Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/vX-nZtMGEO7HOBJRin20dbt55lA.roa
File:                     vX-nZtMGEO7HOBJRin20dbt55lA.roa (raw, json)
Hash identifier:          1vVWjNCsY+9G4+wANVvI/C/WFoAgjRGfMZjo1AGfGbQ=
Subject key identifier:   BD:7F:A7:66:D3:06:10:EE:C7:38:12:51:8A:7D:B4:75:BB:79:E6:50
Certificate issuer:       /CN=98b11161b9ed4bb08a0026d5cfd1fec9687c19c3
Certificate serial:       018CC86F4D3329A4802FD1BFCFFE1312644F
Authority key identifier: 98:B1:11:61:B9:ED:4B:B0:8A:00:26:D5:CF:D1:FE:C9:68:7C:19:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mLERYbntS7CKACbVz9H-yWh8GcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/vX-nZtMGEO7HOBJRin20dbt55lA.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208264
IP address blocks:        193.8.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/mLERYbntS7CKACbVz9H-yWh8GcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/mLERYbntS7CKACbVz9H-yWh8GcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mLERYbntS7CKACbVz9H-yWh8GcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4d:33:29:a4:80:2f:d1:bf:cf:fe:13:12:64:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98b11161b9ed4bb08a0026d5cfd1fec9687c19c3
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7fa766d30610eec73812518a7db475bb79e650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b2:2e:75:fc:b5:42:8b:d3:dc:06:0a:81:b8:
                    30:d2:8d:5d:e2:fa:80:66:e0:79:5f:49:5a:c4:7d:
                    1d:37:aa:fd:83:49:5d:b5:86:c7:06:56:d0:7f:94:
                    22:24:d4:12:68:d5:fc:41:21:f8:59:99:7f:96:ce:
                    04:32:fb:52:1d:ff:89:84:2a:1c:f3:22:32:c3:08:
                    4f:49:54:d0:6c:86:4e:76:38:45:40:c9:da:f7:8c:
                    e9:aa:4c:3a:80:aa:b7:24:9f:8a:a7:a0:ea:4b:fa:
                    e3:6b:08:79:46:ab:3b:b5:f7:67:3c:19:8c:5a:3f:
                    ba:c4:d9:f8:d3:1a:89:c8:26:97:1d:7d:48:1d:a5:
                    64:fa:b2:44:6a:ec:1d:fd:8a:24:4f:0d:5b:81:57:
                    24:8b:76:06:59:c2:de:84:8f:39:6c:3e:b5:b8:9e:
                    75:3c:66:61:f1:46:b0:b5:b3:43:ce:0d:91:27:b6:
                    ce:83:6a:45:43:b3:8a:83:6c:2b:10:c3:d4:93:de:
                    35:55:f7:fe:b4:84:2a:2e:d4:ea:9f:23:d1:0f:55:
                    65:6c:54:7c:61:65:e0:43:9e:21:07:10:09:e4:62:
                    7f:7e:48:45:27:01:02:51:60:bc:3c:d1:fd:07:c7:
                    4f:cc:27:80:43:d7:d5:48:cc:5f:45:12:07:21:4a:
                    85:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:7F:A7:66:D3:06:10:EE:C7:38:12:51:8A:7D:B4:75:BB:79:E6:50
            X509v3 Authority Key Identifier:
                keyid:98:B1:11:61:B9:ED:4B:B0:8A:00:26:D5:CF:D1:FE:C9:68:7C:19:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mLERYbntS7CKACbVz9H-yWh8GcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/vX-nZtMGEO7HOBJRin20dbt55lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/504bfb-2941-447f-9c5e-c0f9f3d66872/1/mLERYbntS7CKACbVz9H-yWh8GcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:0f:5e:3f:c8:b1:8b:1b:af:b1:59:8b:ed:d2:fb:27:f2:b5:
         97:de:0a:19:46:20:cc:69:ad:98:ba:a5:c9:50:c8:b7:0c:f7:
         ea:2c:48:56:82:fa:f6:94:41:bf:14:50:02:74:49:8a:5c:9b:
         e9:21:c5:f8:80:27:9b:9f:d7:39:e7:2d:ec:08:ff:cc:70:f7:
         76:08:f4:86:f7:29:7c:e6:ed:26:a7:68:90:1e:ee:4b:bf:d3:
         bf:8d:13:9c:db:47:fa:26:a3:1f:c4:bd:22:d6:4c:83:c5:71:
         ab:a3:8c:82:b2:2a:0b:8c:b3:47:2d:ad:ca:80:e7:00:c4:82:
         80:5d:8e:21:f7:eb:86:e0:bd:11:0b:75:31:d9:0b:63:cf:b3:
         91:68:b8:51:b6:fa:f2:c2:6f:a8:dc:fb:da:0e:4e:3f:7d:8a:
         2e:34:62:f6:10:3b:6b:a2:17:15:7f:b0:0a:5d:1c:aa:68:2f:
         05:1e:5b:fc:bb:48:fe:83:be:aa:5e:b0:5b:f4:5c:20:2e:0b:
         9d:38:f4:64:47:b0:ac:0c:2b:60:e3:7b:67:82:0d:15:2d:3b:
         b4:28:6c:5b:fc:16:a7:1a:df:39:a0:b4:1c:24:ae:35:a5:c7:
         e9:ee:e2:bc:89:f0:14:25:0e:17:8c:66:74:80:31:71:27:86:
         e2:11:d6:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb00zKaSAL9G/z/4TEmRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YjExMTYxYjllZDRiYjA4YTAwMjZkNWNmZDFmZWM5Njg3
YzE5YzMwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDdmYTc2NmQzMDYxMGVlYzczODEyNTE4YTdkYjQ3NWJiNzllNjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrIudfy1QovT3AYKgbgw0o1d4vqA
ZuB5X0laxH0dN6r9g0ldtYbHBlbQf5QiJNQSaNX8QSH4WZl/ls4EMvtSHf+JhCoc
8yIywwhPSVTQbIZOdjhFQMna94zpqkw6gKq3JJ+Kp6DqS/rjawh5Rqs7tfdnPBmM
Wj+6xNn40xqJyCaXHX1IHaVk+rJEauwd/YokTw1bgVcki3YGWcLehI85bD61uJ51
PGZh8UawtbNDzg2RJ7bOg2pFQ7OKg2wrEMPUk941Vff+tIQqLtTqnyPRD1VlbFR8
YWXgQ54hBxAJ5GJ/fkhFJwECUWC8PNH9B8dPzCeAQ9fVSMxfRRIHIUqFdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1/p2bTBhDuxzgSUYp9tHW7eeZQMB8GA1UdIwQY
MBaAFJixEWG57UuwigAm1c/R/slofBnDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUxFUllibnRTN0NLQUNiVno5SC15V2g4R2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MDRiZmItMjk0MS00NDdmLTljNWUt
YzBmOWYzZDY2ODcyLzEvdlgtblp0TUdFTzdIT0JKUmluMjBkYnQ1NWxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MDRiZmItMjk0MS00NDdmLTljNWUtYzBmOWYzZDY2ODcy
LzEvbUxFUllibnRTN0NLQUNiVno5SC15V2g4R2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhfMA0G
CSqGSIb3DQEBCwUAA4IBAQDXD14/yLGLG6+xWYvt0vsn8rWX3goZRiDMaa2YuqXJ
UMi3DPfqLEhWgvr2lEG/FFACdEmKXJvpIcX4gCebn9c55y3sCP/McPd2CPSG9yl8
5u0mp2iQHu5Lv9O/jROc20f6JqMfxL0i1kyDxXGro4yCsioLjLNHLa3KgOcAxIKA
XY4h9+uG4L0RC3Ux2Qtjz7ORaLhRtvrywm+o3PvaDk4/fYouNGL2EDtrohcVf7AK
XRyqaC8FHlv8u0j+g76qXrBb9FwgLgudOPRkR7CsDCtg43tngg0VLTu0KGxb/Ban
Gt85oLQcJK41pcfp7uK8ifAUJQ4XjGZ0gDFxJ4biEdYr
-----END CERTIFICATE-----