Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/IIpK14csdcY0oNfTAoZcw7g5A4w.roa
File:                     IIpK14csdcY0oNfTAoZcw7g5A4w.roa (raw, json)
Hash identifier:          WZLr7O/Y1hValjhcSRF6yGfMn1jFhZXTTM5O/khCrzE=
Subject key identifier:   20:8A:4A:D7:87:2C:75:C6:34:A0:D7:D3:02:86:5C:C3:B8:39:03:8C
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018FE2F43B2D20EEA663F656E13733EF9475
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/IIpK14csdcY0oNfTAoZcw7g5A4w.roa
Signing time:             Tue 04 Jun 2024 11:13:27 +0000
ROA not before:           Tue 04 Jun 2024 11:13:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        193.39.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:f4:3b:2d:20:ee:a6:63:f6:56:e1:37:33:ef:94:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jun  4 11:13:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=208a4ad7872c75c634a0d7d302865cc3b839038c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ea:2c:1d:67:04:e9:82:06:72:8e:bb:98:e7:
                    55:8e:ad:41:6d:39:8a:14:e9:05:87:f3:4e:8f:3c:
                    36:9b:4b:7d:bb:94:5a:3b:92:0a:1a:17:5f:de:82:
                    f5:46:93:b1:81:81:09:4e:1e:32:f9:c0:84:68:1f:
                    a8:41:a7:e4:61:7f:d2:da:6e:59:70:79:93:b1:97:
                    f1:2e:c1:5c:44:76:29:43:ae:41:5b:3c:e0:7d:6d:
                    63:32:ea:de:98:96:0b:f6:0b:a9:77:99:1c:07:e9:
                    ba:8a:df:c9:dc:fd:69:72:47:68:e3:aa:da:3a:40:
                    56:ae:2b:a1:5f:b7:b7:40:cb:bd:74:f1:7e:3a:10:
                    0b:45:7f:4a:9d:4a:8c:b6:1f:01:de:a5:4a:fc:91:
                    e3:e2:f7:ec:4c:41:75:07:37:23:b6:83:d0:2d:33:
                    9a:35:ab:20:38:20:a1:6d:a6:35:af:e8:91:af:85:
                    e0:c6:70:e4:a2:36:d1:d6:c8:ad:07:53:2c:f8:8d:
                    e7:dc:a6:3a:fc:e9:5e:79:97:c3:01:1c:c9:0d:c0:
                    37:5e:c8:56:09:2a:d6:62:36:a9:ee:d7:16:7c:f6:
                    37:be:26:73:fa:f3:98:75:4e:c1:b0:40:3e:05:e2:
                    92:4c:6b:e2:fd:f5:40:cc:b6:fe:3a:ce:92:e7:b5:
                    a6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8A:4A:D7:87:2C:75:C6:34:A0:D7:D3:02:86:5C:C3:B8:39:03:8C
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/IIpK14csdcY0oNfTAoZcw7g5A4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:8b:da:89:c9:6b:d5:1e:bb:83:2a:b0:de:b9:71:f4:06:c4:
         fc:65:ef:9a:dd:24:44:69:ef:0b:06:8b:5c:8f:6a:ed:ba:15:
         36:93:7a:4c:8e:f4:b4:e6:9e:e3:78:dc:95:0d:96:05:21:4d:
         68:52:80:2e:c9:6d:3b:dd:67:f8:4b:d5:cb:1f:2a:d5:eb:cd:
         5f:5a:e6:d4:b9:75:76:05:a3:1b:b9:33:f0:b9:87:4b:ef:1c:
         6e:fe:7f:d1:f4:9c:1b:7b:d8:80:6a:d8:3a:34:44:fc:0d:6e:
         f1:e1:bd:96:aa:5e:2f:11:4f:43:36:2f:5a:41:ed:fe:45:7c:
         dd:4d:e7:83:74:90:14:d0:83:98:52:cf:88:1b:6b:ab:4e:92:
         70:fb:4b:92:17:bb:29:76:66:3d:06:97:b1:36:96:31:de:4e:
         14:1e:c0:e7:a9:30:d3:95:ed:4f:1e:9d:35:e0:c2:1e:21:ad:
         f1:7f:de:b8:13:8a:17:62:3a:d4:b8:a5:47:33:85:5c:b5:99:
         e0:5f:f3:00:28:35:e5:7e:e9:30:40:45:a9:d5:84:2f:87:f5:
         0d:f2:bf:de:97:88:03:66:fa:a1:26:7a:c8:ac:eb:06:f4:28:
         14:4e:73:48:a3:6f:d4:77:2a:66:41:33:e8:9d:7b:c3:71:4f:
         c9:15:e6:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/i9DstIO6mY/ZW4Tcz75R1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwNjA0MTExMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhhNGFkNzg3MmM3NWM2MzRhMGQ3ZDMwMjg2NWNjM2I4MzkwMzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuosHWcE6YIGco67mOdVjq1BbTmK
FOkFh/NOjzw2m0t9u5RaO5IKGhdf3oL1RpOxgYEJTh4y+cCEaB+oQafkYX/S2m5Z
cHmTsZfxLsFcRHYpQ65BWzzgfW1jMuremJYL9gupd5kcB+m6it/J3P1pckdo46ra
OkBWriuhX7e3QMu9dPF+OhALRX9KnUqMth8B3qVK/JHj4vfsTEF1BzcjtoPQLTOa
NasgOCChbaY1r+iRr4XgxnDkojbR1sitB1Ms+I3n3KY6/OleeZfDARzJDcA3XshW
CSrWYjap7tcWfPY3viZz+vOYdU7BsEA+BeKSTGvi/fVAzLb+Os6S57Wm9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCKSteHLHXGNKDX0wKGXMO4OQOMMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvSUlwSzE0Y3NkY1kwb05mVEFvWmN3N2c1QTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSfXMA0G
CSqGSIb3DQEBCwUAA4IBAQA3i9qJyWvVHruDKrDeuXH0BsT8Ze+a3SREae8LBotc
j2rtuhU2k3pMjvS05p7jeNyVDZYFIU1oUoAuyW073Wf4S9XLHyrV681fWubUuXV2
BaMbuTPwuYdL7xxu/n/R9Jwbe9iAatg6NET8DW7x4b2Wql4vEU9DNi9aQe3+RXzd
TeeDdJAU0IOYUs+IG2urTpJw+0uSF7spdmY9BpexNpYx3k4UHsDnqTDTle1PHp01
4MIeIa3xf964E4oXYjrUuKVHM4VctZngX/MAKDXlfukwQEWp1YQvh/UN8r/el4gD
ZvqhJnrIrOsG9CgUTnNIo2/UdypmQTPonXvDcU/JFeZI
-----END CERTIFICATE-----