Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u8sxEINF7Wh02dONC6LnE40SNhM.roa
File:                     u8sxEINF7Wh02dONC6LnE40SNhM.roa (raw, json)
Hash identifier:          MCuTc6eMMNc4x9Sb4bRjFlsC3apXaJd+ZCk4SUvUIz8=
Subject key identifier:   BB:CB:31:10:83:45:ED:68:74:D9:D3:8D:0B:A2:E7:13:8D:12:36:13
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF1E61D5F61EE36DC82B1C3CD7933
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u8sxEINF7Wh02dONC6LnE40SNhM.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60713
IP address blocks:        213.199.246.0/23 maxlen: 23
                          82.160.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f1:e6:1d:5f:61:ee:36:dc:82:b1:c3:cd:79:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbcb31108345ed6874d9d38d0ba2e7138d123613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e5:01:e3:5e:81:00:77:70:91:67:e4:dd:07:
                    2f:1e:01:67:be:9d:c2:8a:9c:9a:67:20:85:c2:30:
                    ee:15:f5:ab:2e:67:46:a4:91:38:54:85:87:18:d6:
                    6c:db:c3:0d:b3:aa:64:6e:0a:85:aa:9d:92:87:0e:
                    3e:60:bc:6f:48:03:e0:74:c1:61:0b:f4:3c:ae:d8:
                    87:a4:38:87:56:74:d8:d1:3a:a1:68:1a:92:fb:96:
                    5e:91:e3:66:0f:a2:b3:94:1b:f3:bf:b4:ca:44:56:
                    84:13:0e:52:d9:6e:b9:75:f1:38:93:07:13:05:36:
                    20:27:cb:93:e3:c6:af:93:98:a6:e7:b2:5e:0b:63:
                    37:5f:aa:eb:38:db:d1:27:50:88:99:58:1e:41:14:
                    27:93:8d:da:9d:02:91:7a:89:8d:1d:6c:f2:b8:44:
                    5d:c7:c8:d0:b3:73:98:54:34:5d:c6:d8:17:37:1e:
                    69:43:b8:34:17:e4:a6:66:b2:00:d0:45:80:e0:e5:
                    9b:04:2f:22:9b:20:4f:d3:90:c2:e7:4a:2f:09:f7:
                    45:a0:74:c3:0e:b3:6a:01:92:f4:ae:a5:ba:21:e3:
                    72:dd:ae:d9:32:bc:fe:09:5f:f1:9e:af:df:03:f5:
                    88:30:b9:2a:fb:95:52:81:20:92:43:77:73:2b:4d:
                    17:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:CB:31:10:83:45:ED:68:74:D9:D3:8D:0B:A2:E7:13:8D:12:36:13
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u8sxEINF7Wh02dONC6LnE40SNhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.50.0/24
                  213.199.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:17:70:e0:5c:3e:08:5d:96:a7:e2:4f:8b:92:2f:3f:e4:41:
         64:cb:47:0e:cc:10:e6:3e:5f:89:a2:b1:c7:16:e8:b5:c0:35:
         3c:8a:4a:4d:e7:02:09:03:70:41:2d:8d:1a:a0:2f:6b:9b:26:
         17:a6:d6:98:30:2f:6e:80:80:ef:7c:de:ad:4e:9f:18:ca:6d:
         87:fa:6d:70:24:ff:75:5b:a7:b6:26:7d:50:2b:f7:79:39:20:
         59:db:9d:9b:86:b1:39:8f:8b:a2:67:f0:ce:7c:2d:4a:3a:7a:
         f3:e8:23:a1:fb:a5:2f:76:4d:5e:93:ca:61:9d:b6:a9:71:37:
         29:d7:ea:5b:92:ff:a3:6f:cf:70:f9:12:26:3b:9d:c0:39:9e:
         e1:32:6e:a7:d6:1b:e1:67:e8:94:31:d3:fc:ca:eb:de:ce:4a:
         ff:ae:ff:77:4e:4d:e7:ad:d0:48:47:27:2e:6e:f4:da:06:b9:
         30:5d:52:83:4c:8f:59:0e:12:09:28:61:8e:c2:14:2b:d2:fd:
         1f:c5:a0:63:57:6b:09:15:67:96:9d:6e:5c:a3:21:9e:98:3d:
         5b:0c:59:c2:8c:02:e5:df:e1:b4:c0:2d:93:95:c6:41:58:d4:
         1a:0c:26:d4:79:4f:f6:f6:52:59:c6:0b:15:2a:ab:2d:fe:a6:
         28:cd:86:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPHmHV9h7jbcgrHDzXkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmNiMzExMDgzNDVlZDY4NzRkOWQzOGQwYmEyZTcxMzhkMTIzNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuUB416BAHdwkWfk3QcvHgFnvp3C
ipyaZyCFwjDuFfWrLmdGpJE4VIWHGNZs28MNs6pkbgqFqp2Shw4+YLxvSAPgdMFh
C/Q8rtiHpDiHVnTY0TqhaBqS+5ZekeNmD6KzlBvzv7TKRFaEEw5S2W65dfE4kwcT
BTYgJ8uT48avk5im57JeC2M3X6rrONvRJ1CImVgeQRQnk43anQKReomNHWzyuERd
x8jQs3OYVDRdxtgXNx5pQ7g0F+SmZrIA0EWA4OWbBC8imyBP05DC50ovCfdFoHTD
DrNqAZL0rqW6IeNy3a7ZMrz+CV/xnq/fA/WIMLkq+5VSgSCSQ3dzK00XrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvLMRCDRe1odNnTjQui5xONEjYTMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvdThzeEVJTkY3V2gwMmRPTkM2TG5FNDBTTmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUqAyAwQB
1cf2MA0GCSqGSIb3DQEBCwUAA4IBAQBkF3DgXD4IXZan4k+Lki8/5EFky0cOzBDm
Pl+JorHHFui1wDU8ikpN5wIJA3BBLY0aoC9rmyYXptaYMC9ugIDvfN6tTp8Yym2H
+m1wJP91W6e2Jn1QK/d5OSBZ252bhrE5j4uiZ/DOfC1KOnrz6COh+6Uvdk1ek8ph
nbapcTcp1+pbkv+jb89w+RImO53AOZ7hMm6n1hvhZ+iUMdP8yuvezkr/rv93Tk3n
rdBIRycubvTaBrkwXVKDTI9ZDhIJKGGOwhQr0v0fxaBjV2sJFWeWnW5coyGemD1b
DFnCjALl3+G0wC2TlcZBWNQaDCbUeU/29lJZxgsVKqst/qYozYZ0
-----END CERTIFICATE-----