Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/_Bum54a-s9YDXjwYlyoOh_BdHsE.roa
File:                     _Bum54a-s9YDXjwYlyoOh_BdHsE.roa (raw, json)
Hash identifier:          p0OugWy8oYDszv3kSJL2BzIJfMuxmDd8yFA82nWkbds=
Subject key identifier:   FC:1B:A6:E7:86:BE:B3:D6:03:5E:3C:18:97:2A:0E:87:F0:5D:1E:C1
Certificate issuer:       /CN=deddd6e7a1feb6fb47c9a2f89918827094dbfc17
Certificate serial:       018CC8011EF718140995D9238CBC0BEF89FF
Authority key identifier: DE:DD:D6:E7:A1:FE:B6:FB:47:C9:A2:F8:99:18:82:70:94:DB:FC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/_Bum54a-s9YDXjwYlyoOh_BdHsE.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21113
IP address blocks:        193.202.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1e:f7:18:14:09:95:d9:23:8c:bc:0b:ef:89:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deddd6e7a1feb6fb47c9a2f89918827094dbfc17
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc1ba6e786beb3d6035e3c18972a0e87f05d1ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:35:28:15:60:ab:96:c4:5b:f5:68:42:82:6a:
                    77:1a:4f:48:c8:d2:41:f2:89:51:87:a9:02:69:0b:
                    1e:25:5c:df:19:3b:b2:bf:8c:87:7d:b6:97:8f:ef:
                    2e:f4:2d:a2:07:69:03:93:09:b4:fb:4b:9f:ec:2b:
                    be:90:a0:26:4e:2b:ee:9d:41:1a:ef:96:d4:35:8e:
                    df:ef:4a:6d:d8:4f:d8:a7:20:75:f5:24:fb:2d:db:
                    3f:6d:14:4f:fd:76:7f:c4:f0:98:d4:a3:27:19:be:
                    d8:45:e1:52:84:83:6f:ea:77:26:fe:2b:24:52:8d:
                    71:cb:6f:63:4f:96:52:4b:3e:c6:bc:1f:09:7f:a9:
                    48:c7:8a:19:43:51:af:d6:d5:c5:b6:33:2e:7b:3e:
                    07:63:28:9f:d5:1d:0b:ae:64:92:84:24:7f:20:a4:
                    5d:4b:7e:7c:c2:75:f0:88:89:8d:28:8e:2f:f6:83:
                    47:d8:af:17:b2:28:76:d5:46:e0:c1:bb:6c:94:fa:
                    b3:20:ac:49:51:71:05:3e:86:3b:01:5c:f0:4d:bc:
                    f6:03:28:85:15:74:0e:69:1c:d5:b3:d1:90:88:f9:
                    5d:1e:71:33:32:ad:5a:a1:5b:8a:ea:fb:f3:63:d2:
                    21:5f:22:e9:aa:75:41:50:c6:76:81:fe:8e:e1:0b:
                    4f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:1B:A6:E7:86:BE:B3:D6:03:5E:3C:18:97:2A:0E:87:F0:5D:1E:C1
            X509v3 Authority Key Identifier:
                keyid:DE:DD:D6:E7:A1:FE:B6:FB:47:C9:A2:F8:99:18:82:70:94:DB:FC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/_Bum54a-s9YDXjwYlyoOh_BdHsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         18:f2:7d:2a:da:67:9c:35:f5:a8:88:3e:ce:ab:9f:bc:6f:f0:
         20:3a:77:0f:2b:0f:18:46:a7:1e:c7:98:94:c1:b8:e2:f6:a6:
         d1:89:07:94:b4:c0:45:58:88:74:a0:b3:70:c5:91:81:94:5e:
         cd:36:17:48:df:36:43:90:24:b7:7f:6d:02:bc:7f:84:4a:38:
         34:2d:7e:fe:f8:a7:67:50:e5:fc:0d:35:fd:ac:d6:c1:67:1d:
         b5:1c:88:ec:35:a6:20:ec:0e:1f:34:b7:63:01:77:83:7a:ec:
         69:66:ca:fa:80:f6:0b:a4:f0:01:f2:a1:82:52:2f:5e:99:ce:
         09:49:99:e5:dd:e0:d4:34:08:3c:00:6b:dc:3f:52:17:86:d8:
         8b:76:96:fa:6c:12:42:ef:76:e3:26:3c:e1:c5:a1:c2:3f:6d:
         ac:31:a4:cd:97:31:aa:94:11:43:52:e4:c3:e4:65:d5:85:4d:
         4b:bb:66:27:ca:37:35:30:41:68:3c:0c:b6:36:20:c3:a0:cc:
         86:9e:12:f3:31:68:84:36:fc:8c:a9:03:fe:f0:d8:ce:54:6e:
         59:57:87:74:74:df:0f:33:8f:47:6b:52:ac:16:e2:d0:49:48:
         29:4f:70:5c:b8:1c:a0:f5:00:70:0c:a2:93:c0:5a:48:76:33:
         fe:4f:e2:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAR73GBQJldkjjLwL74n/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGRkNmU3YTFmZWI2ZmI0N2M5YTJmODk5MTg4MjcwOTRk
YmZjMTcwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzFiYTZlNzg2YmViM2Q2MDM1ZTNjMTg5NzJhMGU4N2YwNWQxZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzUoFWCrlsRb9WhCgmp3Gk9IyNJB
8olRh6kCaQseJVzfGTuyv4yHfbaXj+8u9C2iB2kDkwm0+0uf7Cu+kKAmTivunUEa
75bUNY7f70pt2E/YpyB19ST7Lds/bRRP/XZ/xPCY1KMnGb7YReFShINv6ncm/isk
Uo1xy29jT5ZSSz7GvB8Jf6lIx4oZQ1Gv1tXFtjMuez4HYyif1R0LrmSShCR/IKRd
S358wnXwiImNKI4v9oNH2K8Xsih21UbgwbtslPqzIKxJUXEFPoY7AVzwTbz2AyiF
FXQOaRzVs9GQiPldHnEzMq1aoVuK6vvzY9IhXyLpqnVBUMZ2gf6O4QtPIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwbpueGvrPWA148GJcqDofwXR7BMB8GA1UdIwQY
MBaAFN7d1ueh/rb7R8mi+JkYgnCU2/wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3QzVzU2SC10dnRIeWFMNG1SaUNjSlRiX0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wYWQ5OWEtMWEwZi00MmUwLWFlN2Qt
ZjA3MTgzNzczYjI2LzEvX0J1bTU0YS1zOVlEWGp3WWx5b09oX0JkSHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wYWQ5OWEtMWEwZi00MmUwLWFlN2QtZjA3MTgzNzczYjI2
LzEvM3QzVzU2SC10dnRIeWFMNG1SaUNjSlRiX0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwcrwMA0G
CSqGSIb3DQEBCwUAA4IBAQAY8n0q2mecNfWoiD7Oq5+8b/AgOncPKw8YRqcex5iU
wbji9qbRiQeUtMBFWIh0oLNwxZGBlF7NNhdI3zZDkCS3f20CvH+ESjg0LX7++Kdn
UOX8DTX9rNbBZx21HIjsNaYg7A4fNLdjAXeDeuxpZsr6gPYLpPAB8qGCUi9emc4J
SZnl3eDUNAg8AGvcP1IXhtiLdpb6bBJC73bjJjzhxaHCP22sMaTNlzGqlBFDUuTD
5GXVhU1Lu2Ynyjc1MEFoPAy2NiDDoMyGnhLzMWiENvyMqQP+8NjOVG5ZV4d0dN8P
M49Ha1KsFuLQSUgpT3BcuByg9QBwDKKTwFpIdjP+T+Ib
-----END CERTIFICATE-----