFNSAHplc=
Subject key identifier:   20:CA:82:7F:A1:0D:82:CB:B1:F2:45:D0:25:E7:D8:64:B4:64:E8:2C
Certificate issuer:       /CN=123ba3802f9c9bf6756daabd324e5326ede419aa
Certificate serial:       018CC5001236CC20244670277FCE0022729E
Authority key identifier: 12:3B:A3:80:2F:9C:9B:F6:75:6D:AA:BD:32:4E:53:26:ED:E4:19:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/IMqCf6ENgsux8kXQJefYZLRk6Cw.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60584
IP address blocks:        193.200.243.0/24 maxlen: 24
                          2a06:18c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:12:36:cc:20:24:46:70:27:7f:ce:00:22:72:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123ba3802f9c9bf6756daabd324e5326ede419aa
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20ca827fa10d82cbb1f245d025e7d864b464e82c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ab:b5:ae:b5:bc:4e:a9:4f:89:91:63:1b:ea:
                    b6:93:54:53:14:72:ae:ff:4d:e3:5f:d9:d8:57:70:
                    24:8e:ef:91:2d:80:7b:fe:37:45:41:d2:65:c4:4f:
                    6f:aa:fb:10:d8:ea:b8:6b:a6:56:68:f9:7e:ce:75:
                    bd:27:df:58:ff:bf:93:64:2e:1b:47:64:a1:c5:ee:
                    e1:4f:76:57:0a:8f:13:7f:c7:97:8d:d7:e1:5f:84:
                    63:d7:85:b5:41:5a:42:cc:e7:fc:e9:b6:16:00:c3:
                    84:c2:2c:74:77:dc:6d:be:38:aa:cc:e2:16:ed:84:
                    3d:c1:ed:c1:da:0d:2d:ab:56:b2:d9:8a:93:73:b2:
                    65:ba:aa:25:f5:07:99:f6:c0:cc:e8:7b:75:04:2f:
                    2a:a2:87:a4:9e:97:b8:9e:ec:f9:54:db:ac:f9:f1:
                    c3:8d:7c:b4:65:b2:ae:27:02:7d:e4:c0:8a:91:33:
                    47:45:4e:f4:fb:d4:20:c1:6d:a3:52:ba:8f:82:b2:
                    d5:92:65:10:fc:00:10:bb:20:33:ee:f2:e5:1c:cc:
                    bd:5b:77:b9:22:d7:79:87:1d:eb:6e:f1:c9:0b:6c:
                    55:41:9e:42:91:5d:60:10:c5:50:9f:95:90:a8:df:
                    f6:22:a2:67:69:c0:00:90:e6:db:2c:54:81:ae:2d:
                    c8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CA:82:7F:A1:0D:82:CB:B1:F2:45:D0:25:E7:D8:64:B4:64:E8:2C
            X509v3 Authority Key Identifier:
                keyid:12:3B:A3:80:2F:9C:9B:F6:75:6D:AA:BD:32:4E:53:26:ED:E4:19:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/IMqCf6ENgsux8kXQJefYZLRk6Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.243.0/24
                IPv6:
                  2a06:18c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:fe:88:e9:6e:5f:9a:20:be:fd:09:17:ab:ba:0a:4f:2a:58:
         b3:bd:63:29:ed:58:de:fd:73:c3:8e:95:81:4e:9d:6c:d0:61:
         9e:c9:bf:6a:6b:93:22:4d:d4:64:01:90:d8:ab:99:9e:81:12:
         6c:69:54:63:d4:47:e0:c5:42:cd:0e:78:21:a3:1b:ef:5c:7a:
         91:58:99:5f:da:ad:c6:01:d4:f7:c8:99:ba:4f:67:ed:60:5c:
         ff:fa:f0:86:ce:80:5c:b0:0d:78:b7:54:60:9f:94:88:e3:7f:
         ac:1f:eb:0f:92:d1:27:32:e0:4f:76:0c:13:ce:95:5e:69:f6:
         29:dc:4e:e4:d7:d1:8e:62:39:94:43:33:78:93:a7:65:26:d3:
         af:ce:6a:5d:96:ea:1a:72:86:69:3e:69:ff:0a:4b:1d:86:1c:
         1a:0e:dc:24:b7:12:f0:81:97:76:5b:5a:10:ed:08:6d:e2:de:
         b3:44:43:47:d6:c0:d0:6c:ea:58:c1:d1:dc:a0:a6:c8:85:57:
         b8:fb:ca:d9:57:25:2e:50:4c:5d:fe:23:f0:40:d4:a4:c7:a8:
         7a:09:20:02:6c:7a:0f:d3:6b:de:a7:cc:c8:25:b3:79:de:8d:
         2c:10:e2:6b:c9:2a:99:13:a2:0e:f8:b4:b6:f1:ed:1b:da:f7:
         35:22:04:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFABI2zCAkRnAnf84AInKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2JhMzgwMmY5YzliZjY3NTZkYWFiZDMyNGU1MzI2ZWRl
NDE5YWEwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNhODI3ZmExMGQ4MmNiYjFmMjQ1ZDAyNWU3ZDg2NGI0NjRlODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqu1rrW8TqlPiZFjG+q2k1RTFHKu
/03jX9nYV3Akju+RLYB7/jdFQdJlxE9vqvsQ2Oq4a6ZWaPl+znW9J99Y/7+TZC4b
R2Shxe7hT3ZXCo8Tf8eXjdfhX4Rj14W1QVpCzOf86bYWAMOEwix0d9xtvjiqzOIW
7YQ9we3B2g0tq1ay2YqTc7Jluqol9QeZ9sDM6Ht1BC8qooeknpe4nuz5VNus+fHD
jXy0ZbKuJwJ95MCKkTNHRU70+9QgwW2jUrqPgrLVkmUQ/AAQuyAz7vLlHMy9W3e5
Itd5hx3rbvHJC2xVQZ5CkV1gEMVQn5WQqN/2IqJnacAAkObbLFSBri3I0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCDKgn+hDYLLsfJF0CXn2GS0ZOgsMB8GA1UdIwQY
MBaAFBI7o4AvnJv2dW2qvTJOUybt5BmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp1amdDLWNtX1oxYmFxOU1rNVRKdTNrR2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi82MWY3YzMtNDEzNC00YzAyLWI3ZGQt
ZTRkMDI0Y2RhZTBjLzEvSU1xQ2Y2RU5nc3V4OGtYUUplZllaTFJrNkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi82MWY3YzMtNDEzNC00YzAyLWI3ZGQtZTRkMDI0Y2RhZTBj
LzEvRWp1amdDLWNtX1oxYmFxOU1rNVRKdTNrR2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwcjzMA0E
AgACMAcDBQMqBhjAMA0GCSqGSIb3DQEBCwUAA4IBAQAq/ojpbl+aIL79CRerugpP
KlizvWMp7Vje/XPDjpWBTp1s0GGeyb9qa5MiTdRkAZDYq5megRJsaVRj1EfgxULN
DnghoxvvXHqRWJlf2q3GAdT3yJm6T2ftYFz/+vCGzoBcsA14t1Rgn5SI43+sH+sP
ktEnMuBPdgwTzpVeafYp3E7k19GOYjmUQzN4k6dlJtOvzmpdluoacoZpPmn/Cksd
hhwaDtwktxLwgZd2W1oQ7Qht4t6zRENH1sDQbOpYwdHcoKbIhVe4+8rZVyUuUExd
/iPwQNSkx6h6CSACbHoP02vep8zIJbN53o0sEOJrySqZE6IO+LS28e0b2vc1IgSD
-----END CERTIFICATE-----