Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/bVfJlgxWXUi-7pt2ys-EY--Qluw.roa
File:                     bVfJlgxWXUi-7pt2ys-EY--Qluw.roa (raw, json)
Hash identifier:          EBSFeWUcyJFbah5XzGdG4DihaN1WdcJmtnJ7yCTVrcI=
Subject key identifier:   6D:57:C9:96:0C:56:5D:48:BE:EE:9B:76:CA:CF:84:63:EF:90:96:EC
Certificate issuer:       /CN=de12f965a9ec33e2c2e87b6161beefb8be286ca3
Certificate serial:       018CC4245972D5480F0285FB117BA2905A9B
Authority key identifier: DE:12:F9:65:A9:EC:33:E2:C2:E8:7B:61:61:BE:EF:B8:BE:28:6C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hL5ZansM-LC6HthYb7vuL4obKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/bVfJlgxWXUi-7pt2ys-EY--Qluw.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6696
IP address blocks:        193.105.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/3hL5ZansM-LC6HthYb7vuL4obKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/3hL5ZansM-LC6HthYb7vuL4obKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hL5ZansM-LC6HthYb7vuL4obKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:59:72:d5:48:0f:02:85:fb:11:7b:a2:90:5a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12f965a9ec33e2c2e87b6161beefb8be286ca3
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d57c9960c565d48beee9b76cacf8463ef9096ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:63:d5:2a:d5:ca:a1:22:98:20:0a:44:cd:26:
                    8b:af:b8:f1:97:41:cc:e9:91:e5:4e:2e:84:02:5c:
                    2b:cb:e5:f4:7a:36:50:61:65:ce:ac:b0:c6:c8:ea:
                    7b:ac:76:90:27:ee:5b:09:f3:17:cb:fa:b3:10:a1:
                    c2:b3:26:4d:e3:54:4f:33:38:e2:00:10:a4:bd:e1:
                    7e:17:cf:50:c8:30:c4:4a:4a:2b:bf:8d:4d:6f:6a:
                    0c:04:8d:e7:a0:54:56:40:18:a9:7f:3f:43:b5:66:
                    ea:45:8d:05:04:9b:a2:bf:d5:c0:c7:25:9f:52:e8:
                    06:1a:06:34:e3:c0:ef:58:ee:a7:44:96:8c:c7:44:
                    a5:6f:8d:17:03:cb:7f:50:a1:b1:c3:88:f4:20:62:
                    fb:3c:1d:0f:5d:d8:f5:75:a0:ba:81:c4:69:78:00:
                    0c:9d:d7:b2:bd:b3:8f:81:83:46:b8:66:60:cc:4e:
                    3c:a8:59:4a:1e:72:bc:2b:b2:9d:26:15:9e:14:42:
                    fb:ab:1f:22:c9:b7:e4:30:0d:d5:28:f3:23:0b:c7:
                    a6:76:6a:7a:43:c4:49:7b:61:c3:31:82:1f:a9:b2:
                    d8:a7:76:dd:20:af:bb:c6:95:aa:07:86:49:98:ab:
                    3b:e5:ef:ad:8f:a1:66:54:0c:1f:ef:e7:60:e6:c6:
                    f6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:57:C9:96:0C:56:5D:48:BE:EE:9B:76:CA:CF:84:63:EF:90:96:EC
            X509v3 Authority Key Identifier:
                keyid:DE:12:F9:65:A9:EC:33:E2:C2:E8:7B:61:61:BE:EF:B8:BE:28:6C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hL5ZansM-LC6HthYb7vuL4obKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/bVfJlgxWXUi-7pt2ys-EY--Qluw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0f0373-db6d-4797-820d-b6d12ac66831/1/3hL5ZansM-LC6HthYb7vuL4obKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:96:a6:a8:0d:fe:ad:dc:bd:c1:50:31:c1:86:08:f8:1e:18:
         97:bf:da:e0:5e:29:02:90:cb:17:93:80:35:b6:72:c7:a2:03:
         86:92:cc:f2:75:36:78:97:d0:0c:70:5d:de:ce:2a:c3:f1:7c:
         c2:6f:07:a3:29:98:08:86:ba:e6:bb:c2:5b:3e:cd:7f:5a:8b:
         ff:fb:6d:de:f2:35:58:02:5d:86:03:d9:f0:c9:23:42:33:09:
         92:61:b0:99:0f:05:c6:b2:fa:ff:74:ca:d6:d3:37:3d:4d:d9:
         5f:ab:2b:bd:5b:03:7b:8f:ec:15:85:1a:dd:28:7c:cf:c7:e8:
         6a:7b:2a:44:07:48:6a:6d:7f:c8:f7:70:75:7f:75:4a:72:3c:
         cd:de:f6:54:1f:be:30:17:ac:a6:5d:d5:59:82:88:56:aa:6f:
         cf:ea:f7:af:fa:b1:16:ca:8c:64:bf:47:c1:be:e3:1d:f7:c6:
         4d:21:41:39:43:c0:3b:9d:bc:9f:f4:b5:5e:02:04:a2:59:79:
         0b:69:21:40:6f:8a:22:30:ef:98:0e:4a:68:7e:4b:db:e8:22:
         2b:e7:39:3d:e9:fc:b9:b8:4d:4a:5b:7b:74:e8:bf:33:43:bc:
         00:83:bf:de:28:5a:1a:1a:c8:d5:2b:c1:1e:af:fe:52:1e:ee:
         51:60:6c:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFly1UgPAoX7EXuikFqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJmOTY1YTllYzMzZTJjMmU4N2I2MTYxYmVlZmI4YmUy
ODZjYTMwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU3Yzk5NjBjNTY1ZDQ4YmVlZTliNzZjYWNmODQ2M2VmOTA5NmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGPVKtXKoSKYIApEzSaLr7jxl0HM
6ZHlTi6EAlwry+X0ejZQYWXOrLDGyOp7rHaQJ+5bCfMXy/qzEKHCsyZN41RPMzji
ABCkveF+F89QyDDESkorv41Nb2oMBI3noFRWQBipfz9DtWbqRY0FBJuiv9XAxyWf
UugGGgY048DvWO6nRJaMx0Slb40XA8t/UKGxw4j0IGL7PB0PXdj1daC6gcRpeAAM
ndeyvbOPgYNGuGZgzE48qFlKHnK8K7KdJhWeFEL7qx8iybfkMA3VKPMjC8emdmp6
Q8RJe2HDMYIfqbLYp3bdIK+7xpWqB4ZJmKs75e+tj6FmVAwf7+dg5sb2hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1XyZYMVl1Ivu6bdsrPhGPvkJbsMB8GA1UdIwQY
MBaAFN4S+WWp7DPiwuh7YWG+77i+KGyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMNVphbnNNLUxDNkh0aFliN3Z1TDRvYktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wZjAzNzMtZGI2ZC00Nzk3LTgyMGQt
YjZkMTJhYzY2ODMxLzEvYlZmSmxneFdYVWktN3B0MnlzLUVZLS1RbHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wZjAzNzMtZGI2ZC00Nzk3LTgyMGQtYjZkMTJhYzY2ODMx
LzEvM2hMNVphbnNNLUxDNkh0aFliN3Z1TDRvYktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlJMA0G
CSqGSIb3DQEBCwUAA4IBAQAIlqaoDf6t3L3BUDHBhgj4HhiXv9rgXikCkMsXk4A1
tnLHogOGkszydTZ4l9AMcF3ezirD8XzCbwejKZgIhrrmu8JbPs1/Wov/+23e8jVY
Al2GA9nwySNCMwmSYbCZDwXGsvr/dMrW0zc9Tdlfqyu9WwN7j+wVhRrdKHzPx+hq
eypEB0hqbX/I93B1f3VKcjzN3vZUH74wF6ymXdVZgohWqm/P6vev+rEWyoxkv0fB
vuMd98ZNIUE5Q8A7nbyf9LVeAgSiWXkLaSFAb4oiMO+YDkpofkvb6CIr5zk96fy5
uE1KW3t06L8zQ7wAg7/eKFoaGsjVK8Eer/5SHu5RYGy6
-----END CERTIFICATE-----