Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/eP6f95ecvcDaDxIflAMpIz-i-rM.roa
File:                     eP6f95ecvcDaDxIflAMpIz-i-rM.roa (raw, json)
Hash identifier:          5k6EprqeBEa237IN+9w3+0AS6ZTzj6TwMlnUqMKWZsQ=
Subject key identifier:   78:FE:9F:F7:97:9C:BD:C0:DA:0F:12:1F:94:03:29:23:3F:A2:FA:B3
Certificate issuer:       /CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
Certificate serial:       018CF7D01F2C064AB413B9D40D6C066B126F
Authority key identifier: F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/eP6f95ecvcDaDxIflAMpIz-i-rM.roa
Signing time:             Thu 11 Jan 2024 09:17:40 +0000
ROA not before:           Thu 11 Jan 2024 09:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60860
IP address blocks:        193.106.64.0/24 maxlen: 24
                          193.106.67.0/24 maxlen: 24
                          193.106.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:d0:1f:2c:06:4a:b4:13:b9:d4:0d:6c:06:6b:12:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
        Validity
            Not Before: Jan 11 09:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78fe9ff7979cbdc0da0f121f940329233fa2fab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d4:50:be:d0:c9:92:eb:c2:17:b4:59:e9:2e:
                    13:88:a7:e7:e6:b7:5d:fa:d0:ed:42:f0:f2:13:fd:
                    60:79:cd:89:59:a0:bf:70:81:6e:8c:09:ed:23:a6:
                    a6:0a:5f:f9:77:b2:76:e2:06:a1:2b:90:8a:66:37:
                    9b:74:45:bf:c9:f8:47:89:27:81:a1:21:06:dd:8b:
                    1d:37:7d:65:79:38:92:fb:df:81:cf:df:5c:a8:10:
                    fe:71:50:3a:5e:e7:92:16:68:b0:45:9e:36:fe:2c:
                    7b:2a:47:8f:62:0c:2e:08:db:a1:4e:b5:65:98:e9:
                    b7:1c:61:3c:a6:ad:6e:79:0d:1c:14:a5:f7:60:0c:
                    ba:7d:4d:6f:be:74:ac:f1:9b:01:ce:52:a8:fe:cc:
                    1b:b0:5d:57:dd:ec:6b:4e:ab:da:da:c9:33:cc:2c:
                    29:2e:8b:1c:be:52:9b:1c:ea:57:7f:58:70:f1:d0:
                    6e:18:07:3c:19:1a:1c:df:43:4b:a1:fe:86:d4:63:
                    9c:c5:f0:ad:a2:ae:2d:40:a5:db:79:47:b1:f9:17:
                    51:09:9a:21:57:c1:55:e6:d9:16:51:72:1a:ba:12:
                    2e:d4:21:a1:e5:c1:9c:61:ff:8b:c1:ff:6b:d0:d8:
                    fa:33:f7:78:6e:db:fd:18:fb:b3:23:cb:4b:99:09:
                    5d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FE:9F:F7:97:9C:BD:C0:DA:0F:12:1F:94:03:29:23:3F:A2:FA:B3
            X509v3 Authority Key Identifier:
                keyid:F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/eP6f95ecvcDaDxIflAMpIz-i-rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.64.0/23
                  193.106.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:9a:e2:93:54:5c:2a:82:3b:25:58:e0:af:5c:71:cb:5c:e4:
         f3:ef:b1:7a:e3:b5:a0:7b:bb:d3:c0:3f:4f:cd:ee:03:78:a2:
         c6:e7:ea:9f:b1:6f:e0:f3:4d:c0:87:2f:0b:4c:8f:4d:3e:c5:
         d7:ea:15:29:ae:4f:5c:d2:59:47:82:74:0d:d8:9e:2e:f5:75:
         8d:03:15:09:6e:e9:93:ec:7f:4c:0d:48:7e:2d:44:40:fd:f5:
         58:2e:ca:78:ea:6d:8f:bf:38:e7:c3:b7:df:5d:46:bf:71:1b:
         d4:22:21:02:a3:32:4e:80:79:06:0d:b3:38:89:11:a9:01:80:
         a9:cb:a0:f4:ca:72:cd:c7:4d:46:41:6a:a2:22:e8:b0:5a:36:
         72:e0:f1:30:0a:ad:12:fa:de:93:90:6a:0d:c1:4b:75:91:c3:
         14:f4:80:84:fe:b0:2d:84:51:36:68:4c:10:46:e0:d0:f9:4b:
         34:02:eb:6b:b9:8a:38:aa:99:64:f2:22:cf:43:f2:53:13:ea:
         f2:2f:5b:5b:dd:96:14:13:46:b8:56:a2:dc:67:69:b9:5d:18:
         4b:f5:08:1e:7c:42:65:07:96:99:4c:0d:b7:41:64:c8:29:49:
         7b:38:ba:f0:b0:e8:da:a5:ee:b8:e3:74:f9:b4:90:67:13:2a:
         45:66:84:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYz30B8sBkq0E7nUDWwGaxJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZTU2NDdjZDBiN2Y3MjJiZWQ0NTY5ZjM3YjhiZjhmOTI1
MzhjZjUwHhcNMjQwMTExMDkxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGZlOWZmNzk3OWNiZGMwZGEwZjEyMWY5NDAzMjkyMzNmYTJmYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNRQvtDJkuvCF7RZ6S4TiKfn5rdd
+tDtQvDyE/1gec2JWaC/cIFujAntI6amCl/5d7J24gahK5CKZjebdEW/yfhHiSeB
oSEG3YsdN31leTiS+9+Bz99cqBD+cVA6XueSFmiwRZ42/ix7KkePYgwuCNuhTrVl
mOm3HGE8pq1ueQ0cFKX3YAy6fU1vvnSs8ZsBzlKo/swbsF1X3exrTqva2skzzCwp
LoscvlKbHOpXf1hw8dBuGAc8GRoc30NLof6G1GOcxfCtoq4tQKXbeUex+RdRCZoh
V8FV5tkWUXIauhIu1CGh5cGcYf+Lwf9r0Nj6M/d4btv9GPuzI8tLmQldWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHj+n/eXnL3A2g8SH5QDKSM/ovqzMB8GA1UdIwQY
MBaAFPflZHzQt/civtRWnze4v4+SU4z1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTIt
ZGYwNjM3NjdjM2Y2LzEvZVA2Zjk1ZWN2Y0RhRHhJZmxBTXBJei1pLXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTItZGYwNjM3NjdjM2Y2
LzEvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwWpAAwQA
wWpDMA0GCSqGSIb3DQEBCwUAA4IBAQBcmuKTVFwqgjslWOCvXHHLXOTz77F647Wg
e7vTwD9Pze4DeKLG5+qfsW/g803Ahy8LTI9NPsXX6hUprk9c0llHgnQN2J4u9XWN
AxUJbumT7H9MDUh+LURA/fVYLsp46m2Pvzjnw7ffXUa/cRvUIiECozJOgHkGDbM4
iRGpAYCpy6D0ynLNx01GQWqiIuiwWjZy4PEwCq0S+t6TkGoNwUt1kcMU9ICE/rAt
hFE2aEwQRuDQ+Us0AutruYo4qplk8iLPQ/JTE+ryL1tb3ZYUE0a4VqLcZ2m5XRhL
9QgefEJlB5aZTA23QWTIKUl7OLrwsOjape6443T5tJBnEypFZoQN
-----END CERTIFICATE-----