Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/96KEkHYJymhGiHIhi7n0FL6nAcY.roa
File:                     96KEkHYJymhGiHIhi7n0FL6nAcY.roa (raw, json)
Hash identifier:          ta6w2X61uVMcxfp3E+Az7F7eQ/Ta6ytm2L//Jo3vlTU=
Subject key identifier:   F7:A2:84:90:76:09:CA:68:46:88:72:21:8B:B9:F4:14:BE:A7:01:C6
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC4936ADC6C287271F96FE0FB41B5A3F4
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/96KEkHYJymhGiHIhi7n0FL6nAcY.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16251
IP address blocks:        193.11.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:dc:6c:28:72:71:f9:6f:e0:fb:41:b5:a3:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7a284907609ca68468872218bb9f414bea701c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:df:ba:9d:b5:9e:fc:46:5e:5a:fe:08:d6:f4:
                    98:22:1c:a2:f8:f7:03:68:e8:2b:58:64:c0:ff:77:
                    22:27:a4:38:04:9d:f5:b5:74:54:8f:50:cd:a2:f8:
                    07:01:88:89:6b:cc:69:b3:27:1a:de:92:cc:6b:80:
                    fe:3b:f6:5e:7d:b0:4b:b0:ca:17:de:99:1d:9b:2a:
                    38:c6:d2:92:ad:39:95:8c:71:63:62:92:7a:29:84:
                    c3:8f:c4:18:d3:90:05:53:5c:7b:59:26:85:34:20:
                    6e:db:40:2f:6f:ed:07:81:76:ad:75:d8:c5:45:7d:
                    dd:1c:af:8e:bf:41:df:7c:27:77:76:14:a6:32:00:
                    6d:09:dc:5d:eb:ad:39:4b:d0:a2:f1:26:fa:20:c4:
                    6b:56:ad:96:e8:da:8e:b6:b4:08:e4:c3:31:91:8f:
                    9d:e9:9c:c0:76:fc:23:a4:3d:5a:03:81:c9:26:d4:
                    af:b6:cc:7b:2f:17:79:0f:47:98:d3:81:b4:80:14:
                    47:ec:5c:3c:73:e8:6f:9b:0d:80:39:24:03:ab:db:
                    8b:40:e7:ff:81:e9:3c:64:91:e2:8d:74:71:3f:8c:
                    98:9f:29:e7:72:a4:11:41:09:a5:89:73:f4:e7:e8:
                    d7:c8:8d:32:73:c3:0d:77:a7:f3:db:dd:0f:64:ef:
                    b7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A2:84:90:76:09:CA:68:46:88:72:21:8B:B9:F4:14:BE:A7:01:C6
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/96KEkHYJymhGiHIhi7n0FL6nAcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.11.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:9e:37:b0:a7:c1:d0:9d:22:a3:61:8a:9c:3f:17:47:49:f3:
         02:2d:81:2a:c7:d1:20:e0:37:7b:d9:a4:90:d9:5b:dc:45:fa:
         66:6d:64:3e:6c:63:6a:0b:6a:e9:63:84:6f:44:9d:03:75:4f:
         ec:a2:77:99:82:20:14:48:1d:69:e1:2c:1d:08:75:9b:6c:ed:
         3c:72:c9:60:ba:35:a3:e4:70:52:53:72:34:03:9e:ae:4f:f6:
         31:70:e3:48:52:16:47:de:32:96:28:42:ff:d9:9b:c6:64:4f:
         78:d4:02:c1:b0:aa:7a:00:fa:df:92:7d:7b:57:26:ed:e6:c5:
         ac:a2:3e:df:03:33:1e:3b:2e:28:e5:b5:03:c3:e3:21:64:8b:
         f1:ec:d7:98:8c:de:8a:d3:b0:12:16:56:76:ca:8d:15:4e:05:
         74:d9:8b:03:c8:68:90:68:83:83:c5:f1:d6:a4:30:84:91:b6:
         fc:0b:33:d1:6f:04:3a:33:33:4a:99:66:fc:63:e3:c9:0a:0e:
         2f:f8:09:7c:e2:8b:0f:db:45:a2:11:fa:30:26:60:50:5c:e7:
         a4:a2:c8:6f:d4:1b:fc:43:0c:88:04:e1:6f:83:4d:3e:55:61:
         cd:93:3d:44:e1:dc:a7:6c:a3:99:a5:12:38:93:91:d2:05:e5:
         de:68:7d:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2rcbChycflv4PtBtaP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2EyODQ5MDc2MDljYTY4NDY4ODcyMjE4YmI5ZjQxNGJlYTcwMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN+6nbWe/EZeWv4I1vSYIhyi+PcD
aOgrWGTA/3ciJ6Q4BJ31tXRUj1DNovgHAYiJa8xpsyca3pLMa4D+O/ZefbBLsMoX
3pkdmyo4xtKSrTmVjHFjYpJ6KYTDj8QY05AFU1x7WSaFNCBu20Avb+0HgXatddjF
RX3dHK+Ov0HffCd3dhSmMgBtCdxd6605S9Ci8Sb6IMRrVq2W6NqOtrQI5MMxkY+d
6ZzAdvwjpD1aA4HJJtSvtsx7Lxd5D0eY04G0gBRH7Fw8c+hvmw2AOSQDq9uLQOf/
gek8ZJHijXRxP4yYnynncqQRQQmliXP05+jXyI0yc8MNd6fz290PZO+3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeihJB2CcpoRohyIYu59BS+pwHGMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvOTZLRWtIWUp5bWhHaUhJaGk3bjBGTDZuQWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwQswMA0G
CSqGSIb3DQEBCwUAA4IBAQAonjewp8HQnSKjYYqcPxdHSfMCLYEqx9Eg4Dd72aSQ
2VvcRfpmbWQ+bGNqC2rpY4RvRJ0DdU/soneZgiAUSB1p4SwdCHWbbO08cslgujWj
5HBSU3I0A56uT/YxcONIUhZH3jKWKEL/2ZvGZE941ALBsKp6APrfkn17Vybt5sWs
oj7fAzMeOy4o5bUDw+MhZIvx7NeYjN6K07ASFlZ2yo0VTgV02YsDyGiQaIODxfHW
pDCEkbb8CzPRbwQ6MzNKmWb8Y+PJCg4v+Al84osP20WiEfowJmBQXOekoshv1Bv8
QwyIBOFvg00+VWHNkz1E4dynbKOZpRI4k5HSBeXeaH1v
-----END CERTIFICATE-----