Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/foBM3ZiwlXxyYX8XvFXDLH-aSO8.roa
File:                     foBM3ZiwlXxyYX8XvFXDLH-aSO8.roa (raw, json)
Hash identifier:          6+dtq1eg69dwygJ8cU/mnlN1FK1pnsdXovpKv9anogM=
Subject key identifier:   7E:80:4C:DD:98:B0:95:7C:72:61:7F:17:BC:55:C3:2C:7F:9A:48:EF
Certificate issuer:       /CN=b24ea58b5a532e28acc6111ff550271ae1bcdfe8
Certificate serial:       018CC94DD33B8194A3036BEC0E3EF79CE257
Authority key identifier: B2:4E:A5:8B:5A:53:2E:28:AC:C6:11:1F:F5:50:27:1A:E1:BC:DF:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/foBM3ZiwlXxyYX8XvFXDLH-aSO8.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196882
IP address blocks:        193.104.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d3:3b:81:94:a3:03:6b:ec:0e:3e:f7:9c:e2:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b24ea58b5a532e28acc6111ff550271ae1bcdfe8
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e804cdd98b0957c72617f17bc55c32c7f9a48ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e5:27:bd:e6:0c:1d:c6:05:73:86:83:c2:8e:
                    47:55:57:02:ca:77:a7:b3:93:5c:70:fe:7c:ae:b1:
                    fb:66:55:fa:da:e7:e3:21:68:f7:51:b5:f4:75:96:
                    6c:e3:a3:fa:81:6c:ac:e1:5e:85:87:ae:82:f2:f0:
                    63:01:f9:b8:20:9d:cb:89:64:67:77:dc:29:60:21:
                    6a:26:0f:96:2d:69:c7:3c:c3:e9:50:51:cf:fa:b2:
                    6f:25:d2:d7:30:da:3d:12:85:54:1e:d6:fc:53:55:
                    b7:68:2c:46:fe:f7:93:32:ef:7b:ec:ff:aa:f4:d4:
                    52:1b:a9:62:30:2e:c3:d1:a4:98:7b:48:48:4d:5e:
                    51:0b:d7:e5:42:57:a4:0d:5c:b8:f8:b8:59:a6:0e:
                    32:a2:e7:49:92:83:de:a4:08:6b:f2:e5:b8:a8:23:
                    21:30:73:50:50:0c:06:c9:8e:b6:72:3c:f0:de:cf:
                    3e:8a:b2:09:45:6a:9c:64:0b:9b:25:6c:01:ff:f0:
                    c2:8f:c9:01:9f:e8:e0:6f:32:25:3d:b4:39:0b:0f:
                    7f:c0:51:15:c6:95:77:b6:09:a7:64:fb:07:c2:82:
                    da:03:cc:b3:7b:71:0d:32:b2:6f:31:fd:3f:56:a5:
                    f0:90:0c:96:3f:c8:67:80:e9:91:66:e5:9f:af:54:
                    6f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:80:4C:DD:98:B0:95:7C:72:61:7F:17:BC:55:C3:2C:7F:9A:48:EF
            X509v3 Authority Key Identifier:
                keyid:B2:4E:A5:8B:5A:53:2E:28:AC:C6:11:1F:F5:50:27:1A:E1:BC:DF:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/foBM3ZiwlXxyYX8XvFXDLH-aSO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:33:0f:be:c9:82:da:c3:d7:cd:6d:c9:53:b7:d9:07:19:cf:
         ac:3b:04:de:66:9a:f5:d9:34:81:9e:4b:35:48:9c:97:7d:a6:
         8b:00:6e:d3:c1:e8:30:86:50:a1:58:a0:ff:e1:42:38:ec:d1:
         0f:be:be:70:f2:7f:bd:ee:34:eb:ac:7b:e5:9a:c0:98:8f:23:
         37:b3:2e:c8:a5:ed:1e:1c:6d:24:1c:18:a1:f7:86:08:0e:77:
         ca:e6:0b:c4:6f:f3:d8:b8:23:96:f2:4e:b2:72:e8:40:f3:95:
         21:8f:4c:4a:82:fb:32:36:f4:61:32:13:71:f1:e9:f1:1d:44:
         65:ce:58:8c:0f:47:24:2e:8c:bf:86:e8:67:8a:f1:dd:7f:f3:
         49:c8:ac:f0:55:82:4a:86:d5:b8:39:63:4b:0a:d4:84:80:fe:
         75:8b:91:d8:5a:0e:46:e4:6c:52:83:c8:1f:88:be:41:8c:da:
         c3:31:4e:50:58:23:2b:7b:a1:ab:e6:2f:99:9d:26:d9:f8:c0:
         ce:22:ee:41:07:18:d3:e4:73:d7:da:79:68:f6:54:a7:f7:86:
         46:6e:d3:5c:8f:39:69:f0:1a:17:a2:aa:9f:f4:b7:c4:8f:4d:
         ca:c7:73:88:fa:c6:77:83:a9:c7:9f:7e:71:5a:06:97:72:ad:
         b6:c4:32:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdM7gZSjA2vsDj73nOJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNGVhNThiNWE1MzJlMjhhY2M2MTExZmY1NTAyNzFhZTFi
Y2RmZTgwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTgwNGNkZDk4YjA5NTdjNzI2MTdmMTdiYzU1YzMyYzdmOWE0OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuUnveYMHcYFc4aDwo5HVVcCynen
s5NccP58rrH7ZlX62ufjIWj3UbX0dZZs46P6gWys4V6Fh66C8vBjAfm4IJ3LiWRn
d9wpYCFqJg+WLWnHPMPpUFHP+rJvJdLXMNo9EoVUHtb8U1W3aCxG/veTMu977P+q
9NRSG6liMC7D0aSYe0hITV5RC9flQlekDVy4+LhZpg4youdJkoPepAhr8uW4qCMh
MHNQUAwGyY62cjzw3s8+irIJRWqcZAubJWwB//DCj8kBn+jgbzIlPbQ5Cw9/wFEV
xpV3tgmnZPsHwoLaA8yze3ENMrJvMf0/VqXwkAyWP8hngOmRZuWfr1RvgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6ATN2YsJV8cmF/F7xVwyx/mkjvMB8GA1UdIwQY
MBaAFLJOpYtaUy4orMYRH/VQJxrhvN/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2s2bGkxcFRMaWlzeGhFZjlWQW5HdUc4My1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jNGNmNzYtMjQ0MS00YmNkLThjMWQt
NjA4MzMwYmU2YmE3LzEvZm9CTTNaaXdsWHh5WVg4WHZGWERMSC1hU084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jNGNmNzYtMjQ0MS00YmNkLThjMWQtNjA4MzMwYmU2YmE3
LzEvc2s2bGkxcFRMaWlzeGhFZjlWQW5HdUc4My1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjrMA0G
CSqGSIb3DQEBCwUAA4IBAQAIMw++yYLaw9fNbclTt9kHGc+sOwTeZpr12TSBnks1
SJyXfaaLAG7TwegwhlChWKD/4UI47NEPvr5w8n+97jTrrHvlmsCYjyM3sy7Ipe0e
HG0kHBih94YIDnfK5gvEb/PYuCOW8k6ycuhA85Uhj0xKgvsyNvRhMhNx8enxHURl
zliMD0ckLoy/huhnivHdf/NJyKzwVYJKhtW4OWNLCtSEgP51i5HYWg5G5GxSg8gf
iL5BjNrDMU5QWCMre6Gr5i+ZnSbZ+MDOIu5BBxjT5HPX2nlo9lSn94ZGbtNcjzlp
8BoXoqqf9LfEj03Kx3OI+sZ3g6nHn35xWgaXcq22xDIJ
-----END CERTIFICATE-----