Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/8Mchc7eFVbIhNKY1ckUk7DAsf_o.roa
File:                     8Mchc7eFVbIhNKY1ckUk7DAsf_o.roa (raw, json)
Hash identifier:          aKgnemgMSx3OoFPDZQmCgA7jehj5hY6S7LoqK7Nv5SA=
Subject key identifier:   F0:C7:21:73:B7:85:55:B2:21:34:A6:35:72:45:24:EC:30:2C:7F:FA
Certificate issuer:       /CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
Certificate serial:       018CC50007C50AF9A67B4D1877B117323F03
Authority key identifier: A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/8Mchc7eFVbIhNKY1ckUk7DAsf_o.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212181
IP address blocks:        193.47.149.0/24 maxlen: 24
                          2a10:1180::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:07:c5:0a:f9:a6:7b:4d:18:77:b1:17:32:3f:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0c72173b78555b22134a635724524ec302c7ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e7:65:b6:4a:f7:24:39:be:ab:8f:d1:a6:3e:
                    74:56:4a:c8:96:1a:1c:fb:22:b0:1e:e6:18:d7:ee:
                    7b:26:10:cc:ec:25:7b:11:dd:3d:c1:ec:e3:5f:62:
                    62:58:b1:e1:47:87:1c:32:31:f1:9a:a0:10:22:d5:
                    43:84:f1:c6:c4:54:ce:13:0d:8c:6c:3b:6a:2d:22:
                    39:4b:fd:6f:b5:51:49:6f:45:15:ab:8a:06:ba:4e:
                    a9:17:94:f7:18:76:62:03:49:aa:db:53:ae:79:45:
                    af:60:8b:1f:d2:33:5d:c7:5a:4f:3b:58:09:c7:9f:
                    d5:ca:66:73:23:95:75:de:9d:34:30:b6:1e:d0:bc:
                    18:e5:e3:61:64:9f:d3:2d:0a:f4:ba:87:04:9e:55:
                    15:49:7a:52:94:a4:c2:bc:78:62:5a:fe:81:12:60:
                    af:f8:90:ce:f8:81:23:33:4c:77:2c:4c:b6:6b:ad:
                    9b:8c:d9:7c:24:6a:ec:5c:ef:e5:40:f3:21:5f:9a:
                    1b:ba:23:34:a3:1b:70:8b:88:0f:c2:ae:36:d1:11:
                    ac:19:34:eb:2e:0f:43:af:64:0d:d4:ea:46:dc:f5:
                    af:1a:19:a8:2f:18:71:34:35:91:d5:d3:97:bb:b5:
                    93:32:90:ba:7d:4e:92:7b:ec:1c:30:e7:91:da:5c:
                    30:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C7:21:73:B7:85:55:B2:21:34:A6:35:72:45:24:EC:30:2C:7F:FA
            X509v3 Authority Key Identifier:
                keyid:A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/8Mchc7eFVbIhNKY1ckUk7DAsf_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.149.0/24
                IPv6:
                  2a10:1180::/31

    Signature Algorithm: sha256WithRSAEncryption
         a3:e7:e8:c0:70:77:78:d0:c2:b9:6d:0d:14:d0:d7:ed:0a:be:
         63:3a:f6:b5:00:2b:6d:ac:74:c9:6e:c9:e9:c8:d9:ca:30:67:
         41:9f:59:76:b1:1e:6c:ea:fb:b9:78:af:61:21:15:e3:50:7a:
         8e:ae:a6:ce:44:11:33:14:4f:90:91:c6:bb:13:3d:0a:a9:d6:
         2c:5b:c1:f2:9b:15:a8:1d:2f:18:e0:43:f0:74:61:37:14:28:
         d6:32:7b:e7:80:d1:87:6f:3c:68:01:3b:bb:5f:71:87:71:36:
         a6:69:f6:1d:a9:2a:96:c9:20:aa:b0:89:24:ce:38:de:5f:73:
         6c:d3:e3:e1:de:80:92:5a:1c:ab:23:0e:90:2c:54:36:5c:1d:
         de:2d:41:8e:07:52:ef:e7:ea:e8:8e:5c:91:75:f3:e9:27:52:
         f9:ab:47:31:41:03:d7:ef:d3:46:72:b5:80:84:5e:66:5a:49:
         0b:2a:1f:9d:e6:3f:8d:21:be:dc:c0:11:8b:ed:1e:c5:74:97:
         99:90:60:78:0c:d7:10:19:71:f4:12:56:c1:50:d6:2f:64:fb:
         8d:bd:71:26:79:42:82:94:55:ac:02:ce:17:d7:8e:8b:9b:77:
         03:b9:74:d3:c1:c4:5e:bb:ae:35:8b:21:7a:65:d6:3b:07:9b:
         3c:7f:76:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAAfFCvmme00Yd7EXMj8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YWMxZjg1OTViYWQ1NTgyNDBkNzQwNjgwMDBhMWNmNzA4
YmExYTUwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGM3MjE3M2I3ODU1NWIyMjEzNGE2MzU3MjQ1MjRlYzMwMmM3ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkedltkr3JDm+q4/Rpj50VkrIlhoc
+yKwHuYY1+57JhDM7CV7Ed09wezjX2JiWLHhR4ccMjHxmqAQItVDhPHGxFTOEw2M
bDtqLSI5S/1vtVFJb0UVq4oGuk6pF5T3GHZiA0mq21OueUWvYIsf0jNdx1pPO1gJ
x5/VymZzI5V13p00MLYe0LwY5eNhZJ/TLQr0uocEnlUVSXpSlKTCvHhiWv6BEmCv
+JDO+IEjM0x3LEy2a62bjNl8JGrsXO/lQPMhX5obuiM0oxtwi4gPwq420RGsGTTr
Lg9Dr2QN1OpG3PWvGhmoLxhxNDWR1dOXu7WTMpC6fU6Se+wcMOeR2lwwHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPDHIXO3hVWyITSmNXJFJOwwLH/6MB8GA1UdIwQY
MBaAFKmsH4WVutVYJA10BoAAoc9wi6GlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMt
YjUxMTU0NjI4ZmIzLzEvOE1jaGM3ZUZWYkloTktZMWNrVWs3REFzZl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMtYjUxMTU0NjI4ZmIz
LzEvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwS+VMA0E
AgACMAcDBQEqEBGAMA0GCSqGSIb3DQEBCwUAA4IBAQCj5+jAcHd40MK5bQ0U0Nft
Cr5jOva1ACttrHTJbsnpyNnKMGdBn1l2sR5s6vu5eK9hIRXjUHqOrqbORBEzFE+Q
kca7Ez0KqdYsW8HymxWoHS8Y4EPwdGE3FCjWMnvngNGHbzxoATu7X3GHcTamafYd
qSqWySCqsIkkzjjeX3Ns0+Ph3oCSWhyrIw6QLFQ2XB3eLUGOB1Lv5+rojlyRdfPp
J1L5q0cxQQPX79NGcrWAhF5mWkkLKh+d5j+NIb7cwBGL7R7FdJeZkGB4DNcQGXH0
ElbBUNYvZPuNvXEmeUKClFWsAs4X146Lm3cDuXTTwcReu641iyF6ZdY7B5s8f3Y2
-----END CERTIFICATE-----