Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/CWF1clOe7cankbQgL5cufD0y4uI.roa
File:                     CWF1clOe7cankbQgL5cufD0y4uI.roa (raw, json)
Hash identifier:          dCc8Y/cI0uimZS+qsfW8XADCKqqzTCrbKGoNVx7fOMk=
Subject key identifier:   09:61:75:72:53:9E:ED:C6:A7:91:B4:20:2F:97:2E:7C:3D:32:E2:E2
Certificate issuer:       /CN=bf2938590e0d0019725662d4b4ae4cc9ec3a734d
Certificate serial:       018CC4244F1BA4ECB3F945DB2D108EBE6AF1
Authority key identifier: BF:29:38:59:0E:0D:00:19:72:56:62:D4:B4:AE:4C:C9:EC:3A:73:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyk4WQ4NABlyVmLUtK5Myew6c00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/CWF1clOe7cankbQgL5cufD0y4uI.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60943
IP address blocks:        193.160.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/vyk4WQ4NABlyVmLUtK5Myew6c00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/vyk4WQ4NABlyVmLUtK5Myew6c00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyk4WQ4NABlyVmLUtK5Myew6c00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4f:1b:a4:ec:b3:f9:45:db:2d:10:8e:be:6a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf2938590e0d0019725662d4b4ae4cc9ec3a734d
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09617572539eedc6a791b4202f972e7c3d32e2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6c:92:90:aa:8d:d0:41:f3:51:5f:83:9a:d9:
                    de:61:b6:d6:c7:34:df:56:7e:b7:50:a2:3e:a4:3a:
                    7b:d6:47:a0:c0:43:32:8f:86:9c:f4:ba:bf:2b:6a:
                    a8:dc:55:85:62:d4:12:8f:22:a4:3f:2d:67:d1:73:
                    93:13:0d:04:53:be:aa:d3:9f:d2:93:d7:43:4a:dc:
                    d5:d2:f9:19:b5:5c:22:9b:e6:f5:4b:9e:3f:9f:c4:
                    99:18:d6:44:39:44:8b:e4:0f:be:3b:a3:a8:c5:01:
                    64:ab:86:09:57:48:4e:ad:bc:26:9c:36:92:5b:1b:
                    ae:78:7d:bf:53:26:38:ea:66:43:fa:b5:a0:9b:a8:
                    88:dc:47:5b:02:66:95:99:ec:0f:28:1b:eb:76:88:
                    94:63:50:8d:a8:83:53:a2:9f:d9:c8:10:6d:2e:b7:
                    cc:9a:a8:f6:c4:95:74:c8:2d:d4:97:31:23:e1:60:
                    73:d8:05:2d:e1:25:b8:60:59:0d:a0:3d:63:6f:0a:
                    60:b6:5b:22:02:4d:ea:a3:74:45:48:d4:f9:77:c0:
                    ef:c3:a4:2c:0f:9c:0a:40:94:96:d5:4b:36:ae:f1:
                    a6:c1:9b:d2:2f:c0:2b:50:34:04:c2:16:be:ee:95:
                    6a:f2:f2:fe:a7:d1:1f:7d:e3:99:b7:5d:92:7a:08:
                    0c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:61:75:72:53:9E:ED:C6:A7:91:B4:20:2F:97:2E:7C:3D:32:E2:E2
            X509v3 Authority Key Identifier:
                keyid:BF:29:38:59:0E:0D:00:19:72:56:62:D4:B4:AE:4C:C9:EC:3A:73:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyk4WQ4NABlyVmLUtK5Myew6c00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/CWF1clOe7cankbQgL5cufD0y4uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/833aa2-af04-4f10-a167-6acd86686e85/1/vyk4WQ4NABlyVmLUtK5Myew6c00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:1b:10:9b:90:e6:f4:26:4d:0e:26:8a:a6:2f:6a:29:1a:86:
         6a:22:47:50:f9:bd:fd:e6:15:24:28:41:d4:54:c6:85:c3:77:
         5c:ab:af:4e:fb:1e:ab:dc:74:36:bf:ac:0a:67:0e:66:74:f8:
         17:e7:ba:18:9c:72:e1:18:da:65:50:b2:4f:08:d5:22:f7:70:
         87:5d:2e:53:af:42:11:fd:6a:c9:99:d4:6d:18:d3:58:48:77:
         04:6e:fd:e9:3b:b9:ee:22:95:76:5d:99:71:8a:b4:f9:6b:99:
         de:20:eb:f6:12:c1:ea:10:3c:5b:bf:fb:14:8f:a7:fe:ae:0c:
         2e:39:60:5f:c1:86:8d:4d:31:d7:77:d7:1a:4a:53:30:60:f3:
         27:fe:e1:aa:de:fe:67:1c:c8:14:1d:6f:7b:33:ee:3a:0d:c2:
         8b:71:32:64:76:ea:d7:01:78:41:66:bb:6e:1a:a4:fd:00:11:
         c1:33:fa:6f:d5:dc:3f:58:49:8d:43:fc:a4:6a:01:ce:a2:d1:
         b8:da:3f:ea:2b:5c:df:01:07:79:84:03:72:cc:41:06:dd:51:
         28:b7:be:e3:5d:f5:24:a1:51:1a:6a:d3:7b:9d:e7:46:33:3b:
         c6:6f:a9:e3:45:1d:13:68:6c:ab:d0:8c:ad:54:5e:91:93:f2:
         bd:62:8f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJE8bpOyz+UXbLRCOvmrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjkzODU5MGUwZDAwMTk3MjU2NjJkNGI0YWU0Y2M5ZWMz
YTczNGQwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTYxNzU3MjUzOWVlZGM2YTc5MWI0MjAyZjk3MmU3YzNkMzJlMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWySkKqN0EHzUV+DmtneYbbWxzTf
Vn63UKI+pDp71kegwEMyj4ac9Lq/K2qo3FWFYtQSjyKkPy1n0XOTEw0EU76q05/S
k9dDStzV0vkZtVwim+b1S54/n8SZGNZEOUSL5A++O6OoxQFkq4YJV0hOrbwmnDaS
WxuueH2/UyY46mZD+rWgm6iI3EdbAmaVmewPKBvrdoiUY1CNqINTop/ZyBBtLrfM
mqj2xJV0yC3UlzEj4WBz2AUt4SW4YFkNoD1jbwpgtlsiAk3qo3RFSNT5d8Dvw6Qs
D5wKQJSW1Us2rvGmwZvSL8ArUDQEwha+7pVq8vL+p9EffeOZt12SeggMxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlhdXJTnu3Gp5G0IC+XLnw9MuLiMB8GA1UdIwQY
MBaAFL8pOFkODQAZclZi1LSuTMnsOnNNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlrNFdRNE5BQmx5Vm1MVXRLNU15ZXc2YzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84MzNhYTItYWYwNC00ZjEwLWExNjct
NmFjZDg2Njg2ZTg1LzEvQ1dGMWNsT2U3Y2Fua2JRZ0w1Y3VmRDB5NHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84MzNhYTItYWYwNC00ZjEwLWExNjctNmFjZDg2Njg2ZTg1
LzEvdnlrNFdRNE5BQmx5Vm1MVXRLNU15ZXc2YzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaDwMA0G
CSqGSIb3DQEBCwUAA4IBAQBbGxCbkOb0Jk0OJoqmL2opGoZqIkdQ+b395hUkKEHU
VMaFw3dcq69O+x6r3HQ2v6wKZw5mdPgX57oYnHLhGNplULJPCNUi93CHXS5Tr0IR
/WrJmdRtGNNYSHcEbv3pO7nuIpV2XZlxirT5a5neIOv2EsHqEDxbv/sUj6f+rgwu
OWBfwYaNTTHXd9caSlMwYPMn/uGq3v5nHMgUHW97M+46DcKLcTJkdurXAXhBZrtu
GqT9ABHBM/pv1dw/WEmNQ/ykagHOotG42j/qK1zfAQd5hANyzEEG3VEot77jXfUk
oVEaatN7nedGMzvGb6njRR0TaGyr0IytVF6Rk/K9Yo+C
-----END CERTIFICATE-----