Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/ovpN7DAzetUAEvUUc_oJ58-ZvVI.roa
File:                     ovpN7DAzetUAEvUUc_oJ58-ZvVI.roa (raw, json)
Hash identifier:          aX6lubQ4bnoYOPmwT0h9E+HHOuDlrRQrE3iqiMz/gv0=
Subject key identifier:   A2:FA:4D:EC:30:33:7A:D5:00:12:F5:14:73:FA:09:E7:CF:99:BD:52
Certificate issuer:       /CN=aaa53464a810aa38c936d9d98b6a2d132fcbff58
Certificate serial:       018CC64AEA14DFFBD9CF07B1DDC5A5F23872
Authority key identifier: AA:A5:34:64:A8:10:AA:38:C9:36:D9:D9:8B:6A:2D:13:2F:CB:FF:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/ovpN7DAzetUAEvUUc_oJ58-ZvVI.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        193.26.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ea:14:df:fb:d9:cf:07:b1:dd:c5:a5:f2:38:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaa53464a810aa38c936d9d98b6a2d132fcbff58
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2fa4dec30337ad50012f51473fa09e7cf99bd52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:65:54:9b:98:8c:7b:e3:82:f2:16:de:88:32:
                    93:29:33:d0:c1:b3:07:15:a5:e5:79:f0:14:83:45:
                    e5:9a:2b:51:20:db:0b:f9:e8:14:51:b3:e8:3a:ba:
                    5b:96:9f:c0:ec:62:e1:34:59:de:04:52:35:98:4f:
                    6b:6d:8d:e0:33:89:5a:bc:d7:3e:5f:63:e9:1a:ba:
                    09:a6:93:a4:20:5b:57:73:51:33:a4:3c:5a:37:6d:
                    2f:f1:d5:c4:2e:fd:b4:1e:c5:54:9f:bd:ee:e4:eb:
                    ce:65:eb:ff:5e:2f:7c:6b:5b:19:ee:e2:85:69:21:
                    d4:0e:52:14:4f:a4:0e:12:d6:c1:6e:d6:58:32:50:
                    ab:e2:d1:06:d2:09:1b:08:49:29:42:8f:b6:e5:10:
                    a9:6c:7f:ba:8e:2a:af:93:f4:65:d0:40:26:ac:b5:
                    0f:34:ac:07:bc:f0:2c:47:9a:66:57:9f:dc:32:6d:
                    4e:d2:e9:88:d1:21:0b:e6:fe:ee:93:1c:3d:43:b0:
                    ae:07:32:9f:50:4d:01:6b:81:0b:01:8a:0c:0e:78:
                    44:ea:5b:3f:c1:1f:45:8b:e9:f1:5b:81:28:ea:48:
                    6d:21:4e:f5:87:a2:d4:b0:e1:a2:a5:01:88:96:d1:
                    a1:f5:b3:c3:ff:11:e1:a6:82:1f:47:e8:ad:6f:9e:
                    90:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FA:4D:EC:30:33:7A:D5:00:12:F5:14:73:FA:09:E7:CF:99:BD:52
            X509v3 Authority Key Identifier:
                keyid:AA:A5:34:64:A8:10:AA:38:C9:36:D9:D9:8B:6A:2D:13:2F:CB:FF:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/ovpN7DAzetUAEvUUc_oJ58-ZvVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b8:fe:9e:37:70:65:c7:05:31:dd:f1:c1:96:ad:9f:7f:85:
         50:18:5c:b1:ee:4d:c5:a5:69:6b:a3:28:4e:69:c0:0a:a3:5d:
         25:b3:95:62:a2:f1:fc:82:bf:08:cf:41:bd:be:3c:2f:55:52:
         c0:bd:5b:bc:f0:fc:c1:bd:dc:64:14:3e:c1:04:40:69:06:f0:
         bb:34:93:90:a8:6c:f3:1c:6d:7b:5b:07:b0:85:6f:5f:3d:c8:
         16:d0:48:43:58:95:3a:2f:09:5a:60:94:85:a1:c3:71:b9:34:
         d8:b0:be:7e:df:fa:b8:90:e9:26:5c:f5:f7:53:03:b0:9f:95:
         1b:91:25:ea:b3:71:31:4f:86:08:3d:e9:b3:c5:c5:b4:81:f6:
         19:3f:36:91:04:95:cd:97:6d:ee:57:40:4b:52:97:5d:f3:af:
         58:56:95:b1:41:ff:59:bc:9e:ae:35:28:ec:25:00:d0:2e:57:
         69:93:57:47:8e:e9:5e:c6:ae:47:0a:20:8c:ca:26:6e:c8:0c:
         13:41:6d:cd:db:0a:23:2d:59:fa:09:be:cd:38:a7:07:00:9f:
         b0:20:33:88:33:a4:e7:b2:14:9e:ad:e9:ec:e9:8f:d7:4c:ba:
         40:47:fc:5f:95:e5:22:75:66:82:99:18:2b:eb:d9:3f:dc:44:
         9f:89:4a:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuoU3/vZzwex3cWl8jhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYTUzNDY0YTgxMGFhMzhjOTM2ZDlkOThiNmEyZDEzMmZj
YmZmNTgwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZhNGRlYzMwMzM3YWQ1MDAxMmY1MTQ3M2ZhMDllN2NmOTliZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWVUm5iMe+OC8hbeiDKTKTPQwbMH
FaXlefAUg0XlmitRINsL+egUUbPoOrpblp/A7GLhNFneBFI1mE9rbY3gM4lavNc+
X2PpGroJppOkIFtXc1EzpDxaN20v8dXELv20HsVUn73u5OvOZev/Xi98a1sZ7uKF
aSHUDlIUT6QOEtbBbtZYMlCr4tEG0gkbCEkpQo+25RCpbH+6jiqvk/Rl0EAmrLUP
NKwHvPAsR5pmV5/cMm1O0umI0SEL5v7ukxw9Q7CuBzKfUE0Ba4ELAYoMDnhE6ls/
wR9Fi+nxW4Eo6khtIU71h6LUsOGipQGIltGh9bPD/xHhpoIfR+itb56Q0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKL6TewwM3rVABL1FHP6CefPmb1SMB8GA1UdIwQY
MBaAFKqlNGSoEKo4yTbZ2YtqLRMvy/9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXFVMFpLZ1FxampKTnRuWmkyb3RFeV9MXzFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC82NGRlMmYtNWYzNS00Zjc3LWE4NDQt
NDNkNzRjMDAwN2U2LzEvb3ZwTjdEQXpldFVBRXZVVWNfb0o1OC1adlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC82NGRlMmYtNWYzNS00Zjc3LWE4NDQtNDNkNzRjMDAwN2U2
LzEvcXFVMFpLZ1FxampKTnRuWmkyb3RFeV9MXzFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoYMA0G
CSqGSIb3DQEBCwUAA4IBAQBwuP6eN3BlxwUx3fHBlq2ff4VQGFyx7k3FpWlroyhO
acAKo10ls5ViovH8gr8Iz0G9vjwvVVLAvVu88PzBvdxkFD7BBEBpBvC7NJOQqGzz
HG17WwewhW9fPcgW0EhDWJU6LwlaYJSFocNxuTTYsL5+3/q4kOkmXPX3UwOwn5Ub
kSXqs3ExT4YIPemzxcW0gfYZPzaRBJXNl23uV0BLUpdd869YVpWxQf9ZvJ6uNSjs
JQDQLldpk1dHjulexq5HCiCMyiZuyAwTQW3N2wojLVn6Cb7NOKcHAJ+wIDOIM6Tn
shSerens6Y/XTLpAR/xfleUidWaCmRgr69k/3ESfiUq3
-----END CERTIFICATE-----