Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/fCE4QuOsyLkvprYOCbN2xs0Vvps.roa
File:                     fCE4QuOsyLkvprYOCbN2xs0Vvps.roa (raw, json)
Hash identifier:          txyFJb5jBymPLgm5faELUARzeChspVbKIa6vRw1WcyY=
Subject key identifier:   7C:21:38:42:E3:AC:C8:B9:2F:A6:B6:0E:09:B3:76:C6:CD:15:BE:9B
Certificate issuer:       /CN=8b613794927050b22525ab70091835408eee4c79
Certificate serial:       018CCA2BE898C7781E0A5E40BC4906F74DBE
Authority key identifier: 8B:61:37:94:92:70:50:B2:25:25:AB:70:09:18:35:40:8E:EE:4C:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2E3lJJwULIlJatwCRg1QI7uTHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/fCE4QuOsyLkvprYOCbN2xs0Vvps.roa
Signing time:             Tue 02 Jan 2024 12:35:24 +0000
ROA not before:           Tue 02 Jan 2024 12:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60015
IP address blocks:        193.57.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/i2E3lJJwULIlJatwCRg1QI7uTHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/i2E3lJJwULIlJatwCRg1QI7uTHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2E3lJJwULIlJatwCRg1QI7uTHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e8:98:c7:78:1e:0a:5e:40:bc:49:06:f7:4d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b613794927050b22525ab70091835408eee4c79
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c213842e3acc8b92fa6b60e09b376c6cd15be9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:47:57:82:14:28:2c:07:8f:ed:16:67:bf:
                    71:36:61:f2:92:a1:d7:9d:ab:13:fc:a0:8d:d6:f0:
                    31:37:fa:59:b2:85:29:56:52:b8:74:02:2b:d7:e1:
                    e9:f9:1c:03:a4:15:20:89:35:b9:07:2d:c3:23:ba:
                    dd:36:75:6f:a8:22:bc:66:b7:e9:f7:c8:91:7e:6f:
                    d0:3e:c7:9e:0b:5b:1f:9c:d8:f6:a3:ac:80:19:92:
                    78:67:0c:a9:e7:ef:d4:36:7b:c4:55:3f:79:24:ff:
                    ab:bd:cc:a6:0b:15:22:6e:e6:1e:92:fd:20:7f:10:
                    0c:72:21:b8:9d:a4:95:b9:c9:37:e6:e3:4f:ce:7f:
                    6f:96:f2:21:ba:6e:c4:4d:06:54:ba:ac:9c:b1:16:
                    1b:de:6c:13:cd:6e:ac:f8:33:d8:6c:b0:64:59:27:
                    af:ed:22:8c:a7:44:60:26:c9:7a:b3:a8:fa:51:1c:
                    95:c4:64:4d:72:2f:a5:e9:ec:98:87:28:1c:21:7b:
                    81:26:af:37:ab:65:5e:53:0c:52:d6:22:23:b5:f0:
                    58:ae:44:6b:71:83:44:a2:0c:3a:84:c8:3c:0d:22:
                    c7:dc:c1:d8:e0:db:8a:b0:3e:35:9e:5b:36:f8:bc:
                    61:9a:74:df:aa:c7:91:6c:b0:04:1a:0b:db:4f:29:
                    ac:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:21:38:42:E3:AC:C8:B9:2F:A6:B6:0E:09:B3:76:C6:CD:15:BE:9B
            X509v3 Authority Key Identifier:
                keyid:8B:61:37:94:92:70:50:B2:25:25:AB:70:09:18:35:40:8E:EE:4C:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2E3lJJwULIlJatwCRg1QI7uTHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/fCE4QuOsyLkvprYOCbN2xs0Vvps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/18103b-b279-4de7-bc3c-ec05d0195036/1/i2E3lJJwULIlJatwCRg1QI7uTHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:7b:73:49:2f:5a:3b:8d:4c:ff:4b:73:91:90:e0:32:46:73:
         c3:40:c8:e6:e3:6e:21:fd:5b:90:aa:f7:02:77:3e:ac:cf:67:
         cb:af:e0:21:5e:88:73:af:5f:d9:ba:23:62:60:12:41:f4:5d:
         d3:d3:2a:d9:e9:5e:9e:ce:bf:03:1a:63:0d:52:9f:f0:e8:1e:
         ec:8b:f7:3c:85:13:cc:9e:d1:7a:5a:01:28:38:e5:96:b9:52:
         3b:6f:4b:eb:ce:1b:ca:ea:be:b3:26:18:99:af:21:e0:8f:35:
         64:e0:7b:f5:e5:0b:07:42:10:fc:ad:e3:df:dc:57:69:e3:df:
         ff:2d:ea:20:b5:97:b9:ad:16:4b:85:f1:21:0f:d9:e6:00:7b:
         94:1b:f4:b6:2d:58:15:b4:78:d4:31:17:06:7c:a0:20:ed:cd:
         ba:55:3b:ca:32:82:ad:7c:05:77:41:c8:e1:b8:03:45:df:e9:
         ad:52:68:e6:f8:0f:c0:1d:49:a9:95:27:4e:4d:98:c9:a9:06:
         5d:55:e0:97:15:a2:d1:59:9d:f4:71:43:5d:2f:33:ed:23:a6:
         45:a1:af:91:b0:da:d2:48:da:c7:86:1b:86:92:48:3d:4b:30:
         6c:72:18:80:73:07:3e:41:e0:c2:98:37:95:b2:27:af:41:d4:
         02:08:3e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+iYx3geCl5AvEkG902+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNjEzNzk0OTI3MDUwYjIyNTI1YWI3MDA5MTgzNTQwOGVl
ZTRjNzkwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzIxMzg0MmUzYWNjOGI5MmZhNmI2MGUwOWIzNzZjNmNkMTViZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3BHV4IUKCwHj+0WZ79xNmHykqHX
nasT/KCN1vAxN/pZsoUpVlK4dAIr1+Hp+RwDpBUgiTW5By3DI7rdNnVvqCK8Zrfp
98iRfm/QPseeC1sfnNj2o6yAGZJ4Zwyp5+/UNnvEVT95JP+rvcymCxUibuYekv0g
fxAMciG4naSVuck35uNPzn9vlvIhum7ETQZUuqycsRYb3mwTzW6s+DPYbLBkWSev
7SKMp0RgJsl6s6j6URyVxGRNci+l6eyYhygcIXuBJq83q2VeUwxS1iIjtfBYrkRr
cYNEogw6hMg8DSLH3MHY4NuKsD41nls2+LxhmnTfqseRbLAEGgvbTymshQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwhOELjrMi5L6a2DgmzdsbNFb6bMB8GA1UdIwQY
MBaAFIthN5SScFCyJSWrcAkYNUCO7kx5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTJFM2xKSndVTElsSmF0d0NSZzFRSTd1VEhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8xODEwM2ItYjI3OS00ZGU3LWJjM2Mt
ZWMwNWQwMTk1MDM2LzEvZkNFNFF1T3N5TGt2cHJZT0NiTjJ4czBWdnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8xODEwM2ItYjI3OS00ZGU3LWJjM2MtZWMwNWQwMTk1MDM2
LzEvaTJFM2xKSndVTElsSmF0d0NSZzFRSTd1VEhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTkQMA0G
CSqGSIb3DQEBCwUAA4IBAQAVe3NJL1o7jUz/S3ORkOAyRnPDQMjm424h/VuQqvcC
dz6sz2fLr+AhXohzr1/ZuiNiYBJB9F3T0yrZ6V6ezr8DGmMNUp/w6B7si/c8hRPM
ntF6WgEoOOWWuVI7b0vrzhvK6r6zJhiZryHgjzVk4Hv15QsHQhD8rePf3Fdp49//
LeogtZe5rRZLhfEhD9nmAHuUG/S2LVgVtHjUMRcGfKAg7c26VTvKMoKtfAV3Qcjh
uANF3+mtUmjm+A/AHUmplSdOTZjJqQZdVeCXFaLRWZ30cUNdLzPtI6ZFoa+RsNrS
SNrHhhuGkkg9SzBschiAcwc+QeDCmDeVsievQdQCCD7v
-----END CERTIFICATE-----