Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/t8HpK3a_ZPkwa7pzDPSAlDghMss.roa
File:                     t8HpK3a_ZPkwa7pzDPSAlDghMss.roa (raw, json)
Hash identifier:          K2hF2x8iz1PxoV4S9Hk982eaEjXls8Zz0Z6CU1vHy1s=
Subject key identifier:   B7:C1:E9:2B:76:BF:64:F9:30:6B:BA:73:0C:F4:80:94:38:21:32:CB
Certificate issuer:       /CN=6df86a1f570ae31529022aa4f61efd9ec2b97d05
Certificate serial:       018CC3B6AF168B7134250642EC8EDFDF3F61
Authority key identifier: 6D:F8:6A:1F:57:0A:E3:15:29:02:2A:A4:F6:1E:FD:9E:C2:B9:7D:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfhqH1cK4xUpAiqk9h79nsK5fQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/t8HpK3a_ZPkwa7pzDPSAlDghMss.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207573
IP address blocks:        193.41.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/bfhqH1cK4xUpAiqk9h79nsK5fQU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/bfhqH1cK4xUpAiqk9h79nsK5fQU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bfhqH1cK4xUpAiqk9h79nsK5fQU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:af:16:8b:71:34:25:06:42:ec:8e:df:df:3f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6df86a1f570ae31529022aa4f61efd9ec2b97d05
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7c1e92b76bf64f9306bba730cf48094382132cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:be:cd:82:19:af:59:e7:ef:76:64:fd:70:d8:
                    f1:30:d7:da:dc:c0:e3:11:3e:98:27:5a:89:73:5e:
                    e7:7b:58:2f:13:25:44:a6:80:5e:f9:69:3e:db:23:
                    3f:61:e4:a6:8d:43:d6:18:f2:5a:f8:48:e3:85:b2:
                    e0:3c:72:02:bb:ef:22:19:8f:dd:ae:00:7a:96:d3:
                    10:12:ec:50:32:0d:6f:10:aa:78:d9:71:a2:e7:fb:
                    66:6e:4c:b6:96:49:28:7c:24:49:2a:cd:9e:fc:8c:
                    c4:a4:4d:f3:1d:d0:05:5e:69:2d:4c:e1:aa:91:b8:
                    00:89:ef:0d:6b:88:dd:47:1f:13:54:62:a8:38:38:
                    fc:9a:75:f0:dd:20:ac:15:21:02:fd:35:1b:13:ce:
                    89:88:37:bc:68:69:4a:fa:7f:fd:60:4c:a9:ee:32:
                    f5:dd:bc:bc:1f:d0:d0:f0:57:8a:5c:a1:ef:17:27:
                    b3:48:37:55:4c:a7:62:39:73:12:c4:fe:df:91:53:
                    77:b7:73:df:07:1f:aa:f8:c2:b1:e1:d1:e2:50:43:
                    4d:39:35:d7:43:23:ad:d3:a3:0f:2c:6e:80:78:55:
                    eb:72:d9:27:18:e5:64:24:6c:45:88:19:b0:8a:97:
                    34:3c:c0:94:67:a4:ac:0f:19:09:04:94:ff:99:f7:
                    ee:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C1:E9:2B:76:BF:64:F9:30:6B:BA:73:0C:F4:80:94:38:21:32:CB
            X509v3 Authority Key Identifier:
                keyid:6D:F8:6A:1F:57:0A:E3:15:29:02:2A:A4:F6:1E:FD:9E:C2:B9:7D:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfhqH1cK4xUpAiqk9h79nsK5fQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/t8HpK3a_ZPkwa7pzDPSAlDghMss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6add35-a983-4011-af8a-7aac2d847955/1/bfhqH1cK4xUpAiqk9h79nsK5fQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a8:ba:03:a4:d9:38:f5:98:22:53:9e:51:46:f4:1c:8f:a3:
         4f:44:58:6f:5a:d6:a0:12:a1:16:56:61:6e:6a:50:60:64:a3:
         91:56:98:df:b4:8f:67:40:53:24:3c:73:4a:89:22:b7:2f:4a:
         bd:c5:9c:b6:26:0b:b3:f0:2a:25:84:ad:98:51:8a:50:79:78:
         89:04:6c:fc:cc:01:b8:6b:07:1b:a5:bc:34:63:92:0a:d2:09:
         3f:9e:22:ff:4f:8b:71:80:b2:14:03:52:77:9f:79:58:85:05:
         df:71:9a:54:b9:53:07:3f:97:bd:a5:86:1d:09:88:6d:ad:0e:
         06:1d:a5:b5:60:3a:f5:3c:92:e9:24:2b:3d:0c:b3:63:4d:6d:
         a3:9f:61:69:8f:6b:58:56:64:be:9a:a2:c2:b0:55:2f:5f:aa:
         ee:53:d3:73:3d:6b:fb:27:7c:08:77:c4:da:59:cb:83:29:59:
         20:04:1e:34:12:f6:96:9f:3f:31:5a:4a:0a:d8:f5:2a:e5:5a:
         ef:39:05:52:a3:e6:c0:87:41:22:18:e6:1d:29:cc:88:a5:36:
         6f:17:4f:8f:71:b4:27:28:21:f1:1f:6f:9c:ec:a2:ea:5b:f3:
         0b:c6:33:3c:2b:ae:6a:a1:d7:58:35:76:4e:d7:fe:10:18:aa:
         a0:aa:49:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtq8Wi3E0JQZC7I7f3z9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZjg2YTFmNTcwYWUzMTUyOTAyMmFhNGY2MWVmZDllYzJi
OTdkMDUwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2MxZTkyYjc2YmY2NGY5MzA2YmJhNzMwY2Y0ODA5NDM4MjEzMmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw77NghmvWefvdmT9cNjxMNfa3MDj
ET6YJ1qJc17ne1gvEyVEpoBe+Wk+2yM/YeSmjUPWGPJa+EjjhbLgPHICu+8iGY/d
rgB6ltMQEuxQMg1vEKp42XGi5/tmbky2lkkofCRJKs2e/IzEpE3zHdAFXmktTOGq
kbgAie8Na4jdRx8TVGKoODj8mnXw3SCsFSEC/TUbE86JiDe8aGlK+n/9YEyp7jL1
3by8H9DQ8FeKXKHvFyezSDdVTKdiOXMSxP7fkVN3t3PfBx+q+MKx4dHiUENNOTXX
QyOt06MPLG6AeFXrctknGOVkJGxFiBmwipc0PMCUZ6SsDxkJBJT/mffu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfB6St2v2T5MGu6cwz0gJQ4ITLLMB8GA1UdIwQY
MBaAFG34ah9XCuMVKQIqpPYe/Z7CuX0FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZocUgxY0s0eFVwQWlxazloNzluc0s1ZlFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS82YWRkMzUtYTk4My00MDExLWFmOGEt
N2FhYzJkODQ3OTU1LzEvdDhIcEszYV9aUGt3YTdwekRQU0FsRGdoTXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS82YWRkMzUtYTk4My00MDExLWFmOGEtN2FhYzJkODQ3OTU1
LzEvYmZocUgxY0s0eFVwQWlxazloNzluc0s1ZlFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSk7MA0G
CSqGSIb3DQEBCwUAA4IBAQBQqLoDpNk49ZgiU55RRvQcj6NPRFhvWtagEqEWVmFu
alBgZKORVpjftI9nQFMkPHNKiSK3L0q9xZy2Jguz8ColhK2YUYpQeXiJBGz8zAG4
awcbpbw0Y5IK0gk/niL/T4txgLIUA1J3n3lYhQXfcZpUuVMHP5e9pYYdCYhtrQ4G
HaW1YDr1PJLpJCs9DLNjTW2jn2Fpj2tYVmS+mqLCsFUvX6ruU9NzPWv7J3wId8Ta
WcuDKVkgBB40EvaWnz8xWkoK2PUq5VrvOQVSo+bAh0EiGOYdKcyIpTZvF0+PcbQn
KCHxH2+c7KLqW/MLxjM8K65qoddYNXZO1/4QGKqgqkkM
-----END CERTIFICATE-----